org.opcfoundation.ua.cert
Interface CertificateStore

All Known Implementing Classes:
PkiDirectoryCertificateStore

public interface CertificateStore

An interface modeling a certificate store. Note for implementers! The methods of this interface may change in the future. If there is any error in implemented method, throw a RuntimeException or subclass of it.


Method Summary
 void addCertificate(ValidationResult type, Cert certificate)
          Add a certificate to the store.
 Set<Cert> getRejectedCerts()
          Get all certificates that are stored as Rejected.
 Set<X509CRL> getRevocationLists()
          Get all revocation lists the store has.
 Set<Cert> getTrustedCerts()
          Get all certificates that are stored as Trusted.
 

Method Detail

getTrustedCerts

Set<Cert> getTrustedCerts()
Get all certificates that are stored as Trusted. In a directory based PKI store, this would mean that the set contains all certs in 'certs' or 'trusted' folder. It is possible and allowed to return certificates that are revoked in this set, i.e. the implementation of this method should not perform any validation, user of the CertificateStore should check the revocation against the getRevocationLists() revocation lists.

Returns:
the certificates or empty set if none. The returned set should be treated as immutable.

getRejectedCerts

Set<Cert> getRejectedCerts()
Get all certificates that are stored as Rejected. Note! implementers may choose to not store rejected certificates, in this case return empty set. Note! If the implementor chooses to do so, this set may also contain certificates that were previously accepted once.

Returns:
the certificates that are rejected or empty set if none. The returned set should be treated as immutable.

getRevocationLists

Set<X509CRL> getRevocationLists()
Get all revocation lists the store has.

Returns:
revocation lists, or empty set if none. The returned set should be treated as immutable.

addCertificate

void addCertificate(ValidationResult type,
                    Cert certificate)
Add a certificate to the store. Note! it is implementation specific which types are stored, e.g. an implementation may choose to store only trusted certificates. Implementation should store the certificates in a persistent storage. AcceptOnce type certificates could be stored as rejected, if there is need to accept them later (using a mechanism outside of this interface).

Parameters:
type - trusted, rejected or accept once.
certificate - the certificate to add.


Copyright © 2018. All rights reserved.