Overview  Package   Class  Tree  Index  Help 
DigiStamp.com
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

dgs.tlkt.demo
Class CheckCertTrust

java.lang.Object
  extended bydgs.tlkt.demo.CheckCertTrust
public class CheckCertTrust
extends java.lang.Object

In this process we confirm that the time stamp certificate was issued by a trusted root certificate.

This source code is include with the SecureTime toolkit distribution.

The time stamp certificate at the remote server is changed periodically as the time stamping private key is changed/refreshed. Each of the time stamp certificates is issued by a "root" certificate - x.509 certificate chaining. This process confirms that the "changing" time stamp certificate is trusted. This technique allows you to do a one-time install/setup the root certificate and no updates are required for the changing time stamp server keys.

Field Summary
 java.io.PrintStream myOut
          where should the output go.
static java.lang.String s_trustedRootFileName
          The name of the trusted root certificate.
 boolean verbose
          detailed output ?
 
Constructor Summary
CheckCertTrust()
          Create a processing instance.
CheckCertTrust(boolean verbose, java.io.PrintStream myOut)
          Create a processing instance.
 
Method Summary
 java.security.cert.X509Certificate checkTrust(java.security.KeyStore trustedKeyStore, java.security.cert.CertPath isThisPathTrusted)
          Given a set of certificates that you trust, does this certificate chain have at trusted root?
 java.security.cert.X509Certificate checkTrust(java.security.cert.X509Certificate isThisCertTrusted, java.security.cert.X509Certificate[] extraCertsForPath)
          Check to see if the particular certificate is trusted.
 java.security.KeyStore getJavaSystemKeystore()
          In this method we load the trusted keystore that comes with the Sun JVM in the file "cacerts".
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

myOut

public java.io.PrintStream myOut
where should the output go. Default is "System.out".

s_trustedRootFileName

public static java.lang.String s_trustedRootFileName
The name of the trusted root certificate. You will install this certificate by access the DigiStamp web site at:
https://support.digistamp.com/pubCerts.htm
The default name is "DigiStamp.cer".

verbose

public boolean verbose
detailed output ? default = false

Constructor Detail

CheckCertTrust

public CheckCertTrust()
Create a processing instance.

See Also:
checkTrust(X509Certificate, X509Certificate[])

CheckCertTrust

public CheckCertTrust(boolean verbose,
                      java.io.PrintStream myOut)
Create a processing instance.

See Also:
checkTrust(X509Certificate, X509Certificate[])
Method Detail

checkTrust

public java.security.cert.X509Certificate checkTrust(java.security.KeyStore trustedKeyStore,
                                                     java.security.cert.CertPath isThisPathTrusted)
                                              throws java.security.KeyStoreException,
                                                     java.security.InvalidAlgorithmParameterException,
                                                     java.security.NoSuchAlgorithmException
Given a set of certificates that you trust, does this certificate chain have at trusted root? Returns the trusted root certificate. Or, NULL if not trusted.

Parameters:
trustedKeyStore - - certificates you trust
isThisPathTrusted - - does this chain have in root in the trusted key store
Returns:
X509Certificate - trusted root certificate
Throws:
java.security.KeyStoreException
java.security.InvalidAlgorithmParameterException
java.security.NoSuchAlgorithmException

checkTrust

public java.security.cert.X509Certificate checkTrust(java.security.cert.X509Certificate isThisCertTrusted,
                                                     java.security.cert.X509Certificate[] extraCertsForPath)
                                              throws java.io.IOException,
                                                     java.security.GeneralSecurityException
Check to see if the particular certificate is trusted. Returns the trusted root certificate; or, NULL if not trusted.

We demostration two ways to establish your "trusted root".
1. Store on disk is the trusted root certificate in a file named "DigiStamp.cer"
2. The trusted root certificate has been put into the system keystore "cacerts"

Parameters:
isThisCertTrusted - - the certificate that needs to be checked
extraCertsForPath - - extra certificate that might help biuld trusted path
Returns:
X509Certificate - trusted root certificate
Throws:
java.io.IOException
java.security.GeneralSecurityException

getJavaSystemKeystore

public java.security.KeyStore getJavaSystemKeystore()
                                             throws java.security.NoSuchAlgorithmException,
                                                    java.security.cert.CertificateException,
                                                    java.io.IOException,
                                                    java.security.KeyStoreException
In this method we load the trusted keystore that comes with the Sun JVM in the file "cacerts". You could modify this method to retrieve certificates for other key stores.

If you want to maintain a Java keystore then see the Java Tools documention. We provide some practical examples below:

keytool -import -alias DigiStampTSA -storetype jks -file dgsca58.cer -keystore "D:\j2sdk1.4.2_03\jre\lib\security\cacerts"
keytool -list -keystore "D:\j2sdk1.4.2_03\jre\lib\security\cacerts"

Throws:
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.io.IOException
java.security.KeyStoreException
Overview  Package   Class  Tree  Index  Help 
Copyright 2000-2008 DigiStamp, Inc.
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD