Package se.swedenconnect.sigval.cert.chain.impl

Class CertificatePathValidator

java.lang.Object

se.swedenconnect.sigval.cert.chain.AbstractPathValidator

se.swedenconnect.sigval.cert.chain.impl.CertificatePathValidator

All Implemented Interfaces:

PropertyChangeListener, Runnable, EventListener, CertificateValidityCheckerFactory

public class CertificatePathValidator
extends AbstractPathValidator
implements PropertyChangeListener, CertificateValidityCheckerFactory

Certificate path validator implementation. This path validator can be executed as a runnable object in a designated Thread The result is delivered to the callback function of any registered PropertyChange listeners. Alternatively, path validation can be executed by calling the validateCertificatePath() function.

The option to set the boolean singleThreaded applies only to underlying validity checks and has nothing to do with whether this path validator itself is executed as a runnable or as a direct function call.

Author:

Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

Field Summary

Fields

Modifier and Type	Field	Description
protected PKIXCertPathBuilderResult	certPathBuilderResult	The result of certificate path building and PKIX path validation except revocation checking
protected static final PathBuilder	PATH_BUILDER
protected List<X509Certificate>	pathBuilderCertPath	The Certificate path starting with the target certificate first and ending with the trust anchor certificate
protected boolean	singleThreaded	Force the underlying validation operations to be performed in a single thread.
protected List<ValidationStatus>	validationStatusList	Result list of certificate status checks

Fields inherited from class se.swedenconnect.sigval.cert.chain.AbstractPathValidator

certificateValidityCheckerFactory, certStore, chain, crlCache, DEFAULT_EVENT_ID, pathBuilder, targetCert, trustAnchors

Constructor Summary

Constructors

Constructor	Description
CertificatePathValidator(X509Certificate targetCert, List<X509Certificate> chain, List<TrustAnchor> trustAnchors, CertStore certStore, CRLCache crlCache, PropertyChangeListener... propertyChangeListeners)	Constructs the chain validator

Method Summary

Modifier and Type	Method	Description
CertificateValidityChecker	getCertificateValidityChecker(X509Certificate certificate, X509Certificate issuer, CRLCache crlCache, PropertyChangeListener... propertyChangeListeners)
void	propertyChange(PropertyChangeEvent evt)	Callback function to collect validation results from validation threads
PathValidationResult	validateCertificatePath()	Validates a certificate path

Methods inherited from class se.swedenconnect.sigval.cert.chain.AbstractPathValidator

run

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

PATH_BUILDER

protected static final PathBuilder PATH_BUILDER

singleThreaded

protected boolean singleThreaded

Force the underlying validation operations to be performed in a single thread.

validationStatusList

protected List<ValidationStatus> validationStatusList

Result list of certificate status checks

certPathBuilderResult

protected PKIXCertPathBuilderResult certPathBuilderResult

The result of certificate path building and PKIX path validation except revocation checking

pathBuilderCertPath

protected List<X509Certificate> pathBuilderCertPath

The Certificate path starting with the target certificate first and ending with the trust anchor certificate

Constructor Details

CertificatePathValidator

public CertificatePathValidator(X509Certificate targetCert,
 List<X509Certificate> chain,
 List<TrustAnchor> trustAnchors,
 CertStore certStore,
 CRLCache crlCache,
 PropertyChangeListener... propertyChangeListeners)

Constructs the chain validator

Parameters:

targetCert - the certificate being validated

chain - the supporting chain of certificates which may include the target certificate and root certificates

trustAnchors - a list of trust anchors that must be used to terminate the validated chain

certStore - certificate store providing complementary intermediary certificates

crlCache - CRL cache providing access to certificate revocation lists

propertyChangeListeners - listeners that are notified when the validation process is complete

Method Details

validateCertificatePath

public PathValidationResult validateCertificatePath()
                                             throws ExtendedCertPathValidatorException

Description copied from class: AbstractPathValidator

Validates a certificate path

Specified by:

validateCertificatePath in class AbstractPathValidator

Returns:

PathValidationResult

Throws:

ExtendedCertPathValidatorException - errors encountered while validation certificate path

getCertificateValidityChecker

public CertificateValidityChecker getCertificateValidityChecker(X509Certificate certificate,
 X509Certificate issuer,
 CRLCache crlCache,
 PropertyChangeListener... propertyChangeListeners)

Specified by:

getCertificateValidityChecker in interface CertificateValidityCheckerFactory

propertyChange

public void propertyChange(PropertyChangeEvent evt)

Callback function to collect validation results from validation threads

Specified by:

propertyChange in interface PropertyChangeListener

Parameters:

evt - event holding validation result data