eu.emi.security.authn.x509.impl
Class InMemoryKeystoreCertChainValidator
java.lang.Object
eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
eu.emi.security.authn.x509.impl.InMemoryKeystoreCertChainValidator
- All Implemented Interfaces:
- X509CertChainValidator, X509CertChainValidatorExt
public class InMemoryKeystoreCertChainValidator
- extends PlainCRLValidator
The certificate validator which uses Java KeyStore
as a truststore. This
class is similar to KeystoreCertChainValidator
but uses a keystore which
was already loaded. Refreshing of the truststore is not supported.
The CRLs (Certificate Revocation Lists, if their handling is turned on) can be obtained
from two sources: CA certificate extension defining CRL URL and additional list
of URLs manually set by the class user. As an additional feature one may
provide a simple paths to a local files, using wildcards. All files matching a
wildcard are used.
This class is thread-safe.
- Author:
- K. Benedyczak
- See Also:
X509CertChainValidator
,
KeystoreCertChainValidator
Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator |
addUpdateListener, addValidationListener, getProxySupport, getRevocationCheckingMode, getTrustedIssuers, init, notifyListeners, processErrorList, removeUpdateListener, removeValidationListener, validate, validate |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
store
protected JDKInMemoryTrustAnchorStore store
InMemoryKeystoreCertChainValidator
public InMemoryKeystoreCertChainValidator(KeyStore keystore,
ValidatorParamsExt params)
throws IOException,
KeyStoreException
- Constructs a new validator instance. CRLs (Certificate Revocation Lists)
are taken from the trusted CAs certificate extension and downloaded,
unless CRL checking is disabled. Additional CRLs may be provided explicitly
using the constructor argument. Such additional CRLs are preferred to the
ones defined by the CA extensions.
- Parameters:
keystore
- truststore to useparams
- common validator settings (revocation, initial listeners, proxy support, ...)
- Throws:
IOException
- if the truststore can not be read
KeyStoreException
- if the truststore can not be parsed or
if password is incorrect.
InMemoryKeystoreCertChainValidator
public InMemoryKeystoreCertChainValidator(KeyStore keystore)
throws IOException,
KeyStoreException
- Constructs a new validator instance with default additional settings
(see
ValidatorParamsExt.ValidatorParamsExt()
).
- Parameters:
keystore
- truststore to use
- Throws:
IOException
- if the truststore can not be read
KeyStoreException
- if the truststore can not be parsed or
if password is incorrect.
getTruststore
public KeyStore getTruststore()
- Returns the current trust store. Note that modifying this keystore
won't have any impact on the validation.
- Returns:
- the KeyStore used as a trust store
setTruststore
public void setTruststore(KeyStore ks)
throws KeyStoreException
- Changes the current trust store.
- Throws:
KeyStoreException
Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.