Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

demo.pkcs
Class PKCS7

java.lang.Object
  |
  +--demo.pkcs.PKCS7
public class PKCS7
extends Object

This class verifies a PKCS#7 certifcate chain extractet from a PKCS7CertList.

A PKCS7CertList represents the degenerate case of a PKCS#7 SignedDataobject where there are no signers on the content. PKCS7CertLists can be used for dealing with certificate chains as disseminated by Netscape Navigator or Internet Explorer.

The PKCS7CertList is read in from a file which may have been created by using the writeTo method of the iaik.pkcs.PKCS7CertList class.

When starting the TestPKCS7 test, you have to specify the file name holding the PKCS7CertList to be parsed:

TestPKCS7 <file name>

Version:
File Revision 13
See Also:
PKCS7CertList

Constructor Summary
PKCS7()
           
 
Method Summary
static void main(String[] arg)
          Reads a PKCS#7 certificate chain from a file and verifies the certificates stored inside.
static boolean verifyCertificate(X509Certificate userCert, X509Certificate caCert)
          Verifies the digital signature of a certificate.
static void verifyCertificateChain(X509Certificate[] certs)
          Verifies a chain of certificates where the user certificate is stored at index 0.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKCS7

public PKCS7()
Method Detail

verifyCertificate

public static boolean verifyCertificate(X509Certificate userCert,
                                        X509Certificate caCert)
Verifies the digital signature of a certificate.
Parameters:
userCert - the certificate to verify
caCert - the certificate of the CA which has issued the userCert or null if the userCert is a self signed certificate
Returns:
true, if the signature is OK, false otherwise

verifyCertificateChain

public static void verifyCertificateChain(X509Certificate[] certs)
Verifies a chain of certificates where the user certificate is stored at index 0. The self-signed top level certificate is verified using its inherent public key. Any other certificate of the chain is verified by means of the public key derived from the issuing certificate which is located one index higher in the chain.

certs[0] = user certificate. certs[x] = self signed CA certificate

Parameters:
certs - the certificate chain to verify

main

public static void main(String[] arg)
Reads a PKCS#7 certificate chain from a file and verifies the certificates stored inside.

Usage:

TestPKCS7 <file name>

Parameters:
first_argument - the name of the file holding the certificate chain
Overview  Package   Class  Tree  Deprecated  Index  Help 
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK