com.prosysopc.ua
Class PkiFileBasedCertificateValidator

java.lang.Object
  extended by com.prosysopc.ua.PkiFileBasedCertificateValidator
All Implemented Interfaces:
UaCertificateValidator, org.opcfoundation.ua.transport.security.CertificateValidator

Deprecated. use DefaultUaCertificateValidator, PkiDirectoryCertificateStore and DefaultCertificateStoreListener

@Deprecated
public class PkiFileBasedCertificateValidator
extends Object
implements UaCertificateValidator

A certificate validator, which keeps the known certificates in files under a directory structure.

The following directory structure is used:

If using in the client side, you must set the EndpointUri before the validator is used (before connecting to the server), so that it will also check the server URI in the certificate.

You can revoke certificates by moving them to the RevocationDir or by using a CRL list with setCrl(X509CRL).


Nested Class Summary
static class PkiFileBasedCertificateValidator.CertificateCheck
          Deprecated. Certificate checks that the Validator performs.
static class PkiFileBasedCertificateValidator.ValidationResult
          Deprecated. Validation actions, in case a certificate is untrusted.
 
Field Summary
 
Fields inherited from interface org.opcfoundation.ua.transport.security.CertificateValidator
ALLOW_ALL
 
Constructor Summary
PkiFileBasedCertificateValidator()
          Deprecated. Create a new validator using the default baseDir ("PKI\CA"), trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").
PkiFileBasedCertificateValidator(String baseDir)
          Deprecated. Create a new validator using a baseDir and default subdirs: trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").
PkiFileBasedCertificateValidator(String baseDir, String trustedDir, String rejectedDir, String revocationDir)
          Deprecated. Create a new validator using a baseDir and subdirectory names, trustedDir, rejectedDir & revocationDir.
 
Method Summary
 void addListener(PkiFileBasedCertificateListener listener)
          Deprecated.  
 void addRejectedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
          Deprecated. Add a certificate to the rejected certificates.
 void addRevokedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
          Deprecated. Add a certificate to the revoked certificates list.
 void addTrustedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
          Deprecated. Add a certificate to the trusted certificates.
 void clear(boolean removeFiles)
          Deprecated. Clears the certificate lists.
 File getBaseDir()
          Deprecated.  
 X509CRL getCrl()
          Deprecated. Get the Certificate Revocation List, if such was initialized.
 File getFileForCert(org.opcfoundation.ua.transport.security.Cert cert)
          Deprecated. Returns File for the given Cert.
 org.opcfoundation.ua.transport.security.Cert[] getRejectedCertificates()
          Deprecated.  
 File getRejectedDir()
          Deprecated.  
 File getRevocationDir()
          Deprecated.  
 org.opcfoundation.ua.transport.security.Cert[] getRevokedCertificates()
          Deprecated.  
 org.opcfoundation.ua.transport.security.Cert[] getTrustedCertificates()
          Deprecated.  
 File getTrustedDir()
          Deprecated.  
 CertificateValidationListener getValidationListener()
          Deprecated.  
 boolean isStoreAcceptOnceCertificates()
          Deprecated.  
 void refresh()
          Deprecated. Refresh certificates.
 void removeListener(PkiFileBasedCertificateListener listener)
          Deprecated.  
 void setCrl(X509CRL crl)
          Deprecated. Set the CRL list to use.
 void setStoreAcceptOnceCertificates(boolean keepAcceptOnceCerts)
          Deprecated. Defines whether certificates that are accepted with AcceptOnce status are stored in the certificate store or not.
 void setValidationListener(CertificateValidationListener validationListener)
          Deprecated. Set a validationListener to use, if this validator wants to reject the certificate.
 org.opcfoundation.ua.builtintypes.StatusCode validateCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription, org.opcfoundation.ua.transport.security.Cert cert)
          Deprecated. Validate the certificate against the applicatioNDescription
 org.opcfoundation.ua.builtintypes.StatusCode validateCertificate(ApplicationIdentity identity)
          Deprecated.  
 org.opcfoundation.ua.builtintypes.StatusCode validateCertificate(org.opcfoundation.ua.transport.security.Cert c)
          Deprecated.  
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PkiFileBasedCertificateValidator

public PkiFileBasedCertificateValidator()
Deprecated. 
Create a new validator using the default baseDir ("PKI\CA"), trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").


PkiFileBasedCertificateValidator

public PkiFileBasedCertificateValidator(String baseDir)
Deprecated. 
Create a new validator using a baseDir and default subdirs: trustedDir ("certs"), rejectedDir ("rejected") and revokedDir ("crl").

Parameters:
baseDir - the path to the base directory where the certificate directories are kept.

PkiFileBasedCertificateValidator

public PkiFileBasedCertificateValidator(String baseDir,
                                        String trustedDir,
                                        String rejectedDir,
                                        String revocationDir)
Deprecated. 
Create a new validator using a baseDir and subdirectory names, trustedDir, rejectedDir & revocationDir.

Parameters:
baseDir - the path to the base directory where the certificate directories are kept. Use null, if you wish to define the other directories with absolute paths.
trustedDir - the name of the directory in which the trusted certificates are kept. If baseDir is defined, this is a relative path to that, e.g. a subdirectory name.
rejectedDir - the name of the directory in which the rejected certificates are kept. If baseDir is defined, this is a relative path to that, e.g. a subdirectory name.
revocationDir - the name of the directory in which revoked certificates are kept. If baseDir is defined, this is a relative path to that, e.g. a subdirectory name.
Method Detail

addListener

public void addListener(PkiFileBasedCertificateListener listener)
Deprecated. 

addRejectedCertificate

public void addRejectedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
                            throws IOException
Deprecated. 
Add a certificate to the rejected certificates.

Parameters:
certificate - the certificate to add
Throws:
IOException - if the file cannot be written

addRevokedCertificate

public void addRevokedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
                           throws IOException
Deprecated. 
Add a certificate to the revoked certificates list. Note that it is not added to the CRL, though.

Parameters:
certificate - the certificate to add
Throws:
IOException - if the file cannot be written

addTrustedCertificate

public void addTrustedCertificate(org.opcfoundation.ua.transport.security.Cert certificate)
                           throws IOException
Deprecated. 
Add a certificate to the trusted certificates.

Parameters:
certificate - the certificate to add
Throws:
IOException - if the file cannot be written

clear

public void clear(boolean removeFiles)
Deprecated. 
Clears the certificate lists.

Parameters:
removeFiles - if true, removes all certificate files as well. Be careful with this!

getBaseDir

public File getBaseDir()
Deprecated. 
Returns:
the baseDir

getCrl

public X509CRL getCrl()
Deprecated. 
Get the Certificate Revocation List, if such was initialized.

Returns:
the crl

getFileForCert

public File getFileForCert(org.opcfoundation.ua.transport.security.Cert cert)
Deprecated. 
Returns File for the given Cert.

Parameters:
cert -
Returns:
File for the given Cert or null if Cert is null

getRejectedCertificates

public org.opcfoundation.ua.transport.security.Cert[] getRejectedCertificates()
Deprecated. 

getRejectedDir

public File getRejectedDir()
Deprecated. 
Returns:
the rejectedDir

getRevocationDir

public File getRevocationDir()
Deprecated. 
Returns:
the revocationDir

getRevokedCertificates

public org.opcfoundation.ua.transport.security.Cert[] getRevokedCertificates()
Deprecated. 

getTrustedCertificates

public org.opcfoundation.ua.transport.security.Cert[] getTrustedCertificates()
Deprecated. 

getTrustedDir

public File getTrustedDir()
Deprecated. 
Returns:
the trustedDir

getValidationListener

public CertificateValidationListener getValidationListener()
Deprecated. 
Returns:
the validationListener

isStoreAcceptOnceCertificates

public boolean isStoreAcceptOnceCertificates()
Deprecated. 
Returns:
the storeAcceptOnceCertificates

refresh

public void refresh()
Deprecated. 
Refresh certificates. Call this method in case you change certificates outside of this instance (e.g. move files on disk) and want to refresh before a validateCertificate call happens (which does this automatically).


removeListener

public void removeListener(PkiFileBasedCertificateListener listener)
Deprecated. 

setCrl

public void setCrl(X509CRL crl)
Deprecated. 
Set the CRL list to use. By default this is initialized from a .crl file in the revocationDirectory, but you may also set it separately.

Parameters:
crl - the crl to set

setStoreAcceptOnceCertificates

public void setStoreAcceptOnceCertificates(boolean keepAcceptOnceCerts)
Deprecated. 
Defines whether certificates that are accepted with AcceptOnce status are stored in the certificate store or not. If they are stored, they are stored in the RejectedCertificates. You may want to store them to be able to validate the certificate contents later on from the file.

Default: true

Parameters:
storeAcceptOnceCertificates - the storeAcceptOnceCertificates to set

setValidationListener

public void setValidationListener(CertificateValidationListener validationListener)
Deprecated. 
Set a validationListener to use, if this validator wants to reject the certificate.

Use the validation listener to react to a failed validation result and provide additional custom handling. For example to enable prompting the user if he wants to trust a certificate which is not trusted otherwise.

Parameters:
listener - the listener to set

validateCertificate

public org.opcfoundation.ua.builtintypes.StatusCode validateCertificate(org.opcfoundation.ua.core.ApplicationDescription applicationDescription,
                                                                        org.opcfoundation.ua.transport.security.Cert cert)
Deprecated. 
Description copied from interface: UaCertificateValidator
Validate the certificate against the applicatioNDescription

Specified by:
validateCertificate in interface UaCertificateValidator
Specified by:
validateCertificate in interface org.opcfoundation.ua.transport.security.CertificateValidator

validateCertificate

public org.opcfoundation.ua.builtintypes.StatusCode validateCertificate(ApplicationIdentity identity)
Deprecated. 
Specified by:
validateCertificate in interface UaCertificateValidator
Returns:

validateCertificate

public org.opcfoundation.ua.builtintypes.StatusCode validateCertificate(org.opcfoundation.ua.transport.security.Cert c)
Deprecated. 
Specified by:
validateCertificate in interface org.opcfoundation.ua.transport.security.CertificateValidator


Copyright © 2018. All rights reserved.