Provides classes and interfaces for parsing and managing certificates, certificate revocation lists (CRLs), and certification paths. It contains support for X.509 v3 certificates and X.509 v2 CRLs.
- Java Cryptography Architecture (JCA) Reference Guide
- RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
- Java Security Standard Algorithm Names Specification
Related DocumentationFor information about X.509 certificates and CRLs, please see:
Interface Summary Interface Description CertPathBuilderResultA specification of the result of a certification path builder algorithm. CertPathCheckerPerforms one or more checks on each
CertPathParametersA specification of certification path algorithm parameters. CertPathValidatorException.ReasonThe reason the validation algorithm failed. CertPathValidatorResultA specification of the result of a certification path validator algorithm. CertSelectorA selector that defines a set of criteria for selecting
CertStoreParametersA specification of
CRLSelectorA selector that defines a set of criteria for selecting
ExtensionThis interface represents an X.509 extension. PolicyNodeAn immutable valid policy tree node as defined by the PKIX certification path validation algorithm. X509ExtensionInterface for an X.509 extension.
Class Summary Class Description CertificateAbstract class for managing a variety of identity certificates. Certificate.CertificateRepAlternate Certificate class for serialization. CertificateFactoryThis class defines the functionality of a certificate factory, which is used to generate certificate, certification path (
CertPath) and certificate revocation list (CRL) objects from their encodings.
CertificateFactorySpiThis class defines the Service Provider Interface (SPI) for the
CertPathAn immutable sequence of certificates (a certification path). CertPath.CertPathRepAlternate
CertPathclass for serialization.
CertPathBuilderA class for building certification paths (also known as certificate chains). CertPathBuilderSpiThe Service Provider Interface (SPI) for the
CertPathValidatorA class for validating certification paths (also known as certificate chains). CertPathValidatorSpiThe Service Provider Interface (SPI) for the
CertStoreA class for retrieving
CRLs from a repository.
CertStoreSpiThe Service Provider Interface (SPI) for the
CollectionCertStoreParametersParameters used as input for the Collection
CRLThis class is an abstraction of certificate revocation lists (CRLs) that have different formats but important common uses. LDAPCertStoreParametersParameters used as input for the LDAP
PKIXBuilderParametersParameters used as input for the PKIX
PKIXCertPathBuilderResultThis class represents the successful result of the PKIX certification path builder algorithm. PKIXCertPathCheckerAn abstract class that performs one or more checks on an
PKIXCertPathValidatorResultThis class represents the successful result of the PKIX certification path validation algorithm. PKIXParametersParameters used as input for the PKIX
PKIXCertPathCheckerfor checking the revocation status of certificates with the PKIX algorithm.
PolicyQualifierInfoAn immutable policy qualifier represented by the ASN.1 PolicyQualifierInfo structure. TrustAnchorA trust anchor or most-trusted Certification Authority (CA). URICertStoreParametersParameters used as input for
CertStorealgorithms which use information contained in a URI to retrieve certificates and CRLs.
X509CertificateAbstract class for X.509 certificates. X509CertSelectorA
X509Certificatesthat match all specified criteria.
X509CRLAbstract class for an X.509 Certificate Revocation List (CRL). X509CRLEntryAbstract class for a revoked certificate in a CRL (Certificate Revocation List). X509CRLSelectorA
X509CRLsthat match all specified criteria.
Enum Summary Enum Description CertPathValidatorException.BasicReasonThe BasicReason enumerates the potential reasons that a certification path of any type may be invalid. CRLReasonThe CRLReason enumeration specifies the reason that a certificate is revoked, as defined in RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. PKIXReasonThe
PKIXReasonenumerates the potential PKIX-specific reasons that an X.509 certification path may be invalid according to the PKIX (RFC 5280) standard.
PKIXRevocationChecker.OptionVarious revocation options that can be specified for the revocation checking mechanism.
Exception Summary Exception Description CertificateEncodingExceptionCertificate Encoding Exception. CertificateExceptionThis exception indicates one of a variety of certificate problems. CertificateExpiredExceptionCertificate Expired Exception. CertificateNotYetValidExceptionCertificate is not yet valid exception. CertificateParsingExceptionCertificate Parsing Exception. CertificateRevokedExceptionAn exception that indicates an X.509 certificate is revoked. CertPathBuilderExceptionAn exception indicating one of a variety of problems encountered when building a certification path with a
CertPathValidatorExceptionAn exception indicating one of a variety of problems encountered when validating a certification path. CertStoreExceptionAn exception indicating one of a variety of problems retrieving certificates and CRLs from a
CRLExceptionCRL (Certificate Revocation List) Exception.