Name

CertPath

Synopsis

A CertPath is a immutable sequence or chain of certificates that establishes a “certification path” from an unknown “end entity” to a known and trusted Certificate Authority or "trust anchor”. Use a CertPathValidator to validate a certificate chain and establish trust in the public key presented in the certificate of the end entity.

getType( ) returns the type of the certificates in the CertPath. For X.509 certificate chains (the only type supported by the default “SUN” provider) this method returns “X.509”. getCertificates( ) returns a java.util.List object that contains the Certificate objects that comprise the chain. For X.509 chains, the list contains X509Certificate objects. Also, for X.509 certificate paths, the List returned by getCertificates( ) starts with the certificate of of the end entity, and ends with a certificate signed by the trust anchor. The signer of any certificate but the last must be the subject of the next certificate in the List. If the end entity presents a certificate that is directly signed by a trust anchor (which is a not uncommon occurrence) then the List returned by getCertificates( ) consists of only that single certificate. Note that the list of certificates does not include the certificate of the trust anchor. The public keys of trusted CAs must be known by the system in advance. In Sun’s JDK implementation, the public-key certificates of trusted CAs are stored in the file jre/lib/security/cacerts.

CertPath objects can ...

Get Java in a Nutshell, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.