class CertificateVerifier : public LogInterface

A CertificateVerifier is used to verify AkentiCertificate certificates

Inheritance:


Public Methods

bool verify (const AkentiCertificate& cert)
Verifies the AkentiCertificate specified by cert
bool verify (AKCertHolder& certHolder)
bool verify (const AkentiPrincipal& ap, AkentiX509Certificate& cert)

Inherited from LogInterface:

Public Methods

void iLog(int level, const string& key, const string& mesg = "") const
void bLog(int level, const string& key, const string& mesg = "") const
void sLog(int level, const string& key, const string& mesg = "") const
void fLog(int level, const string& key, const string& mesg = "") const

Documentation

A CertificateVerifier is used to verify AkentiCertificate certificates.
bool verify(const AkentiCertificate& cert)
Verifies the AkentiCertificate specified by cert. The verification succeds if the X509 identity certificate of the cert's issuer is found to be valid and trusted. Algorithm to fetch the issuer's X509 identity certificate:

1) trusted ca certs:
We first look to see if the issuer's cert is one these trusted certficates. If so we are done.

2) cache:
We then query the cache for an X509 certificate for that issuer. Recall the cache only returns certificates that have not been cached longer than cacheInterval. Furthermore, the cache never returns a certificate that has expired. So if the issuer's certificate is found in the cache, we only need to consider two cases:

a) Issuer's cert has been verified. We are done.
b) Issuer's cert has not yet been verified. We verify
it by starting at step one.

3) directories:
We search the identity directories for the issuer's cert. We cache each certificate when it is found. We then try to use the public key in the cert to verify our target certificate. The search stops when the verification is successful. We now proceed to verify the issuer's cert by starting at step one.

Returns:
true if certificate verifies, false otherwise.
Parameters:
cert - AkentiCertificate cert to be verified.
dirs - vector directories to loolk up X509 certs.
cacheInterval - int the allowable duration of a certificate in the cache.
See Also:
verify(AkentiCertificate, AkentiCertificate&)
CertificateCache
AkentiCertificate

bool verify(AKCertHolder& certHolder)

bool verify(const AkentiPrincipal& ap, AkentiX509Certificate& cert)


This class has no child classes.
Author:
Abdlelilah Essiari Srilekha Mudumbai
Version:
1.1 00/05/01

alphabetic index hierarchy of classes


this page has been generated automatically by doc++

(c)opyright by Malte Zöckler, Roland Wunderling
contact: doc++@zib.de