|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.tsik.verifier.SimpleTrustVerifier
A simple TrustVerifier implementation based on a collection of trusted public keys.
A key is trusted if it is in the trusted collection; a certificate chain is trusted if the public key of the leaf certificate is in the trusted collection.
When verifyTrust()
is called, an exception is always thrown by
this class. When verifyTrust(PublicKey,String)
is called, the key
name parameter is ignored by this class.
Constructor Summary | |
---|---|
SimpleTrustVerifier(Collection keys)
Creates an SimpleTrustVerifier from a collection of certificates. |
Method Summary | |
---|---|
void |
verifyTrust()
Verifies that the absence of a key or certificate (e.g., an unsigned message) can be trusted. |
void |
verifyTrust(PublicKey key)
Verifies that a public key is trusted. |
void |
verifyTrust(PublicKey key,
String keyName)
Verifies that a public key is trusted, also using an XML Signature key name. |
void |
verifyTrust(X509Certificate[] chain)
Verifies that a certificate chain is trusted. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public SimpleTrustVerifier(Collection keys)
keys
- is the collection of PublicKey objects to trust.
This collection is not copied by the constructor, so subsequent
modifications to the collection will impact on the verifier.Method Detail |
public void verifyTrust() throws TrustVerificationException
TrustVerifier
Note that most TrustVerifier implementations will not consider the absence of a key or certificate to be trusted and these will always throw an exception when this method is called. This option is provided mainly for debugging purposes.
verifyTrust
in interface TrustVerifier
TrustVerificationException
- if the absence of a key or
certificate cannot be trusted.public void verifyTrust(PublicKey key) throws TrustVerificationException
TrustVerifier
verifyTrust
in interface TrustVerifier
key
- is the public key to check.
TrustVerificationException
- if the given key cannot be trusted,
or if an error occurs while trying to determine trust.public void verifyTrust(PublicKey key, String keyName) throws TrustVerificationException
TrustVerifier
Note that some TrustVerifier implementations may ignore the keyName parameter and only verify the key. However, a key name should be specified when one is available since this allows certain verifiers to operate more reliably. For example, a public key value may not neccessary be globally unique and in this case the keyName can help to qualify it.
If the keyName is used by the verifier, it will also ensure that the specified key is indeed associated with that keyName.
verifyTrust
in interface TrustVerifier
key
- is the public key to check.keyName
- is the XML Signature key name of the key to check.
TrustVerificationException
- if the given key cannot be trusted,
or if an error occurs while trying to determine trust.public void verifyTrust(X509Certificate[] chain) throws TrustVerificationException
TrustVerifier
i
, 0 <= i < (chain.length
- 1)
implies
chain[i].verify(chain[i+1].getPublicKey())
will
succeed. Returns silently if the chain is trusted, or throws
an exception indicating the reason if not.
verifyTrust
in interface TrustVerifier
chain
- is the certificate chain to check.
TrustVerificationException
- if the given chain cannot be trusted,
or if an error occurs while trying to determine trust.
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |