Name
CertPathValidator
Synopsis
This
class
validates certificate chains, establishing a chain of trust from the
end entity to a trust anchor, and thereby establishing the validity
of the public key presented in the end entity’s
certificate. The CertPathValidator is
provider-based and algorithm-independent. To obtain a
CertPathValidator instance, call one of the static
getInstance( ) methods specifying the name of the
desired validation algorithm and, optionally, the provider to use.
The “PKIX” algorithm for validating
X.509 certificates is the only one supported by the default
“SUN” provider.
Once you have a CertPathValidator object, you can
use it to validate certificate chains by passing the
CertPath object to be validated to the
validate( )
method along with a CertPathParameters object that
specifies valid trust anchors and other validation parameters.
CertPathParameters is simply a marker interface,
and you must use an application-specific implementation such as
PKIXParameters. If validation fails, the
validate( ) method throws a
CertPathValidatorException which may include the
index in the chain of the certificate that failed to validate.
Otherwise, if validation is successful, the validate(
) method returns a
CertPathValidatorResult. If you are interested in
the details of the validation (such as the trust anchor that was used
or the public key of the end entity), you may cast this returned
value to an algorithm-specific subtype such as
PKIXCertPathValidatorResult and use its ...
Get Java in a Nutshell, 5th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
