Package org.apache.synapse.transport.certificatevalidation.pathvalidation

Class PathChecker

java.lang.Object

java.security.cert.PKIXCertPathChecker

org.apache.synapse.transport.certificatevalidation.pathvalidation.PathChecker

All Implemented Interfaces:

Cloneable, CertPathChecker

public class PathChecker
extends PKIXCertPathChecker

This class is used by CertificatePathValidator to check revocation status of the certificate chain. Certificates in the chain will be passed to the check(..,..) method one by one. This is not Thread safe since the process is state full. Should not be shared among threads.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	PathChecker(X509Certificate[] certChainArray, RevocationVerifier verifier)

Method Summary

Modifier and Type	Method	Description
void	check(Certificate cert, Collection<String> unresolvedCritExts)	Used by CertPathValidator to pass the certificates one by one from the certificate chain.
Set<String>	getSupportedExtensions()
void	init(boolean forward)
boolean	isForwardCheckingSupported()	Forward checking is not supported.

Methods inherited from class java.security.cert.PKIXCertPathChecker

check, clone

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

PathChecker

protected PathChecker(X509Certificate[] certChainArray,
 RevocationVerifier verifier)

Method Details

init

public void init(boolean forward)
          throws CertPathValidatorException

Specified by:

init in interface CertPathChecker

Specified by:

init in class PKIXCertPathChecker

Throws:

CertPathValidatorException

isForwardCheckingSupported

public boolean isForwardCheckingSupported()

Forward checking is not supported. Certificates should be passed from the most trusted CA certificate to the target certificate. This is the default implementation of the Path validator used CertPathValidator.getInstance("PKIX", "BC") in CertificatePathValidator;

Specified by:

isForwardCheckingSupported in interface CertPathChecker

Specified by:

isForwardCheckingSupported in class PKIXCertPathChecker

getSupportedExtensions

public Set<String> getSupportedExtensions()

Specified by:

getSupportedExtensions in class PKIXCertPathChecker

check

public void check(Certificate cert,
 Collection<String> unresolvedCritExts)
           throws CertPathValidatorException

Used by CertPathValidator to pass the certificates one by one from the certificate chain.

Specified by:

check in class PKIXCertPathChecker

Parameters:

cert - the certificate passed to be checked.

unresolvedCritExts - not used in this method.

Throws:

CertPathValidatorException