eu.emi.security.authn.x509.impl
Class InMemoryKeystoreCertChainValidator

java.lang.Object
  extended by eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
      extended by eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
          extended by eu.emi.security.authn.x509.impl.InMemoryKeystoreCertChainValidator
All Implemented Interfaces:
X509CertChainValidator, X509CertChainValidatorExt

public class InMemoryKeystoreCertChainValidator
extends PlainCRLValidator

The certificate validator which uses Java KeyStore as a truststore. This class is similar to KeystoreCertChainValidator but uses a keystore which was already loaded. Refreshing of the truststore is not supported.

The CRLs (Certificate Revocation Lists, if their handling is turned on) can be obtained from two sources: CA certificate extension defining CRL URL and additional list of URLs manually set by the class user. As an additional feature one may provide a simple paths to a local files, using wildcards. All files matching a wildcard are used.

This class is thread-safe.

Author:
K. Benedyczak
See Also:
X509CertChainValidator, KeystoreCertChainValidator

Field Summary
protected  JDKInMemoryTrustAnchorStore store
           
 
Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
crlStoreImpl, revocationParameters, timer
 
Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
disposed, listeners, observers, validator
 
Constructor Summary
InMemoryKeystoreCertChainValidator(KeyStore keystore)
          Constructs a new validator instance with default additional settings (see ValidatorParamsExt.ValidatorParamsExt()).
InMemoryKeystoreCertChainValidator(KeyStore keystore, ValidatorParamsExt params)
          Constructs a new validator instance.
 
Method Summary
 KeyStore getTruststore()
          Returns the current trust store.
 void setTruststore(KeyStore ks)
          Changes the current trust store.
 
Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
createCRLStore, dispose, getCrls, getCRLUpdateInterval, getRevocationParameters, setCrls, setCRLUpdateInterval
 
Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
addUpdateListener, addValidationListener, getProxySupport, getRevocationCheckingMode, getTrustedIssuers, init, notifyListeners, processErrorList, removeUpdateListener, removeValidationListener, validate, validate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

store

protected JDKInMemoryTrustAnchorStore store
Constructor Detail

InMemoryKeystoreCertChainValidator

public InMemoryKeystoreCertChainValidator(KeyStore keystore,
                                          ValidatorParamsExt params)
                                   throws IOException,
                                          KeyStoreException
Constructs a new validator instance. CRLs (Certificate Revocation Lists) are taken from the trusted CAs certificate extension and downloaded, unless CRL checking is disabled. Additional CRLs may be provided explicitly using the constructor argument. Such additional CRLs are preferred to the ones defined by the CA extensions.

Parameters:
keystore - truststore to use
params - common validator settings (revocation, initial listeners, proxy support, ...)
Throws:
IOException - if the truststore can not be read
KeyStoreException - if the truststore can not be parsed or if password is incorrect.

InMemoryKeystoreCertChainValidator

public InMemoryKeystoreCertChainValidator(KeyStore keystore)
                                   throws IOException,
                                          KeyStoreException
Constructs a new validator instance with default additional settings (see ValidatorParamsExt.ValidatorParamsExt()).

Parameters:
keystore - truststore to use
Throws:
IOException - if the truststore can not be read
KeyStoreException - if the truststore can not be parsed or if password is incorrect.
Method Detail

getTruststore

public KeyStore getTruststore()
Returns the current trust store. Note that modifying this keystore won't have any impact on the validation.

Returns:
the KeyStore used as a trust store

setTruststore

public void setTruststore(KeyStore ks)
                   throws KeyStoreException
Changes the current trust store.

Throws:
KeyStoreException


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.