no.difi.certvalidator.rule.CriticalExtensionRecognizedRule Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of commons-certvalidator Show documentation
Show all versions of commons-certvalidator Show documentation
Rule engine for creation of certificate validator.
package no.difi.certvalidator.rule;
import no.difi.certvalidator.api.CertificateValidationException;
import no.difi.certvalidator.api.FailedValidationException;
import no.difi.certvalidator.api.ValidatorRule;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Set;
public class CriticalExtensionRecognizedRule implements ValidatorRule {
private final List recognizedExtensions;
public CriticalExtensionRecognizedRule(String... recognizedExtensions) {
this.recognizedExtensions = Arrays.asList(recognizedExtensions);
}
/**
* {@inheritDoc}
*/
@Override
public void validate(X509Certificate certificate) throws CertificateValidationException {
Set oids = certificate.getCriticalExtensionOIDs();
if (oids == null)
return;
for (String oid : oids) {
if (!recognizedExtensions.contains(oid)) {
throw new FailedValidationException(String.format(
"X509 certificate %s specifies a critical extension %s which is not recognized",
certificate.getSerialNumber(),
oid
));
}
}
}
}