CertificateValidator (Adobe Experience Manager)

java.lang.Object
- org.eclipse.jetty.util.security.CertificateValidator

```
public class CertificateValidator
extends java.lang.Object
```
Convenience class to handle validation of certificates, aliases and keystores Allows specifying Certificate Revocation List (CRL), as well as enabling CRL Distribution Points Protocol (CRLDP) certificate extension support, and also enabling On-Line Certificate Status Protocol (OCSP) support. IMPORTANT: at least one of the above mechanisms *MUST* be configured and operational, otherwise certificate validation *WILL FAIL* unconditionally.

Constructor Summary

Constructors
Constructor and Description
`CertificateValidator(java.security.KeyStore trustStore, java.util.Collection<? extends java.security.cert.CRL> crls)` creates an instance of the certificate validator

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`java.util.Collection<? extends java.security.cert.CRL>`	`getCrls()`
`int`	`getMaxCertPathLength()`
`java.lang.String`	`getOcspResponderURL()`
`java.security.KeyStore`	`getTrustStore()`
`boolean`	`isEnableCRLDP()`
`boolean`	`isEnableOCSP()`
`void`	`setEnableCRLDP(boolean enableCRLDP)` Enables CRL Distribution Points Support
`void`	`setEnableOCSP(boolean enableOCSP)` Enables On-Line Certificate Status Protocol support
`void`	`setMaxCertPathLength(int maxCertPathLength)`
`void`	`setOcspResponderURL(java.lang.String ocspResponderURL)` Set the location of the OCSP Responder.
`void`	`validate(java.security.cert.Certificate[] certChain)`
`void`	`validate(java.security.KeyStore keyStore)` validates all aliases inside of a given keystore
`void`	`validate(java.security.KeyStore keyStore, java.security.cert.Certificate cert)` validates a specific certificate inside of the keystore being passed in
`java.lang.String`	`validate(java.security.KeyStore keyStore, java.lang.String keyAlias)` validates a specific alias inside of the keystore being passed in

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CertificateValidator
```
public CertificateValidator(java.security.KeyStore trustStore,
                            java.util.Collection<? extends java.security.cert.CRL> crls)
```
    creates an instance of the certificate validator
    
    Parameters:
    
    trustStore - the truststore to use
    
    crls - the Certificate Revocation List to use
- Method Detail
  - validate
```
public void validate(java.security.KeyStore keyStore)
              throws java.security.cert.CertificateException
```
    validates all aliases inside of a given keystore
    
    Parameters:
    
    keyStore - the keystore to validate
    
    Throws:
    
    java.security.cert.CertificateException - if keystore error and unable to validate
  - validate
```
public java.lang.String validate(java.security.KeyStore keyStore,
                                 java.lang.String keyAlias)
                          throws java.security.cert.CertificateException
```
    validates a specific alias inside of the keystore being passed in
    
    Parameters:
    
    keyStore - the keystore to validate
    
    keyAlias - the keyalias in the keystore to valid with
    
    Returns:
    
    the keyAlias if valid
    
    Throws:
    
    java.security.cert.CertificateException - if keystore error and unable to validate
  - validate
```
public void validate(java.security.KeyStore keyStore,
                     java.security.cert.Certificate cert)
              throws java.security.cert.CertificateException
```
    validates a specific certificate inside of the keystore being passed in
    
    Parameters:
    
    keyStore - the keystore to validate against
    
    cert - the certificate to validate
    
    Throws:
    
    java.security.cert.CertificateException - if keystore error and unable to validate
  - validate
```
public void validate(java.security.cert.Certificate[] certChain)
              throws java.security.cert.CertificateException
```
    Throws:
    
    java.security.cert.CertificateException
  - getTrustStore
```
public java.security.KeyStore getTrustStore()
```
  - getCrls
```
public java.util.Collection<? extends java.security.cert.CRL> getCrls()
```
  - getMaxCertPathLength
```
public int getMaxCertPathLength()
```
    Returns:
    
    Maximum number of intermediate certificates in the certification path (-1 for unlimited)
  - setMaxCertPathLength
```
public void setMaxCertPathLength(int maxCertPathLength)
```
    Parameters:
    
    maxCertPathLength - maximum number of intermediate certificates in the certification path (-1 for unlimited)
  - isEnableCRLDP
```
public boolean isEnableCRLDP()
```
    Returns:
    
    true if CRL Distribution Points support is enabled
  - setEnableCRLDP
```
public void setEnableCRLDP(boolean enableCRLDP)
```
    Enables CRL Distribution Points Support
    
    Parameters:
    
    enableCRLDP - true - turn on, false - turns off
  - isEnableOCSP
```
public boolean isEnableOCSP()
```
    Returns:
    
    true if On-Line Certificate Status Protocol support is enabled
  - setEnableOCSP
```
public void setEnableOCSP(boolean enableOCSP)
```
    Enables On-Line Certificate Status Protocol support
    
    Parameters:
    
    enableOCSP - true - turn on, false - turn off
  - getOcspResponderURL
```
public java.lang.String getOcspResponderURL()
```
    Returns:
    
    Location of the OCSP Responder
  - setOcspResponderURL
```
public void setOcspResponderURL(java.lang.String ocspResponderURL)
```
    Set the location of the OCSP Responder.
    
    Parameters:
    
    ocspResponderURL - location of the OCSP Responder

Class CertificateValidator

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CertificateValidator

Method Detail

validate

validate

validate

validate

getTrustStore

getCrls

getMaxCertPathLength

setMaxCertPathLength

isEnableCRLDP

setEnableCRLDP

isEnableOCSP

setEnableOCSP

getOcspResponderURL

setOcspResponderURL