|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator
public class CertPathPKIXTrustEvaluator
An implementation of PKIXTrustEvaluator
that is based on the Java CertPath API.
Constructor Summary | |
---|---|
CertPathPKIXTrustEvaluator()
Constructor. |
|
CertPathPKIXTrustEvaluator(PKIXValidationOptions newOptions)
Constructor. |
Method Summary | |
---|---|
protected void |
addCRLsToStoreMaterial(java.util.List<java.lang.Object> storeMaterial,
java.util.Collection<java.security.cert.X509CRL> crls,
java.util.Date now)
Add CRL's from the specified collection to the list of certs and CRL's being collected for the CertStore. |
protected java.security.cert.CertStore |
buildCertStore(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Creates the certificate store that will be used during validation. |
protected java.security.cert.TrustAnchor |
buildTrustAnchor(java.security.cert.X509Certificate cert)
Build a trust anchor from the given X509 certificate. |
protected java.lang.Integer |
getEffectiveVerificationDepth(PKIXValidationInformation validationInfo)
Get the effective maximum path depth to use when constructing PKIX cert path builder parameters. |
protected java.security.cert.PKIXBuilderParameters |
getPKIXBuilderParameters(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Creates the set of PKIX builder parameters to use when building the cert path builder. |
PKIXValidationOptions |
getPKIXValidationOptions()
Get the PKIXValidationOptions instance that is in use. |
protected java.util.Set<java.security.cert.TrustAnchor> |
getTrustAnchors(PKIXValidationInformation validationInfo)
Creates the collection of trust anchors to use during validation. |
X500DNHandler |
getX500DNHandler()
Get the handler which process X.500 distinguished names. |
void |
setX500DNHandler(X500DNHandler handler)
Set the handler which process X.500 distinguished names. |
protected boolean |
storeContainsCRLs(java.security.cert.CertStore certStore)
Determine whether there are any CRL's in the CertStore that is to be used. |
boolean |
validate(PKIXValidationInformation validationInfo,
X509Credential untrustedCredential)
Validate the specified credential against the specified set of trusted validation information. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public CertPathPKIXTrustEvaluator()
public CertPathPKIXTrustEvaluator(PKIXValidationOptions newOptions)
newOptions
- PKIX validation optionsMethod Detail |
---|
public PKIXValidationOptions getPKIXValidationOptions()
PKIXValidationOptions
instance that is in use.
getPKIXValidationOptions
in interface PKIXTrustEvaluator
public X500DNHandler getX500DNHandler()
InternalX500DNHandler
.
public void setX500DNHandler(X500DNHandler handler)
InternalX500DNHandler
.
handler
- the new X500DNHandler instancepublic boolean validate(PKIXValidationInformation validationInfo, X509Credential untrustedCredential) throws SecurityException
validate
in interface PKIXTrustEvaluator
validationInfo
- the set of trusted validation informationuntrustedCredential
- the credential being evaluated
SecurityException
- thrown if there is an error evaluating the credentialprotected java.security.cert.PKIXBuilderParameters getPKIXBuilderParameters(PKIXValidationInformation validationInfo, X509Credential untrustedCredential) throws java.security.GeneralSecurityException
validationInfo
- PKIX validation informationuntrustedCredential
- credential to be validated
java.security.GeneralSecurityException
- thrown if the parameters can not be createdprotected boolean storeContainsCRLs(java.security.cert.CertStore certStore)
CertStore
that is to be used.
certStore
- the cert store that will be used for validation
protected java.lang.Integer getEffectiveVerificationDepth(PKIXValidationInformation validationInfo)
validationInfo
- PKIX validation information
protected java.util.Set<java.security.cert.TrustAnchor> getTrustAnchors(PKIXValidationInformation validationInfo)
validationInfo
- PKIX validation information
protected java.security.cert.TrustAnchor buildTrustAnchor(java.security.cert.X509Certificate cert)
cert
- the certificate which serves as the trust anchor
protected java.security.cert.CertStore buildCertStore(PKIXValidationInformation validationInfo, X509Credential untrustedCredential) throws java.security.GeneralSecurityException
validationInfo
- PKIX validation informationuntrustedCredential
- credential to be validated
java.security.GeneralSecurityException
- thrown if the certificate store can not be created from the cert and CRL
materialprotected void addCRLsToStoreMaterial(java.util.List<java.lang.Object> storeMaterial, java.util.Collection<java.security.cert.X509CRL> crls, java.util.Date now)
storeMaterial
- list of certs and CRL's to be updated.crls
- collection of CRL's to be processednow
- current date/time
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |