Package org.apache.nifi.web.security.x509

Class X509CertificateValidator

java.lang.Object

org.apache.nifi.web.security.x509.X509CertificateValidator

public class X509CertificateValidator
extends Object

Extracts client certificates from Http requests.

Field Summary

Fields

Modifier and Type	Field	Description
private OcspCertificateValidator	ocspValidator

Constructor Summary

Constructors

Constructor	Description
X509CertificateValidator()

Method Summary

Modifier and Type	Method	Description
void	setOcspValidator(OcspCertificateValidator ocspValidator)
void	validateClientCertificate(X509Certificate[] certificates)	Extract the client certificate from the specified HttpServletRequest or null if none is specified.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ocspValidator

private OcspCertificateValidator ocspValidator

Constructor Details

X509CertificateValidator

public X509CertificateValidator()

Method Details

validateClientCertificate

public void validateClientCertificate(X509Certificate[] certificates)
                               throws CertificateExpiredException,
CertificateNotYetValidException,
CertificateStatusException

Extract the client certificate from the specified HttpServletRequest or null if none is specified.

Parameters:

certificates - the client certificates

Throws:

CertificateExpiredException - cert is expired

CertificateNotYetValidException - cert is not yet valid

CertificateStatusException - ocsp validation issue

setOcspValidator

public void setOcspValidator(OcspCertificateValidator ocspValidator)