flutter>> certvalidator>> 返回
项目作者: difi

项目描述 :
Certificate validator for X.509 certificates.
高级语言: Java
项目地址: git://github.com/difi/certvalidator.git
创建时间: 2014-11-06T13:58:18Z
项目社区:https://github.com/difi/certvalidator
开源协议:Other
下载


[!WARNING]
Please note that this project is not being maintained.

A fork is being maintained under https://github.com/felleslosninger/efm-common/tree/development/certvalidator for the purpose of eFormidlings certificate validation.

Certificate validator for X.509 certificates

Build Status
CodeCov
Maven Central

This validator is not a single validator, it is set of rules to build the certificate validator (using X.509 certificates) fitting the needs of your business case.

A lot of sensible defaults is used to make it easy to get started using this library. Use a proper IDE to customize to your needs.

Getting started

Include dependency in your pom.xml:

  1. <dependency>
  2.     <groupId>no.difi.commons</groupId>
  3.     <artifactId>commons-certvalidator</artifactId>
  4.     <version>2.1.1</version>
  5. </dependency>

Create your own validator(s):

  1. // Generic validator
  2. Validator validator = ValidatorBuilder.newInstance()
  3.     .addRule(new ExpirationRule())
  4.     .addRule(new SigningRule())
  5.     .addRule(new CRLRule())
  6.     .addRule(new OCSPRule())
  7.     .build();
  9. // Accept only non-expired self-signed certificates
  10. Validator validator = ValidatorBuilder.newInstance()
  11.     .addRule(new ExpirationRule())
  12.     .addRule(SigningRule.SelfSignedOnly())
  13.     .build();
  15. // Is the certificate expiring in less than 7 days?
  16. Validator validator = ValidatorBuilder.newInstance()
  17.     .addRule(new ExpirationSoonRule(7 * 24 * 60 * 60 * 1000))
  18.     .build();
  20. // Validate your certificate (throws exception on error)
  21. validator.validate(...);
  23. // Validate your certificate (returns boolean)
  24. validator.isValid(...);

Please note the Validator accepts InputStream, byte[] and X509Certificate as input for validation.

Validators may not only be used to judge a given certificate when in situation to trust or not to trust a certificate. A validator instance may be used to implement logic helping users to handle certificates in a better manner (ie. give a warning before certificate expires).

Available building blocks

  • ChainRule - Validates chain of trust of certificate given access to root certificates and intermediate certificates.
  • CriticalExtensionRule - Validates required or recognized extensions.
  • CRLRule - Use information regarding Certificate Revocation List (CRL) in certificate to validate certificate.
  • DummyRule - Very simple implementation potentially interesting to use in testing.
  • ExpirationSoonRule
  • ExpirationRule
  • OCSPRule - Use information regarding Online Certificate Status Protocol (OCSP) in certificate to validate certificate.
  • PrincipalNameRule
  • SigningRule

Structure

  • Junction - Combine multiple validators into one validator using ‘and’, ‘or’ and ‘xor’.

Extras

  • NorwegianOrganizationNumberRule (extends PrincipalNameRule) - Implements logic to fetch a norwegian organization number from a certificate given standardization is used.

Exceptions

  • CertificateValidatorException - This is thrown if anything around validation of certificate results in problems.
  • FailedValidationException (extends CertificateValidatorException) - This is thrown when certificate is validated to not be valid.
  • CertificateBucketException (extends CertificateValidatorException) - This is thrown when there are problems regarding certificate buckets.

Creating new rules

All new validation rules must implement the very simple ValidatorRule interface to be included in a chain of rules.