|
Oracle Fusion Middleware Security Engine Java API Reference for Oracle Security Developer Tools 11g Release 1 (11.1.1) E10674-04 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.crypto.cert.TrustedCAPolicy
public class TrustedCAPolicy
A certificate trust policy based on a set of trusted root CAs.
In this policy, a certificate will be trusted if and only if it is part of a valid certificate chain which terminates in one of the trusted root CAs.
This policy has two options for certificate chain verification:
requireCRL
- If true
, then for every certificate in a chain (unless it is one of the trusted root CA certificates) a valid CRL must be provided to determine its revocation status. The default is false
.requireCAFlag
- If true
, then every intermediate CA certificate (excluding the root CA or the end entity certificate) must contain a Basic Constraints extension, with the CA flag set. The default for this option is true
.Constructor Summary | |
---|---|
TrustedCAPolicy() Creates a new TrustedCAPolicy with no CA certs. |
|
TrustedCAPolicy(java.util.List<X509> trustedCACerts, boolean requireCRL, boolean requireCA) Creates a new TrustedCAPolicy with the given trusted CA certificates and policy flags. |
|
TrustedCAPolicy(java.util.Vector<X509> trustedCACerts, boolean requireCRL, boolean requireCA) Deprecated. Use TrustedCAPolicy(List, boolean, boolean) |
Method Summary | |
---|---|
void |
addTrustedCA(X509 trustedCACert) Adds a trusted CA certificate to the policy list, replacing any existing certificate with the same subject name. |
boolean |
getRequireCAFlag() |
boolean |
getRequireCRLs() |
java.util.ArrayList<X509> |
getTrustedCAs() Returns an ArrayList of the trusted CA certificates in this TrustedCAPolicy . |
CertificateVerifier |
makeCertificateVerifier(java.util.List<X509> certificates, java.util.List<CRL> crls) Creates and returns a certificate verifier for the specified certificates and/or CRLs, based on the list of trusted CA certificates in the policy. |
CertificateVerifier |
makeCertificateVerifier(java.util.Vector<X509> certificates, java.util.Vector<CRL> crls) Deprecated. Use makeCertificateVerifier(List, List) |
void |
setRequireCAFlag(boolean flag) Sets a flag indicating whether or not certificates added to the trusted CA policy must have the CA attribute in order for them to be used by a CertificateVerifier . |
void |
setRequireCRLs(boolean flag) Sets a flag indicating whether or not a CRL is required for each certificate to be verified by a CertificateVerifier . |
void |
setTrustedCAs(java.util.List<X509> trustedCACerts) Sets the list of trusted CAs, clearing any previously defined trusted CA certificates. |
void |
setTrustedCAs(java.util.Vector<X509> trustedCACerts) Deprecated. Use setTrustedCAs(List) |
java.util.Enumeration<X509> |
trustedCAs() Deprecated. Use getTrustedCAs() and then get Iterator |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public TrustedCAPolicy()
TrustedCAPolicy
with no CA certs.public TrustedCAPolicy(java.util.Vector<X509> trustedCACerts, boolean requireCRL, boolean requireCA)
TrustedCAPolicy(List, boolean, boolean)
TrustedCAPolicy
with the given trusted CA certificates and policy flags.public TrustedCAPolicy(java.util.List<X509> trustedCACerts, boolean requireCRL, boolean requireCA)
TrustedCAPolicy
with the given trusted CA certificates and policy flags.Method Detail |
---|
public CertificateVerifier makeCertificateVerifier(java.util.Vector<X509> certificates, java.util.Vector<CRL> crls)
makeCertificateVerifier(List, List)
makeCertificateVerifier
in interface CertificateTrustPolicy
public CertificateVerifier makeCertificateVerifier(java.util.List<X509> certificates, java.util.List<CRL> crls)
public void addTrustedCA(X509 trustedCACert)
public void setRequireCRLs(boolean flag)
CertificateVerifier
. Default is false
.public boolean getRequireCRLs()
public void setRequireCAFlag(boolean flag)
CertificateVerifier
. Default is true
.public boolean getRequireCAFlag()
public void setTrustedCAs(java.util.Vector<X509> trustedCACerts)
setTrustedCAs(List)
certs
- A list of X509
certificates.public void setTrustedCAs(java.util.List<X509> trustedCACerts)
certs
- A list of X509
certificates.
@Deprecated
public java.util.Enumeration<X509> trustedCAs()
getTrustedCAs()
and then get IteratorEnumeration
of the trusted CA certificates in this TrustedCAPolicy
.public java.util.ArrayList<X509> getTrustedCAs()
ArrayList
of the trusted CA certificates in this TrustedCAPolicy
.
|
Oracle Fusion Middleware Security Engine Java API Reference for Oracle Security Developer Tools 11g Release 1 (11.1.1) E10674-04 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |