org.apache.nifi.web.security.x509

Class X509CertificateValidator

java.lang.Object

org.apache.nifi.web.security.x509.X509CertificateValidator

public class X509CertificateValidator
extends Object

Extracts client certificates from Http requests.

Field Summary

Fields

Modifier and Type	Field and Description
private org.slf4j.Logger	logger
private OcspCertificateValidator	ocspValidator

Constructor Summary

Constructors

Constructor and Description
X509CertificateValidator()

Method Summary

Modifier and Type	Method and Description
void	setOcspValidator(OcspCertificateValidator ocspValidator)
void	validateClientCertificate(X509Certificate[] certificates) Extract the client certificate from the specified HttpServletRequest or null if none is specified.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private final org.slf4j.Logger logger

ocspValidator

private OcspCertificateValidator ocspValidator

Constructor Detail

X509CertificateValidator

public X509CertificateValidator()

Method Detail

validateClientCertificate

public void validateClientCertificate(X509Certificate[] certificates)
                               throws CertificateExpiredException,
                                      CertificateNotYetValidException,
                                      CertificateStatusException

Extract the client certificate from the specified HttpServletRequest or null if none is specified.

Parameters:

certificates - the client certificates

Throws:

CertificateExpiredException - cert is expired

CertificateNotYetValidException - cert is not yet valid

CertificateStatusException - ocsp validation issue

setOcspValidator

public void setOcspValidator(OcspCertificateValidator ocspValidator)