Lab 7 Exercise 1
Certificate verification consists of multiple steps:
- Signature verification
- Validity period verification
- Revocation verification
- Extension verification.
In this task, you are asked to implement a simple verification procedure involving only first two steps. This is not something ready for production, however, you will get a first impression how to write a verification procedures.
Task
Implement two methods:
boolean verifySignature(X509Certificate, PublicKey)
boolean verifyValidity(X509Certificate)
Either should return true if verification is successful, or false otherwise.
Make sure to test those with self-signed certificate (exercise 6.2) and with test certificates, for example, from VeriSign: https://test-sspev.verisign.com/ -- you can use some other certificates is you want.
Suggested testing process:
- Generate a self-signed certificate:
selfsigned.cer. - Download a valid certificate from VeriSign:
valid.cer. - Download an expired certificate from VeriSign:
expired.cer. - Download an issuer certificate: EVIntl2006.cer.
Verify selfsigned.cer using the public key from the same certificate. Both methods should return true.
Verify valid.cer using the public key from EVIntl2006.cer. Both methods should return true.
Verify valid.cer using some other other public key. verifySignature() should fail.
Verify expired.cer with the public key from EVIntl2006.cer. verifyValidity() should fail.