iaik.x509
Class SimpleChainVerifier

java.lang.Object
  |
  +--iaik.x509.ChainVerifier
        |
        +--iaik.x509.SimpleChainVerifier

All Implemented Interfaces:

Serializable

public class SimpleChainVerifier

extends ChainVerifier

implements Serializable

This class allows you to verify certificate chains. It builds on the ChainVerifier class which provides the cryptographic foundation and adds to it a simple trust mechanism. Each object internally maintains a list of trusted certificates (user certificates or CA certificates) in a Hashtable. See the superclass documentation for more information about the handling of trusted certificates by the verifyChain method.

To use it, first create a SimpleChainVerifier object and then add trusted certificates by means of the addTrustedCertificate or setTrustedCertificates methods. Then call verifyChain for any certificate chain you want to verify. Note that you can also use this class without any trusted certificates purely to verify a chain cryptographically. Simply call verifyChain without trusted certificates, it will then return false for cryptographically valid chains and throw a CertificateException for bad chains (broken, expired, etc.)

Version:

File Revision 14

See Also:

Serialized Form

Field Summary

protected Hashtable

signers A Hashtable holding the X.509 Certificates of the trusted signers.

Constructor Summary

SimpleChainVerifier()
Creates a new SimpleChainVerifier.

Method Summary

void	addTrustedCertificate(X509Certificate certificate) Add a trusted certificate.
boolean	isTrustedCertificate(X509Certificate cert) Checks whether a given certificate is marked as trusted.
X509Certificate	removeTrustedCertificate(X509Certificate certificate) Remove a certificate from the list of trusted certificates.
void	setTrustedCertificates(X509Certificate[] certificateList) Sets the certificates to be trusted.
Enumeration	trustedCertificates() Returns the enumeration of the currently trusted certificates.

Methods inherited from class iaik.x509.ChainVerifier

checkExtensions, orderCertificateChain, verifyChain, verifyChain

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

signers

protected Hashtable signers

A Hashtable holding the X.509 Certificates of the trusted signers. They are stored mapped to themselves, a hashtable is only used because a lookup is faster than for linear structures like Vectors.

Constructor Detail

SimpleChainVerifier

public SimpleChainVerifier()

Creates a new SimpleChainVerifier.

Method Detail

isTrustedCertificate

public boolean isTrustedCertificate(X509Certificate cert)
                             throws CertificateException

Checks whether a given certificate is marked as trusted.

Overrides:

isTrustedCertificate in class ChainVerifier

Parameters:

cert - the certificate to be checked

Returns:

true if the given cert is trusted, false otherwise

Throws:

CertificateException - never thrown by this method; only declared because also declared in super class

trustedCertificates

public Enumeration trustedCertificates()

Returns the enumeration of the currently trusted certificates.

Returns:

the enumeration of the currently trusted certificates.

setTrustedCertificates

public void setTrustedCertificates(X509Certificate[] certificateList)

Sets the certificates to be trusted. Previously trusted certificates are lost.

Parameters:

certificateList - the list of trusted certificates

addTrustedCertificate

public void addTrustedCertificate(X509Certificate certificate)

Add a trusted certificate.

Parameters:

certificate - the certificate to be marked as trusted

removeTrustedCertificate

public X509Certificate removeTrustedCertificate(X509Certificate certificate)

Remove a certificate from the list of trusted certificates.

Parameters:

certificate - the certificate to no longer be marked as trusted

Returns:

if successfull the certificate itself, null if it was not trusted.