oracle.security.xmlsec.keys.retrieval

Interface CertificateValidator

public interface CertificateValidator

Interface that defines X509Certificates path.

Since:

release specific (what release of product did this appear in)

Version:

$Header: entsec_ldap/java/src/oracle/security/xmlsec/keys/retrieval/CertificateValidator.java sandeer_bug-37183808_osdt_javadoc/6 2024/11/08 10:29:17 sandeer Exp $

Method Summary

Modifier and Type	Method and Description
void	validateCert(java.security.cert.CertPath cp) Validate a certificate path of X509Certificates.

Method Detail

validateCert

void validateCert(java.security.cert.CertPath cp)
           throws CertificateValidatorException

Validate a certificate path of X509Certificates. This method needs to be thread safe.

Here is a sample implementation using the CertPathValidator. A real implementation would probably not create a new CertPathValidator every time but possibly store it in a thread local variable public void validateCert(CertPath cp) { try { // set up a certificate validator CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); // .. configure the trust anchor, CRLs OCSP etc // now try to validate CertPathValidatorResult cpvResult = cpv.validate(cp, params); // if there is no exception, validation succeded } catch (CertificateException ex) { throw new CertificateValidatorException(ex); } catch (NoSuchAlgorithmException ex) { throw new CertificateValidatorException(ex); } }

Parameters:

cp - CertPath Objecte

Throws:

CertificateValidatorException - is the certificate chain is invalid