|
Oracle Security Developer Tools Security Engine Java API Reference 10g Release 2 (10.1.2.0.2) B15569-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.crypto.cert.TrustedCAPolicy
A certificate trust policy based on a set of trusted root CAs.
In this policy, a certificate will be trusted if and only if it is part of a valid certificate chain which terminates in one of the trusted root CAs.
This policy has two options for certificate chain verification:
requireCRL
- If true
, then for every certificate in a chain (unless it is one of the trusted root CA certificates) a valid CRL must be provided to determine its revocation status. The default is false
.requireCAFlag
- If true
, then every intermediate CA certificate (excluding the root CA or the end entity certificate) must contain a Basic Constraints extension, with the CA flag set. The default for this option is true
.Constructor Summary | |
TrustedCAPolicy() Creates a new TrustedCAPolicy with no CA certs. |
|
TrustedCAPolicy(java.util.Vector trustedCACerts, boolean requireCRL, boolean requireCA) Creates a new TrustedCAPolicy with the given trusted CA certificates and policy flags. |
Method Summary | |
void |
addTrustedCA(X509 trustedCACert) Adds a trusted CA certificate to the policy list, replacing any existing certificate with the same subject name. |
boolean |
getRequireCAFlag() |
boolean |
getRequireCRLs() |
CertificateVerifier |
makeCertificateVerifier(java.util.Vector certificates, java.util.Vector crls) Creates and returns a certificate verifier for the specified certificates and/or CRLs, based on the list of trusted CA certificates in the policy. |
void |
setRequireCAFlag(boolean flag) Sets a flag indicating whether or not certificates added to the trusted CA policy must have the CA attribute in order for them to be used by a CertificateVerifier . |
void |
setRequireCRLs(boolean flag) Sets a flag indicating whether or not a CRL is required for each certificate to be verified by a CertificateVerifier . |
void |
setTrustedCAs(java.util.Vector trustedCACerts) Sets the list of trusted CAs, clearing any previously defined trusted CA certificates. |
java.util.Enumeration |
trustedCAs() Returns an Enumeration of the trusted CA certificates in this TrustedCAPolicy . |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public TrustedCAPolicy()
TrustedCAPolicy
with no CA certs.public TrustedCAPolicy(java.util.Vector trustedCACerts, boolean requireCRL, boolean requireCA)
TrustedCAPolicy
with the given trusted CA certificates and policy flags.Method Detail |
public CertificateVerifier makeCertificateVerifier(java.util.Vector certificates, java.util.Vector crls)
makeCertificateVerifier
in interface CertificateTrustPolicy
public void addTrustedCA(X509 trustedCACert)
public void setRequireCRLs(boolean flag)
CertificateVerifier
. Default is false
.public boolean getRequireCRLs()
public void setRequireCAFlag(boolean flag)
CertificateVerifier
. Default is true
.public boolean getRequireCAFlag()
public void setTrustedCAs(java.util.Vector trustedCACerts)
public java.util.Enumeration trustedCAs()
Enumeration
of the trusted CA certificates in this TrustedCAPolicy
.
|
Oracle Security Developer Tools Security Engine Java API Reference 10g Release 2 (10.1.2.0.2) B15569-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |