eu.emi.security.authn.x509.helpers
Class BinaryCertChainValidator

java.lang.Object
  extended by eu.emi.security.authn.x509.helpers.BinaryCertChainValidator
All Implemented Interfaces:
X509CertChainValidator, X509CertChainValidatorExt

public class BinaryCertChainValidator
extends Object
implements X509CertChainValidatorExt

A simplistic X509CertChainValidator implementation which always fails or accepts certificates, basing on the constructor argument. Useful for tests and insecure setups (e.g. SSL client that wants SSL encryption but do not use SSL authentication).

Author:
K. Benedyczak

Constructor Summary
BinaryCertChainValidator(boolean acceptAll)
           
 
Method Summary
 void addUpdateListener(StoreUpdateListener listener)
          Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs.
 void addValidationListener(ValidationErrorListener listener)
          Registers a listener which can react to errors found during certificate validation.
 void dispose()
          Disposes resources used by this Validator, like threads.
 ProxySupport getProxySupport()
          Returns whether this validator supports proxy certificates.
 RevocationParameters getRevocationCheckingMode()
          Gets the current revocation checking mode.
 X509Certificate[] getTrustedIssuers()
          Returns a list of trusted issuers of certificates.
 void removeUpdateListener(StoreUpdateListener listener)
          Unregisters a previously registered CA or CRL update listener.
 void removeValidationListener(ValidationErrorListener listener)
          Unregisters a previously registered validation listener.
 ValidationResult validate(CertPath certPath)
          Performs validation of a provided certificate path.
 ValidationResult validate(X509Certificate[] certChain)
          Performs validation of a provided certificate chain.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BinaryCertChainValidator

public BinaryCertChainValidator(boolean acceptAll)
Parameters:
acceptAll - if true then all validations will succeed. If false all will fail.
Method Detail

validate

public ValidationResult validate(CertPath certPath)
Performs validation of a provided certificate path.

Specified by:
validate in interface X509CertChainValidator
Parameters:
certPath - to be validated
Returns:
result of validation

validate

public ValidationResult validate(X509Certificate[] certChain)
Performs validation of a provided certificate chain.

Specified by:
validate in interface X509CertChainValidator
Parameters:
certChain - to be validated
Returns:
result of validation

getTrustedIssuers

public X509Certificate[] getTrustedIssuers()
Returns a list of trusted issuers of certificates.

Specified by:
getTrustedIssuers in interface X509CertChainValidator
Returns:
array containing trusted issuers' certificates

addValidationListener

public void addValidationListener(ValidationErrorListener listener)
Registers a listener which can react to errors found during certificate validation. It is useful in two cases: (rarely) if you want to change the default logic of the validator and if you will use the validator indirectly (e.g. to validate SSL socket connections) and want to get the original ValidationError, not the exception.

Specified by:
addValidationListener in interface X509CertChainValidator
Parameters:
listener - to be registered

removeValidationListener

public void removeValidationListener(ValidationErrorListener listener)
Unregisters a previously registered validation listener. If the listener was not registered then the method does nothing.

Specified by:
removeValidationListener in interface X509CertChainValidator
Parameters:
listener - to be unregistered

addUpdateListener

public void addUpdateListener(StoreUpdateListener listener)
Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs. This method is useful only if the implementation supports updating of CAs or CRLs, otherwise the listener will not be invoked.

Specified by:
addUpdateListener in interface X509CertChainValidator
Parameters:
listener - to be registered

removeUpdateListener

public void removeUpdateListener(StoreUpdateListener listener)
Unregisters a previously registered CA or CRL update listener. If the listener was not registered then the method does nothing.

Specified by:
removeUpdateListener in interface X509CertChainValidator
Parameters:
listener - to be unregistered

getProxySupport

public ProxySupport getProxySupport()
Description copied from interface: X509CertChainValidatorExt
Returns whether this validator supports proxy certificates.

Specified by:
getProxySupport in interface X509CertChainValidatorExt
Returns:
proxy certificates support mode

getRevocationCheckingMode

public RevocationParameters getRevocationCheckingMode()
Description copied from interface: X509CertChainValidatorExt
Gets the current revocation checking mode.

Specified by:
getRevocationCheckingMode in interface X509CertChainValidatorExt
Returns:
the current mode

dispose

public void dispose()
Description copied from interface: X509CertChainValidatorExt
Disposes resources used by this Validator, like threads. After calling this method the validator can not be used anymore.

Specified by:
dispose in interface X509CertChainValidatorExt


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.