Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

xades4j.providers.impl
Class PKIXCertificateValidationProvider

java.lang.Object
  extended by xades4j.providers.impl.PKIXCertificateValidationProvider
All Implemented Interfaces:
CertificateValidationProvider
public class PKIXCertificateValidationProvider
extends Object
implements CertificateValidationProvider

Implementation of CertificateValidationProvider using a PKIX CertPathBuilder.

Since the Java's PKIX API doesn't allow to access the CRLs used in the certification path validation, this is manually done. There has to be a CRL for each issuer in the path which is valid at the moment of validation (signature and date).

Author:
Luís

Constructor Summary
PKIXCertificateValidationProvider(KeyStore trustAnchors, boolean revocationEnabled, CertStore... intermCertsAndCrls)
           
PKIXCertificateValidationProvider(KeyStore trustAnchors, boolean revocationEnabled, int maxPathLength, CertStore... intermCertsAndCrls)
           
 
Method Summary
 ValidationData validate(X509CertSelector certSelector, Date validationDate, Collection<X509Certificate> otherCerts)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKIXCertificateValidationProvider

public PKIXCertificateValidationProvider(KeyStore trustAnchors,
                                         boolean revocationEnabled,
                                         int maxPathLength,
                                         CertStore... intermCertsAndCrls)
                                  throws NoSuchAlgorithmException
Parameters:
trustAnchors - the keystore with the trust-anchors (TrustedCertificateEntry)
revocationEnabled - whether revocation is enabled
intermCertsAndCrls - a set of CertStores that contain certificates to be used in the construction of the certification path. May contain CRLs to be used if revocation is enabled
Throws:
NoSuchAlgorithmException - if there is no provider for PKIX CertPathBuilder
See Also:
FileSystemDirectoryCertStore

PKIXCertificateValidationProvider

public PKIXCertificateValidationProvider(KeyStore trustAnchors,
                                         boolean revocationEnabled,
                                         CertStore... intermCertsAndCrls)
                                  throws NoSuchAlgorithmException
Throws:
NoSuchAlgorithmException
Method Detail

validate

public ValidationData validate(X509CertSelector certSelector,
                               Date validationDate,
                               Collection<X509Certificate> otherCerts)
                        throws CertificateValidationException,
                               UnexpectedJCAException
Specified by:
validate in interface CertificateValidationProvider
Parameters:
certSelector - the selector of the leaf certificate
validationDate - the time for which the validity of the certification path should be determined
otherCerts - a set of certificates that can be used to validate de leaf certificate. May include the certificate that will be selected with certSelector. May be null.
Returns:
the validation data that validates the certificate selected by certSelector
Throws:
CertificateValidationException - if the certificate cannot be validated (see subclasses of the exception)
UnexpectedJCAException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012. All Rights Reserved.