com.saperion.cert

Class CertificateVerifier

java.lang.Object

com.saperion.cert.CertificateVerifier

public final class CertificateVerifier
extends Object

Class for building a certification chain for given certificate and verifying it. Relies on a set of root CA certificates and intermediate certificates that will be used for building the certification chain. The verification process assumes that all self-signed certificates in the set are trusted root CA certificates and all other certificates in the set are intermediate certificates.

Author:

Svetlin Nakov

Method Summary

Methods

Modifier and Type	Method and Description
static boolean	isSelfSigned(X509Certificate cert) Checks whether given X.509 certificate is self-signed.
static PKIXCertPathBuilderResult	verifyCertificate(X509Certificate cert, Set<X509Certificate> additionalCerts) Attempts to build a certification chain for given certificate and to verify it.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

verifyCertificate

public static PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert,
                                          Set<X509Certificate> additionalCerts)
                                                   throws CertificateVerificationException

Attempts to build a certification chain for given certificate and to verify it. Relies on a set of root CA certificates and intermediate certificates that will be used for building the certification chain. The verification process assumes that all self-signed certificates in the set are trusted root CA certificates and all other certificates in the set are intermediate certificates.

Parameters:

cert - - certificate for validation

additionalCerts - - set of trusted root CA certificates that will be used as "trust anchors" and intermediate CA certificates that will be used as part of the certification chain. All self-signed certificates are considered to be trusted root CA certificates. All the rest are considered to be intermediate CA certificates.

Returns:

the certification chain (if verification is successful)

Throws:

CertificateVerificationException - - if the certification is not successful (e.g. certification path cannot be built or some certificate in the chain is expired or CRL checks are failed)

isSelfSigned

public static boolean isSelfSigned(X509Certificate cert)
                            throws CertificateException,
                                   NoSuchAlgorithmException,
                                   NoSuchProviderException

Checks whether given X.509 certificate is self-signed.

Parameters:

cert - Certificate

Returns:

is self signed

Throws:

CertificateException - - if the certification is not successful (e.g. certification path cannot be built or some certificate in the chain is expired or CRL checks are failed)

NoSuchAlgorithmException - Algorithm failure

NoSuchProviderException - No provider available