com.rsa.certj.spi.path
Interface CertPathInterface
- All Known Implementing Classes:
- CertPathCommonImplementation
- public interface CertPathInterface
This interface implements the Certification Path Service
Programming Interface (SPI) methods, such as
buildCertPath
, that can be implemented by a
certification path service provider.
A certification path provider may implement some or all of the
methods in the Certification Path SPI. If an application invokes
a certification path method or uses an argument that is not
supported by the certification path provider, Cert-J will
throw an exception.
Copyright © RSA Security Inc., 1999-2001. All rights reserved.
Method Summary |
boolean |
buildCertPath(CertPathCtx pathCtx,
Object startObject,
Vector certPath,
Vector crlList,
Vector crlCerts,
Vector certPolicyList)
Constructs, in certPath, a path from
startObject to one of the trusted certificates
provided in pathCtx, the certification path context. |
void |
getNextCertInPath(CertPathCtx pathCtx,
Object baseObject,
Vector certList)
Returns, in certList, a set of candidate certificates
whose public key may be used to verify the signature of the
baseObject. |
boolean |
validateCertificate(CertPathCtx pathCtx,
Certificate cert,
com.rsa.jsafe.JSAFE_PublicKey key)
Verifies those aspects of the certification path processing
policy that can be determined from the information available in
the specified cert or other method parameters
without referring to information contained in other
certificates in the certification path. |
buildCertPath
public boolean buildCertPath(CertPathCtx pathCtx,
Object startObject,
Vector certPath,
Vector crlList,
Vector crlCerts,
Vector certPolicyList)
throws NotSupportedException,
CertPathException
- Constructs, in certPath, a path from
startObject to one of the trusted certificates
provided in pathCtx, the certification path context.
The CRLs that are needed to verify the path will be stored in
crlList. The certificates that are needed to verify
the CRLs will be stored in crlCerts. The policy
information found in the path will be stored in
certPolicyList.
Note: Since a valid path must exist for this method to
return successfully, the routine can be used for path
validation by passing
null
values for the
certPath, crlList, crlCerts and
policyInfoList parameters.
Parameters
| pathCtx | | A CertPathCtx object that is used to
ensure that the constructed certification path is valid. Less
strict checking during path construction can be requested by
appropriate use of pathOptions of this object. |
| startObject | | An Object that is the first
object in the path; it is either a
Certificate or a CRL . |
| certPath | | A Vector that will hold a valid
certification path. This parameter is optional, and may be set
to null if not used. On output, a set of
certificates that consist of the certification path for
startObject will be added to this list, unless
they are already on the list. |
| crlList | | A Vector that will hold a list of
CRLs that need to verify certPath. This parameter is
optional, and may be set to null if not used. On
output, the list will contain any CRLs needed to verify the
resulting certification path. Note that some certificate
revocation status services may not use or return CRLs. |
| crlCerts | | A Vector that will hold a list of
certificates that are needed to verify crlList. This
parameter is optional, and may be set to null if
not used. On output, the list will contain any additional
certificates not included in certPath that may be
required to validate CRLs returned in crlList. If the
crlList parameter is set to null , this
parameter will be ignored. The certificates returned in this
parameter are essentially the union of certificate paths
extending from the returned CRLs to the trusted certificates in
pathCtx, except that the certificates returned in
certPath may or may not be included in this list. |
| certPolicyList | | A Vector that will hold a
list of PolicyInformation objects that are found in
certPath. This parameter is optional and may be set
to null if not used. On output, the policy
information list will contain an entry for each policy under
which the certificate was issued. Each entry in the list is a
PolicyInformation object. |
Returns
- A
boolean
with a value of true
if
a valid path is found, false
otherwise.
Throws
NotSupportedException
- If this method is
not supported for a given set of arguments by the provider.
CertPathException
- If a certification
path processing provider fails.
getNextCertInPath
public void getNextCertInPath(CertPathCtx pathCtx,
Object baseObject,
Vector certList)
throws NotSupportedException,
CertPathException
- Returns, in certList, a set of candidate certificates
whose public key may be used to verify the signature of the
baseObject. The pathCtx provides the
path-processing options and conditions.
Parameters
| pathCtx | | A CertPathCtx object that is used to
ensure that the constructed certification path is valid. Less
strict checking during path construction can be requested by
appropriate use of pathOptions of this object. |
| baseObject | | An Object that is used to locate
one or more certificates that may contain the public key needed
to verify the base certificate's signature. Information
contained in the base object (typically the issuer name and /
or the authority key identifier) is used to select a set of
certificates. The baseObject is either a
Certificate or a CRL . |
| certList | | A Vector that contains
certificates that might be able to verify the signature of
baseObject. This method may (but need not) apply
additional criteria from the path processing options to
reduce the set of candidate certificates. The caller is
responsible for actual validation of both baseObject,
the candidate certificates, and any relationship between
baseObject and candidate certificates required by the
certification path processing algorithm.
|
Throws
NotSupportedException
- If this method is
not supported for a given set of arguments by the provider.
CertPathException
- If a certification
path processing proviider fails.
validateCertificate
public boolean validateCertificate(CertPathCtx pathCtx,
Certificate cert,
com.rsa.jsafe.JSAFE_PublicKey key)
throws NotSupportedException,
CertPathException
- Verifies those aspects of the certification path processing
policy that can be determined from the information available in
the specified cert or other method parameters
without referring to information contained in other
certificates in the certification path. That is, unlike
buildCertPath
, this method does not take the
entire certificate chain into account. It takes only
the information available in the cert. What this method
exactly performs depends on the certification path provider.
Examples of certificate fields that may be validated by
this routine include:
1. The certificate was signed using the private key
corresponding to the public key specified in the
validationKey.
2. The certificate validity period includes the validation
time specified in the pathCtx.
The pathOptions
field of the pathCtx can
be used to selectively disable the above checks (or others
implemented by the service provider).
Parameters
| pathCtx | | A CertPathCtx object that is used
to determine the validation time and other options.
Some fields may not be applicable to single-certificate
validation. |
| cert | | A Certificate to be validated |
| key | | A JSAFE_PublicKey used to
validate the certificate signature. |
Returns
- A
boolean
with a value of
true
if validated, false
otherwise.
Throws
NotSupportedException
- If this method is
not supported for a given set of arguments by the provider.
CertPathException
- If a certification
path processing provider fails.
RSA BSAFE ® Cert-J 2.1.1 001-047007-211-001-000