public class

PKIXCertificateValidationProvider

extends Object
implements CertificateValidationProvider
java.lang.Object
   ↳ xades4j.providers.impl.PKIXCertificateValidationProvider

Class Overview

Implementation of CertificateValidationProvider using a PKIX CertPathBuilder.

Since the Java's PKIX API doesn't allow to access the CRLs used in the certification path validation, this is manually done. There has to be a CRL for each issuer in the path which is valid at the moment of validation (signature and date).

Summary

Public Constructors
PKIXCertificateValidationProvider(KeyStore trustAnchors, boolean revocationEnabled, int maxPathLength, String certPathBuilderProvider, String signatureProvider, CertStore... intermCertsAndCrls)
Initializes a new instance that uses the specified JCE providers for CertPathBuilder and Signature.
PKIXCertificateValidationProvider(KeyStore trustAnchors, boolean revocationEnabled, String certPathBuilderProvider, String signatureProvider, CertStore... intermCertsAndCrls)
Initializes a new instance that uses the specified JCE providers for CertPathBuilder and Signature.
PKIXCertificateValidationProvider(KeyStore trustAnchors, boolean revocationEnabled, int maxPathLength, String jceProvider, CertStore... intermCertsAndCrls)
Initializes a new instance that uses the specified JCE provider for both CertPathBuilder and Signature.
PKIXCertificateValidationProvider(KeyStore trustAnchors, boolean revocationEnabled, String jceProvider, CertStore... intermCertsAndCrls)
Initializes a new instance that uses the specified JCE provider for both CertPathBuilder and Signature.
PKIXCertificateValidationProvider(KeyStore trustAnchors, boolean revocationEnabled, int maxPathLength, CertStore... intermCertsAndCrls)
Initializes a new instance without specifying the JCE providers for CertPathBuilder and Signature.
PKIXCertificateValidationProvider(KeyStore trustAnchors, boolean revocationEnabled, CertStore... intermCertsAndCrls)
Initializes a new instance without specifying the JCE providers for CertPathBuilder and Signature.
Public Methods
ValidationData validate(X509CertSelector certSelector, Date validationDate, Collection<X509Certificate> otherCerts)
[Expand]
Inherited Methods
From class java.lang.Object
From interface xades4j.providers.CertificateValidationProvider

Public Constructors

public PKIXCertificateValidationProvider (KeyStore trustAnchors, boolean revocationEnabled, int maxPathLength, String certPathBuilderProvider, String signatureProvider, CertStore... intermCertsAndCrls)

Initializes a new instance that uses the specified JCE providers for CertPathBuilder and Signature.

Parameters
trustAnchors the keystore with the trust-anchors (TrustedCertificateEntry)
revocationEnabled whether revocation is enabled
maxPathLength the maximum length of the certification paths
certPathBuilderProvider the CertPathBuilder provider
signatureProvider the Signature provider
intermCertsAndCrls a set of CertStores that contain certificates to be used in the construction of the certification path. May contain CRLs to be used if revocation is enabled
Throws
NoSuchAlgorithmException if there is no provider for PKIX CertPathBuilder
NoSuchProviderException
See Also

public PKIXCertificateValidationProvider (KeyStore trustAnchors, boolean revocationEnabled, String certPathBuilderProvider, String signatureProvider, CertStore... intermCertsAndCrls)

Initializes a new instance that uses the specified JCE providers for CertPathBuilder and Signature.

Parameters
trustAnchors the keystore with the trust-anchors (TrustedCertificateEntry)
revocationEnabled whether revocation is enabled
certPathBuilderProvider the CertPathBuilder provider
signatureProvider the Signature provider
intermCertsAndCrls a set of CertStores that contain certificates to be used in the construction of the certification path. May contain CRLs to be used if revocation is enabled
Throws
NoSuchAlgorithmException if there is no provider for PKIX CertPathBuilder
NoSuchProviderException
See Also

public PKIXCertificateValidationProvider (KeyStore trustAnchors, boolean revocationEnabled, int maxPathLength, String jceProvider, CertStore... intermCertsAndCrls)

Initializes a new instance that uses the specified JCE provider for both CertPathBuilder and Signature.

Parameters
trustAnchors the keystore with the trust-anchors (TrustedCertificateEntry)
revocationEnabled whether revocation is enabled
maxPathLength the maximum length of the certification paths
jceProvider the CertPathBuilder and Signature provider
intermCertsAndCrls a set of CertStores that contain certificates to be used in the construction of the certification path. May contain CRLs to be used if revocation is enabled
Throws
NoSuchAlgorithmException if there is no provider for PKIX CertPathBuilder
NoSuchProviderException
See Also

public PKIXCertificateValidationProvider (KeyStore trustAnchors, boolean revocationEnabled, String jceProvider, CertStore... intermCertsAndCrls)

Initializes a new instance that uses the specified JCE provider for both CertPathBuilder and Signature.

Parameters
trustAnchors the keystore with the trust-anchors (TrustedCertificateEntry)
revocationEnabled whether revocation is enabled
jceProvider the CertPathBuilder and Signature provider
intermCertsAndCrls a set of CertStores that contain certificates to be used in the construction of the certification path. May contain CRLs to be used if revocation is enabled
Throws
NoSuchAlgorithmException if there is no provider for PKIX CertPathBuilder
NoSuchProviderException
See Also

public PKIXCertificateValidationProvider (KeyStore trustAnchors, boolean revocationEnabled, int maxPathLength, CertStore... intermCertsAndCrls)

Initializes a new instance without specifying the JCE providers for CertPathBuilder and Signature.

Parameters
trustAnchors the keystore with the trust-anchors (TrustedCertificateEntry)
revocationEnabled whether revocation is enabled
maxPathLength the maximum length of the certification paths
intermCertsAndCrls a set of CertStores that contain certificates to be used in the construction of the certification path. May contain CRLs to be used if revocation is enabled
Throws
NoSuchAlgorithmException if there is no provider for PKIX CertPathBuilder
NoSuchProviderException
See Also

public PKIXCertificateValidationProvider (KeyStore trustAnchors, boolean revocationEnabled, CertStore... intermCertsAndCrls)

Initializes a new instance without specifying the JCE providers for CertPathBuilder and Signature.

Parameters
trustAnchors the keystore with the trust-anchors (TrustedCertificateEntry)
revocationEnabled whether revocation is enabled
intermCertsAndCrls a set of CertStores that contain certificates to be used in the construction of the certification path. May contain CRLs to be used if revocation is enabled
Throws
NoSuchAlgorithmException if there is no provider for PKIX CertPathBuilder
NoSuchProviderException
See Also

Public Methods

public ValidationData validate (X509CertSelector certSelector, Date validationDate, Collection<X509Certificate> otherCerts)

Throws
CertificateValidationException
UnexpectedJCAException