CertificateValidator
public class CertificateValidator
extends java.lang.Object
Utility class for validating digital certificates, keystores, and aliases.
It supports:
- CRLs (Certificate Revocation Lists)
- CRLDP (CRL Distribution Points) extension support
- OCSP (Online Certificate Status Protocol)
Note: At least one of these mechanisms must be enabled; otherwise, all validations will fail.
Constructor:
public CertificateValidator(KeyStore trustStore, Collection<? extends CRL> crls)
Parameters:
trustStore: Trusted certificate store
crls: List of revocation lists to check certificate validity
Initializes the validator with a trust store and a collection of CRLs to be used for certificate validation.
Methods:
| void validate(KeyStore keyStore) | Validates all certificates in the given keystore. Throws CertificateException if any certificate is invalid. |
| String validate(KeyStore keyStore, String keyAlias) |
Validates the certificate corresponding to the given alias in the keystore. Returns the alias if valid. Throws CertificateException otherwise. |
| void validate(KeyStore keyStore, Certificate cert) |
Validates a specific certificate against the keystore. Throws CertificateException if invalid. |
| void validate(Certificate[] certChain) | Validates the entire certificate chain. Throws CertificateException if any certificate in the chain is invalid. |
| KeyStore getTrustStore() | Returns the trust store used for validation. |
| Collection<? extends CRL> getCrls() | Returns the CRLs provided at construction. |
| int getMaxCertPathLength() | Returns the maximum certificate path length allowed during validation. |
| void setMaxCertPathLength(int maxCertPathLength) | Sets the maximum path length (number of certificates in a chain) to be used during validation. |
| boolean isEnableCRLDP() | Checks whether CRLDP extension is enabled. |
| void setEnableCRLDP(boolean enableCRLDP) | Enables or disables support for CRLDP certificate extension. |
| boolean isEnableOCSP() | Checks whether OCSP support is enabled. |
| void setEnableOCSP(boolean enableOCSP) | Enables or disables OCSP checking. |
| String getOcspResponderURL() | Returns the custom OCSP responder URL (if configured). |
| void setOcspResponderURL(String ocspResponderURL) | Sets a custom OCSP responder URL for certificate status checking. |
Methods inherited from class java.lang.Object |
|
| equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait | |
Start innovating with Mobius
What's next? Let's talk!