public class XAdESCertificatePathValidatorImpl extends iaik.xml.crypto.pki.impl.CertificatePathValidatorImpl implements XAdESCertificatePathValidator
IAIK PKIModule for performing certificate path
validation.| Constructor and Description |
|---|
XAdESCertificatePathValidatorImpl(iaik.pki.PKIConfiguration pkiConfiguration,
iaik.pki.PKIProfile pkiProfile,
iaik.logging.TransactionId tid)
Initializes this CertificatePathValidator by configuring a
IAIK PKIFactory providing the
IAIK PKIModule(s) used for certificate path
validation. |
XAdESCertificatePathValidatorImpl(iaik.pki.PKIProfile pkiProfile,
iaik.logging.TransactionId tid)
Initializes this XAdESCertificatePathValidator.
|
| Modifier and Type | Method and Description |
|---|---|
iaik.xml.crypto.pki.CertificatePathValidationResult |
validateCertificate(Date validationDate,
CertID endEntity,
X509Certificate[] supplementalCertificates,
X509CRL[] supplementalCrls,
OCSPResponse[] supplementalOCSPResponses,
Object[] otherValues,
boolean useSupplementalDataOnly,
boolean[] eeCertUsage)
Validates a certificate.
|
iaik.xml.crypto.pki.CertificatePathValidationResult |
validateCertificate(Date validationDate,
X509Certificate endEntity,
X509Certificate[] supplementalCertificates,
X509CRL[] supplementalCrls,
OCSPResponse[] supplementalOCSPResponses,
Object[] otherValues,
boolean useSupplementalDataOnly,
boolean[] eeCertUsage)
Validates the given certificate.
|
iaik.xml.crypto.pki.CertificatePathValidationResult |
validateCertificateChain(Date validationDate,
boolean checkTrust,
X509Certificate[] certificateChain,
X509Certificate[] supplementalCertificates,
X509CRL[] supplementalCrls,
OCSPResponse[] supplementalOCSPResponses,
Object[] otherValues,
boolean useSupplementalDataOnly,
boolean[] eeCertUsage,
iaik.logging.TransactionId tid)
Validates a certificate chain.
|
getPKIModule, validateCertificate, validateCertificate, validateCertificatepublic XAdESCertificatePathValidatorImpl(iaik.pki.PKIConfiguration pkiConfiguration,
iaik.pki.PKIProfile pkiProfile,
iaik.logging.TransactionId tid)
throws iaik.xml.crypto.pki.CertificatePathValidationException
IAIK PKIFactory providing the
IAIK PKIModule(s) used for certificate path
validation. For each new path validation a new IAIK PKIModule is created using the parameters specified within the given
pkiProfile.pkiConfiguration - The PKI configuration used for configuring the
IAIK PKIFactory.
If null the IAIK PKIFactory
must be already configured.pkiProfile - The PKI profile specfying parameters to be used for a certificate
path validation. Must not be null.tid - The Transaction ID used for logging (within the IAIK PKIModule).
Maybe null.iaik.xml.crypto.pki.CertificatePathValidationExceptionpublic XAdESCertificatePathValidatorImpl(iaik.pki.PKIProfile pkiProfile,
iaik.logging.TransactionId tid)
throws iaik.xml.crypto.pki.CertificatePathValidationException
IAIK PKIModule is created using the parameters specified within the given
pkiProfile.
PKIFactory has
already been configured.pkiProfile - The PKI profile specfying parameters to be used for a certificate
path validation. Must not be null.tid - The Transaction ID used for logging (within the IAIK PKIModule).
Maybe null.iaik.xml.crypto.pki.CertificatePathValidationExceptionpublic iaik.xml.crypto.pki.CertificatePathValidationResult validateCertificate(Date validationDate, X509Certificate endEntity, X509Certificate[] supplementalCertificates, X509CRL[] supplementalCrls, OCSPResponse[] supplementalOCSPResponses, Object[] otherValues, boolean useSupplementalDataOnly, boolean[] eeCertUsage) throws iaik.xml.crypto.pki.CertificatePathValidationException
IAIK PKI module from the
IAIK PKI profile this class was initialized with
and validates the certificate using the pki module.validateCertificate in interface XAdESCertificatePathValidatoriaik.xml.crypto.pki.CertificatePathValidationExceptionXAdESCertificatePathValidator.validateCertificate(Date,
java.security.cert.X509Certificate,
java.security.cert.X509Certificate[],
java.security.cert.X509CRL[],
OCSPResponse[],
Object[], boolean, boolean[])public iaik.xml.crypto.pki.CertificatePathValidationResult validateCertificate(Date validationDate, CertID endEntity, X509Certificate[] supplementalCertificates, X509CRL[] supplementalCrls, OCSPResponse[] supplementalOCSPResponses, Object[] otherValues, boolean useSupplementalDataOnly, boolean[] eeCertUsage) throws iaik.xml.crypto.pki.CertificatePathValidationException
endEntity
CertID in the cert stores configured
for the underlying IAIK PKI module.validateCertificate in interface XAdESCertificatePathValidatoriaik.xml.crypto.pki.CertificatePathValidationExceptionXAdESCertificatePathValidator.validateCertificate(Date, java.security.cert.X509Certificate, java.security.cert.X509Certificate[], java.security.cert.X509CRL[], OCSPResponse[], Object[], boolean, boolean[])public iaik.xml.crypto.pki.CertificatePathValidationResult validateCertificateChain(Date validationDate, boolean checkTrust, X509Certificate[] certificateChain, X509Certificate[] supplementalCertificates, X509CRL[] supplementalCrls, OCSPResponse[] supplementalOCSPResponses, Object[] otherValues, boolean useSupplementalDataOnly, boolean[] eeCertUsage, iaik.logging.TransactionId tid) throws iaik.xml.crypto.pki.CertificatePathValidationException
XAdESCertificatePathValidatorvalidateCertificateChain in interface XAdESCertificatePathValidatorvalidationDate - The validation date.checkTrust - If true the last certificate in the chain is checked
against the trust store profile supported by this pki
module. if false this check is omitted and the last certificate
in the chain is assumed to be trusted.certificateChain - The certificate chain to be validated containing the end entity
certificate at the first (index 0) and the trusted root certificate at the last
position.supplementalCertificates - Supplemental certificates to be used for the validation.
If PKIProfile.autoAddCertificates() returns true these
certificates will be added to existing certstores.supplementalCrls - Supplemental crls to be used for validating the certificate
path. For each CRL issuer and resaon code only one CRL can be passed.
Maybe null.supplementalOCSPResponses - Supplemental OCSP responses to be used for
validating the certificate path. Passing two OCSP responses containing
the same ReqCert is not allowed (i.e. two OCSP responses
for the same certificate are not allowed).
Maybe null.useSupplementalDataOnly - If set to true only the
supplemental data (supplementalCertificates,
supplementalCrls and supplementalOCSPResponses)
are used for certificate path building and validation. Note that the cert
info store will be cleared before cert path building to assure that no
other certificates than the supplemental one will be used. This may especially
be useful when validating long term signatures, such as XAdES-C or CAdES-C
(or higer) forms.
If set to false the supplemental date will be used additional
to all the X509 data available for certificate path building and validation
(e.g. certificates in certstores, crls downloaded from LDAP servers ...).eeCertUsage - The certificate key usage extensions expected to be set in the
certificate to be validated. If null the endEntity certificate
key usage will not be checked. If not null it must contain
exactly 9 entries according to the following definition:
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8)
}
tid - The unique id for this transaction. Used for logging.iaik.xml.crypto.pki.CertificatePathValidationException© 2002-2005 IAIK, © 2004, 2006 - 2017 Stiftung SIC