eu.emi.security.authn.x509.impl

Class KeystoreCertChainValidator

java.lang.Object

eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator

eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator

eu.emi.security.authn.x509.impl.KeystoreCertChainValidator

All Implemented Interfaces:

X509CertChainValidator, X509CertChainValidatorExt

public class KeystoreCertChainValidator
extends PlainCRLValidator

The certificate validator which uses Java KeyStore as a truststore.

The CRLs (Certificate Revocation Lists, if their handling is turned on) can be obtained from two sources: CA certificate extension defining CRL URL and additional list of URLs manually set by the class user. As an additional feature one may provide a simple paths to a local files, using wildcards. All files matching a wildcard are used.

This class is thread-safe.

See Also:

X509CertChainValidator

Field Summary

Fields

Modifier and Type	Field and Description
private JDKFSTrustAnchorStore	store

Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator

crlStoreImpl, revocationParameters, timer

Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator

disposed, listeners, observers, validator

Constructor Summary

Constructors

Constructor and Description
KeystoreCertChainValidator(java.lang.String truststorePath, char[] password, java.lang.String type, long truststoreUpdateInterval) Constructs a new validator instance with default additional settings (see ValidatorParamsExt.ValidatorParamsExt()).
KeystoreCertChainValidator(java.lang.String truststorePath, char[] password, java.lang.String type, long truststoreUpdateInterval, ValidatorParamsExt params) Constructs a new validator instance.

Method Summary

Modifier and Type	Method and Description
java.lang.String	getTruststorePath() Returns the current truststore path
long	getTruststoreUpdateInterval() Returns the interval between subsequent checks of the truststore file.
void	setTruststoreUpdateInterval(long updateInterval) Sets a new interval between subsequent checks of the truststore file.

Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator

createCRLStore, dispose, getCrls, getCRLUpdateInterval, getRevocationParameters, setCrls, setCRLUpdateInterval

Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator

addUpdateListener, addValidationListener, getProxySupport, getRevocationCheckingMode, getTrustedIssuers, init, isDisposed, notifyListeners, processErrorList, removeUpdateListener, removeValidationListener, validate, validate, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

store

private JDKFSTrustAnchorStore store

Constructor Detail

KeystoreCertChainValidator

public KeystoreCertChainValidator(java.lang.String truststorePath,
                                  char[] password,
                                  java.lang.String type,
                                  long truststoreUpdateInterval,
                                  ValidatorParamsExt params)
                           throws java.io.IOException,
                                  java.security.KeyStoreException

Constructs a new validator instance. CRLs (Certificate Revocation Lists) are taken from the trusted CAs certificate extension and downloaded, unless CRL checking is disabled. Additional CRLs may be provided manually with the CRLParams argument. Those CRLs will take precedence over CRLs from CA certificate extension.

Parameters:

truststorePath - truststore path

password - truststore password

type - truststore type (JKS or PKCS12)

truststoreUpdateInterval - how often (in ms) the truststore file should be checked for updates. The file is reloaded only if its modification timestamp has changed.

params - common validator settings (revocation, initial listeners, proxy support, ...)

Throws:

java.io.IOException - if the truststore can not be read

java.security.KeyStoreException - if the truststore can not be parsed or if password is incorrect.

KeystoreCertChainValidator

public KeystoreCertChainValidator(java.lang.String truststorePath,
                                  char[] password,
                                  java.lang.String type,
                                  long truststoreUpdateInterval)
                           throws java.io.IOException,
                                  java.security.KeyStoreException

Constructs a new validator instance with default additional settings (see ValidatorParamsExt.ValidatorParamsExt()).

Parameters:

truststorePath - truststore path

password - truststore password

type - truststore type (JKS or PKCS12)

truststoreUpdateInterval - how often (in ms) the truststore file should be checked for updates. The file is reloaded only if its modification timestamp has changed.

Throws:

java.io.IOException - if the truststore can not be read

java.security.KeyStoreException - if the truststore can not be parsed or if password is incorrect.

Method Detail

getTruststoreUpdateInterval

public long getTruststoreUpdateInterval()

Returns the interval between subsequent checks of the truststore file. Note that the file is actually reread only if its modification time has changed.

Returns:

the current refresh interval in milliseconds

setTruststoreUpdateInterval

public void setTruststoreUpdateInterval(long updateInterval)

Sets a new interval between subsequent checks of the truststore file. Note that the file is actually reread only if its modification time has changed.

Parameters:

updateInterval - the new interval to be set in milliseconds

getTruststorePath

public java.lang.String getTruststorePath()

Returns the current truststore path

Returns:

the path