Team LiB
Previous Section Next Section

CertPathValidatorjava.security.cert
Java 1.4

This class validates certificate chains, establishing a chain of trust from the end entity to a trust anchor, and thereby establishing the validity of the public key presented in the end entity's certificate. The CertPathValidator is provider-based and algorithm-independent. To obtain a CertPathValidator instance, call one of the static getInstance( ) methods specifying the name of the desired validation algorithm and, optionally, the provider to use. The "PKIX" algorithm for validating X.509 certificates is the only one supported by the default "SUN" provider.

Once you have a CertPathValidator object, you can use it to validate certificate chains by passing the CertPath object to be validated to the validate( ) method along with a CertPathParameters object that specifies valid trust anchors and other validation parameters. CertPathParameters is simply a marker interface, and you must use an application-specific implementation such as PKIXParameters. If validation fails, the validate( ) method throws a CertPathValidatorException which may include the index in the chain of the certificate that failed to validate. Otherwise, if validation is successful, the validate( ) method returns a CertPathValidatorResult. If you are interested in the details of the validation (such as the trust anchor that was used or the public key of the end entity), you may cast this returned value to an algorithm-specific subtype such as PKIXCertPathValidatorResult and use its methods to find out more about the result.

public class CertPathValidator {
// Protected Constructors
     protected CertPathValidator(CertPathValidatorSpi validatorSpi, 
        java.security.Provider provider, String algorithm);  
// Public Class Methods
     public static final String getDefaultType( );  
     public static CertPathValidator getInstance(String algorithm) 
        throws java.security.NoSuchAlgorithmException;  
     public static CertPathValidator getInstance(String algorithm, 
        String provider) 
        throws java.security.NoSuchAlgorithmException, 
        java.security.NoSuchProviderException;  
     public static CertPathValidator getInstance(String algorithm, 
        java.security.Provider provider) 
        throws java.security.NoSuchAlgorithmException;  
// Public Instance Methods
     public final String getAlgorithm( );  
     public final java.security.Provider getProvider( );  
     public final CertPathValidatorResult validate(CertPath certPath, 
        CertPathParameters params) 
        throws CertPathValidatorException, 
        java.security.InvalidAlgorithmParameterException;  
}

    Team LiB
    Previous Section Next Section