Interface PKIClientX509CertificateBindingVerifier<T>
-
public interface PKIClientX509CertificateBindingVerifier<T>
Client X.509 certificate binding verifier. Intended for verifying that a client X.509 certificate submitted during successful PKI mutual TLS authentication (intls_client_auth
) matches one of the the registered values for the client. These can be:tls_client_auth_subject_dn
,tls_client_auth_san_dns
,tls_client_auth_san_uri
,tls_client_auth_san_ip
ortls_client_auth_san_email
.Implementations must be tread-safe.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
verifyCertificateBinding(ClientID clientID, X509Certificate certificate, Context<T> context)
Verifies that the specified X.509 certificate binds to the claimed client ID.
-
-
-
Method Detail
-
verifyCertificateBinding
void verifyCertificateBinding(ClientID clientID, X509Certificate certificate, Context<T> context) throws InvalidClientException
Verifies that the specified X.509 certificate binds to the claimed client ID.- Parameters:
clientID
- The claimed client ID. Notnull
.certificate
- The X.509 certificate. Notnull
.context
- Additional context. May benull
.- Throws:
InvalidClientException
- If client ID and certificate don't bind or are invalid.
-
-