public abstract class AbstractValidator extends Object implements X509CertChainValidatorExt
X509CertChainValidator
.
It is configured with CertStore
providing CRLs and TrustAnchorStore
providing trusted CAs. The implementation validates certificates using
the BCCertPathValidator
.
This class is thread safe and its extensions should also guarantee this.
Modifier and Type | Field and Description |
---|---|
protected boolean |
disposed |
protected Set<ValidationErrorListener> |
listeners |
protected ObserversHandler |
observers |
protected BCCertPathValidator |
validator |
Constructor and Description |
---|
AbstractValidator(Collection<? extends StoreUpdateListener> initialListeners)
Default constructor is available, the subclass must initialize the parent
with the init() method.
|
Modifier and Type | Method and Description |
---|---|
void |
addUpdateListener(StoreUpdateListener listener)
Registers a listener which can react to errors found during refreshing
of the trust material: trusted CAs or CRLs.
|
void |
addValidationListener(ValidationErrorListener listener)
Registers a listener which can react to errors found during certificate
validation.
|
void |
dispose()
Disposes resources used by this Validator, like threads.
|
ProxySupport |
getProxySupport()
Returns whether this validator supports proxy certificates.
|
RevocationParameters |
getRevocationCheckingMode()
Gets the current revocation checking mode.
|
X509Certificate[] |
getTrustedIssuers()
Returns a list of trusted issuers of certificates.
|
protected void |
init(TrustAnchorStore caStore,
AbstractCRLStoreSPI crlStore,
ProxySupport proxySupport,
RevocationParameters revocationCheckingMode)
Use this method to initialize the parent from the extension class, if not using
the non-default constructor.
|
protected boolean |
notifyListeners(ValidationError error)
Notifies all registered listeners.
|
protected void |
processErrorList(List<ValidationError> errors) |
void |
removeUpdateListener(StoreUpdateListener listener)
Unregisters a previously registered CA or CRL update listener.
|
void |
removeValidationListener(ValidationErrorListener listener)
Unregisters a previously registered validation listener.
|
ValidationResult |
validate(CertPath certPath)
Performs validation of a provided certificate path.
|
ValidationResult |
validate(X509Certificate[] certChain)
Performs validation of a provided certificate chain.
|
protected ValidationResult |
validate(X509Certificate[] certChain,
Set<TrustAnchor> anchors) |
protected Set<ValidationErrorListener> listeners
protected final ObserversHandler observers
protected BCCertPathValidator validator
protected boolean disposed
public AbstractValidator(Collection<? extends StoreUpdateListener> initialListeners)
This is not a cleanest design possible but it is required as arguments to the init() method require some code to be created in subclasses. Therefore we have a trade off: a bit unclean design inside the library and a clean external API without factory methods.
initialListeners
- initial listenersprotected void init(TrustAnchorStore caStore, AbstractCRLStoreSPI crlStore, ProxySupport proxySupport, RevocationParameters revocationCheckingMode)
caStore
- CA storecrlStore
- CRL storeproxySupport
- proxy supportrevocationCheckingMode
- revocation checking modepublic ValidationResult validate(CertPath certPath)
validate
in interface X509CertChainValidator
certPath
- to be validatedpublic ValidationResult validate(X509Certificate[] certChain)
validate
in interface X509CertChainValidator
certChain
- to be validatedprotected ValidationResult validate(X509Certificate[] certChain, Set<TrustAnchor> anchors)
protected void processErrorList(List<ValidationError> errors)
public X509Certificate[] getTrustedIssuers()
getTrustedIssuers
in interface X509CertChainValidator
protected boolean notifyListeners(ValidationError error)
error
- validation errorpublic void addValidationListener(ValidationErrorListener listener)
ValidationError
, not the exception.addValidationListener
in interface X509CertChainValidator
listener
- to be registeredpublic void removeValidationListener(ValidationErrorListener listener)
removeValidationListener
in interface X509CertChainValidator
listener
- to be unregisteredpublic ProxySupport getProxySupport()
getProxySupport
in interface X509CertChainValidatorExt
public RevocationParameters getRevocationCheckingMode()
getRevocationCheckingMode
in interface X509CertChainValidatorExt
public void dispose()
dispose
in interface X509CertChainValidatorExt
public void addUpdateListener(StoreUpdateListener listener)
addUpdateListener
in interface X509CertChainValidator
listener
- to be registeredpublic void removeUpdateListener(StoreUpdateListener listener)
removeUpdateListener
in interface X509CertChainValidator
listener
- to be unregisteredCopyright © 2012–2015 European Middleware Initiative. All rights reserved.