Package dev.sigstore.encryption.certificates.transparency

Class CTVerifier

java.lang.Object

dev.sigstore.encryption.certificates.transparency.CTVerifier

public class CTVerifier
extends java.lang.Object

Constructor Summary

Constructors

Constructor	Description
CTVerifier(CTLogStore store)

Method Summary

Modifier and Type	Method	Description
CTVerificationResult	verifySignedCertificateTimestamps(java.util.List<java.security.cert.X509Certificate> chain, byte[] tlsData, byte[] ocspData)	Verify a certificate chain for transparency.
VerifiedSCT.Status	verifySingleSCT(SignedCertificateTimestamp sct, CertificateEntry certEntry)	Verify a single SCT for the given Certificate Entry

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CTVerifier

public CTVerifier(CTLogStore store)

Method Detail

verifySignedCertificateTimestamps

public CTVerificationResult verifySignedCertificateTimestamps(java.util.List<java.security.cert.X509Certificate> chain,
                                                              byte[] tlsData,
                                                              byte[] ocspData)
                                                       throws java.security.cert.CertificateEncodingException

Verify a certificate chain for transparency. Signed timestamps are extracted from the leaf certificate and verified against the list of known logs.

Throws:

java.lang.IllegalArgumentException - if the chain is empty

java.security.cert.CertificateEncodingException

verifySingleSCT

public VerifiedSCT.Status verifySingleSCT(SignedCertificateTimestamp sct,
                                          CertificateEntry certEntry)

Verify a single SCT for the given Certificate Entry