Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
BasicCertificateVerifier |
|
| 3.3333333333333335;3.333 |
1 | /* | |
2 | * Copyright (c) 2009, Swiss Federal Department of Defence Civil Protection and Sport | |
3 | * (http://www.vbs.admin.ch) | |
4 | * Copyright (c) 2009, Ergon Informatik AG (http://www.ergon.ch) | |
5 | * All rights reserved. | |
6 | * | |
7 | * Licensed under the Open Permis License which accompanies this distribution, | |
8 | * and is available at http://www.openpermis.org/BSDlicenceKent.txt | |
9 | */ | |
10 | package org.openpermis.cert; | |
11 | ||
12 | import java.security.InvalidKeyException; | |
13 | import java.security.NoSuchAlgorithmException; | |
14 | import java.security.NoSuchProviderException; | |
15 | import java.security.SignatureException; | |
16 | import java.security.cert.Certificate; | |
17 | import java.security.cert.CertificateException; | |
18 | import java.security.cert.X509Certificate; | |
19 | ||
20 | ||
21 | /** | |
22 | * A very simple certificate verifier that checks all certificates against one trusted | |
23 | * issuer certificate and does not support certificate chains. | |
24 | * | |
25 | * This verifier is very efficient and should be used if only one issuer certificate is | |
26 | * used. | |
27 | * | |
28 | * @since 0.3.0 | |
29 | */ | |
30 | public class BasicCertificateVerifier implements CertificateVerifier { | |
31 | ||
32 | //---- Static | |
33 | //---- State | |
34 | /** The one and only trusted issuer certificate */ | |
35 | private final X509Certificate trustedIssuer; | |
36 | ||
37 | /** The crypto provider or null if non is specified */ | |
38 | private final String provider; | |
39 | ||
40 | //---- Constructors | |
41 | ||
42 | /** | |
43 | * Creates a certificate verifier using the specified certificate as the one and only trusted | |
44 | * issuer. | |
45 | * @param trustedIssuer The certificate of the trusted issuer. Must not be <code>null</code>. | |
46 | * @since 0.3.0 | |
47 | */ | |
48 | 11 | public BasicCertificateVerifier (X509Certificate trustedIssuer) { |
49 | 11 | if (trustedIssuer == null) { |
50 | 0 | throw new IllegalArgumentException("Trusted issuer certificate is null"); |
51 | } | |
52 | 11 | this.trustedIssuer = trustedIssuer; |
53 | 11 | this.provider = null; |
54 | 11 | } |
55 | ||
56 | /** | |
57 | * Creates a certificate verifier using the specified certificate as the one and only trusted | |
58 | * issuer and the specified crypto provider for cryptographic functions. | |
59 | * | |
60 | * It is usually not a good idea to explicitly specify a crypto provider but it may be required | |
61 | * in some situations. If possibly use {@link #BasicCertificateVerifier(X509Certificate)} | |
62 | * instead. | |
63 | * | |
64 | * @param trustedIssuer The certificate of the trusted issuer. Must not be <code>null</code>. | |
65 | * @param provider The name of the crypto provider used for cryptographic functions. Must not | |
66 | * be <code>null</code>. | |
67 | * @since 0.3.0 | |
68 | */ | |
69 | 0 | public BasicCertificateVerifier (X509Certificate trustedIssuer, String provider) { |
70 | 0 | if (trustedIssuer == null) { |
71 | 0 | throw new IllegalArgumentException("Trusted issuer certificate is null"); |
72 | } | |
73 | 0 | this.trustedIssuer = trustedIssuer; |
74 | 0 | if (provider == null) { |
75 | 0 | throw new IllegalArgumentException("provider name is null"); |
76 | } | |
77 | 0 | this.provider = provider; |
78 | 0 | } |
79 | ||
80 | ||
81 | //---- CertificateVerifier | |
82 | /** | |
83 | * {@inheritDoc}. | |
84 | * @since 0.3.0 | |
85 | */ | |
86 | public void verifyCertificate (Certificate certificate) | |
87 | throws | |
88 | CertificateException, | |
89 | NoSuchAlgorithmException, | |
90 | InvalidKeyException, | |
91 | NoSuchProviderException, | |
92 | SignatureException | |
93 | { | |
94 | 15 | if (this.provider == null) { |
95 | 15 | certificate.verify(this.trustedIssuer.getPublicKey()); |
96 | } else { | |
97 | 0 | certificate.verify(this.trustedIssuer.getPublicKey(), this.provider); |
98 | } | |
99 | 9 | } |
100 | } |