class CertificateVerifier

A CertificateVerifier is used to verify AkentiCertificate certificates.

Inheritance:


Public Methods

[more]bool verify (const AkentiCertificate& cert)
Verifies the AkentiCertificate specified by cert.
[more]bool verify (AKCertHolder& certHolder)
[more]bool verify (const AkentiPrincipal& ap, AkentiX509Certificate& cert)


Inherited from LogInterface:

Public Methods

ovoid iLog(int level, const string& key, const string& mesg = "") const
ovoid bLog(int level, const string& key, const string& mesg = "") const
ovoid sLog(int level, const string& key, const string& mesg = "") const
ovoid fLog(int level, const string& key, const string& mesg = "") const


Documentation

A CertificateVerifier is used to verify AkentiCertificate certificates.

obool verify(const AkentiCertificate& cert)
Verifies the AkentiCertificate specified by cert. The verification succeds if the X509 identity certificate of the cert's issuer is found to be valid and trusted.

Algorithm to fetch the issuer's X509 identity certificate:

1) trusted ca certs:
We first look to see if the issuer's cert is one these trusted certficates. If so we are done.

2) cache:
We then query the cache for an X509 certificate for that issuer. Recall the cache only returns certificates that have not been cached longer than cacheInterval. Furthermore, the cache never returns a certificate that has expired. So if the issuer's certificate is found in the cache, we only need to consider two cases:

a) Issuer's cert has been verified. We are done.
b) Issuer's cert has not yet been verified. We verify
it by starting at step one.

3) directories:
We search the identity directories for the issuer's cert. We cache each certificate when it is found. We then try to use the public key in the cert to verify our target certificate. The search stops when the verification is successful. We now proceed to verify the issuer's cert by starting at step one.

Parameters:
cert - AkentiCertificate cert to be verified.
dirs - vector<Directory> directories to loolk up X509 certs.
- cacheInterval int the allowable duration of a certificate in the cache.
Returns:
true if certificate verifies, false otherwise.
See Also:
verify(AkentiCertificate, AkentiCertificate&)
CertificateCache
AkentiCertificate

obool verify(AKCertHolder& certHolder)

obool verify(const AkentiPrincipal& ap, AkentiX509Certificate& cert)


This class has no child classes.
Friends:
class AKRuntime
Author:
Abdlelilah Essiari Srilekha Mudumbai
Version:
1.1 00/05/01

Alphabetic index HTML hierarchy of classes or Java



This page was generated with the help of DOC++.