class CertificateVerifier |
A CertificateVerifier is used to verify AkentiCertificate certificates.
![]() | verify (const AkentiCertificate& cert) Verifies the AkentiCertificate specified by cert. |
![]() | verify (AKCertHolder& certHolder) |
![]() | verify (const AkentiPrincipal& ap, AkentiX509Certificate& cert) |
A CertificateVerifier is used to verify AkentiCertificate certificates.
Algorithm to fetch the issuer's X509 identity certificate:
1) trusted ca certs:
We first look to see if the issuer's cert is one these trusted
certficates. If so we are done.
2) cache:
We then query the cache for an X509 certificate for that issuer.
Recall the cache only returns certificates that have not been
cached longer than cacheInterval. Furthermore, the cache
never returns a certificate that has expired.
So if the issuer's certificate is found in the cache,
we only need to consider two cases:
a) Issuer's cert has been verified. We are done.
b) Issuer's cert has not yet been verified. We verify
it by starting at step one.
3) directories:
We search the identity directories for the issuer's cert. We cache
each certificate when it is found. We then try to use the public
key in the cert to verify our target certificate. The search stops
when the verification is successful.
We now proceed to verify the issuer's cert by starting at step one.
Alphabetic index HTML hierarchy of classes or Java