public class CertificateValidationUtil extends Object
| Constructor and Description |
|---|
CertificateValidationUtil() |
| Modifier and Type | Method and Description |
|---|---|
static String |
getSubjectAltNameUri(X509Certificate certificate) |
static void |
validateApplicationCertificateUsage(X509Certificate certificate) |
static void |
validateApplicationUri(X509Certificate certificate,
String applicationUri)
Validate that the application URI matches the SubjectAltName URI in the given certificate.
|
static void |
validateCertificateValidity(X509Certificate certificate) |
static void |
validateHostnameOrIpAddress(X509Certificate certificate,
String... hostnames)
Validate that one of
hostnames matches a SubjectAltName DNSName or IPAddress entry in the certificate. |
static boolean |
validateSubjectAltNameField(X509Certificate certificate,
int field,
Predicate<Object> fieldValidator) |
static void |
verifyTrustChain(List<X509Certificate> certificateChain,
Collection<X509Certificate> trustedCertificates,
Collection<X509CRL> trustedCrls,
Collection<X509Certificate> issuerCertificates,
Collection<X509CRL> issuerCrls)
Verify that a chain of trust can be established for a certificate or chain of certificates.
|
static void |
verifyTrustChain(List<X509Certificate> certificateChain,
Set<X509Certificate> trustedCertificates,
Set<X509Certificate> issuerCertificates)
Verify that a chain of trust can be established for a certificate or chain of certificates.
|
public static void verifyTrustChain(List<X509Certificate> certificateChain, Set<X509Certificate> trustedCertificates, Set<X509Certificate> issuerCertificates) throws UaException
The chain must begin with the end-entity certificate at index 0 followed by the remaining certificates in the chain, if any, in the correct order.
If the end-entity certificate is present in the trustedCertificates set then trust is immediately
verified. Otherwise, an attempt to build a path to a trusted anchor is made using the provided
issuerCertificates as the anchors.
certificateChain - the certificate chain to verify.trustedCertificates - the set of known-trusted certificates.issuerCertificates - the set of CA certificates to use as trust anchors.UaException - if a chain of trust could not be established.public static void verifyTrustChain(List<X509Certificate> certificateChain, Collection<X509Certificate> trustedCertificates, Collection<X509CRL> trustedCrls, Collection<X509Certificate> issuerCertificates, Collection<X509CRL> issuerCrls) throws UaException
The chain must begin with the end-entity certificate at index 0 followed by the remaining certificates in the chain, if any, in the correct order.
If the end-entity certificate is present in the trustedCertificates set then trust is immediately
verified. Otherwise, an attempt to build a path to a trust anchor is made using the root CAs in
trustedCertificates and the root CAs in issuerCertificates as the trust anchors.
Once a valid certificate path has been established, at least one component of that path must be present in the
trustedCertificates list.
certificateChain - the certificate chain to verify.trustedCertificates - a collection of known-trusted certificates and CAs. Root CAs are used as Trust
Anchors.trustedCrls - a collection of X509CRLs for CAs in trustedCertificates, if any.issuerCertificates - a collection of intermediate and root CA certificates used the purpose of path
validation, but that aren't trusted issuers. Root CAs are used as Trust Anchors.issuerCrls - a collection of X509CRLs for CAs in issuerCertificates, if any.UaException - if a chain of trust could not be established.public static void validateCertificateValidity(X509Certificate certificate) throws UaException
UaExceptionpublic static void validateHostnameOrIpAddress(X509Certificate certificate, String... hostnames) throws UaException
hostnames matches a SubjectAltName DNSName or IPAddress entry in the certificate.certificate - the certificate to validate against.hostnames - the hostnames to look for.UaException - if there is no matching DNSName or IPAddress entry.public static void validateApplicationUri(X509Certificate certificate, String applicationUri) throws UaException
certificate - the certificate to validate against.applicationUri - the URI to validate.UaException - if the certificate is invalid, does not contain a uri, or contains a uri that does not match.public static void validateApplicationCertificateUsage(X509Certificate certificate) throws UaException
UaExceptionpublic static boolean validateSubjectAltNameField(X509Certificate certificate, int field, Predicate<Object> fieldValidator) throws UaException
UaExceptionpublic static String getSubjectAltNameUri(X509Certificate certificate) throws UaException
UaExceptionCopyright © 2020. All rights reserved.