Package org.italiangrid.voms.util

Class CertificateValidatorBuilder

  • public class CertificateValidatorBuilder
extends java.lang.Object
    A utility class which provides convenient methods to build a certificate validator with defaults that are meaningful for VOMS usage.

    • Field Detail

      • DEFAULT_OPENSSL_HASH_FUNCTION

        public static final CertificateValidatorBuilder.OpensslHashFunction DEFAULT_OPENSSL_HASH_FUNCTION
        The default Openssl hash function value. MD5 is chosen to ensure compatibility with Openssl pre 1.0 deployments.

      • DEFAULT_CRL_CHECKS

        public static final eu.emi.security.authn.x509.CrlCheckingMode DEFAULT_CRL_CHECKS
        The default CRL checking policy.

      • DEFAULT_OCSP_CHECKS

        public static final eu.emi.security.authn.x509.OCSPCheckingMode DEFAULT_OCSP_CHECKS
        The default OCSP checking policy.

      • DEFAULT_NS_CHECKS

        public static final eu.emi.security.authn.x509.NamespaceCheckingMode DEFAULT_NS_CHECKS
        The default namespace checking policy.

      • DEFAULT_TRUST_ANCHORS_DIR

        public static final java.lang.String DEFAULT_TRUST_ANCHORS_DIR
        The default trust anchors directory.
        See Also:
        Constant Field Values

      • DEFAULT_VALIDATOR_IS_LAZY

        public static final java.lang.Boolean DEFAULT_VALIDATOR_IS_LAZY
        By default this builder builds non-lazy validators

      • DEFAULT_TRUST_ANCHORS_UPDATE_INTERVAL

        public static final long DEFAULT_TRUST_ANCHORS_UPDATE_INTERVAL
        Default validator trust anchor update interval.
        See Also:
        Constant Field Values

      • trustAnchorsDir

        private java.lang.String trustAnchorsDir

      • validationErrorListener

        private eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener

      • storeUpdateListener

        private eu.emi.security.authn.x509.StoreUpdateListener storeUpdateListener

      • trustAnchorsUpdateInterval

        private long trustAnchorsUpdateInterval

      • lazyAnchorsLoading

        private boolean lazyAnchorsLoading

      • namespaceChecks

        private eu.emi.security.authn.x509.NamespaceCheckingMode namespaceChecks

      • crlChecks

        private eu.emi.security.authn.x509.CrlCheckingMode crlChecks

      • ocspChecks

        private eu.emi.security.authn.x509.OCSPCheckingMode ocspChecks

    • Constructor Detail

      • CertificateValidatorBuilder

        public CertificateValidatorBuilder()

    • Method Detail

      • storeUpdateListener

        public CertificateValidatorBuilder storeUpdateListener​(eu.emi.security.authn.x509.StoreUpdateListener l)
        Sets the store update listener for this builder
        Parameters:
        l - the StoreUpdateListener
        Returns:
        the builder object

      • trustAnchorsDir

        public CertificateValidatorBuilder trustAnchorsDir​(java.lang.String dir)
        Sets the trust anchors dir for this builder
        Parameters:
        dir - the trust anchors directory
        Returns:
        the builder object

      • validationErrorListener

        public CertificateValidatorBuilder validationErrorListener​(eu.emi.security.authn.x509.ValidationErrorListener l)
        Sets the validation error listener for this builder
        Parameters:
        l - the ValidationErrorListener
        Returns:
        the builder object

      • trustAnchorsUpdateInterval

        public CertificateValidatorBuilder trustAnchorsUpdateInterval​(long interval)
        Sets the trust anchors update interval for this builder
        Parameters:
        interval - the update interval
        Returns:
        the builder object

      • lazyAnchorsLoading

        public CertificateValidatorBuilder lazyAnchorsLoading​(boolean lazyness)
        Sets whether the created validator will be lazy in loading anchors
        Parameters:
        lazyness - the boolean flag that determines if the validator will be lazy in loading trust anchors
        Returns:
        the builder object

      • namespaceChecks

        public CertificateValidatorBuilder namespaceChecks​(eu.emi.security.authn.x509.NamespaceCheckingMode nsChecks)
        Sets the namespace checking mode for this builder
        Parameters:
        nsChecks - the NamespaceCheckingMode
        Returns:
        the builder object

      • crlChecks

        public CertificateValidatorBuilder crlChecks​(eu.emi.security.authn.x509.CrlCheckingMode crl)
        Sets the crl checking mode for this builder
        Parameters:
        crl - the CrlCheckingMode
        Returns:
        the builder object

      • ocspChecks

        public CertificateValidatorBuilder ocspChecks​(eu.emi.security.authn.x509.OCSPCheckingMode ocsp)
        Sets the ocsp checking mode for this builder
        Parameters:
        ocsp - the OCSPCheckingMode
        Returns:
        the builder object

      • build

        public eu.emi.security.authn.x509.X509CertChainValidatorExt build()
        Builds an OpensslCertChainValidator according to the parameters set for this builder
        Returns:
        the X509CertChainValidatorExt

      • buildCertificateValidator

        public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator​(java.lang.String trustAnchorsDir,
                                                                                             eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener,
                                                                                             eu.emi.security.authn.x509.StoreUpdateListener storeUpdateListener,
                                                                                             long updateInterval,
                                                                                             eu.emi.security.authn.x509.NamespaceCheckingMode namespaceChecks,
                                                                                             eu.emi.security.authn.x509.CrlCheckingMode crlChecks,
                                                                                             eu.emi.security.authn.x509.OCSPCheckingMode ocspChecks)
        Builds an Openssl-style certificate validator configured as specified in the parameters
        Parameters:
        trustAnchorsDir - the directory where trust anchors are loaded from
        validationErrorListener - the listener that will receive notification about validation errors
        storeUpdateListener - the listener that will receive notifications about trust store update events
        updateInterval - the trust anchor store update interval
        namespaceChecks - the namespace checking policy
        crlChecks - the crl checking policy
        ocspChecks - the ocsp checking policy
        Returns:
        an Openssl-style certificate validator configured as specified in the parameters

      • buildCertificateValidator

        @Deprecated
public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator​(java.lang.String trustAnchorsDir,
                                                                                             eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener,
                                                                                             eu.emi.security.authn.x509.StoreUpdateListener storeUpdateListener,
                                                                                             long updateInterval,
                                                                                             eu.emi.security.authn.x509.NamespaceCheckingMode namespaceChecks,
                                                                                             eu.emi.security.authn.x509.CrlCheckingMode crlChecks,
                                                                                             eu.emi.security.authn.x509.OCSPCheckingMode ocspChecks,
                                                                                             boolean lazy)
        Deprecated.
        Create a CertificateValidatorBuilder object instead.
        Builds an Openssl-style certificate validator configured as specified in the parameters
        Parameters:
        trustAnchorsDir - the directory where trust anchors are loaded from
        validationErrorListener - the listener that will receive notification about validation errors
        storeUpdateListener - the listener that will receive notifications about trust store update events
        updateInterval - the trust anchor store update interval
        namespaceChecks - the namespace checking policy
        crlChecks - the crl checking policy
        ocspChecks - the ocsp checking policy
        lazy - whether the validator should be lazy in loading crls and certificates
        Returns:
        an Openssl-style certificate validator configured as specified in the parameters

      • buildCertificateValidator

        @Deprecated
public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator​(java.lang.String trustAnchorsDir,
                                                                                             eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener)
        Deprecated.
        Create a CertificateValidatorBuilder object instead.
        Builds an Openssl-style certificate validator configured as specified in the parameters
        Parameters:
        trustAnchorsDir - the directory where trust anchors are loaded from
        validationErrorListener - the listener that will receive notification about validation errors
        Returns:
        an Openssl-style certificate validator configured as specified in the parameters

      • buildCertificateValidator

        @Deprecated
public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator​(java.lang.String trustAnchorsDir,
                                                                                             eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener,
                                                                                             eu.emi.security.authn.x509.StoreUpdateListener storeListener)
        Deprecated.
        Create a CertificateValidatorBuilder object instead.
        Builds an Openssl-style certificate validator configured as specified in the parameters
        Parameters:
        trustAnchorsDir - the directory where trust anchors are loaded from
        validationErrorListener - the listener that will receive notification about validation errors
        storeListener - the listener that will be informed of trust store load errors
        Returns:
        an Openssl-style certificate validator configured as specified in the parameters

      • buildCertificateValidator

        @Deprecated
public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator​(java.lang.String trustAnchorsDir,
                                                                                             eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener,
                                                                                             eu.emi.security.authn.x509.StoreUpdateListener storeListener,
                                                                                             long updateInterval,
                                                                                             boolean lazy)
        Deprecated.
        Create a CertificateValidatorBuilder object instead.
        Builds an Openssl-style certificate validator configured as specified in the parameters
        Parameters:
        trustAnchorsDir - the directory where trust anchors are loaded from
        validationErrorListener - the listener that will receive notification about validation errors
        storeListener - the listener that will be informed of trust store load errors
        updateInterval - the trust anchor store update interval
        lazy - whether the certificate validator should be lazy in loading crls and CAs
        Returns:
        an Openssl-style certificate validator configured as specified in the parameters

      • buildCertificateValidator

        @Deprecated
public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator​(java.lang.String trustAnchorsDir,
                                                                                             eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener,
                                                                                             eu.emi.security.authn.x509.StoreUpdateListener storeListener,
                                                                                             long updateInterval)
        Deprecated.
        Create a CertificateValidatorBuilder object instead.
        Builds an Openssl-style certificate validator configured as specified in the parameters
        Parameters:
        trustAnchorsDir - the directory where trust anchors are loaded from
        validationErrorListener - the listener that will receive notification about validation errors
        storeListener - the listener that will be informed of trust store load errors
        updateInterval - the trust anchor store update interval
        Returns:
        an Openssl-style certificate validator configured as specified in the parameters

      • buildCertificateValidator

        @Deprecated
public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator​(java.lang.String trustAnchorsDir,
                                                                                             eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener,
                                                                                             long updateInterval,
                                                                                             boolean lazy)
        Deprecated.
        Create a CertificateValidatorBuilder object instead.
        Builds an Openssl-style certificate validator configured as specified in the parameters
        Parameters:
        trustAnchorsDir - the directory where trust anchors are loaded from
        validationErrorListener - the listener that will receive notification about validation errors
        updateInterval - the trust anchor store update interval
        lazy - whether the certificate validator should be lazy in loading crls and CAs
        Returns:
        an Openssl-style certificate validator configured as specified in the parameters

      • buildCertificateValidator

        @Deprecated
public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator​(java.lang.String trustAnchorsDir,
                                                                                             eu.emi.security.authn.x509.ValidationErrorListener validationErrorListener,
                                                                                             long updateInterval)
        Deprecated.
        Create a CertificateValidatorBuilder object instead.
        Builds an Openssl-style certificate validator configured as specified in the parameters
        Parameters:
        trustAnchorsDir - the directory where trust anchors are loaded from
        validationErrorListener - the listener that will receive notification about validation errors
        updateInterval - the trust anchor store update interval
        Returns:
        an Openssl-style certificate validator configured as specified in the parameters

      • buildCertificateValidator

        @Deprecated
public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator​(java.lang.String trustAnchorsDir)
        Deprecated.
        Create a CertificateValidatorBuilder object instead.
        Builds an Openssl-style certificate validator configured as specified in the parameters
        Parameters:
        trustAnchorsDir - the directory where trust anchors are loaded from
        Returns:
        an Openssl-style certificate validator configured as specified in the parameters

      • buildCertificateValidator

        @Deprecated
public static eu.emi.security.authn.x509.X509CertChainValidatorExt buildCertificateValidator()
        Deprecated.
        Create a CertificateValidatorBuilder object instead.
        Builds an Openssl-style certificate validator.
        Returns:
        an Openssl-style certificate validator configured as specified in the parameters