|
IAIK High-Level API version 1.1 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object iaik.hlapi.CertValidator
public abstract class CertValidator
Objects of this class validate X.509 certificate chains.
Per default, implementations must perform a complete validation according to the standard they adhere to. Usually, this includes revocation checking.
Method Summary | |
---|---|
abstract void |
addCertificate(X509Certificate cert)
Add the given certificate to this validator. |
abstract void |
addCRL(X509CRL crl)
Add the given certificate revocation list (CRL) to this validator for revocation checking. |
abstract void |
addTrustedCertificate(X509Certificate cert)
Add the given certificate as a trusted root certificate to this validator. |
abstract X509Certificate |
getTrustedRoot()
Get the trusted root certificate that was used to validate the most recently validated chain. |
abstract void |
setRevocationChecking(boolean enable)
Enable or disable revocation checking. |
X509Certificate[] |
validate(X509Certificate cert)
This is a shortcut for validate(cert, null) and constructs and validates a certificate
chain with respect to the current time. |
abstract X509Certificate[] |
validate(X509Certificate cert,
Date date)
Validate the given certificate for which to construct and validate a certificate chain. |
void |
validateChain(X509Certificate[] certChain)
This is a shortcut for validateChain(certChain, null) and validates the certificate chain
with respect to the current time. |
abstract void |
validateChain(X509Certificate[] certChain,
Date date)
Validate the given certificate chain, which is a complete chain excluding the trusted root certificate. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public abstract void addTrustedCertificate(X509Certificate cert)
The application may call this method more than once to add several trusted root certificates. The validation method will select a suitable root certificate automatically.
cert
- The certificate.public abstract void addCertificate(X509Certificate cert)
This method does not influence certificates added via
addTrustedCertificate(X509Certificate)
.
cert
- The certificate.public abstract void addCRL(X509CRL crl)
crl
- The CRL object.public void validateChain(X509Certificate[] certChain) throws CertificateValidationException, HlApiException
validateChain(certChain, null)
and validates the certificate chain
with respect to the current time.
certChain
- The certificate chain with the end-entity certificate
first but excluding the trusted root.
CertificateValidationException
- If the chain is invalid.
HlApiException
- If the validation failed for some other reason,
e.g. no trusted root has been set, invalid certificate format or
unsupported algorithms.public abstract void validateChain(X509Certificate[] certChain, Date date) throws CertificateValidationException, HlApiException
If the certificate chain could be validated, the trusted root of this chain
can be fetched using getTrustedRoot()
.
If validation of the chain failed or could not be completed, an exception is thrown.
The application must add at least one trusted root certificate using
addTrustedCertificate(X509Certificate)
before calling
this method. Otherwise, an exception is thrown.
certChain
- The certificate chain with the end-entity certificate
first but excluding the trusted root.date
- The date for which to validate the chain, i.e. the date when
the certificate (chain) was used e.g. for signing.
null
means the current date.
CertificateValidationException
- If the chain is invalid.
HlApiException
- If the validation failed for some other reason,
e.g. no trusted root has been set, invalid certificate format or
unsupported algorithms.public X509Certificate[] validate(X509Certificate cert) throws CertificateValidationException, HlApiException
validate(cert, null)
and constructs and validates a certificate
chain with respect to the current time.
cert
- The certificate for which to construct and validate a chain.
CertificateValidationException
- If a valid chain could not be constructed.
HlApiException
- If the validation failed for some other reason,
e.g. no trusted root has been set, invalid certificate format or
unsupported algorithms.public abstract X509Certificate[] validate(X509Certificate cert, Date date) throws CertificateValidationException, HlApiException
addCertificate(X509Certificate)
.
If the certificate chain could be constructed and validated,
the validated chain is returned. The trusted root certificate is excluded.
It can be fetched using getTrustedRoot()
.
If validation of the chain failed or could not be completed, an exception is thrown.
The application must add at least one trusted root certificate using
addTrustedCertificate(X509Certificate)
before calling
this method.
cert
- The certificate for which to construct and validate a chain.date
- The date for which to construct and validate the chain,
i.e. the date when the certificate (chain) was used e.g. for signing.
null
means the current date.
CertificateValidationException
- If a valid chain could not be constructed.
HlApiException
- If the validation failed for some other reason,
e.g. no trusted root has been set, invalid certificate format or
unsupported algorithms.public abstract X509Certificate getTrustedRoot()
null
.
Note, that the returned certificate will always one of the trusted
certificates, which were added using
addTrustedCertificate(X509Certificate)
.
null
.public abstract void setRevocationChecking(boolean enable)
If disabled, the class will no perform any kind of revocation checking.
enable
- true
to enable, false
to disable.
|
IAIK High-Level API version 1.1 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Copyright © 2007,
IAIK, Graz University of Technology Copyright © 2007, Stiftung SIC |