This class validates certificate chains, establishing a chain of trust from the end entity to a trust anchor, and thereby establishing the validity of the public key presented in the end entity's certificate. The CertPathValidator is provider-based and algorithm-independent. To obtain a CertPathValidator instance, call one of the static getInstance( ) methods specifying the name of the desired validation algorithm and, optionally, the provider to use. The "PKIX" algorithm for validating X.509 certificates is the only one supported by the default "SUN" provider.
Once you have a CertPathValidator object, you can use it to validate certificate chains by passing the CertPath object to be validated to the validate( ) method along with a CertPathParameters object that specifies valid trust anchors and other validation parameters. CertPathParameters is simply a marker interface, and you must use an application-specific implementation such as PKIXParameters. If validation fails, the validate( ) method throws a CertPathValidatorException which may include the index in the chain of the certificate that failed to validate. Otherwise, if validation is successful, the validate( ) method returns a CertPathValidatorResult. If you are interested in the details of the validation (such as the trust anchor that was used or the public key of the end entity), you may cast this returned value to an algorithm-specific subtype such as PKIXCertPathValidatorResult and use its methods to find out more about the result.
public classCertPathValidator { // Protected Constructors protected
CertPathValidator (CertPathValidatorSpi
validatorSpi , java.security.Provider
provider , String
algorithm ); // Public Class Methods public static final String
getDefaultType ( ); public static CertPathValidator
getInstance (String
algorithm ) throws java.security.NoSuchAlgorithmException; public static CertPathValidator
getInstance (String
algorithm , String
provider ) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException; public static CertPathValidator
getInstance (String
algorithm , java.security.Provider
provider ) throws java.security.NoSuchAlgorithmException; // Public Instance Methods public final String
getAlgorithm ( ); public final java.security.Provider
getProvider ( ); public final CertPathValidatorResult
validate (CertPath
certPath , CertPathParameters
params ) throws CertPathValidatorException, java.security.InvalidAlgorithmParameterException; }