oracle.security.crypto.cert

Class TrustedCAPolicy

java.lang.Object

oracle.security.crypto.cert.TrustedCAPolicy

All Implemented Interfaces:

CertificateTrustPolicy

public class TrustedCAPolicy
extends java.lang.Object
implements CertificateTrustPolicy

A certificate trust policy based on a set of trusted root CAs.

In this policy, a certificate will be trusted if and only if it is part of a valid certificate chain which terminates in one of the trusted root CAs.

This policy has two options for certificate chain verification:

1. requireCRL - If true, then for every certificate in a chain (unless it is one of the trusted root CA certificates) a valid CRL must be provided to determine its revocation status. The default is false.
2. requireCAFlag - If true, then every intermediate CA certificate (excluding the root CA or the end entity certificate) must contain a Basic Constraints extension, with the CA flag set. The default for this option is true.

Constructor Summary

Constructors

Constructor and Description
TrustedCAPolicy() Creates a new TrustedCAPolicy with no CA certs.
TrustedCAPolicy(java.util.List<X509> trustedCACerts, boolean requireCRL, boolean requireCA) Creates a new TrustedCAPolicy with the given trusted CA certificates and policy flags.
TrustedCAPolicy(java.util.Vector<X509> trustedCACerts, boolean requireCRL, boolean requireCA) Deprecated. Use TrustedCAPolicy(List, boolean, boolean)

Method Summary

Methods

Modifier and Type	Method and Description
void	addTrustedCA(X509 trustedCACert) Adds a trusted CA certificate to the policy list, replacing any existing certificate with the same subject name.
boolean	getRequireCAFlag()
boolean	getRequireCRLs()
java.util.ArrayList<X509>	getTrustedCAs() Returns an ArrayList of the trusted CA certificates in this TrustedCAPolicy.
CertificateVerifier	makeCertificateVerifier(java.util.List<X509> certificates, java.util.List<CRL> crls) Creates and returns a certificate verifier for the specified certificates and/or CRLs, based on the list of trusted CA certificates in the policy.
CertificateVerifier	makeCertificateVerifier(java.util.Vector<X509> certificates, java.util.Vector<CRL> crls) Deprecated. Use makeCertificateVerifier(List, List)
void	setRequireCAFlag(boolean flag) Sets a flag indicating whether or not certificates added to the trusted CA policy must have the CA attribute in order for them to be used by a CertificateVerifier.
void	setRequireCRLs(boolean flag) Sets a flag indicating whether or not a CRL is required for each certificate to be verified by a CertificateVerifier.
void	setTrustedCAs(java.util.List<X509> trustedCACerts) Sets the list of trusted CAs, clearing any previously defined trusted CA certificates.
void	setTrustedCAs(java.util.Vector<X509> trustedCACerts) Deprecated. Use setTrustedCAs(List)
java.util.Enumeration<X509>	trustedCAs() Deprecated. Use getTrustedCAs() and then get Iterator

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TrustedCAPolicy

public TrustedCAPolicy()

Creates a new TrustedCAPolicy with no CA certs.

TrustedCAPolicy

public TrustedCAPolicy(java.util.Vector<X509> trustedCACerts,
               boolean requireCRL,
               boolean requireCA)

Deprecated. Use TrustedCAPolicy(List, boolean, boolean)

Creates a new TrustedCAPolicy with the given trusted CA certificates and policy flags.

TrustedCAPolicy

public TrustedCAPolicy(java.util.List<X509> trustedCACerts,
               boolean requireCRL,
               boolean requireCA)

Creates a new TrustedCAPolicy with the given trusted CA certificates and policy flags.

Method Detail

makeCertificateVerifier

public CertificateVerifier makeCertificateVerifier(java.util.Vector<X509> certificates,
                                          java.util.Vector<CRL> crls)

Deprecated. Use makeCertificateVerifier(List, List)

Creates and returns a certificate verifier for the specified certificates and/or CRLs, based on the list of trusted CA certificates in the policy.

Specified by:

makeCertificateVerifier in interface CertificateTrustPolicy

makeCertificateVerifier

public CertificateVerifier makeCertificateVerifier(java.util.List<X509> certificates,
                                          java.util.List<CRL> crls)

Creates and returns a certificate verifier for the specified certificates and/or CRLs, based on the list of trusted CA certificates in the policy.

addTrustedCA

public void addTrustedCA(X509 trustedCACert)

Adds a trusted CA certificate to the policy list, replacing any existing certificate with the same subject name.

setRequireCRLs

public void setRequireCRLs(boolean flag)

Sets a flag indicating whether or not a CRL is required for each certificate to be verified by a CertificateVerifier. Default is false.

getRequireCRLs

public boolean getRequireCRLs()

setRequireCAFlag

public void setRequireCAFlag(boolean flag)

Sets a flag indicating whether or not certificates added to the trusted CA policy must have the CA attribute in order for them to be used by a CertificateVerifier. Default is true.

getRequireCAFlag

public boolean getRequireCAFlag()

setTrustedCAs

public void setTrustedCAs(java.util.Vector<X509> trustedCACerts)

Deprecated. Use setTrustedCAs(List)

Sets the list of trusted CAs, clearing any previously defined trusted CA certificates.

Parameters:

certs - A list of X509 certificates.

setTrustedCAs

public void setTrustedCAs(java.util.List<X509> trustedCACerts)

Sets the list of trusted CAs, clearing any previously defined trusted CA certificates.

Parameters:

certs - A list of X509 certificates.

trustedCAs

@Deprecated
public java.util.Enumeration<X509> trustedCAs()

Deprecated. Use getTrustedCAs() and then get Iterator

Returns an Enumeration of the trusted CA certificates in this TrustedCAPolicy.

getTrustedCAs

public java.util.ArrayList<X509> getTrustedCAs()

Returns an ArrayList of the trusted CA certificates in this TrustedCAPolicy.