|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.tsik.verifier.CachingTrustVerifier
A proxy TrustVerifier implementation that caches the results of another TrustVerifier for a given time interval. For verifiers that perform expensive operations, this reduces the overhead of verification when the same key or certificate is verified multiple times within short periods of time. For example, caching may be useful with an XKMS TrustVerifier that interacts with a web service.
The cache lookup key for a PublicKey and X509Certificate is the value returned by their getEncoded() method. For a certification chain, the encoded values of all certificates are appended in order to get the cache lookup key. The cache lookup key for a key name is its String value.
Constructor Summary | |
---|---|
CachingTrustVerifier(TrustVerifier verifier,
long interval)
Creates a CachingTrustVerifier for a given TrustVerifier and interval. |
Method Summary | |
---|---|
void |
verifyTrust()
Verifies that the absence of a key or certificate (e.g., an unsigned message) can be trusted. |
void |
verifyTrust(PublicKey key)
Verifies that a public key is trusted. |
void |
verifyTrust(PublicKey key,
String keyName)
Verifies that a public key is trusted, also using an XML Signature key name. |
void |
verifyTrust(X509Certificate[] chain)
Verifies that a certificate chain is trusted. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public CachingTrustVerifier(TrustVerifier verifier, long interval)
verifier
- is the TrustVerifier to use for verifying trust.interval
- is the number of milliseconds to cache the results of
the verifier.Method Detail |
public void verifyTrust() throws TrustVerificationException
TrustVerifier
Note that most TrustVerifier implementations will not consider the absence of a key or certificate to be trusted and these will always throw an exception when this method is called. This option is provided mainly for debugging purposes.
verifyTrust
in interface TrustVerifier
TrustVerificationException
- if the absence of a key or
certificate cannot be trusted.public void verifyTrust(PublicKey key) throws TrustVerificationException
TrustVerifier
verifyTrust
in interface TrustVerifier
key
- is the public key to check.
TrustVerificationException
- if the given key cannot be trusted,
or if an error occurs while trying to determine trust.public void verifyTrust(PublicKey key, String keyName) throws TrustVerificationException
TrustVerifier
Note that some TrustVerifier implementations may ignore the keyName parameter and only verify the key. However, a key name should be specified when one is available since this allows certain verifiers to operate more reliably. For example, a public key value may not neccessary be globally unique and in this case the keyName can help to qualify it.
If the keyName is used by the verifier, it will also ensure that the specified key is indeed associated with that keyName.
verifyTrust
in interface TrustVerifier
key
- is the public key to check.keyName
- is the XML Signature key name of the key to check.
TrustVerificationException
- if the given key cannot be trusted,
or if an error occurs while trying to determine trust.public void verifyTrust(X509Certificate[] chain) throws TrustVerificationException
TrustVerifier
i
, 0 <= i < (chain.length
- 1)
implies
chain[i].verify(chain[i+1].getPublicKey())
will
succeed. Returns silently if the chain is trusted, or throws
an exception indicating the reason if not.
verifyTrust
in interface TrustVerifier
chain
- is the certificate chain to check.
TrustVerificationException
- if the given chain cannot be trusted,
or if an error occurs while trying to determine trust.
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |