Pipes
2024.80 Pipes
2024.80 Pipes
  • Introduction
  • Configuration
  • Valves
    • API
      • HTTP Response Format Valve
    • BankID
      • BidOperation
      • BidToItems
    • Cef event
    • Codecs
      • Base64 Encode
      • Base64 Decode
    • DateTime
      • Instant Generator
      • Instant Transformer
    • Debug
      • Dump Request
      • Dump Session
      • Dump State
      • Wait
    • Delivery
      • Clean Mobile Valve
      • SMS Valve
      • Voice Valve
      • SMTP Valve
    • EntraID
      • Users
        • Create User
        • Update User
        • Delete User
        • Get User
        • List Users
        • List Groups for a user
        • List Direct Reports
        • List Owned Objects
        • Reset Password
      • Groups
        • Create Group
        • Update Group
        • Delete Group
        • List Groups
      • Directory
        • Restore Deleted Item
    • Flow
      • Flow Fail
      • Flow State Add
      • Assert Value
      • Pipe Exec
      • Pipe Call
    • Freja
    • HTTP
      • GET
      • PUT
      • POST
      • DELETE
    • Item
      • Item Create
      • Item Merge
      • Item Remove
      • Items Remove
      • Item Property Add
      • Item Property Split
      • Item Property Rename
      • Item Property Token Replace
      • MV Property To Items
      • JSON To Items
      • MV Property Join
    • JDBC Query
    • JSON
      • JsonObjectCreate
    • JWT
      • CreateJwt
      • ParseJwt
    • LDAP
      • LDAP Search
      • LDAP Group Filter
      • LDAP Bind
      • LDAP Add
      • LDAP Delete
      • LDAP Modify
      • LDAP Move
      • DN Parse
    • Misc
      • Basic Auth
    • OTP
      • OTP Generation
      • OTP Validation
    • PKI
      • X509 Certificate Extractor
      • X509 Certificate Validator
      • Passcode Generator
    • Request
      • RequestParameterExist
      • RequestParameterRename
    • ScriptEval
    • MobilSITHS
    • Session
      • Session Put
      • Session Create
      • CopyFromSession
    • Tokens
      • Token Authentication
Powered by GitBook
On this page
  • Introduction
  • Configuration
  • Certificate validity
  1. Valves
  2. PKI

X509 Certificate Validator

Valve for validating X.509 certificates

PreviousX509 Certificate ExtractorNextPasscode Generator

Last updated 1 year ago

Introduction

Use this valve to validate a X.509 v3 certificate.

Performs the following validations (in specified order):

  1. Validity (notBefore/notAfter)

  2. PKIX path ("certificate chain")

  3. Signature

This valve is a part of the item iteration API meaning that it operates on the current item set. For more information on item iteration, see .

Valve operates on items if available. During item iteration the validation result ("certificate status") will be set on the current item and must be asserted later in pipe. If no items are available pipe will fail if validation fails.

Certificate status values:

  • GOOD

  • EXPIRED

  • NOT_YET_VALID

  • INVALID_PATH

  • INVALID_SIGNATURE

Configuration

Valve name: X509CertificateExtractor

Name
Description
Default value
Mandatory
Expanded

src

X509 certificate in PEM format.

dest

Name of item property receiving validation status. Only used in item iteration mode.

"cert_status"

now

Instant in ISO-format for validating certificate expiry. Supports property expansion.

Default: current date/time

truststore

Trust store configuration object. Trust store is used for validating the certificate path.

truststore.path

Path to trust store (Mandatory unless "data" is specified.

truststore.data

Base64 encoded trust store (Mandatory unless "path" is specified)

truststore.password

Trust store password

truststore.type

"PKCS12"

{
  "name" : "X509CertificateValidator,
  "config" : {
    "src" : "${request.pem}",
    "truststore" : {
      "path": "config/truststore.jks"
      "password": "secret",
      "type": "JKS"
    }
  }
}

Certificate validity

It is possible to check certificate validity for any point in time by setting the now configuration property. If not set, now will default to now (i.e the current time).

Item