Package org.italiangrid.voms.util

Class CertificateValidatorBuilder

java.lang.Object
org.italiangrid.voms.util.CertificateValidatorBuilder
public class CertificateValidatorBuilder extends Object
A utility class which provides convenient methods to build a certificate validator with defaults that are meaningful for VOMS usage.

  • Field Details

    • DEFAULT_OPENSSL_HASH_FUNCTION

      public static final CertificateValidatorBuilder.OpensslHashFunction DEFAULT_OPENSSL_HASH_FUNCTION
      The default Openssl hash function value. MD5 is chosen to ensure compatibility with Openssl pre 1.0 deployments.

    • DEFAULT_CRL_CHECKS

      public static final eu.emi.security.authn.x509.CrlCheckingMode DEFAULT_CRL_CHECKS
      The default CRL checking policy.

    • DEFAULT_OCSP_CHECKS

      public static final eu.emi.security.authn.x509.OCSPCheckingMode DEFAULT_OCSP_CHECKS
      The default OCSP checking policy.

    • DEFAULT_NS_CHECKS

      public static final eu.emi.security.authn.x509.NamespaceCheckingMode DEFAULT_NS_CHECKS
      The default namespace checking policy.

    • DEFAULT_TRUST_ANCHORS_DIR

      public static final String DEFAULT_TRUST_ANCHORS_DIR
      The default trust anchors directory.
      See Also:

    • DEFAULT_VALIDATOR_IS_LAZY

      public static final Boolean DEFAULT_VALIDATOR_IS_LAZY
      By default this builder builds non-lazy validators

    • DEFAULT_TRUST_ANCHORS_UPDATE_INTERVAL

      public static final long DEFAULT_TRUST_ANCHORS_UPDATE_INTERVAL
      Default validator trust anchor update interval.
      See Also:

    • trustAnchorsDir

      private String trustAnchorsDir

    • validationErrorListener

      private eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener

    • storeUpdateListener

      private eu.emi.security.authn.x509.StoreUpdateListener storeUpdateListener

    • trustAnchorsUpdateInterval

      private long trustAnchorsUpdateInterval

    • lazyAnchorsLoading

      private boolean lazyAnchorsLoading

    • namespaceChecks

      private eu.emi.security.authn.x509.NamespaceCheckingMode namespaceChecks

    • crlChecks

      private eu.emi.security.authn.x509.CrlCheckingMode crlChecks

    • ocspChecks

      private eu.emi.security.authn.x509.OCSPCheckingMode ocspChecks

    • opensslHashFunction

      private CertificateValidatorBuilder.OpensslHashFunction opensslHashFunction

  • Constructor Details

    • CertificateValidatorBuilder

      public CertificateValidatorBuilder()

  • Method Details

    • opensslHashFunction

      public CertificateValidatorBuilder opensslHashFunction(CertificateValidatorBuilder.OpensslHashFunction f)
      Sets the openssl hash function for this builder
      Parameters:
      f - the CertificateValidatorBuilder.OpensslHashFunction
      Returns:
      the builder object

    • storeUpdateListener

      public CertificateValidatorBuilder storeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener l)
      Sets the store update listener for this builder
      Parameters:
      l - the StoreUpdateListener
      Returns:
      the builder object

    • trustAnchorsDir

      public CertificateValidatorBuilder trustAnchorsDir(String dir)
      Sets the trust anchors dir for this builder
      Parameters:
      dir - the trust anchors directory
      Returns:
      the builder object

    • validationErrorListener

      public CertificateValidatorBuilder validationErrorListener(eu.emi.security.authn.x509.ValidationErrorListener l)
      Sets the validation error listener for this builder
      Parameters:
      l - the ValidationErrorListener
      Returns:
      the builder object

    • trustAnchorsUpdateInterval

      public CertificateValidatorBuilder trustAnchorsUpdateInterval(long interval)
      Sets the trust anchors update interval for this builder
      Parameters:
      interval - the update interval
      Returns:
      the builder object

    • lazyAnchorsLoading

      public CertificateValidatorBuilder lazyAnchorsLoading(boolean lazyness)
      Sets whether the created validator will be lazy in loading anchors
      Parameters:
      lazyness - the boolean flag that determines if the validator will be lazy in loading trust anchors
      Returns:
      the builder object

    • namespaceChecks

      public CertificateValidatorBuilder namespaceChecks(eu.emi.security.authn.x509.NamespaceCheckingMode nsChecks)
      Sets the namespace checking mode for this builder
      Parameters:
      nsChecks - the NamespaceCheckingMode
      Returns:
      the builder object

    • crlChecks

      public CertificateValidatorBuilder crlChecks(eu.emi.security.authn.x509.CrlCheckingMode crl)
      Sets the crl checking mode for this builder
      Parameters:
      crl - the CrlCheckingMode
      Returns:
      the builder object

    • ocspChecks

      public CertificateValidatorBuilder ocspChecks(eu.emi.security.authn.x509.OCSPCheckingMode ocsp)
      Sets the ocsp checking mode for this builder
      Parameters:
      ocsp - the OCSPCheckingMode
      Returns:
      the builder object

    • build

      public eu.emi.security.authn.x509.X509CertChainValidatorExt build()
      Builds an OpensslCertChainValidator according to the parameters set for this builder
      Returns:
      the X509CertChainValidatorExt

    • buildCertificateValidator

      public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator(String trustAnchorsDir, eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener, eu.emi.security.authn.x509.StoreUpdateListener storeUpdateListener, long updateInterval, eu.emi.security.authn.x509.NamespaceCheckingMode namespaceChecks, eu.emi.security.authn.x509.CrlCheckingMode crlChecks, eu.emi.security.authn.x509.OCSPCheckingMode ocspChecks)
      Builds an Openssl-style certificate validator configured as specified in the parameters
      Parameters:
      trustAnchorsDir - the directory where trust anchors are loaded from
      validationErrorListener - the listener that will receive notification about validation errors
      storeUpdateListener - the listener that will receive notifications about trust store update events
      updateInterval - the trust anchor store update interval
      namespaceChecks - the namespace checking policy
      crlChecks - the crl checking policy
      ocspChecks - the ocsp checking policy
      Returns:
      an Openssl-style certificate validator configured as specified in the parameters

    • buildCertificateValidator

      @Deprecated public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator(String trustAnchorsDir, eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener, eu.emi.security.authn.x509.StoreUpdateListener storeUpdateListener, long updateInterval, eu.emi.security.authn.x509.NamespaceCheckingMode namespaceChecks, eu.emi.security.authn.x509.CrlCheckingMode crlChecks, eu.emi.security.authn.x509.OCSPCheckingMode ocspChecks, boolean lazy)
      Deprecated.
      Create a CertificateValidatorBuilder object instead.
      Builds an Openssl-style certificate validator configured as specified in the parameters
      Parameters:
      trustAnchorsDir - the directory where trust anchors are loaded from
      validationErrorListener - the listener that will receive notification about validation errors
      storeUpdateListener - the listener that will receive notifications about trust store update events
      updateInterval - the trust anchor store update interval
      namespaceChecks - the namespace checking policy
      crlChecks - the crl checking policy
      ocspChecks - the ocsp checking policy
      lazy - whether the validator should be lazy in loading crls and certificates
      Returns:
      an Openssl-style certificate validator configured as specified in the parameters

    • buildCertificateValidator

      @Deprecated public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator(String trustAnchorsDir, eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener)
      Deprecated.
      Create a CertificateValidatorBuilder object instead.
      Builds an Openssl-style certificate validator configured as specified in the parameters
      Parameters:
      trustAnchorsDir - the directory where trust anchors are loaded from
      validationErrorListener - the listener that will receive notification about validation errors
      Returns:
      an Openssl-style certificate validator configured as specified in the parameters

    • buildCertificateValidator

      @Deprecated public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator(String trustAnchorsDir, eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener, eu.emi.security.authn.x509.StoreUpdateListener storeListener)
      Deprecated.
      Create a CertificateValidatorBuilder object instead.
      Builds an Openssl-style certificate validator configured as specified in the parameters
      Parameters:
      trustAnchorsDir - the directory where trust anchors are loaded from
      validationErrorListener - the listener that will receive notification about validation errors
      storeListener - the listener that will be informed of trust store load errors
      Returns:
      an Openssl-style certificate validator configured as specified in the parameters

    • buildCertificateValidator

      @Deprecated public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator(String trustAnchorsDir, eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener, eu.emi.security.authn.x509.StoreUpdateListener storeListener, long updateInterval, boolean lazy)
      Deprecated.
      Create a CertificateValidatorBuilder object instead.
      Builds an Openssl-style certificate validator configured as specified in the parameters
      Parameters:
      trustAnchorsDir - the directory where trust anchors are loaded from
      validationErrorListener - the listener that will receive notification about validation errors
      storeListener - the listener that will be informed of trust store load errors
      updateInterval - the trust anchor store update interval
      lazy - whether the certificate validator should be lazy in loading crls and CAs
      Returns:
      an Openssl-style certificate validator configured as specified in the parameters

    • buildCertificateValidator

      @Deprecated public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator(String trustAnchorsDir, eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener, eu.emi.security.authn.x509.StoreUpdateListener storeListener, long updateInterval)
      Deprecated.
      Create a CertificateValidatorBuilder object instead.
      Builds an Openssl-style certificate validator configured as specified in the parameters
      Parameters:
      trustAnchorsDir - the directory where trust anchors are loaded from
      validationErrorListener - the listener that will receive notification about validation errors
      storeListener - the listener that will be informed of trust store load errors
      updateInterval - the trust anchor store update interval
      Returns:
      an Openssl-style certificate validator configured as specified in the parameters

    • buildCertificateValidator

      @Deprecated public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator(String trustAnchorsDir, eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener, long updateInterval, boolean lazy)
      Deprecated.
      Create a CertificateValidatorBuilder object instead.
      Builds an Openssl-style certificate validator configured as specified in the parameters
      Parameters:
      trustAnchorsDir - the directory where trust anchors are loaded from
      validationErrorListener - the listener that will receive notification about validation errors
      updateInterval - the trust anchor store update interval
      lazy - whether the certificate validator should be lazy in loading crls and CAs
      Returns:
      an Openssl-style certificate validator configured as specified in the parameters

    • buildCertificateValidator

      @Deprecated public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator(String trustAnchorsDir, eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener, long updateInterval)
      Deprecated.
      Create a CertificateValidatorBuilder object instead.
      Builds an Openssl-style certificate validator configured as specified in the parameters
      Parameters:
      trustAnchorsDir - the directory where trust anchors are loaded from
      validationErrorListener - the listener that will receive notification about validation errors
      updateInterval - the trust anchor store update interval
      Returns:
      an Openssl-style certificate validator configured as specified in the parameters

    • buildCertificateValidator

      @Deprecated public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator(String trustAnchorsDir)
      Deprecated.
      Create a CertificateValidatorBuilder object instead.
      Builds an Openssl-style certificate validator configured as specified in the parameters
      Parameters:
      trustAnchorsDir - the directory where trust anchors are loaded from
      Returns:
      an Openssl-style certificate validator configured as specified in the parameters

    • buildCertificateValidator

      @Deprecated public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator()
      Deprecated.
      Create a CertificateValidatorBuilder object instead.
      Builds an Openssl-style certificate validator.
      Returns:
      an Openssl-style certificate validator configured as specified in the parameters