eu.emi.security.authn.x509.helpers.pkipath
Class AbstractValidator

java.lang.Object
  extended by eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
All Implemented Interfaces:
X509CertChainValidator, X509CertChainValidatorExt
Direct Known Subclasses:
OpensslCertChainValidator, PlainCRLValidator

public abstract class AbstractValidator
extends Object
implements X509CertChainValidatorExt

Base implementation of X509CertChainValidator. It is configured with CertStore providing CRLs and TrustAnchorStore providing trusted CAs. The implementation validates certificates using the BCCertPathValidator.

This class is thread safe and its extensions should also guarantee this.

Author:
K. Benedyczak

Field Summary
protected  boolean disposed
           
protected  Set<ValidationErrorListener> listeners
           
protected  ObserversHandler observers
           
protected  BCCertPathValidator validator
           
 
Constructor Summary
AbstractValidator(Collection<? extends StoreUpdateListener> initialListeners)
          Default constructor is available, the subclass must initialize the parent with the init() method.
 
Method Summary
 void addUpdateListener(StoreUpdateListener listener)
          Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs.
 void addValidationListener(ValidationErrorListener listener)
          Registers a listener which can react to errors found during certificate validation.
 void dispose()
          Disposes resources used by this Validator, like threads.
 ProxySupport getProxySupport()
          Returns whether this validator supports proxy certificates.
 RevocationParameters getRevocationCheckingMode()
          Gets the current revocation checking mode.
 X509Certificate[] getTrustedIssuers()
          Returns a list of trusted issuers of certificates.
protected  void init(TrustAnchorStore caStore, PlainCRLStoreSpi crlStore, ProxySupport proxySupport, RevocationParameters revocationCheckingMode)
          Use this method to initialize the parent from the extension class, if not using the non-default constructor.
protected  boolean notifyListeners(ValidationError error)
          Notifies all registered listeners.
protected  void processErrorList(List<ValidationError> errors)
           
 void removeUpdateListener(StoreUpdateListener listener)
          Unregisters a previously registered CA or CRL update listener.
 void removeValidationListener(ValidationErrorListener listener)
          Unregisters a previously registered validation listener.
 ValidationResult validate(CertPath certPath)
          Performs validation of a provided certificate path.
 ValidationResult validate(X509Certificate[] certChain)
          Performs validation of a provided certificate chain.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

listeners

protected Set<ValidationErrorListener> listeners

observers

protected final ObserversHandler observers

validator

protected BCCertPathValidator validator

disposed

protected boolean disposed
Constructor Detail

AbstractValidator

public AbstractValidator(Collection<? extends StoreUpdateListener> initialListeners)
Default constructor is available, the subclass must initialize the parent with the init() method. Note that it is strongly suggested to call the init() method from the child class constructor.

This is not a cleanest design possible but it is required as arguments to the init() method require some code to be created in subclasses. Therefore we have a trade off: a bit unclean design inside the library and a clean external API without factory methods.

Method Detail

init

protected void init(TrustAnchorStore caStore,
                    PlainCRLStoreSpi crlStore,
                    ProxySupport proxySupport,
                    RevocationParameters revocationCheckingMode)
Use this method to initialize the parent from the extension class, if not using the non-default constructor.


validate

public ValidationResult validate(CertPath certPath)
Performs validation of a provided certificate path.

Specified by:
validate in interface X509CertChainValidator
Parameters:
certPath - to be validated
Returns:
result of validation

validate

public ValidationResult validate(X509Certificate[] certChain)
Performs validation of a provided certificate chain.

Specified by:
validate in interface X509CertChainValidator
Parameters:
certChain - to be validated
Returns:
result of validation

processErrorList

protected void processErrorList(List<ValidationError> errors)

getTrustedIssuers

public X509Certificate[] getTrustedIssuers()
Returns a list of trusted issuers of certificates.

Specified by:
getTrustedIssuers in interface X509CertChainValidator
Returns:
array containing trusted issuers' certificates

notifyListeners

protected boolean notifyListeners(ValidationError error)
Notifies all registered listeners.

Parameters:
error -
Returns:
true if the error should be ignored false otherwise.

addValidationListener

public void addValidationListener(ValidationErrorListener listener)
Registers a listener which can react to errors found during certificate validation. It is useful in two cases: (rarely) if you want to change the default logic of the validator and if you will use the validator indirectly (e.g. to validate SSL socket connections) and want to get the original ValidationError, not the exception.

Specified by:
addValidationListener in interface X509CertChainValidator
Parameters:
listener - to be registered

removeValidationListener

public void removeValidationListener(ValidationErrorListener listener)
Unregisters a previously registered validation listener. If the listener was not registered then the method does nothing.

Specified by:
removeValidationListener in interface X509CertChainValidator
Parameters:
listener - to be unregistered

getProxySupport

public ProxySupport getProxySupport()
Returns whether this validator supports proxy certificates.

Specified by:
getProxySupport in interface X509CertChainValidatorExt
Returns:
proxy certificates support mode

getRevocationCheckingMode

public RevocationParameters getRevocationCheckingMode()
Gets the current revocation checking mode.

Specified by:
getRevocationCheckingMode in interface X509CertChainValidatorExt
Returns:
the current mode

dispose

public void dispose()
Disposes resources used by this Validator, like threads. After calling this method the validator can not be used anymore.

Specified by:
dispose in interface X509CertChainValidatorExt

addUpdateListener

public void addUpdateListener(StoreUpdateListener listener)
Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs. This method is useful only if the implementation supports updating of CAs or CRLs, otherwise the listener will not be invoked.

Specified by:
addUpdateListener in interface X509CertChainValidator
Parameters:
listener - to be registered

removeUpdateListener

public void removeUpdateListener(StoreUpdateListener listener)
Unregisters a previously registered CA or CRL update listener. If the listener was not registered then the method does nothing.

Specified by:
removeUpdateListener in interface X509CertChainValidator
Parameters:
listener - to be unregistered


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.