|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectcom.prosysopc.ua.PkiFileBasedCertificateValidator
DefaultUaCertificateValidator, PkiDirectoryCertificateStore and
DefaultCertificateStoreListener
@Deprecated public class PkiFileBasedCertificateValidator
A certificate validator, which keeps the known certificates in files under a directory structure.
The following directory structure is used:
You can revoke certificates by moving them to the RevocationDir or by using a CRL list with
setCrl(X509CRL).
| Nested Class Summary | |
|---|---|
static class |
PkiFileBasedCertificateValidator.CertificateCheck
Deprecated. Certificate checks that the Validator performs. |
static class |
PkiFileBasedCertificateValidator.ValidationResult
Deprecated. Validation actions, in case a certificate is untrusted. |
| Field Summary |
|---|
| Fields inherited from interface org.opcfoundation.ua.transport.security.CertificateValidator |
|---|
ALLOW_ALL |
| Constructor Summary | |
|---|---|
PkiFileBasedCertificateValidator()
Deprecated. Create a new validator using the default baseDir ("PKI\CA"), trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl"). |
|
PkiFileBasedCertificateValidator(String baseDir)
Deprecated. Create a new validator using a baseDir and default subdirs: trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl"). |
|
PkiFileBasedCertificateValidator(String baseDir,
String trustedDir,
String rejectedDir,
String revocationDir)
Deprecated. Create a new validator using a baseDir and subdirectory names, trustedDir, rejectedDir & revocationDir. |
|
| Method Summary | |
|---|---|
void |
addListener(PkiFileBasedCertificateListener listener)
Deprecated. |
void |
addRejectedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
Deprecated. Add a certificate to the rejected certificates. |
void |
addRevokedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
Deprecated. Add a certificate to the revoked certificates list. |
void |
addTrustedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
Deprecated. Add a certificate to the trusted certificates. |
void |
clear(boolean removeFiles)
Deprecated. Clears the certificate lists. |
File |
getBaseDir()
Deprecated. |
X509CRL |
getCrl()
Deprecated. Get the Certificate Revocation List, if such was initialized. |
File |
getFileForCert(org.opcfoundation.ua.transport.security.Cert cert)
Deprecated. Returns File for the given Cert. |
org.opcfoundation.ua.transport.security.Cert[] |
getRejectedCertificates()
Deprecated. |
File |
getRejectedDir()
Deprecated. |
File |
getRevocationDir()
Deprecated. |
org.opcfoundation.ua.transport.security.Cert[] |
getRevokedCertificates()
Deprecated. |
org.opcfoundation.ua.transport.security.Cert[] |
getTrustedCertificates()
Deprecated. |
File |
getTrustedDir()
Deprecated. |
CertificateValidationListener |
getValidationListener()
Deprecated. |
boolean |
isStoreAcceptOnceCertificates()
Deprecated. |
void |
refresh()
Deprecated. Refresh certificates. |
void |
removeListener(PkiFileBasedCertificateListener listener)
Deprecated. |
void |
setCrl(X509CRL crl)
Deprecated. Set the CRL list to use. |
void |
setStoreAcceptOnceCertificates(boolean keepAcceptOnceCerts)
Deprecated. Defines whether certificates that are accepted with AcceptOnce status are stored in the certificate store or not. |
void |
setValidationListener(CertificateValidationListener validationListener)
Deprecated. Set a validationListener to use, if this validator wants to reject the certificate. |
org.opcfoundation.ua.builtintypes.StatusCode |
validateCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
org.opcfoundation.ua.transport.security.Cert cert)
Deprecated. Validate the certificate against the applicatioNDescription |
org.opcfoundation.ua.builtintypes.StatusCode |
validateCertificate(ApplicationIdentity identity)
Deprecated. |
org.opcfoundation.ua.builtintypes.StatusCode |
validateCertificate(org.opcfoundation.ua.transport.security.Cert c)
Deprecated. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public PkiFileBasedCertificateValidator()
public PkiFileBasedCertificateValidator(String baseDir)
baseDir - the path to the base directory where the certificate directories are kept.
public PkiFileBasedCertificateValidator(String baseDir,
String trustedDir,
String rejectedDir,
String revocationDir)
baseDir - the path to the base directory where the certificate directories are kept. Use
null, if you wish to define the other directories with absolute paths.trustedDir - the name of the directory in which the trusted certificates are kept. If
baseDir is defined, this is a relative path to that, e.g. a subdirectory name.rejectedDir - the name of the directory in which the rejected certificates are kept. If
baseDir is defined, this is a relative path to that, e.g. a subdirectory name.revocationDir - the name of the directory in which revoked certificates are kept. If
baseDir is defined, this is a relative path to that, e.g. a subdirectory name.| Method Detail |
|---|
public void addListener(PkiFileBasedCertificateListener listener)
public void addRejectedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
throws IOException
certificate - the certificate to add
IOException - if the file cannot be written
public void addRevokedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
throws IOException
certificate - the certificate to add
IOException - if the file cannot be written
public void addTrustedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
throws IOException
certificate - the certificate to add
IOException - if the file cannot be writtenpublic void clear(boolean removeFiles)
removeFiles - if true, removes all certificate files as well. Be careful with this!public File getBaseDir()
public X509CRL getCrl()
public File getFileForCert(org.opcfoundation.ua.transport.security.Cert cert)
cert -
public org.opcfoundation.ua.transport.security.Cert[] getRejectedCertificates()
public File getRejectedDir()
public File getRevocationDir()
public org.opcfoundation.ua.transport.security.Cert[] getRevokedCertificates()
public org.opcfoundation.ua.transport.security.Cert[] getTrustedCertificates()
public File getTrustedDir()
public CertificateValidationListener getValidationListener()
public boolean isStoreAcceptOnceCertificates()
public void refresh()
public void removeListener(PkiFileBasedCertificateListener listener)
public void setCrl(X509CRL crl)
crl - the crl to setpublic void setStoreAcceptOnceCertificates(boolean keepAcceptOnceCerts)
Default: true
storeAcceptOnceCertificates - the storeAcceptOnceCertificates to setpublic void setValidationListener(CertificateValidationListener validationListener)
Use the validation listener to react to a failed validation result and provide additional custom handling. For example to enable prompting the user if he wants to trust a certificate which is not trusted otherwise.
listener - the listener to set
public org.opcfoundation.ua.builtintypes.StatusCode validateCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
org.opcfoundation.ua.transport.security.Cert cert)
UaCertificateValidator
validateCertificate in interface UaCertificateValidatorvalidateCertificate in interface org.opcfoundation.ua.transport.security.CertificateValidatorpublic org.opcfoundation.ua.builtintypes.StatusCode validateCertificate(ApplicationIdentity identity)
validateCertificate in interface UaCertificateValidatorpublic org.opcfoundation.ua.builtintypes.StatusCode validateCertificate(org.opcfoundation.ua.transport.security.Cert c)
validateCertificate in interface org.opcfoundation.ua.transport.security.CertificateValidator
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||