public class VerifyChainHandler extends Object
Constructor and Description |
---|
VerifyChainHandler(X509Certificate passedSignerCert,
PKCS7SignedObject pkcs7Wrapper,
String extendedKeyUsages,
X509Certificate bankidRootCertificate,
X509Certificate[] bankidRootCertificates)
Contructs a VerifyChainHandler
|
VerifyChainHandler(X509Certificate passedSignerCert,
String extendedKeyUsages,
X509Certificate bankidRootCertificate,
X509Certificate[] bankidRootCertificates)
Contructs a VerifyChainHandler
|
Modifier and Type | Method and Description |
---|---|
void |
verifyCertChain(String signerCertKU)
Verifies the signer certificate chain and that the different CA certificates have
the correct key usages
|
void |
verifyMobileSDOCertChain(String signerCertKU) |
void |
verifySDOCertChain(String signerCertKU)
Verifies the signer certificate chain and that the different CA certificates have
the correct key usages.
|
void |
verifySingleCertChain(String signerCertKU,
boolean checkCertificateExpiration)
Method to verify that a single certificate is the direct decendant from the BankID ROOT
Certificate.
|
public VerifyChainHandler(X509Certificate passedSignerCert, String extendedKeyUsages, X509Certificate bankidRootCertificate, X509Certificate[] bankidRootCertificates)
passedSignerCert
- JCRYPTO_X509Certificate The signer certificateextendedKeyUsages
- String The KeyUsage to checkpublic VerifyChainHandler(X509Certificate passedSignerCert, PKCS7SignedObject pkcs7Wrapper, String extendedKeyUsages, X509Certificate bankidRootCertificate, X509Certificate[] bankidRootCertificates)
passedSignerCert
- JCRYPTO_X509Certificate The signer certificate, the end cert in
the chain to verifypkcs7Wrapper
- PKCS7SignedObject PKCS#7 wrapper class with utility methodsextendedKeyUsages
- String Extended KeyUsages to check for in the signer certificatepublic void verifySingleCertChain(String signerCertKU, boolean checkCertificateExpiration) throws BIDException
signerCertKU
- String The expected KeyUsage to check forcheckCertificateExpiration
- boolean tells whether to check if the Signer Certificate is Expired(valid) or not.
For validating SEID_SDO this parameter should be false. SEID_SDO's live forever, certificates do not.BIDException
- If parsing the certificate(s) fails of the certificate(s) lack the
the correct KeyUsage(s) extensions.public void verifyCertChain(String signerCertKU) throws BIDException
signerCertKU
- The Signer Certificate KeyUsageBIDException
- Id verifying the chain failspublic void verifySDOCertChain(String signerCertKU) throws BIDException
signerCertKU
- The Signer Certificate KeyUsageBIDException
- Id verifying the chain failspublic void verifyMobileSDOCertChain(String signerCertKU) throws BIDException
BIDException
Copyright © 2017 Nets Branch Norway. All Rights Reserved.