Class CertificateValidator
- java.lang.Object
-
- org.keycloak.authentication.authenticators.x509.CertificateValidator
-
public class CertificateValidator extends Object
- Version:
- $Revision: 1 $
- Author:
- Peter Nalyvayko
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
CertificateValidator.BouncyCastleOCSPChecker
static class
CertificateValidator.CertificateValidatorBuilder
Configure Certificate validationstatic class
CertificateValidator.CRLFileLoader
static class
CertificateValidator.CRLListLoader
static class
CertificateValidator.CRLLoaderImpl
static class
CertificateValidator.CRLLoaderProxy
static class
CertificateValidator.LdapContext
static class
CertificateValidator.OCSPChecker
-
Constructor Summary
Constructors Modifier Constructor Description CertificateValidator()
protected
CertificateValidator(X509Certificate[] certChain, int keyUsageBits, List<String> extendedKeyUsage, List<String> certificatePolicy, String certificatePolicyMode, boolean cRLCheckingEnabled, boolean cRLDPCheckingEnabled, CertificateValidator.CRLLoaderImpl crlLoader, boolean oCSPCheckingEnabled, boolean ocspFailOpen, CertificateValidator.OCSPChecker ocspChecker, KeycloakSession session, boolean timestampValidationEnabled, boolean trustValidationEnabled)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description CertificateValidator
checkRevocationStatus()
CertificateValidator
validateExtendedKeyUsage()
CertificateValidator
validateKeyUsage()
CertificateValidator
validatePolicy()
CertificateValidator
validateTimestamps()
CertificateValidator
validateTrust()
-
-
-
Constructor Detail
-
CertificateValidator
public CertificateValidator()
-
CertificateValidator
protected CertificateValidator(X509Certificate[] certChain, int keyUsageBits, List<String> extendedKeyUsage, List<String> certificatePolicy, String certificatePolicyMode, boolean cRLCheckingEnabled, boolean cRLDPCheckingEnabled, CertificateValidator.CRLLoaderImpl crlLoader, boolean oCSPCheckingEnabled, boolean ocspFailOpen, CertificateValidator.OCSPChecker ocspChecker, KeycloakSession session, boolean timestampValidationEnabled, boolean trustValidationEnabled)
-
-
Method Detail
-
validateKeyUsage
public CertificateValidator validateKeyUsage() throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
validateExtendedKeyUsage
public CertificateValidator validateExtendedKeyUsage() throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
validatePolicy
public CertificateValidator validatePolicy() throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
validateTimestamps
public CertificateValidator validateTimestamps() throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
validateTrust
public CertificateValidator validateTrust() throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
checkRevocationStatus
public CertificateValidator checkRevocationStatus() throws GeneralSecurityException
- Throws:
GeneralSecurityException
-
-