Coverage Report - org.openpermis.cert.BasicCertificateVerifier
 
Classes in this File Line Coverage Branch Coverage Complexity
BasicCertificateVerifier
44%
8/18
25%
2/8
3.333
 
 1  
 /*
 2  
  * Copyright (c) 2009, Swiss Federal Department of Defence Civil Protection and Sport
 3  
  *                     (http://www.vbs.admin.ch)
 4  
  * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch)
 5  
  * All rights reserved.
 6  
  *
 7  
  * Licensed under the Open Permis License which accompanies this distribution,
 8  
  * and is available at http://www.openpermis.org/BSDlicenceKent.txt
 9  
  */
 10  
 package org.openpermis.cert;
 11  
 
 12  
 import java.security.InvalidKeyException;
 13  
 import java.security.NoSuchAlgorithmException;
 14  
 import java.security.NoSuchProviderException;
 15  
 import java.security.SignatureException;
 16  
 import java.security.cert.Certificate;
 17  
 import java.security.cert.CertificateException;
 18  
 import java.security.cert.X509Certificate;
 19  
 
 20  
 
 21  
 /**
 22  
  * A very simple certificate verifier that checks all certificates against one trusted
 23  
  * issuer certificate and does not support certificate chains.
 24  
  * 
 25  
  * This verifier is very efficient and should be used if only one issuer certificate is
 26  
  * used.
 27  
  * 
 28  
  * @since 0.3.0
 29  
  */
 30  
 public class BasicCertificateVerifier implements CertificateVerifier {
 31  
 
 32  
         //---- Static
 33  
         //---- State
 34  
         /** The one and only trusted issuer certificate */
 35  
         private final X509Certificate trustedIssuer;
 36  
         
 37  
         /** The crypto provider or null if non is specified */
 38  
         private final String provider;
 39  
         
 40  
         //---- Constructors
 41  
         
 42  
         /**
 43  
          * Creates a certificate verifier using the specified certificate as the one and only trusted
 44  
          * issuer.
 45  
          * @param trustedIssuer The certificate of the trusted issuer. Must not be <code>null</code>.
 46  
          * @since 0.3.0
 47  
          */
 48  11
         public BasicCertificateVerifier (X509Certificate trustedIssuer) {
 49  11
                 if (trustedIssuer == null) {
 50  0
                         throw new IllegalArgumentException("Trusted issuer certificate is null");
 51  
                 }
 52  11
                 this.trustedIssuer = trustedIssuer;
 53  11
                 this.provider = null;
 54  11
         }
 55  
 
 56  
         /**
 57  
          * Creates a certificate verifier using the specified certificate as the one and only trusted
 58  
          * issuer and the specified crypto provider for cryptographic functions.
 59  
          *
 60  
          * It is usually not a good idea to explicitly specify a crypto provider but it may be required
 61  
          * in some situations. If possibly use {@link #BasicCertificateVerifier(X509Certificate)}
 62  
          * instead.  
 63  
          * 
 64  
          * @param trustedIssuer The certificate of the trusted issuer. Must not be <code>null</code>.
 65  
          * @param provider The name of the crypto provider used for cryptographic functions. Must not
 66  
          * be <code>null</code>.
 67  
          * @since 0.3.0
 68  
          */
 69  0
         public BasicCertificateVerifier (X509Certificate trustedIssuer, String provider) {
 70  0
                 if (trustedIssuer == null) {
 71  0
                         throw new IllegalArgumentException("Trusted issuer certificate is null");
 72  
                 }
 73  0
                 this.trustedIssuer = trustedIssuer;
 74  0
                 if (provider == null) {
 75  0
                         throw new IllegalArgumentException("provider name is null");
 76  
                 }
 77  0
                 this.provider = provider;
 78  0
         }
 79  
 
 80  
         
 81  
         //---- CertificateVerifier
 82  
         /**
 83  
          * {@inheritDoc}.
 84  
          * @since 0.3.0
 85  
          */
 86  
         public void verifyCertificate (Certificate certificate) 
 87  
                 throws 
 88  
                         CertificateException, 
 89  
                         NoSuchAlgorithmException, 
 90  
                         InvalidKeyException, 
 91  
                         NoSuchProviderException, 
 92  
                         SignatureException
 93  
         {
 94  15
                 if (this.provider == null) {
 95  15
                         certificate.verify(this.trustedIssuer.getPublicKey());
 96  
                 } else {
 97  0
                         certificate.verify(this.trustedIssuer.getPublicKey(), this.provider);
 98  
                 }
 99  9
         }
 100  
 }