Skip to main content

Public key infrastructure

Since nevisAuth 4.13.0.0, it is possible to use a CertStoreManager to validate trust, non-expiration and non-revocation of certificate chains or single certificates.

A CertStoreManager is generated for all KeyObjects configured in the esauth4.xml and can be retrieved through a static method in the EsAuth class. A certificate is verified by calling one of the validate(...) methods in the CertStoreManager.

Depending on whether CRL or OCSP configuration is available for the CertStoreManager, those checks will be performed automatically, unless specified otherwise. The following validation parameters may be set:

  • revocationTolerance (int, default: 0)
  • certTolerance (int, default: 0)
  • revocationCheckEnabled (boolean, default: true)