org.eclipse.californium.scandium.dtls.x509

Class StaticCertificateVerifier

java.lang.Object

org.eclipse.californium.scandium.dtls.x509.StaticCertificateVerifier

All Implemented Interfaces:

AdvancedCertificateVerifier, CertificateVerifier

Deprecated.

use StaticNewAdvancedCertificateVerifier instead.

@Deprecated
public class StaticCertificateVerifier
extends Object
implements AdvancedCertificateVerifier

This implementation uses a static set of trusted root certificates to validate the chain.

Constructor Summary

Constructors

Constructor and Description
StaticCertificateVerifier(X509Certificate[] rootCertificates) Deprecated. Create instance of static certificate verifier.

Method Summary

Methods

Modifier and Type	Method and Description
X509Certificate[]	getAcceptedIssuers() Deprecated. Return an array of certificate authority certificates which are trusted for authenticating peers.
CertPath	verifyCertificate(Boolean clientUsage, boolean truncateCertificatePath, CertificateMessage message, DTLSSession session) Deprecated. Validates the X.509 certificate chain provided by the the peer as part of this message.
void	verifyCertificate(CertificateMessage message, DTLSSession session) Deprecated. Validates the X.509 certificate chain provided by the the peer as part of this message.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

StaticCertificateVerifier

public StaticCertificateVerifier(X509Certificate[] rootCertificates)

Deprecated.

Create instance of static certificate verifier.

Parameters:

rootCertificates - array with trusted root certificates, empty array to trust all.

Method Detail

verifyCertificate

public void verifyCertificate(CertificateMessage message,
                     DTLSSession session)
                       throws HandshakeException

Deprecated.

Validates the X.509 certificate chain provided by the the peer as part of this message. This method checks

1. that each certificate's issuer DN equals the subject DN of the next certificate in the chain
2. that each certificate is currently valid according to its validity period
3. that the chain is rooted at a trusted CA

Specified by:

verifyCertificate in interface CertificateVerifier

Parameters:

message - certificate message to be verified

session - dtls session to verify

Throws:

HandshakeException - if any of the checks fails

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()

Deprecated.

Description copied from interface: CertificateVerifier

Return an array of certificate authority certificates which are trusted for authenticating peers. The javadoc of previous versions (2.1.0 and before) permits to use null. This causes a failure, please adapt to use an empty array.

Specified by:

getAcceptedIssuers in interface CertificateVerifier

Returns:

a non-null (possibly empty) array of acceptable CA issuer certificates.

verifyCertificate

public CertPath verifyCertificate(Boolean clientUsage,
                         boolean truncateCertificatePath,
                         CertificateMessage message,
                         DTLSSession session)
                           throws HandshakeException

Deprecated.

Description copied from interface: AdvancedCertificateVerifier

Validates the X.509 certificate chain provided by the the peer as part of this message.

Specified by:

verifyCertificate in interface AdvancedCertificateVerifier

Parameters:

clientUsage - indicator to check certificate usage. null don't check key usage, true, check key usage for client, false for server.

truncateCertificatePath - true truncate certificate path at a trusted certificate before validation.

message - certificate message to be validated

session - dtls session to be used for validation

Returns:

actually validated certificate path.

Throws:

HandshakeException - if validation fails