Class CertificateChecker

java.lang.Object
google.registry.flows.certs.CertificateChecker

public class CertificateChecker extends Object
A utility to check that a given certificate meets our requirements
  • Constructor Details

    • CertificateChecker

      @Inject public CertificateChecker(@Config("maxValidityDaysSchedule") com.google.common.collect.ImmutableSortedMap<org.joda.time.DateTime,Integer> maxValidityDaysSchedule, @Config("expirationWarningDays") int expirationWarningDays, @Config("expirationWarningIntervalDays") int expirationWarningIntervalDays, @Config("minimumRsaKeyLength") int minimumRsaKeyLength, @Config("allowedEcdsaCurves") com.google.common.collect.ImmutableSet<String> allowedEcdsaCurves, Clock clock)
      Constructs a CertificateChecker instance with the specified configuration parameters.

      The max validity length schedule is a sorted map of DateTime to Integer entries representing a maximum validity period for certificates issued on or after that date. The first entry must have a key of DateTimeUtils.START_OF_TIME, such that every possible date has an applicable max validity period. Since security requirements tighten over time, the max validity periods will be decreasing as the date increases.

      The validity length schedule used by all major Web browsers as of 2020Q4 would be represented as:

         ImmutableSortedMap.of(
           START_OF_TIME, 825,
           DateTime.parse("2020-09-01T00:00:00Z"), 398
         );
       
  • Method Details