public class CertPathPKIXTrustEvaluator extends Object implements PKIXTrustEvaluator
PKIXTrustEvaluator
that is based on the Java CertPath API.Constructor and Description |
---|
CertPathPKIXTrustEvaluator()
Constructor.
|
CertPathPKIXTrustEvaluator(PKIXValidationOptions newOptions)
Constructor.
|
Modifier and Type | Method and Description |
---|---|
protected void |
addCRLsToStoreMaterial(List<Object> storeMaterial,
Collection<X509CRL> crls,
Date now)
Add CRL's from the specified collection to the list of certs and CRL's being collected
for the CertStore.
|
protected CertStore |
buildCertStore(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Creates the certificate store that will be used during validation.
|
protected TrustAnchor |
buildTrustAnchor(X509Certificate cert)
Build a trust anchor from the given X509 certificate.
|
protected Integer |
getEffectiveVerificationDepth(PKIXValidationInformation validationInfo)
Get the effective maximum path depth to use when constructing PKIX cert path builder parameters.
|
protected PKIXBuilderParameters |
getPKIXBuilderParameters(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Creates the set of PKIX builder parameters to use when building the cert path builder.
|
PKIXValidationOptions |
getPKIXValidationOptions()
Get the
PKIXValidationOptions instance that is in use. |
protected Set<TrustAnchor> |
getTrustAnchors(PKIXValidationInformation validationInfo)
Creates the collection of trust anchors to use during validation.
|
X500DNHandler |
getX500DNHandler()
Get the handler which process X.500 distinguished names.
|
void |
setPKIXValidationOptions(PKIXValidationOptions newOptions)
Set the desired PKIX validation options set.
|
void |
setX500DNHandler(X500DNHandler handler)
Set the handler which process X.500 distinguished names.
|
protected boolean |
storeContainsCRLs(CertStore certStore)
Determine whether there are any CRL's in the
CertStore that is to be used. |
boolean |
validate(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Validate the specified credential against the specified set of trusted validation information.
|
public CertPathPKIXTrustEvaluator()
public CertPathPKIXTrustEvaluator(PKIXValidationOptions newOptions)
newOptions
- PKIX validation optionspublic PKIXValidationOptions getPKIXValidationOptions()
PKIXValidationOptions
instance that is in use.getPKIXValidationOptions
in interface PKIXTrustEvaluator
public void setPKIXValidationOptions(PKIXValidationOptions newOptions)
newOptions
- the new set of optionspublic X500DNHandler getX500DNHandler()
InternalX500DNHandler
.public void setX500DNHandler(X500DNHandler handler)
InternalX500DNHandler
.handler
- the new X500DNHandler instancepublic boolean validate(PKIXValidationInformation validationInfo, X509Credential untrustedCredential) throws SecurityException
validate
in interface PKIXTrustEvaluator
validationInfo
- the set of trusted validation informationuntrustedCredential
- the credential being evaluatedSecurityException
- thrown if there is an error evaluating the credentialprotected PKIXBuilderParameters getPKIXBuilderParameters(PKIXValidationInformation validationInfo, X509Credential untrustedCredential) throws GeneralSecurityException
validationInfo
- PKIX validation informationuntrustedCredential
- credential to be validatedGeneralSecurityException
- thrown if the parameters can not be createdprotected boolean storeContainsCRLs(CertStore certStore)
CertStore
that is to be used.certStore
- the cert store that will be used for validationprotected Integer getEffectiveVerificationDepth(PKIXValidationInformation validationInfo)
validationInfo
- PKIX validation informationprotected Set<TrustAnchor> getTrustAnchors(PKIXValidationInformation validationInfo)
validationInfo
- PKIX validation informationprotected TrustAnchor buildTrustAnchor(X509Certificate cert)
cert
- the certificate which serves as the trust anchorprotected CertStore buildCertStore(PKIXValidationInformation validationInfo, X509Credential untrustedCredential) throws GeneralSecurityException
validationInfo
- PKIX validation informationuntrustedCredential
- credential to be validatedGeneralSecurityException
- thrown if the certificate store can not be created from the cert and CRL
materialprotected void addCRLsToStoreMaterial(List<Object> storeMaterial, Collection<X509CRL> crls, Date now)
storeMaterial
- list of certs and CRL's to be updated.crls
- collection of CRL's to be processednow
- current date/timeCopyright © 2018 JBoss by Red Hat. All rights reserved.