KeychainUnverifiedCertFilter ("Entrust Authority Security Toolkit for the Java Platform")

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method

java.lang.Object
- com.entrust.toolkit.credentials.KeychainUnverifiedCertFilter

All Implemented Interfaces:

KeychainCertFilter
```
public class KeychainUnverifiedCertFilter
extends java.lang.Object
implements KeychainCertFilter
```
The UnverifiedCertFilter may be used for allowing unverified identities to be found when searching for Keychain identities. An Unverified identity is an Identity that contains certificates that do not have the root of trust CA certificate stored in the keychain. Therefore, once an unverified identity is found in the Keychain, the roots of trust must be injected into the KeychainIdentiy via the KeychanIdentity#setChainToRoot(X509Certificate[]) otherwise the identity will not be able to be used as a User
When used, this filter always allows certificates that have a root CA certificate to be found. It only allows an unverified certificate to be considered acceptable if it is a contained in the unverified DN list, which is a list of issuer DN's that are known. This is a requirement because the application user must have access to the issuer chain of CA certificates for the unverified identity to be of any use.

Since:

9.0

See Also:

KeychainIdentity

Constructor Summary

Constructors
Constructor and Description

KeychainUnverifiedCertFilter(java.util.List<Name> unverifiedDNList)
T

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`boolean`	`acceptCertificate(X509Certificate certificate)` This method checks if the certificate is acceptable, and returns true if acceptable, false if not acceptable.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - KeychainUnverifiedCertFilter
```
public KeychainUnverifiedCertFilter(java.util.List<Name> unverifiedDNList)
```
    T
    
    Parameters:
    
    unverifiedDNList -
- Method Detail
  - acceptCertificate
```
public boolean acceptCertificate(X509Certificate certificate)
```
    This method checks if the certificate is acceptable, and returns true if acceptable, false if not acceptable.
    The certificate is acceptable if it contains a chain to the root CA based or if it is in the list of unverified DN's configured by the constructor.
    
    Specified by:
    
    acceptCertificate in interface KeychainCertFilter
    
    Parameters:
    
    certificate - the certificate to check for acceptability
    
    Returns:
    
    true if the certificate is acceptable, false otherwise.

Skip navigation links

All Classes

Summary:
Nested |
Field |
Constr |
Method

Detail:
Field |
Constr |
Method