X509CertPath (6.0 API Documentation)

java.lang.Object
- java.security.cert.CertPath
- - iaik.x509.X509CertPath

All Implemented Interfaces:

java.io.Serializable
```
public class X509CertPath
extends java.security.cert.CertPath
```
X.509 CertPath implementation. Only available for JDK versions >= 1.4 (maybe required for some JREs for jar file verification).
Together with a CertificateFactory a CertPath maybe used for converting certificates paths to and from its encoded representation. Currently the following encoding formats are supported:
- "PkiPath" (default): DER encoded X.509 PkiPath
- DER: DER encoded certificate chain
- PEM: PEM encoded certificate chain
- PKCS7: PKCS#7 format (degenerate SignedData)
- NETSCAPE: Netscape CertList
When using a CertificateFactory for reading certificates from an input stream to generate a CertPath, the default ("PkiPath") encoding format maybe used, or an encoding format may be explictly specified, e.g.:
```
 CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "IAIK");
 // the stream from which to read the certificates in, e.g., PKCS#7 format
 InputStream in = ...;
 // create CertPath
 CertPath certPath = certFactory.generateCertPath(in, X509CertPath.PKCS7);
 
```
The certificates in a cert path are ordered in a way that the certificate at index i+1 has issued the certificate at index i. This means that the target cert is located at index 0 and the certificate that has been issued by the trust anchor is located at index (n-1). (The trust anchor itself shall not be included in the path).
When getting the certificates from a CertPath an Iterator maybe used to step through the certificate list:
```
 List certList = certPath.getCertificates();
 for (Iterator it = certList.iterator(); it.hasNext(); ) {
   X509Certificate cert = (X509Certificate)it.next();
 }     
 
```
When encoding a CertPath the default encoding format ("PkiPath") maybe used or the encoding format maybe explicitly specfied, e.g.:
```
 byte[] enc = certPath.getEncoded(X509CertPath.PKCS7);
 
```
Since:

1.4

See Also:
CertificateFactory, X509Certificate, Serialized Form

Nested Class Summary
- Nested classes/interfaces inherited from class java.security.cert.CertPath
  java.security.cert.CertPath.CertPathRep

Field Summary

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`DEFAULT_ENCODING_FORMAT` Default encoding format ("PkiPath") used by this CertPath implementation.
`static java.lang.String`	`DER` Encoding format "DER".
`static java.lang.String`	`NETSCAPE` Encoding format "NETSCAPE".
`static java.lang.String`	`PEM` Encoding format "PEM".
`static java.lang.String`	`PKCS7` Encoding format "PKCS7".
`static java.lang.String`	`PKI_PATH` Encoding format "PkiPath".

Constructor Summary

Constructors
Constructor and Description
`X509CertPath(java.util.List certificates)` Creates a CertPath for the given list of certificates.
`X509CertPath(X509Certificate[] certificates)` Creates a CertPath for the given array of certificates.

Method Summary

Methods
Modifier and Type	Method and Description
`java.util.List`	`getCertificates()` Returns an immutable list containing the certificates of this cert path.
`byte[]`	`getEncoded()` Returns the certificates of this CertPath as DER encoded PkiPath.
`byte[]`	`getEncoded(java.lang.String encoding)` Returns the certificates of this cert path encoded according to the requested format.
`java.util.Iterator`	`getEncodings()` Returns an iterator of all encoding formats supported by this CertPath implementation.

Methods inherited from class java.security.cert.CertPath
equals, getType, hashCode, toString, writeReplace

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - PKI_PATH
```
public static final java.lang.String PKI_PATH
```
    Encoding format "PkiPath". Maybe specified when calling method getEncoded(String encoding) to encode the certificates of this certPath as X.509 PkiPath:
```
 PkiPath ::= SEQUENCE OF Certificate
 
```
    The certificates in a PKI path are ordered in a way that the certificate at index i has issued the certificate at index i+1. This means that the certificate that has been issued by the trust anchor is located at index 0 and the target cert is located at index (n-1). (The trust anchor itself shall not be included in the path).
    See Also:
    Constant Field Values
  - DER
```
public static final java.lang.String DER
```
    Encoding format "DER". Maybe specified when calling method getEncoded(String encoding) to encode the certificates of this certPath as simple chain of DER encoded certificates. The certificates are ordered in a way that the certificate at index i+1 has issued the certificate at index i. This means that the target cert is located at index 0 and the certificate that has been issued by the trust anchor is located at index (n-1). (The trust anchor itself shall not be included in the path).
    
    See Also:
    Constant Field Values
  - PEM
```
public static final java.lang.String PEM
```
    Encoding format "PEM". Maybe specified when calling method getEncoded(String encoding) to encode the certificates of this certPath as simple chain of PEM encoded certificates. The certificates are ordered in a way that the certificate at index i+1 has issued the certificate at index i. This means that the target cert is located at index 0 and the certificate that has been issued by the trust anchor is located at index (n-1). (The trust anchor itself shall not be included in the path).
    
    See Also:
    Constant Field Values
  - PKCS7
```
public static final java.lang.String PKCS7
```
    Encoding format "PKCS7". Maybe specified when calling method getEncoded(String encoding) to encode the certificates of this certPath in PKCS7 format. Note that the certificates in a PKCS7 cert list may be in any order.
    
    See Also:
    Constant Field Values
  - NETSCAPE
```
public static final java.lang.String NETSCAPE
```
    Encoding format "NETSCAPE". Maybe specified when calling method getEncoded(String encoding) to encode the certificates of this certPath as Netscape CertList.
    
    See Also:
    Constant Field Values
  - DEFAULT_ENCODING_FORMAT
```
public static final java.lang.String DEFAULT_ENCODING_FORMAT
```
    Default encoding format ("PkiPath") used by this CertPath implementation.
    
    See Also:
    Constant Field Values
- Constructor Detail
  - X509CertPath
```
public X509CertPath(X509Certificate[] certificates)
```
    Creates a CertPath for the given array of certificates. The certificates are ordered in a way that the certificate at index i+1 has issued the certificate at index i. This means that the target cert is located at index 0 and the certificate that has been issued by the trust anchor is located at index (n-1). (The trust anchor itself shall not be included in the path).
    If it is not possible to order the certificates they are accepted anyway. In this case it is the responsibility of the calling application to take care to supply the certificates in the right order. If not, CertPathValidators may not successfully validate the path.
    
    Parameters:
    certificates - the certificates for the cert path
  - X509CertPath
```
public X509CertPath(java.util.List certificates)
             throws java.security.cert.CertificateException
```
    Creates a CertPath for the given list of certificates. The certificates are ordered in a way that the certificate at index i+1 has issued the certificate at index i. This means that the target cert is located at index 0 and the certificate that has been issued by the trust anchor is located at index (n-1). (The trust anchor itself shall not be included in the path).
    If it is not possible to order the certificates they are accepted anyway. In this case it is the responsibility of the calling application to take care to supply the certificates in the right order. If not, CertPathValidators may not successfully validate the path.
    
    Parameters:
    certificates - the certificates for the cert path
    
    Throws:
    
    java.security.cert.CertificateException - if any of the certificates of the given list is not a X509Certificate
- Method Detail
  - getEncoded
```
public byte[] getEncoded()
                  throws java.security.cert.CertificateEncodingException
```
    Returns the certificates of this CertPath as DER encoded PkiPath. A PkiPath is defined as ASN.1 SEQUENCE of certificates:
```
 PkiPath ::= SEQUENCE OF Certificate
 
```
    The certificates in a PKI path are ordered in a way that the certificate at index i has issued the certificate at index i+1. This means that the certificate that has been issued by the trust anchor is located at index 0 and the target cert is located at index (n-1). (The trust anchor itself shall not be included in the path).
    Specified by:
    
    getEncoded in class java.security.cert.CertPath
    
    Returns:
    the certificates of this CertPath as DER encoded PKI Path
    
    Throws:
    
    java.security.cert.CertificateEncodingException - if an error occurs while encoding the certificates
  - getEncoded
```
public byte[] getEncoded(java.lang.String encoding)
                  throws java.security.cert.CertificateEncodingException
```
    Returns the certificates of this cert path encoded according to the requested format. The following encoding formats are supported by this cert path implementation:
    - "PkiPath" (default): DER encoded X.509 PkiPath
    - DER: DER encoded certificate chain
    - PEM: PEM encoded certificate chain
    - PKCS7: PKCS#7 format (degenerate SignedData)
    - NETSCAPE: Netscape CertList
    Specified by:
    
    getEncoded in class java.security.cert.CertPath
    
    Parameters:
    encoding - the requested encoding format
    
    Returns:
    the encoded cert path
    
    Throws:
    
    java.security.cert.CertificateEncodingException - if an error occurs while encoding the certificates or the requested encoding format is not supported
  - getEncodings
```
public java.util.Iterator getEncodings()
```
    Returns an iterator of all encoding formats supported by this CertPath implementation.
    Currently the following encoding formats are supported:
    - "PkiPath" (default): DER encoded X.509 PkiPath
    - DER: DER encoded certificate chain
    - PEM: PEM encoded certificate chain
    - PKCS7: PKCS#7 format (degenerate SignedData)
    - NETSCAPE: Netscape CertList
    Specified by:
    
    getEncodings in class java.security.cert.CertPath
    
    Returns:
    the encoding formats supported by this CertPath implementation.
  - getCertificates
```
public java.util.List getCertificates()
```
    Returns an immutable list containing the certificates of this cert path. The certificates in a PKI path are ordered in a way that the certificate at index i has issued the certificate at index i+1. This means that the certificate that has been issued by the trust anchor is located at index 0 and the target cert is located at index (n-1). (The trust anchor itself shall not be included in the path).
    
    Specified by:
    
    getCertificates in class java.security.cert.CertPath
    
    Returns:
    a list the certificates of this cert path

Class X509CertPath

Nested Class Summary

Nested classes/interfaces inherited from class java.security.cert.CertPath

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.security.cert.CertPath

Methods inherited from class java.lang.Object

Field Detail

PKI_PATH

DER

PEM

PKCS7

NETSCAPE

DEFAULT_ENCODING_FORMAT

Constructor Detail

X509CertPath

X509CertPath

Method Detail

getEncoded

getEncoded

getEncodings

getCertificates