Download - Svetlin Nakov
Download - Svetlin Nakov
Download - Svetlin Nakov
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
}<br />
PublicKey publicKey = aCertificate.getPublicKey();<br />
boolean valid = verifyDocumentSignature(aDocument, publicKey, aSignature);<br />
return valid;<br />
/**<br />
* Verifies a certificate. Checks its validity period and tries to find a<br />
* trusted certificate from given list of trusted certificates that is directly<br />
* signed given certificate. The certificate is valid if no exception is thrown.<br />
*<br />
* @param aCertificate the certificate to be verified.<br />
* @param aTrustedCertificates a list of trusted certificates to be used in<br />
* the verification process.<br />
*<br />
* @throws CertificateExpiredException if the certificate validity period is<br />
* expired.<br />
* @throws CertificateNotYetValidException if the certificate validity period is<br />
* not yet started.<br />
* @throws CertificateValidationException if the certificate is invalid (can not<br />
* be validated using the given set of trusted certificates.<br />
*/<br />
public static void verifyCertificate(X509Certificate aCertificate,<br />
X509Certificate[] aTrustedCertificates)<br />
throws GeneralSecurityException {<br />
// First check certificate validity period<br />
aCertificate.checkValidity();<br />
// Check if the certificate is signed by some of the given trusted certs<br />
for (int i=0; i it is invalid<br />
throw new CertificateValidationException(<br />
"Can not find trusted parent certificate.");<br />
/**<br />
* Verifies certification chain using "PKIX" algorithm, defined in RFC-3280.<br />
* It is considered that the given certification chain start with the target<br />
* certificate and finish with some root CA certificate. The certification<br />
* chain is valid if no exception is thrown.<br />
*<br />
* @param aCertChain the certification chain to be verified.<br />
* @param aTrustedCACertificates a list of most trusted root CA certificates.<br />
* @throws CertPathValidatorException if the certification chain is invalid.<br />
*/<br />
public static void verifyCertificationChain(CertPath aCertChain,<br />
X509Certificate[] aTrustedCACertificates)<br />
throws GeneralSecurityException {<br />
int chainLength = aCertChain.getCertificates().size();<br />
if (chainLength < 2) {<br />
throw new CertPathValidatorException("The certification chain is too " +<br />
"short. It should consist of at least 2 certiicates.");<br />
}<br />
129