public interface CertificateHandler
This interface exposes some simple methods that can be used to get information out of a certificate
A certificate can be imagined as some kind of "digital identity card" attesting that a particular public key belongs to a particular entity. Certificates have a limited period of validity and are digitally signed by some trusted authority. Certificates can be verified by anyone having access to the signing authority public key. Each certification authority has to take care to label every handled certificate with a unique serial number for unequivocally identifying it. Certification authorities also have to maintain certification revocation lists of certificates that heve been expired for some reason and are no longer valid.
If the System property defined by Constants.IGNORE_REV
is set to true, then any
CRLDistribution points in a given certificate are ignored for the purposes of checking validity and revocation status. This
behaviour can be overridden by using the appropriate value for setCheckRevocation(boolean)
Modifier and Type | Method and Description |
---|---|
java.security.cert.Certificate |
getCertificate()
Get the certificate contained within this handler for further manual
querying.
|
java.lang.String |
getIssuer()
Get the Issuer of this certificate.
|
java.lang.String |
getKeyAlgorithm()
Extract the KeyAlgorithm from the certificate.
|
java.util.Calendar |
getLastRevocationCheck()
Return a Calendar object that indicates the date that a revocation check
was last performed.
|
java.security.PublicKey |
getPublicKey()
Extract the PublicKey from the given Certificate.
|
java.lang.String |
getSignatureAlgorithm()
This method extracts the Signature Algorithm from the given Certificate.
|
java.lang.String |
getSignatureAlgorithmObjectId()
This method extracts the Signature Algorithm OID from the given Certificate.
|
boolean |
isExpired()
Check expiry on the certificate.
|
boolean |
isRevoked()
Check revocation status on the certificate.
|
boolean |
isValid()
Check the overall validity of this certificate.
|
void |
setCheckRevocation(boolean b)
Set the flag for checking revocation.
|
java.security.PublicKey getPublicKey()
java.lang.String getSignatureAlgorithm()
Generally the signature will be stored in the certificate as a string, with the string representing some specific ASN.1 Object identifier
"MD5withRSA"
java.lang.String getSignatureAlgorithmObjectId()
Sometimes it is possible to get a signature algorithm name that is not recognised by the Security Provider. e.g.
"MD5withRSAencryption"
is not known by the IAIK provider. In instances like this, this method can be used to get
the ASN.1 Object Identifier for the signature algorithm. The returned ASN.1 Object Id string can be used with most providers.
e.g. 1.2.840.10040.4.3
would be returned for a "SHA1withDSA"
signature algorithm
A concise definition of an ASN.1 Object ID is that "It consists of a sequence of integer components and is used for identifying some abstract information object (for instance an algorithm, an attribute type, or even a registration authority that defines other object identifiers)."
"1.2.840.10040.4.3"
java.lang.String getKeyAlgorithm()
This will return the algorithm type stored in the publickey.
boolean isExpired()
If a certificate is not yet valid, then it should be considered to be expired.
boolean isRevoked() throws AdaptrisSecurityException
Check if a certificate has been revoked by the CA
This depends on whether the checkRevocation flag has been set and also if there is information available within the certificate to actually get a Certificate revocation list. As revocation lists are held centrally the CA, it is a requirement that the process in question has http access to the host specified in the CRL distribution point.
AdaptrisSecurityException
- on errorsetCheckRevocation(boolean)
void setCheckRevocation(boolean b)
Checking revocation could take some time, so with this option being set ,an isRevoked()
call will only actually check
for revocation on some pre-determined schedule currently set at once a day.isRevoked()
is implicitly called if an
isValid()
call is made.
b
- true or falseisRevoked()
,
isValid()
,
getLastRevocationCheck()
boolean isValid() throws AdaptrisSecurityException
This involves checking expiry and revocation as required.
AdaptrisSecurityException
- on errorjava.security.cert.Certificate getCertificate()
java.lang.String getIssuer()
java.util.Calendar getLastRevocationCheck()
This is dependent on a number of things...
isRevoked()
,
isValid()
,
setCheckRevocation(boolean)
,
Calendar