multipaz/org.multipaz.trustmanagement/CompositeTrustManager/verify

verify

open suspend override fun verify(chain: List<X509Cert>, atTime: Instant): TrustResult

Checks if an entity identifying itself via a certificate chain is trusted.

The Subject Key Identifier (extension 2.5.29.14 in the X509Cert) is used as the primary key / unique identifier of the root CA certificate. In the verification of the chain this will be matched with the Authority Key Identifier (extension 2.5.29.35) of the certificate issued by this root CA.

Return

a TrustResult instance with the verdict.

Parameters

chain

the certificate chain without the self-signed root certificate.

atTime

the point in time to check validity for.