Package org.eclipse.jetty.util.security

Class CertificateValidator

java.lang.Object

org.eclipse.jetty.util.security.CertificateValidator

public class CertificateValidator
extends java.lang.Object

Convenience class to handle validation of certificates, aliases and keystores Allows specifying Certificate Revocation List (CRL), as well as enabling CRL Distribution Points Protocol (CRLDP) certificate extension support, and also enabling On-Line Certificate Status Protocol (OCSP) support. IMPORTANT: at least one of the above mechanisms *MUST* be configured and operational, otherwise certificate validation *WILL FAIL* unconditionally.

Constructor Summary

Constructors

Constructor	Description
CertificateValidator(java.security.KeyStore trustStore, java.util.Collection<? extends java.security.cert.CRL> crls)	creates an instance of the certificate validator

Method Summary

Modifier and Type	Method	Description
java.util.Collection<? extends java.security.cert.CRL>	getCrls()
int	getMaxCertPathLength()
java.lang.String	getOcspResponderURL()
java.security.KeyStore	getTrustStore()
boolean	isEnableCRLDP()
boolean	isEnableOCSP()
void	setEnableCRLDP(boolean enableCRLDP)	Enables CRL Distribution Points Support
void	setEnableOCSP(boolean enableOCSP)	Enables On-Line Certificate Status Protocol support
void	setMaxCertPathLength(int maxCertPathLength)
void	setOcspResponderURL(java.lang.String ocspResponderURL)	Set the location of the OCSP Responder.
void	validate(java.security.cert.Certificate[] certChain)
void	validate(java.security.KeyStore keyStore)	validates all aliases inside of a given keystore
java.lang.String	validate(java.security.KeyStore keyStore, java.lang.String keyAlias)	validates a specific alias inside of the keystore being passed in
void	validate(java.security.KeyStore keyStore, java.security.cert.Certificate cert)	validates a specific certificate inside of the keystore being passed in

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertificateValidator

public CertificateValidator(java.security.KeyStore trustStore,
                            java.util.Collection<? extends java.security.cert.CRL> crls)

creates an instance of the certificate validator

Parameters:

trustStore - the truststore to use

crls - the Certificate Revocation List to use

Method Detail

validate

public void validate(java.security.KeyStore keyStore)
              throws java.security.cert.CertificateException

validates all aliases inside of a given keystore

Parameters:

keyStore - the keystore to validate

Throws:

java.security.cert.CertificateException - if keystore error and unable to validate

validate

public java.lang.String validate(java.security.KeyStore keyStore,
                                 java.lang.String keyAlias)
                          throws java.security.cert.CertificateException

validates a specific alias inside of the keystore being passed in

Parameters:

keyStore - the keystore to validate

keyAlias - the keyalias in the keystore to valid with

Returns:

the keyAlias if valid

Throws:

java.security.cert.CertificateException - if keystore error and unable to validate

validate

public void validate(java.security.KeyStore keyStore,
                     java.security.cert.Certificate cert)
              throws java.security.cert.CertificateException

validates a specific certificate inside of the keystore being passed in

Parameters:

keyStore - the keystore to validate against

cert - the certificate to validate

Throws:

java.security.cert.CertificateException - if keystore error and unable to validate

validate

public void validate(java.security.cert.Certificate[] certChain)
              throws java.security.cert.CertificateException

Throws:

java.security.cert.CertificateException

getTrustStore

public java.security.KeyStore getTrustStore()

getCrls

public java.util.Collection<? extends java.security.cert.CRL> getCrls()

getMaxCertPathLength

public int getMaxCertPathLength()

Returns:

Maximum number of intermediate certificates in the certification path (-1 for unlimited)

setMaxCertPathLength

public void setMaxCertPathLength(int maxCertPathLength)

Parameters:

maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)

isEnableCRLDP

public boolean isEnableCRLDP()

Returns:

true if CRL Distribution Points support is enabled

setEnableCRLDP

public void setEnableCRLDP(boolean enableCRLDP)

Enables CRL Distribution Points Support

Parameters:

enableCRLDP - true - turn on, false - turns off

isEnableOCSP

public boolean isEnableOCSP()

Returns:

true if On-Line Certificate Status Protocol support is enabled

setEnableOCSP

public void setEnableOCSP(boolean enableOCSP)

Enables On-Line Certificate Status Protocol support

Parameters:

enableOCSP - true - turn on, false - turn off

getOcspResponderURL

public java.lang.String getOcspResponderURL()

Returns:

Location of the OCSP Responder

setOcspResponderURL

public void setOcspResponderURL(java.lang.String ocspResponderURL)

Set the location of the OCSP Responder.

Parameters:

ocspResponderURL - location of the OCSP Responder