Package org.eclipse.jetty.util.security
Class CertificateValidator
java.lang.Object
org.eclipse.jetty.util.security.CertificateValidator
Deprecated.
The Eclipse Jetty and Apache Felix Http Jetty packages are no longer supported.
Convenience class to handle validation of certificates, aliases and keystores
Allows specifying Certificate Revocation List (CRL), as well as enabling
CRL Distribution Points Protocol (CRLDP) certificate extension support,
and also enabling On-Line Certificate Status Protocol (OCSP) support.
IMPORTANT: at least one of the above mechanisms *MUST* be configured and
operational, otherwise certificate validation *WILL FAIL* unconditionally.
-
Constructor Summary
ConstructorsConstructorDescriptionCertificateValidator(KeyStore trustStore, Collection<? extends CRL> crls) Deprecated.creates an instance of the certificate validator -
Method Summary
Modifier and TypeMethodDescriptionCollection<? extends CRL> getCrls()Deprecated.intDeprecated.Deprecated.Deprecated.booleanDeprecated.booleanDeprecated.voidsetEnableCRLDP(boolean enableCRLDP) Deprecated.Enables CRL Distribution Points SupportvoidsetEnableOCSP(boolean enableOCSP) Deprecated.Enables On-Line Certificate Status Protocol supportvoidsetMaxCertPathLength(int maxCertPathLength) Deprecated.voidsetOcspResponderURL(String ocspResponderURL) Deprecated.Set the location of the OCSP Responder.voidvalidate(Certificate[] certChain) Deprecated.voidDeprecated.validates all aliases inside of a given keystoreDeprecated.validates a specific alias inside of the keystore being passed invoidvalidate(KeyStore keyStore, Certificate cert) Deprecated.validates a specific certificate inside of the keystore being passed in
-
Constructor Details
-
CertificateValidator
Deprecated.creates an instance of the certificate validator- Parameters:
trustStore- the truststore to usecrls- the Certificate Revocation List to use
-
-
Method Details
-
validate
Deprecated.validates all aliases inside of a given keystore- Parameters:
keyStore- the keystore to validate- Throws:
CertificateException- if keystore error and unable to validate
-
validate
Deprecated.validates a specific alias inside of the keystore being passed in- Parameters:
keyStore- the keystore to validatekeyAlias- the keyalias in the keystore to valid with- Returns:
- the keyAlias if valid
- Throws:
CertificateException- if keystore error and unable to validate
-
validate
Deprecated.validates a specific certificate inside of the keystore being passed in- Parameters:
keyStore- the keystore to validate againstcert- the certificate to validate- Throws:
CertificateException- if keystore error and unable to validate
-
validate
Deprecated.- Throws:
CertificateException
-
getTrustStore
Deprecated. -
getCrls
Deprecated. -
getMaxCertPathLength
public int getMaxCertPathLength()Deprecated.- Returns:
- Maximum number of intermediate certificates in the certification path (-1 for unlimited)
-
setMaxCertPathLength
public void setMaxCertPathLength(int maxCertPathLength) Deprecated.- Parameters:
maxCertPathLength- maximum number of intermediate certificates in the certification path (-1 for unlimited)
-
isEnableCRLDP
public boolean isEnableCRLDP()Deprecated.- Returns:
- true if CRL Distribution Points support is enabled
-
setEnableCRLDP
public void setEnableCRLDP(boolean enableCRLDP) Deprecated.Enables CRL Distribution Points Support- Parameters:
enableCRLDP- true - turn on, false - turns off
-
isEnableOCSP
public boolean isEnableOCSP()Deprecated.- Returns:
- true if On-Line Certificate Status Protocol support is enabled
-
setEnableOCSP
public void setEnableOCSP(boolean enableOCSP) Deprecated.Enables On-Line Certificate Status Protocol support- Parameters:
enableOCSP- true - turn on, false - turn off
-
getOcspResponderURL
Deprecated.- Returns:
- Location of the OCSP Responder
-
setOcspResponderURL
Deprecated.Set the location of the OCSP Responder.- Parameters:
ocspResponderURL- location of the OCSP Responder
-