Java in a Nutshell, 5th Edition [Electronic resources] نسخه متنی

A CertPath is a immutable sequence or

chain
of certificates that establishes a "certification
path" from an unknown "end
entity" to a known and trusted Certificate Authority
or "trust anchor". Use a
CertPathValidator to validate a certificate chain
and establish trust in the public key presented in the certificate of
the end entity.

getType( ) returns
the type of the certificates in the CertPath. For
X.509 certificate chains (the only type supported by the default
"SUN" provider) this method returns
"X.509". getCertificates(
) returns
a java.util.List object that contains the
Certificate objects that comprise the chain. For
X.509 chains, the list contains X509Certificate
objects. Also, for X.509 certificate paths, the
List returned by getCertificates(
) starts with the certificate of of the end entity, and
ends with a certificate signed by the trust anchor. The signer of any
certificate but the last must be the subject of the next certificate
in the List. If the end entity presents a
certificate that is directly signed by a trust anchor (which is a not
uncommon occurrence) then the List returned by
getCertificates( ) consists of only that single
certificate. Note that the list of certificates does not include the
certificate of the trust anchor. The public keys of trusted CAs must
be known by the system in advance. In Sun's JDK
implementation, the public-key certificates of trusted CAs are stored
in the file jre/lib/security/cacerts.

CertPath objects can be created with a
CertificateFactory, or at a lower level with a
CertPathBuilder object. A
CertificateFactory can parse or decode a
CertPath object from a binary stream. The
getEncoded( )

methods reverse the process and encode a CertPath
into an array of bytes. getEncodings(
) returns the encodings supported for
a CertPath. The first returned encoding name is
the default one, but you can use any supported encoding by using the
one-argument version of getEncoded( ). The default
"SUN" provider supports encodings
named "PKCS7" and
"PkiPath".

CertPath objects are immutable as is the
List object returned by getCertificates(
) and the Certificate objects contained
in the list. Furthermore, all CertPath methods are
threadsafe.

Figure 14-53. java.security.cert.CertPath

public abstract class

CertPath implements Serializable {
// Protected Constructors
protected

CertPath (String

type );
// Nested Types
protected static class

CertPathRep implements Serializable;
// Public Instance Methods
public abstract java.util.List<? extends java.security.cert.Certificate>

getCertificates ( );
public abstract byte[ ]

getEncoded ( ) throws CertificateEncodingException;
public abstract byte[ ]

getEncoded (String

encoding )
throws CertificateEncodingException;
public abstract java.util.Iterator<String>

getEncodings ( );
public String

getType ( );
// Public Methods Overriding Object
public boolean

equals (Object

other );
public int

hashCode ( );
public String

toString ( );
// Protected Instance Methods
protected Object

writeReplace ( ) throws java.io.ObjectStreamException;
}

Passed To

java.security.CodeSigner.CodeSigner( ),
java.security.Timestamp.Timestamp( ),
CertPathValidator.validate( ),
CertPathValidatorException.CertPathValidatorException(
), CertPathValidatorSpi.engineValidate(
),
PKIXCertPathBuilderResult.PKIXCertPathBuilderResult(
)

Returned By

java.security.CodeSigner.getSignerCertPath( ),
java.security.Timestamp.getSignerCertPath( ),
CertificateFactory.generateCertPath( ),
CertificateFactorySpi.engineGenerateCertPath( ),
CertPathBuilderResult.getCertPath( ),
CertPathValidatorException.getCertPath( ),
PKIXCertPathBuilderResult.getCertPath( )