Oracle Security Developer Tools Security Engine Java API Reference
10g (10.1.4.0.1)

B28175-01


oracle.security.crypto.cert
Class TrustedCAPolicy

java.lang.Object
  extended byoracle.security.crypto.cert.TrustedCAPolicy

All Implemented Interfaces:
CertificateTrustPolicy

public class TrustedCAPolicy
extends java.lang.Object
implements CertificateTrustPolicy

A certificate trust policy based on a set of trusted root CAs.

In this policy, a certificate will be trusted if and only if it is part of a valid certificate chain which terminates in one of the trusted root CAs.

This policy has two options for certificate chain verification:

  1. requireCRL - If true, then for every certificate in a chain (unless it is one of the trusted root CA certificates) a valid CRL must be provided to determine its revocation status. The default is false.
  2. requireCAFlag - If true, then every intermediate CA certificate (excluding the root CA or the end entity certificate) must contain a Basic Constraints extension, with the CA flag set. The default for this option is true.

Constructor Summary
TrustedCAPolicy()
          Creates a new TrustedCAPolicy with no CA certs.
TrustedCAPolicy(java.util.Vector trustedCACerts, boolean requireCRL, boolean requireCA)
          Creates a new TrustedCAPolicy with the given trusted CA certificates and policy flags.

 

Method Summary
 void addTrustedCA(X509 trustedCACert)
          Adds a trusted CA certificate to the policy list, replacing any existing certificate with the same subject name.
 boolean getRequireCAFlag()
           
 boolean getRequireCRLs()
           
 CertificateVerifier makeCertificateVerifier(java.util.Vector certificates, java.util.Vector crls)
          Creates and returns a certificate verifier for the specified certificates and/or CRLs, based on the list of trusted CA certificates in the policy.
 void setRequireCAFlag(boolean flag)
          Sets a flag indicating whether or not certificates added to the trusted CA policy must have the CA attribute in order for them to be used by a CertificateVerifier.
 void setRequireCRLs(boolean flag)
          Sets a flag indicating whether or not a CRL is required for each certificate to be verified by a CertificateVerifier.
 void setTrustedCAs(java.util.Vector trustedCACerts)
          Sets the list of trusted CAs, clearing any previously defined trusted CA certificates.
 java.util.Enumeration trustedCAs()
          Returns an Enumeration of the trusted CA certificates in this TrustedCAPolicy.

 

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Constructor Detail

TrustedCAPolicy

public TrustedCAPolicy()
Creates a new TrustedCAPolicy with no CA certs.

TrustedCAPolicy

public TrustedCAPolicy(java.util.Vector trustedCACerts,
                       boolean requireCRL,
                       boolean requireCA)
Creates a new TrustedCAPolicy with the given trusted CA certificates and policy flags.

Method Detail

makeCertificateVerifier

public CertificateVerifier makeCertificateVerifier(java.util.Vector certificates,
                                                   java.util.Vector crls)
Creates and returns a certificate verifier for the specified certificates and/or CRLs, based on the list of trusted CA certificates in the policy.
Specified by:
makeCertificateVerifier in interface CertificateTrustPolicy

addTrustedCA

public void addTrustedCA(X509 trustedCACert)
Adds a trusted CA certificate to the policy list, replacing any existing certificate with the same subject name.

setRequireCRLs

public void setRequireCRLs(boolean flag)
Sets a flag indicating whether or not a CRL is required for each certificate to be verified by a CertificateVerifier. Default is false.

getRequireCRLs

public boolean getRequireCRLs()

setRequireCAFlag

public void setRequireCAFlag(boolean flag)
Sets a flag indicating whether or not certificates added to the trusted CA policy must have the CA attribute in order for them to be used by a CertificateVerifier. Default is true.

getRequireCAFlag

public boolean getRequireCAFlag()

setTrustedCAs

public void setTrustedCAs(java.util.Vector trustedCACerts)
Sets the list of trusted CAs, clearing any previously defined trusted CA certificates.

trustedCAs

public java.util.Enumeration trustedCAs()
Returns an Enumeration of the trusted CA certificates in this TrustedCAPolicy.

Oracle Security Developer Tools Security Engine Java API Reference
10g (10.1.4.0.1)

B28175-01


Copyright © 2005 ,2006 , Oracle. All rights reserved.