com.rsa.certj.spi.path

Interface CertPathInterface

All Known Implementing Classes:

CertPathCommonImplementation

public interface CertPathInterface

This interface implements the Certification Path Service Programming Interface (SPI) methods, such as buildCertPath, that can be implemented by a certification path service provider.

A certification path provider may implement some or all of the methods in the Certification Path SPI. If an application invokes a certification path method or uses an argument that is not supported by the certification path provider, Cert-J will throw an exception.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

Method Summary

boolean	buildCertPath(CertPathCtx pathCtx, Object startObject, Vector certPath, Vector crlList, Vector crlCerts, Vector certPolicyList) Constructs, in certPath, a path from startObject to one of the trusted certificates provided in pathCtx, the certification path context.
void	getNextCertInPath(CertPathCtx pathCtx, Object baseObject, Vector certList) Returns, in certList, a set of candidate certificates whose public key may be used to verify the signature of the baseObject.
boolean	validateCertificate(CertPathCtx pathCtx, Certificate cert, com.rsa.jsafe.JSAFE_PublicKey key) Verifies those aspects of the certification path processing policy that can be determined from the information available in the specified cert or other method parameters without referring to information contained in other certificates in the certification path.

Method Detail

buildCertPath

public boolean buildCertPath(CertPathCtx pathCtx,
                             Object startObject,
                             Vector certPath,
                             Vector crlList,
                             Vector crlCerts,
                             Vector certPolicyList)
                      throws NotSupportedException,
                             CertPathException

Constructs, in certPath, a path from startObject to one of the trusted certificates provided in pathCtx, the certification path context. The CRLs that are needed to verify the path will be stored in crlList. The certificates that are needed to verify the CRLs will be stored in crlCerts. The policy information found in the path will be stored in certPolicyList.

Note: Since a valid path must exist for this method to return successfully, the routine can be used for path validation by passing null values for the certPath, crlList, crlCerts and policyInfoList parameters.

Parameters

	pathCtx		A CertPathCtx object that is used to ensure that the constructed certification path is valid. Less strict checking during path construction can be requested by appropriate use of pathOptions of this object.
	startObject		An Object that is the first object in the path; it is either a Certificate or a CRL.
	certPath		A Vector that will hold a valid certification path. This parameter is optional, and may be set to null if not used. On output, a set of certificates that consist of the certification path for startObject will be added to this list, unless they are already on the list.
	crlList		A Vector that will hold a list of CRLs that need to verify certPath. This parameter is optional, and may be set to null if not used. On output, the list will contain any CRLs needed to verify the resulting certification path. Note that some certificate revocation status services may not use or return CRLs.
	crlCerts		A Vector that will hold a list of certificates that are needed to verify crlList. This parameter is optional, and may be set to null if not used. On output, the list will contain any additional certificates not included in certPath that may be required to validate CRLs returned in crlList. If the crlList parameter is set to null, this parameter will be ignored. The certificates returned in this parameter are essentially the union of certificate paths extending from the returned CRLs to the trusted certificates in pathCtx, except that the certificates returned in certPath may or may not be included in this list.
	certPolicyList		A Vector that will hold a list of PolicyInformation objects that are found in certPath. This parameter is optional and may be set to null if not used. On output, the policy information list will contain an entry for each policy under which the certificate was issued. Each entry in the list is a PolicyInformation object.

Returns

A boolean with a value of true if a valid path is found, false otherwise.

Throws

NotSupportedException - If this method is not supported for a given set of arguments by the provider.

CertPathException - If a certification path processing provider fails.

getNextCertInPath

public void getNextCertInPath(CertPathCtx pathCtx,
                              Object baseObject,
                              Vector certList)
                       throws NotSupportedException,
                              CertPathException

Returns, in certList, a set of candidate certificates whose public key may be used to verify the signature of the baseObject. The pathCtx provides the path-processing options and conditions.

Parameters

	pathCtx		A CertPathCtx object that is used to ensure that the constructed certification path is valid. Less strict checking during path construction can be requested by appropriate use of pathOptions of this object.
	baseObject		An Object that is used to locate one or more certificates that may contain the public key needed to verify the base certificate's signature. Information contained in the base object (typically the issuer name and / or the authority key identifier) is used to select a set of certificates. The baseObject is either a Certificate or a CRL.
	certList		A Vector that contains certificates that might be able to verify the signature of baseObject. This method may (but need not) apply additional criteria from the path processing options to reduce the set of candidate certificates. The caller is responsible for actual validation of both baseObject, the candidate certificates, and any relationship between baseObject and candidate certificates required by the certification path processing algorithm.

Throws

NotSupportedException - If this method is not supported for a given set of arguments by the provider.

CertPathException - If a certification path processing proviider fails.

validateCertificate

public boolean validateCertificate(CertPathCtx pathCtx,
                                   Certificate cert,
                                   com.rsa.jsafe.JSAFE_PublicKey key)
                            throws NotSupportedException,
                                   CertPathException

Verifies those aspects of the certification path processing policy that can be determined from the information available in the specified cert or other method parameters without referring to information contained in other certificates in the certification path. That is, unlike buildCertPath, this method does not take the entire certificate chain into account. It takes only the information available in the cert. What this method exactly performs depends on the certification path provider.

Examples of certificate fields that may be validated by this routine include:

1. The certificate was signed using the private key corresponding to the public key specified in the validationKey.

2. The certificate validity period includes the validation time specified in the pathCtx.

The pathOptions field of the pathCtx can be used to selectively disable the above checks (or others implemented by the service provider).

Parameters

	pathCtx		A CertPathCtx object that is used to determine the validation time and other options. Some fields may not be applicable to single-certificate validation.
	cert		A Certificate to be validated
	key		A JSAFE_PublicKey used to validate the certificate signature.

Returns

A boolean with a value of true if validated, false otherwise.

Throws

NotSupportedException - If this method is not supported for a given set of arguments by the provider.

CertPathException - If a certification path processing provider fails.