oracle.security.xmlsec.keys.retrieval

Interface CertificateValidator

public interface CertificateValidator

Since:

release specific (what release of product did this appear in)

Version:

$Header: CertificateValidator.java 27-dec-2007.11:51:08 pdatta Exp $

Method Summary

Methods

Modifier and Type	Method and Description
void	validateCert(java.security.cert.CertPath cp) Validate a certificate path of X509Certificates.

Method Detail

validateCert

void validateCert(java.security.cert.CertPath cp)
                  throws CertificateValidatorException

Validate a certificate path of X509Certificates. This method needs to be thread safe.

Here is a sample implementation using the CertPathValidator. A real implementation would probably not create a new CertPathValidator every time but possibly store it in a thread local variable public void validateCert(CertPath cp) { try { // set up a certificate validator CertPathValidator cpv = CertPathValidator.getInstance("PKIX"); // .. configure the trust anchor, CRLs OCSP etc // now try to validate CertPathValidatorResult cpvResult = cpv.validate(cp, params); // if there is no exception, validation succeded } catch (CertificateException ex) { throw new CertificateValidatorException(ex); } catch (NoSuchAlgorithmException ex) { throw new CertificateValidatorException(ex); } }

Parameters:

certList - List of X509Certificate

Throws:

CertificateValidatorException - is the certificate chain is invalid