Examples of com.subgraph.orchid.KeyCertificate

com.subgraph.orchid.KeyCertificate
This class represents a key certificate document as specified in dir-spec.txt (section 3.1). These documents are published by directory authorities and bind a long-term identity key to a more temporary signing key.

      return SignatureStatus.STATUS_FAILED;
    }
  }
  
  private SignatureStatus verifySignatureForTrustedAuthority(DirectoryServer trustedAuthority, DirectorySignature signature) {
    final KeyCertificate certificate = trustedAuthority.getCertificateByFingerprint(signature.getSigningKeyDigest());
    if(certificate == null) {
      logger.fine("Missing certificate for signing key: "+ signature.getSigningKeyDigest());
      addRequiredCertificateForSignature(signature);
      return SignatureStatus.STATUS_NEED_CERTS;
    }
    if(certificate.isExpired()) {
      return SignatureStatus.STATUS_FAILED;
    }
    
    final TorPublicKey signingKey = certificate.getAuthoritySigningKey();
    final HexDigest d = (signature.useSha256()) ? signingHash256 : signingHash;
    if(!signingKey.verifySignature(signature.getSignature(), d)) {
      logger.warning("Signature failed on consensus for signing key: "+ signature.getSigningKeyDigest());
      return SignatureStatus.STATUS_FAILED;
    }

View Full Code Here

  }


  private void purgeExpiredCertificates() {
    Iterator<KeyCertificate> it = certificates.iterator();
    while(it.hasNext()) {
      KeyCertificate elem = it.next();
      if(elem.isExpired()) {
        it.remove();
      }
    }
  }

View Full Code Here

  
  private void purgeOldCertificates() {
    if(certificates.size() < 2) {
      return;
    }
    final KeyCertificate newest = getNewestCertificate();
    final Iterator<KeyCertificate> it = certificates.iterator();
    while(it.hasNext()) {
      KeyCertificate elem = it.next();
      if(elem != newest && isMoreThan48HoursOlder(newest, elem)) {
        it.remove();
      }
    }
  }

View Full Code Here

      }
    }
  }
  
  private KeyCertificate getNewestCertificate() {
    KeyCertificate newest = null;
    for(KeyCertificate kc : certificates) {
      if(newest == null || getPublishedMilliseconds(newest) > getPublishedMilliseconds(kc)) {
        newest = kc;
      }
    }

View Full Code Here

TOP

Related Classes of com.subgraph.orchid.KeyCertificate

com.subgraph.orchid.directory.consensus.ConsensusDocumentImpl

com.subgraph.orchid.directory.DirectoryServerImpl

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.