Package org.keycloak.authentication.authenticators.x509

Class CertificateValidator

java.lang.Object

org.keycloak.authentication.authenticators.x509.CertificateValidator

public class CertificateValidator
extends Object

Version:

$Revision: 1 $

Author:

Peter Nalyvayko

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	CertificateValidator.BouncyCastleOCSPChecker
static class	CertificateValidator.CertificateValidatorBuilder	Configure Certificate validation
static class	CertificateValidator.CRLFileLoader
static class	CertificateValidator.CRLListLoader
static class	CertificateValidator.CRLLoaderImpl
static class	CertificateValidator.CRLLoaderProxy
static class	CertificateValidator.LdapContext
static class	CertificateValidator.OCSPChecker

Constructor Summary

Constructors

Modifier	Constructor	Description
	CertificateValidator()
protected	CertificateValidator(X509Certificate[] certChain, int keyUsageBits, List<String> extendedKeyUsage, List<String> certificatePolicy, String certificatePolicyMode, boolean cRLCheckingEnabled, boolean cRLAbortIfNonUpdated, boolean cRLDPCheckingEnabled, CertificateValidator.CRLLoaderImpl crlLoader, boolean oCSPCheckingEnabled, boolean ocspFailOpen, CertificateValidator.OCSPChecker ocspChecker, KeycloakSession session, boolean timestampValidationEnabled, boolean trustValidationEnabled)

Method Summary

Modifier and Type	Method	Description
CertificateValidator	checkRevocationStatus()
CertificateValidator	validateExtendedKeyUsage()
CertificateValidator	validateKeyUsage()
CertificateValidator	validatePolicy()
CertificateValidator	validateTimestamps()
CertificateValidator	validateTrust()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CertificateValidator

public CertificateValidator()

CertificateValidator

protected CertificateValidator(X509Certificate[] certChain,
 int keyUsageBits,
 List<String> extendedKeyUsage,
 List<String> certificatePolicy,
 String certificatePolicyMode,
 boolean cRLCheckingEnabled,
 boolean cRLAbortIfNonUpdated,
 boolean cRLDPCheckingEnabled,
 CertificateValidator.CRLLoaderImpl crlLoader,
 boolean oCSPCheckingEnabled,
 boolean ocspFailOpen,
 CertificateValidator.OCSPChecker ocspChecker,
 KeycloakSession session,
 boolean timestampValidationEnabled,
 boolean trustValidationEnabled)

Method Details

validateKeyUsage

public CertificateValidator validateKeyUsage()
                                      throws GeneralSecurityException

Throws:

GeneralSecurityException

validateExtendedKeyUsage

public CertificateValidator validateExtendedKeyUsage()
                                              throws GeneralSecurityException

Throws:

GeneralSecurityException

validatePolicy

public CertificateValidator validatePolicy()
                                    throws GeneralSecurityException

Throws:

GeneralSecurityException

validateTimestamps

public CertificateValidator validateTimestamps()
                                        throws GeneralSecurityException

Throws:

GeneralSecurityException

validateTrust

public CertificateValidator validateTrust()
                                   throws GeneralSecurityException

Throws:

GeneralSecurityException

checkRevocationStatus

public CertificateValidator checkRevocationStatus()
                                           throws GeneralSecurityException

Throws:

GeneralSecurityException