|
IAIK High-Level API version 1.1 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object iaik.hlapi.CertValidator iaik.hlapi.PkixCertValidator
public class PkixCertValidator
This is an implementation of a CertValidator
that validates
certificate chains according to the PKIX standard RFC 3280. By default,
any policy is accepted, policy mapping is not inhibited,
no explicit policy is required and the any policy OID is not inhibited.
It also performs revocation checking with OCSP and CRLs.
Revocation checking can be disabled using
CertValidator.setRevocationChecking(boolean)
.
Constructor Summary | |
---|---|
PkixCertValidator()
Create an new certificate validator that works according to PKIX RFC 3280. |
Method Summary | |
---|---|
void |
addCertificate(X509Certificate cert)
Add the given certificate to this validator. |
void |
addCRL(X509CRL crl)
Add the given certificate revocation list (CRL) to this validator for revocation checking. |
void |
addTrustedCertificate(X509Certificate cert)
Add the given certificate as a trusted root certificate to this validator. |
X509Certificate |
getTrustedRoot()
Get the trusted root certificate that was used to validate the most recently validated chain. |
void |
setRevocationChecking(boolean enable)
Enable or disable revocation checking. |
X509Certificate[] |
validate(X509Certificate cert,
Date date)
Validate the given certificate for which to construct and validate a certificate chain. |
void |
validateChain(X509Certificate[] certChain,
Date date)
Validate the given certificate chain, which is a complete chain excluding the trusted root certificate. |
Methods inherited from class iaik.hlapi.CertValidator |
---|
validate, validateChain |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public PkixCertValidator()
Method Detail |
---|
public void addTrustedCertificate(X509Certificate cert)
CertValidator
The application may call this method more than once to add several trusted root certificates. The validation method will select a suitable root certificate automatically.
addTrustedCertificate
in class CertValidator
cert
- The certificate.public void addCertificate(X509Certificate cert)
CertValidator
This method does not influence certificates added via
CertValidator.addTrustedCertificate(X509Certificate)
.
addCertificate
in class CertValidator
cert
- The certificate.public void addCRL(X509CRL crl)
CertValidator
addCRL
in class CertValidator
crl
- The CRL object.public void setRevocationChecking(boolean enable)
CertValidator
If disabled, the class will no perform any kind of revocation checking.
setRevocationChecking
in class CertValidator
enable
- true
to enable, false
to disable.public void validateChain(X509Certificate[] certChain, Date date) throws CertificateValidationException, HlApiException
CertValidator
If the certificate chain could be validated, the trusted root of this chain
can be fetched using CertValidator.getTrustedRoot()
.
If validation of the chain failed or could not be completed, an exception is thrown.
The application must add at least one trusted root certificate using
CertValidator.addTrustedCertificate(X509Certificate)
before calling
this method. Otherwise, an exception is thrown.
validateChain
in class CertValidator
certChain
- The certificate chain with the end-entity certificate
first but excluding the trusted root.date
- The date for which to validate the chain, i.e. the date when
the certificate (chain) was used e.g. for signing.
null
means the current date.
CertificateValidationException
- If the chain is invalid.
HlApiException
- If the validation failed for some other reason,
e.g. no trusted root has been set, invalid certificate format or
unsupported algorithms.public X509Certificate[] validate(X509Certificate cert, Date date) throws CertificateValidationException, HlApiException
CertValidator
CertValidator.addCertificate(X509Certificate)
.
If the certificate chain could be constructed and validated,
the validated chain is returned. The trusted root certificate is excluded.
It can be fetched using CertValidator.getTrustedRoot()
.
If validation of the chain failed or could not be completed, an exception is thrown.
The application must add at least one trusted root certificate using
CertValidator.addTrustedCertificate(X509Certificate)
before calling
this method.
validate
in class CertValidator
cert
- The certificate for which to construct and validate a chain.date
- The date for which to construct and validate the chain,
i.e. the date when the certificate (chain) was used e.g. for signing.
null
means the current date.
CertificateValidationException
- If a valid chain could not be constructed.
HlApiException
- If the validation failed for some other reason,
e.g. no trusted root has been set, invalid certificate format or
unsupported algorithms.public X509Certificate getTrustedRoot()
CertValidator
null
.
Note, that the returned certificate will always one of the trusted
certificates, which were added using
CertValidator.addTrustedCertificate(X509Certificate)
.
getTrustedRoot
in class CertValidator
null
.
|
IAIK High-Level API version 1.1 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Copyright © 2007,
IAIK, Graz University of Technology Copyright © 2007, Stiftung SIC |