java.lang.Object
oracle.security.crypto.cert.TrustedCAPolicy
|
Oracle Security Developer Tools Security Engine Java API Reference 11g (11.1.1) E10674-02 |
||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
oracle.security.crypto.cert.TrustedCAPolicy
public class TrustedCAPolicy
A certificate trust policy based on a set of trusted root CAs.
In this policy, a certificate will be trusted if and only if it is part of a valid certificate chain which terminates in one of the trusted root CAs.
This policy has two options for certificate chain verification:
requireCRL - If true, then for every certificate in a chain (unless it is one of the trusted root CA certificates) a valid CRL must be provided to determine its revocation status. The default is false.requireCAFlag - If true, then every intermediate CA certificate (excluding the root CA or the end entity certificate) must contain a Basic Constraints extension, with the CA flag set. The default for this option is true.| Constructor Summary | |
|---|---|
TrustedCAPolicy()Creates a new TrustedCAPolicy with no CA certs. |
|
TrustedCAPolicy(java.util.Vector trustedCACerts, boolean requireCRL, boolean requireCA)Creates a new TrustedCAPolicy with the given trusted CA certificates and policy flags. |
|
| Method Summary | |
|---|---|
void |
addTrustedCA(X509 trustedCACert)Adds a trusted CA certificate to the policy list, replacing any existing certificate with the same subject name. |
boolean |
getRequireCAFlag() |
boolean |
getRequireCRLs() |
CertificateVerifier |
makeCertificateVerifier(java.util.Vector certificates, java.util.Vector crls)Creates and returns a certificate verifier for the specified certificates and/or CRLs, based on the list of trusted CA certificates in the policy. |
void |
setRequireCAFlag(boolean flag)Sets a flag indicating whether or not certificates added to the trusted CA policy must have the CA attribute in order for them to be used by a CertificateVerifier. |
void |
setRequireCRLs(boolean flag)Sets a flag indicating whether or not a CRL is required for each certificate to be verified by a CertificateVerifier. |
void |
setTrustedCAs(java.util.Vector trustedCACerts)Sets the list of trusted CAs, clearing any previously defined trusted CA certificates. |
java.util.Enumeration |
trustedCAs()Returns an Enumeration of the trusted CA certificates in this TrustedCAPolicy. |
| Methods inherited from class java.lang.Object |
|---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public TrustedCAPolicy()
TrustedCAPolicy with no CA certs.
public TrustedCAPolicy(java.util.Vector trustedCACerts,
boolean requireCRL,
boolean requireCA)
TrustedCAPolicy with the given trusted CA certificates and policy flags.| Method Detail |
|---|
public CertificateVerifier makeCertificateVerifier(java.util.Vector certificates,
java.util.Vector crls)
makeCertificateVerifier in interface CertificateTrustPolicypublic void addTrustedCA(X509 trustedCACert)
public void setRequireCRLs(boolean flag)
CertificateVerifier. Default is false.public boolean getRequireCRLs()
public void setRequireCAFlag(boolean flag)
CertificateVerifier. Default is true.public boolean getRequireCAFlag()
public void setTrustedCAs(java.util.Vector trustedCACerts)
certs - A vector of X509 certificates.public java.util.Enumeration trustedCAs()
Enumeration of the trusted CA certificates in this TrustedCAPolicy.
|
Oracle Security Developer Tools Security Engine Java API Reference 11g (11.1.1) E10674-02 |
||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||