namespace Akenti class CertificateVerifier
-
CertificateVerifier(CertificateCache& cache, const vector<Certificate>& trustedCerts)
-
Constructs this object
- ~CertificateVerifier()
-
Destroys this object
- bool verify(const AkentiCertificate& cert, const vector& dirs, int cacheInterval)
-
Verifies the AkentiCertificate specified by cert
CertificateVerifier(const CertificateVerifier&)
-
Disallows copying
- void operator=(const CertificateVerifier&)
-
Disallows assignement
- bool verify(const AkentiCertificate& issuerCert, const AkentiCertificate& issuedCert)
-
Determines whether issuerCert was used to "sign"
issuedCert
- CacheCertHolder getIssuerCert(const AkentiCertificate& cert, const vector& dirs, int cacheInterval)
-
Helper function
Documentation
- CertificateVerifier(CertificateCache& cache, const vector<Certificate>& trustedCerts)
-
Constructs this object.
- Throws:
- Error if trustedCerts is an empty vector.
- Parameters:
- cache - CertificateCache used to store and fetch X509 certificates.
trustedCerts - vector
- See Also:
- Certficate
CertficateCache
- ~CertificateVerifier()
-
Destroys this object
- bool verify(const AkentiCertificate& cert, const vector& dirs, int cacheInterval)
-
Verifies the AkentiCertificate specified by cert.
The verification succeds if the X509 identity certificate of the
cert's issuer is found to be valid and trusted.
Algorithm to fetch find the issuer's X509 identity certificate:
1) trusted ca certs:
We first look to see if the issuer's cert is one these trusted
certficates. If so we are done.
2) cache:
We then query the cache for an X509 certificate for that issuer.
Recall the cache only returns certificates that has not been
cached longer thancacheInterval. Furthermore, the cache
never returns a certificate that has expired or that has not
verified. So if the issuer's certificate is found in the cache,
we only need to consider two cases:
a) Issuer's cert has been verified. We are done.
b) Issuer's cert has not yet been verified. We verify
it by starting at step one.
3) directories:
We search the directories for the issuer's cert. We cache
every certificate that we find while looking for it. And
we only stop when we have searched all the directories or
if we find the issuer's cert. And of course we proceed to
verify the issuer's cert by starting at step one.
- Returns:
- true if certificate verifies, false otherwise.
- Parameters:
- cert - AkentiCertificate cert to be verified.
dirs - vector directories to loolk up X509 certs.
cacheInterval - int the allowable duration of a certificate
in the cache.
- See Also:
- verify(AkentiCertificate, AkentiCertificate&)
CertificateCache
AkentiCertificate
alphabetic index hierarchy of classes
this page has been generated automatically by doc++
(c)opyright by Malte Zöckler, Roland Wunderling
contact: doc++@zib.de