org.eclipse.jetty.util.security
Class CertificateValidator

java.lang.Object
  extended by org.eclipse.jetty.util.security.CertificateValidator

public class CertificateValidator
extends Object

Convenience class to handle validation of certificates, aliases and keystores Allows specifying Certificate Revocation List (CRL), as well as enabling CRL Distribution Points Protocol (CRLDP) certificate extension support, and also enabling On-Line Certificate Status Protocol (OCSP) support. IMPORTANT: at least one of the above mechanisms *MUST* be configured and operational, otherwise certificate validation *WILL FAIL* unconditionally.


Constructor Summary
CertificateValidator(KeyStore trustStore, Collection<? extends CRL> crls)
          creates an instance of the certificate validator
 
Method Summary
 Collection<? extends CRL> getCrls()
           
 int getMaxCertPathLength()
           
 String getOcspResponderURL()
           
 KeyStore getTrustStore()
           
 boolean isEnableCRLDP()
           
 boolean isEnableOCSP()
           
 void setEnableCRLDP(boolean enableCRLDP)
          Enables CRL Distribution Points Support
 void setEnableOCSP(boolean enableOCSP)
          Enables On-Line Certificate Status Protocol support
 void setMaxCertPathLength(int maxCertPathLength)
           
 void setOcspResponderURL(String ocspResponderURL)
          Set the location of the OCSP Responder.
 void validate(Certificate[] certChain)
           
 void validate(KeyStore keyStore)
          validates all aliases inside of a given keystore
 void validate(KeyStore keyStore, Certificate cert)
          validates a specific certificate inside of the keystore being passed in
 String validate(KeyStore keyStore, String keyAlias)
          validates a specific alias inside of the keystore being passed in
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CertificateValidator

public CertificateValidator(KeyStore trustStore,
                            Collection<? extends CRL> crls)
creates an instance of the certificate validator

Parameters:
trustStore -
crls -
Method Detail

validate

public void validate(KeyStore keyStore)
              throws CertificateException
validates all aliases inside of a given keystore

Parameters:
keyStore -
Throws:
CertificateException

validate

public String validate(KeyStore keyStore,
                       String keyAlias)
                throws CertificateException
validates a specific alias inside of the keystore being passed in

Parameters:
keyStore -
keyAlias -
Returns:
the keyAlias if valid
Throws:
CertificateException

validate

public void validate(KeyStore keyStore,
                     Certificate cert)
              throws CertificateException
validates a specific certificate inside of the keystore being passed in

Parameters:
keyStore -
cert -
Throws:
CertificateException

validate

public void validate(Certificate[] certChain)
              throws CertificateException
Throws:
CertificateException

getTrustStore

public KeyStore getTrustStore()

getCrls

public Collection<? extends CRL> getCrls()

getMaxCertPathLength

public int getMaxCertPathLength()
Returns:
Maximum number of intermediate certificates in the certification path (-1 for unlimited)

setMaxCertPathLength

public void setMaxCertPathLength(int maxCertPathLength)
Parameters:
maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)

isEnableCRLDP

public boolean isEnableCRLDP()
Returns:
true if CRL Distribution Points support is enabled

setEnableCRLDP

public void setEnableCRLDP(boolean enableCRLDP)
Enables CRL Distribution Points Support

Parameters:
enableCRLDP - true - turn on, false - turns off

isEnableOCSP

public boolean isEnableOCSP()
Returns:
true if On-Line Certificate Status Protocol support is enabled

setEnableOCSP

public void setEnableOCSP(boolean enableOCSP)
Enables On-Line Certificate Status Protocol support

Parameters:
enableOCSP - true - turn on, false - turn off

getOcspResponderURL

public String getOcspResponderURL()
Returns:
Location of the OCSP Responder

setOcspResponderURL

public void setOcspResponderURL(String ocspResponderURL)
Set the location of the OCSP Responder.

Parameters:
ocspResponderURL - location of the OCSP Responder


Copyright © 1995-2011 Mort Bay Consulting. All Rights Reserved.