DefaultCertificateValidator (prosys-opc-ua-sdk-client-server-pubsub 5.6.2-227 API)

java.lang.Object
- com.prosysopc.ua.stack.cert.DefaultCertificateValidator

All Implemented Interfaces:: CertificateValidator

public class DefaultCertificateValidator
extends Object
implements CertificateValidator

A certificate validator implementation.

Nested Class Summary

Nested Classes
Modifier and Type	Class and Description
`static class`	`DefaultCertificateValidator.IgnoredChecks` The constants of this enum define ignore options to disable certain parts of the certificate validation process.

Field Summary
- Fields inherited from interface com.prosysopc.ua.stack.transport.security.CertificateValidator
  ALLOW_ALL

Constructor Summary

Constructors
Constructor and Description
`DefaultCertificateValidator(CertificateStore certificateStore)`
`DefaultCertificateValidator(CertificateStore certificateStore, CertificateStore issuers)`

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`CertificateStore`	`getCertificateStore()` Returns the certificate store used by this validator.
`Set<DefaultCertificateValidator.IgnoredChecks>`	`getIgnoredChecks()` Returns a `Set` of all ignore rules in place.
`CertificateStore`	`getIssuersCertificateStore()` Returns the issuer certificate store used by this validator, or null if none.
`DefaultCertificateValidatorListener`	`getValidationListener()` Returns the current `DefaultCertificateValidatorListener` attached to this validator or null if not set.
`boolean`	`isRevocationListsRequired()` Deprecated. Check `getIgnoredChecks()` for rule `DefaultCertificateValidator.IgnoredChecks.IGNORE_CA_MISSING_CRL`
`void`	`setRevocationListsRequired(boolean revocationListsRequired)` Deprecated. Add or remove the rule `DefaultCertificateValidator.IgnoredChecks.IGNORE_CA_MISSING_CRL` to `getIgnoredChecks()` set instead (this is also what this method implementation does)
`void`	`setValidationListener(DefaultCertificateValidatorListener validationListener)` Set a validationListener to use, if this validator wants to reject the certificate.
`StatusCode`	`validateCertificate(ApplicationDescription applicationDescription, Cert cert)` Validate the given application instance certificate against the ApplicationDescription.
`StatusCode`	`validateCertificate(Cert cert)` Validate the given application instance or user authentication certificate.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - DefaultCertificateValidator
```
public DefaultCertificateValidator(CertificateStore certificateStore)
```
  - DefaultCertificateValidator
```
public DefaultCertificateValidator(CertificateStore certificateStore,
                                   CertificateStore issuers)
```
- Method Detail
  - getCertificateStore
```
public CertificateStore getCertificateStore()
```
    Returns the certificate store used by this validator.
  - getIgnoredChecks
```
public Set<DefaultCertificateValidator.IgnoredChecks> getIgnoredChecks()
```
    Returns a Set of all ignore rules in place. DefaultCertificateValidator.CheckIngores can be added to the set to make that ignore rule apply to all checks (related to the ignore) to be skipped. Note that all ignores should be set before this DefaultCertificateValidator is used to validate any certificate, changing ignore rules while in use can result in undefined validation results.
  - getIssuersCertificateStore
```
public CertificateStore getIssuersCertificateStore()
```
    Returns the issuer certificate store used by this validator, or null if none.
  - getValidationListener
```
public DefaultCertificateValidatorListener getValidationListener()
```
    Returns the current DefaultCertificateValidatorListener attached to this validator or null if not set.
  - isRevocationListsRequired
```
@Deprecated
public boolean isRevocationListsRequired()
```
    Deprecated. Check getIgnoredChecks() for rule DefaultCertificateValidator.IgnoredChecks.IGNORE_CA_MISSING_CRL
    
    Returns true if this validator requires a Certificate Revocation List (CRL) for every CA certificate. If required and not found, will throw Bad_CertificateRevocationUnknown when such CA is encountered. If false the CRL is checked if found. Default true.
    
    See Also:
    
    setRevocationListsRequired(boolean)
  - setRevocationListsRequired
```
@Deprecated
public void setRevocationListsRequired(boolean revocationListsRequired)
```
    Deprecated. Add or remove the rule DefaultCertificateValidator.IgnoredChecks.IGNORE_CA_MISSING_CRL to getIgnoredChecks() set instead (this is also what this method implementation does)
    
    Toggle is Certificate Revocation List (CRL) needed for a CA cert. If required (true) and not found, will throw Bad_CertificateRevocationUnknown when such CA is encountered. If false the CRL is checked if found. By default true.
    
    See Also:
    
    isRevocationListsRequired()
  - setValidationListener
```
public void setValidationListener(DefaultCertificateValidatorListener validationListener)
```
    Set a validationListener to use, if this validator wants to reject the certificate.
    Use the validation listener to react to a failed validation result and provide additional custom handling. For example to enable prompting the user if he wants to trust a certificate which is not trusted otherwise.
    
    Parameters:
    
    validationListener - the listener to set
  - validateCertificate
```
public StatusCode validateCertificate(ApplicationDescription applicationDescription,
                                      Cert cert)
```
    Description copied from interface: CertificateValidator
    
    Validate the given application instance certificate against the ApplicationDescription.
    
    Specified by:
    
    validateCertificate in interface CertificateValidator
    
    Parameters:
    
    applicationDescription - the application description
    
    cert - the certificate
    
    Returns:
    
    A Bad StatusCode if the certificate is rejected or has a problem. Returns StatusCode.GOOD if it is valid and trusted.
  - validateCertificate
```
public StatusCode validateCertificate(Cert cert)
```
    Description copied from interface: CertificateValidator
    
    Validate the given application instance or user authentication certificate. Note that for application instance certificates this method should only be used if an ApplicationDescription is not available.
    
    Specified by:
    
    validateCertificate in interface CertificateValidator
    
    Parameters:
    
    cert - the certificate
    
    Returns:
    
    A Bad StatusCode if the certificate is rejected or has a problem. Returns StatusCode.GOOD if it is valid and trusted.

Class DefaultCertificateValidator

Nested Class Summary

Field Summary

Fields inherited from interface com.prosysopc.ua.stack.transport.security.CertificateValidator

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

DefaultCertificateValidator

DefaultCertificateValidator

Method Detail

getCertificateStore

getIgnoredChecks

getIssuersCertificateStore

getValidationListener

isRevocationListsRequired

setRevocationListsRequired

setValidationListener

validateCertificate

validateCertificate