eu.emi.security.authn.x509
Interface X509CertChainValidator

All Known Subinterfaces:
X509CertChainValidatorExt
All Known Implementing Classes:
AbstractValidator, BinaryCertChainValidator, DirectoryCertChainValidator, InMemoryKeystoreCertChainValidator, KeystoreCertChainValidator, OpensslCertChainValidator, PlainCRLValidator

public interface X509CertChainValidator

Implementations are used to perform a manual certificate chain validation. Implementations shall reuse as many of existing CertificateChecker implementations as possible. Implementations must be thread safe.

Author:
K. Benedyczak
See Also:
ValidationResult

Method Summary
 void addUpdateListener(StoreUpdateListener listener)
          Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs.
 void addValidationListener(ValidationErrorListener listener)
          Registers a listener which can react to errors found during certificate validation.
 X509Certificate[] getTrustedIssuers()
          Returns a list of trusted issuers of certificates.
 void removeUpdateListener(StoreUpdateListener listener)
          Unregisters a previously registered CA or CRL update listener.
 void removeValidationListener(ValidationErrorListener listener)
          Unregisters a previously registered validation listener.
 ValidationResult validate(CertPath certPath)
          Performs validation of a provided certificate path.
 ValidationResult validate(X509Certificate[] certChain)
          Performs validation of a provided certificate chain.
 

Method Detail

validate

ValidationResult validate(CertPath certPath)
Performs validation of a provided certificate path.

Parameters:
certPath - to be validated
Returns:
result of validation

validate

ValidationResult validate(X509Certificate[] certChain)
Performs validation of a provided certificate chain.

Parameters:
certChain - to be validated
Returns:
result of validation

getTrustedIssuers

X509Certificate[] getTrustedIssuers()
Returns a list of trusted issuers of certificates.

Returns:
array containing trusted issuers' certificates

addValidationListener

void addValidationListener(ValidationErrorListener listener)
Registers a listener which can react to errors found during certificate validation. It is useful in two cases: (rarely) if you want to change the default logic of the validator and if you will use the validator indirectly (e.g. to validate SSL socket connections) and want to get the original ValidationError, not the exception.

Parameters:
listener - to be registered

removeValidationListener

void removeValidationListener(ValidationErrorListener listener)
Unregisters a previously registered validation listener. If the listener was not registered then the method does nothing.

Parameters:
listener - to be unregistered

addUpdateListener

void addUpdateListener(StoreUpdateListener listener)
Registers a listener which can react to errors found during refreshing of the trust material: trusted CAs or CRLs. This method is useful only if the implementation supports updating of CAs or CRLs, otherwise the listener will not be invoked.

Parameters:
listener - to be registered

removeUpdateListener

void removeUpdateListener(StoreUpdateListener listener)
Unregisters a previously registered CA or CRL update listener. If the listener was not registered then the method does nothing.

Parameters:
listener - to be unregistered


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.