RSA BSAFE ® Cert-J 2.1.1 JAVA COMPONENTS: Class CertPathCtx

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.rsa.certj.spi.path

Class CertPathCtx

java.lang.Object
  |
  +--com.rsa.certj.spi.path.CertPathCtx

public final class CertPathCtx
extends Object

This class captures certification-path processing information such as a set of trusted certificates or the validation time. It can also refine the path validation processing by using option flags such as PF_IGNORE_REVOCATION.

Field Summary

static int
PF_IGNORE_AIA

Indicates that the path processing will not use information in authority information access (AIA) extensions when building or validating certificate paths.

static int
PF_IGNORE_BASIC_CONSTRAINTS

Indicates that the path processing will not verify the path length established by the basic constraints extensions in the path certificates.

static int
PF_IGNORE_CRITICALITY

Indicates that the path processing will not fail if any unrecognized critical extensions are encountered in the path.

static int
PF_IGNORE_CRL_DP

Indicates that the path processing will not use information in CRL distribution points (DP) extensions when checking certificate revocation status.

static int
PF_IGNORE_CRL_IDP

Indicates that the path processing will not use issuing distribution point (IDP) information contained in a CRL.

static int
PF_IGNORE_CRL_NUMBER

Indicates that the path processing will not use CRL number extensions when selecting the most current CRL.

static int
PF_IGNORE_DELTA_CRL

Indicates that the path processing will not use delta CRLs when checking certificate revocation status.

static int
PF_IGNORE_KEY_ID_CHAINING

Indicates that the path processing will not verify the subject key identifier / authority key identifier linkage between adjacent certificates in the path.

static int
PF_IGNORE_KEY_USAGE

Indicates that the path processing will not enforce key usage extensions contained within certificates, even if marked critical.

static int
PF_IGNORE_NAME_CHAINING

Indicates that the path processing will not verify the subject name / issuer name linkage between adjacent certificates in the path.

static int
PF_IGNORE_NAME_CONSTRAINTS

Indicates that the path processing will not verify that the subject name, and that subjectAltName extensions are consistent with the name constraints contained in the path certificates.

static int
PF_IGNORE_REVOCATION

Indicates that the path processing will not check the revocation status of each certificate.

static int
PF_IGNORE_SIGNATURE

Indicates that the path processing will not verify certificate signatures.

static int
PF_IGNORE_UID_CHAINING

Indicates that the path processing will not verify the subject unique identifier / issuer unique identifer linkage between adjacent certificates in the path.

static int
PF_IGNORE_VALIDATION_TIME

Indicates that the path processing will not check the validity period contained within each certificate.

Constructor Summary

CertPathCtx(int pathOptions, Certificate[] trustedCerts, byte[][] policies, Date validationTime, DatabaseService database)

Constructs a CertPathCtx object and initializes it with the given values.

Method Summary

DatabaseService
getDatabase()

Gets a DatabaseService object, which holds a list of the database service providers used to retrieve certificates and CRLs for path processing operations.

int
getPathOptions()

Gets the path options that indicate the checking done during certification-path processing.

byte[][]
getPolicies()

Gets a set of initial policy identifiers that identify one or more certificate policies.

Certificate[]
getTrustedCerts()

Gets one or more certificates whose public keys are trusted by the application.

Date
getValidationTime()

Gets the time for which the certification path is validated.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PF_IGNORE_SIGNATURE

public static final int PF_IGNORE_SIGNATURE

Indicates that the path processing will not verify certificate signatures. Unless signatures are known to be valid by out-of-band means, disabling this check is not recommended.

PF_IGNORE_VALIDATION_TIME

public static final int PF_IGNORE_VALIDATION_TIME

Indicates that the path processing will not check the validity period contained within each certificate.

PF_IGNORE_REVOCATION

public static final int PF_IGNORE_REVOCATION

Indicates that the path processing will not check the revocation status of each certificate.

PF_IGNORE_NAME_CHAINING

public static final int PF_IGNORE_NAME_CHAINING

Indicates that the path processing will not verify the subject name / issuer name linkage between adjacent certificates in the path.

PF_IGNORE_NAME_CONSTRAINTS

public static final int PF_IGNORE_NAME_CONSTRAINTS

Indicates that the path processing will not verify that the subject name, and that subjectAltName extensions are consistent with the name constraints contained in the path certificates.

PF_IGNORE_BASIC_CONSTRAINTS

public static final int PF_IGNORE_BASIC_CONSTRAINTS

Indicates that the path processing will not verify the path length established by the basic constraints extensions in the path certificates.

PF_IGNORE_KEY_USAGE

public static final int PF_IGNORE_KEY_USAGE

Indicates that the path processing will not enforce key usage extensions contained within certificates, even if marked critical. In particular, the CertSign flag will be ignored.

PF_IGNORE_CRITICALITY

public static final int PF_IGNORE_CRITICALITY

Indicates that the path processing will not fail if any unrecognized critical extensions are encountered in the path.

PF_IGNORE_UID_CHAINING

public static final int PF_IGNORE_UID_CHAINING

Indicates that the path processing will not verify the subject unique identifier / issuer unique identifer linkage between adjacent certificates in the path.

PF_IGNORE_KEY_ID_CHAINING

public static final int PF_IGNORE_KEY_ID_CHAINING

Indicates that the path processing will not verify the subject key identifier / authority key identifier linkage between adjacent certificates in the path.

PF_IGNORE_CRL_DP

public static final int PF_IGNORE_CRL_DP

Indicates that the path processing will not use information in CRL distribution points (DP) extensions when checking certificate revocation status.

PF_IGNORE_AIA

public static final int PF_IGNORE_AIA

Indicates that the path processing will not use information in authority information access (AIA) extensions when building or validating certificate paths.

PF_IGNORE_CRL_NUMBER

public static final int PF_IGNORE_CRL_NUMBER

Indicates that the path processing will not use CRL number extensions when selecting the most current CRL.

PF_IGNORE_DELTA_CRL

public static final int PF_IGNORE_DELTA_CRL

Indicates that the path processing will not use delta CRLs when checking certificate revocation status. A complete CRL must be used instead.

PF_IGNORE_CRL_IDP

public static final int PF_IGNORE_CRL_IDP

Indicates that the path processing will not use issuing distribution point (IDP) information contained in a CRL. It also causes the certificate issuer extension in CRL entries to be ignored.

Constructor Detail

CertPathCtx

public CertPathCtx(int pathOptions,
                   Certificate[] trustedCerts,
                   byte[][] policies,
                   Date validationTime,
                   DatabaseService database)

Constructs a CertPathCtx object and initializes it with the given values.

Parameters

	`pathOptions`		An `int` value that represents a set of one-bit path option flags that indicate the checking that is done during certification-path processing.
	`trustedCerts`		A `Certificate` array that holds one or more certificates whose public keys are trusted by the application.
	`policies`		An array of `byte` arrays that holds a set of policy identifiers that identify one or more certificate policies used for certification-path processing.
	`validationTime`		A `Date` that indicates the time for which the certification path is validated.
	`database`		A `DatabaseService` object that holds a list of the database service providers used to retrieve certificates and CRLs for path processing operations.

Method Detail

getPathOptions

public int getPathOptions()

Gets the path options that indicate the checking done during certification-path processing.

Returns: An int value that represents a set of one-bit path option flags. Any of the PF_IGNORE_* flags, previously listed in this class, can be used as path options.

getTrustedCerts

public Certificate[] getTrustedCerts()

Gets one or more certificates whose public keys are trusted by the application.

Returns: A Certificate array that holds the trusted certificates.

getPolicies

public byte[][] getPolicies()

Gets a set of initial policy identifiers that identify one or more certificate policies. Any of these policy identifiers is acceptable for the purposes of certification-path processing.

Returns: An array of byte arrays that holds a set of policy identifiers.

getValidationTime

public Date getValidationTime()

Gets the time for which the certification path is validated.

Returns: A Date that holds the validation time.

getDatabase

public DatabaseService getDatabase()

Gets a DatabaseService object, which holds a list of the database service providers used to retrieve certificates and CRLs for path processing operations.

Returns: A DatabaseService object, which holds a list of the database service providers used to retrieve certificates and CRLs for path processing operations.