java.lang.Object
- dev.sigstore.fulcio.client.FulcioVerifier

public class FulcioVerifier
extends java.lang.Object

Verifier for fulcio generated signing cerificates

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`static FulcioVerifier`	`newFulcioVerifier(SigstoreTrustedRoot trustRoot)`
`static FulcioVerifier`	`newFulcioVerifier(java.util.List<CertificateAuthority> cas, java.util.List<TransparencyLog> ctLogs)`
`java.security.cert.CertPath`	`trimTrustedParent(java.security.cert.CertPath signingCertificate)`
`void`	`verifySigningCertificate(java.security.cert.CertPath signingCertificate)`	Verify that a cert chain is valid and chains up to the trust anchor (fulcio public key) configured in this validator.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

newFulcioVerifier

public static FulcioVerifier newFulcioVerifier(SigstoreTrustedRoot trustRoot)
                                        throws java.security.InvalidAlgorithmParameterException,
                                               java.security.cert.CertificateException,
                                               java.security.spec.InvalidKeySpecException,
                                               java.security.NoSuchAlgorithmException

Throws:: java.security.InvalidAlgorithmParameterException; java.security.cert.CertificateException; java.security.spec.InvalidKeySpecException; java.security.NoSuchAlgorithmException

newFulcioVerifier

public static FulcioVerifier newFulcioVerifier(java.util.List<CertificateAuthority> cas,
                                               java.util.List<TransparencyLog> ctLogs)
                                        throws java.security.spec.InvalidKeySpecException,
                                               java.security.NoSuchAlgorithmException,
                                               java.security.InvalidAlgorithmParameterException,
                                               java.security.cert.CertificateException

Throws:: java.security.spec.InvalidKeySpecException; java.security.NoSuchAlgorithmException; java.security.InvalidAlgorithmParameterException; java.security.cert.CertificateException

verifySigningCertificate
```
public void verifySigningCertificate(java.security.cert.CertPath signingCertificate)
                              throws FulcioVerificationException,
                                     java.io.IOException
```
Verify that a cert chain is valid and chains up to the trust anchor (fulcio public key) configured in this validator. Also verify that the leaf certificate contains at least one valid SCT

Parameters:

signingCertificate - containing a certificate chain, this chain should not contain any trusted root or trusted intermediates

Throws:

FulcioVerificationException - if verification fails for any reason

java.io.IOException

trimTrustedParent

public java.security.cert.CertPath trimTrustedParent(java.security.cert.CertPath signingCertificate)
                                              throws FulcioVerificationException,
                                                     java.security.cert.CertificateException

Throws:: FulcioVerificationException; java.security.cert.CertificateException

Class FulcioVerifier

Method Summary

Methods inherited from class java.lang.Object

Method Detail

newFulcioVerifier

newFulcioVerifier

verifySigningCertificate

trimTrustedParent