com.rsa.swsj.DefaultCertValidator
|
|||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||
java.lang.Object
This class represents a default Certificate Path Validator and provides a default/sample implementation available to the application for Cert Path validation functionality. This implementation uses the default PKIX validation algorithm provided in JDK 1.4+.
This class is intended to to provide SWS-J with assurances that a supplied certificate extracted from a message/document is valid and acceptable for use.
CertValidator| Field Summary | |
static byte |
CRL_SIG
Flag to indicate that the certificate must be validated for CRL signing |
static byte |
DAT_ENC
Flag to indicate that the certificate must be validated for data encipherment |
static byte |
DEC_ONLY
Flag to indicate that the certificate must be validated for decipherment only |
static byte |
DIG_SIG
Flag to indicate that the certificate must be validated for digital signature |
static byte |
ENC_ONLY
Flag to indicate that the certificate must be validated for encipherment only |
static java.util.BitSet |
enciphermentUsages
a bit string to flag the available usages for xml encipherment |
static byte |
KEY_AGR
Flag to indicate that the certificate must be validated for key agreement |
static byte |
KEY_ENC
Flag to indicate that the certificate must be validated for key encipherment |
static byte |
KEY_SIG
Flag to indicate that the certificate must be validated for key certificate signing |
static byte |
NON_REP
Flag to indicate that the certificate must be validated for digital signature |
static java.util.BitSet |
signatureUsages
a bit string to flag the available usages for xml encipherment |
| Fields inherited from interface com.rsa.swsj.CertValidator |
XML_ENC, XML_SIG |
| Constructor Summary | |
DefaultCertValidator()
Generates a new DefaultCertValidator instance. |
|
| Method Summary | |
void |
setIntermediateCertificates(java.security.cert.X509Certificate[] certs)
Sets an array of intermediate CA certificates. |
void |
setTrustedCertificates(java.security.cert.X509Certificate[] certs)
Sets an array of trusted certificates. |
boolean |
validate(java.security.cert.X509Certificate cert)
Validates a single certificate as a certifcate path. |
boolean |
validate(java.security.cert.X509Certificate cert,
int requiredUsage)
Validates a single certificate as a certifcate path, and verifies that the certificate supports the required key usage extensions. |
boolean |
validate(java.security.cert.X509Certificate cert,
java.security.cert.X509Certificate[] extraCerts,
int requiredUsage)
Validates a certificate path/chain for specified certificate and checks usage extensions. |
| Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
public static final byte DIG_SIG
public static final byte NON_REP
public static final byte KEY_ENC
public static final byte DAT_ENC
public static final byte KEY_AGR
public static final byte KEY_SIG
public static final byte CRL_SIG
public static final byte ENC_ONLY
public static final byte DEC_ONLY
public static final java.util.BitSet enciphermentUsages
public static final java.util.BitSet signatureUsages
| Constructor Detail |
public DefaultCertValidator()
throws SWSJException
| Method Detail |
public boolean validate(java.security.cert.X509Certificate cert,
java.security.cert.X509Certificate[] extraCerts,
int requiredUsage)
throws SWSJException
validate in interface CertValidatorcert - The certificate that SWS-J is requesting to validate.extraCerts - An array of (possibly unrelated) certificates, that
may have been present in the parsed message, which are to be
used in trying to validate the certificate path. NOTE: this
array can be empty. Certificates to be used in the building of a
valid certificate chain can also be specified via
setIntermediateCerts. To provide appropriate checks
and assurances that the certificate is valid for use, the path
is processed in the following manner: the issuer DN of the
supplied cert is retrieved, and compared to the subject DN of
each of the supplied certificates. If a matching certificate is
found, the process is repeated until the issuer of a certificate
cannot be found. This certificate is then assumed to be a CA
certificate supplied via setTrustedCerts and the
default JDK validation algorithm is applied to the chain.requiredUsage - An int identifier for the usage required to be
supported by the cert. i.e. the operations this cert will be
used for e.g. encrypt, sign. Valid values at present are
CertValidator.XML_SIG and
CertValidator.XML_ENC.
true If the certificate path was validated.
false Otherwise.
SWSJExceptionSWSJException - If any of the parameters are invalid.
public boolean validate(java.security.cert.X509Certificate cert)
throws SWSJException
cert - The certficate to be validated
true If the certificate-as-a-path was validated.
false Otherwise.
SWSJExceptionSWSJException
public boolean validate(java.security.cert.X509Certificate cert,
int requiredUsage)
throws SWSJException
cert - The certficate to be validatedrequiredUsage - An int identifier expressing the key usage
extensions required to be supported by the cert
true If the certificate + usage were validated
false Otherwise.
SWSJExceptionSWSJException
public void setTrustedCertificates(java.security.cert.X509Certificate[] certs)
throws InvalidParameterException
certs - Array of certificates.
InvalidParameterException
public void setIntermediateCertificates(java.security.cert.X509Certificate[] certs)
throws InvalidParameterException
certs - Array of certificates.
InvalidParameterException
|
|||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||||