|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
Classes implementing this interface are meant to retrieve certificates based on either an issuer distinguished name and a serial number or the subject distinguished name.
Distinguished names are principals and should implement the
Principal interface.
Digital signatures in general should include information on the principal who did the signing, as well as on the the principal who attests the validity of the relationship between the claimed identity and the public key that can be used to verify the signature.
Since each subject may own several certificates, for a given signature the corresponding certificate may not reliably be identified by its subject's identity. In that case, the certificate needs to be retrieved based on:
In principle, the java.security.KeyStore is the first choice for certificate storage. However, this interface does not support retrieval based on distinguished names, but based on an alias that is not globally unique and cannot be bound to the certificate.
This interface may also be used for LDAP based certificate services. In other words, a service that retrieves certificates based on a X.501 or RFC1779 distinguished name from a LDAP directory service.
CertificateException| Field Summary | |
static int |
ALL
Matches all key usage bits including all-zero key usage bits (effectively disables checking of key usage bits). |
static int |
DATA_ENCIPHERMENT
Matches certificates with the dataEncipherment
bit set. |
static int |
KEY_AGREEMENT
Matches certificates with the keyAgreement
bit set. |
static int |
KEY_CERT_SIGN
Matches certificates with the keyCertSign
bit set. |
static int |
KEY_ENCIPHERMENT
Matches certificates with the keyEncipherment
bit set. |
static int |
NON_REPUDIATION
Matches certificates with the nonRepudiation
bit set. |
| Method Summary | |
Iterator |
certificates(Principal subject)
Retrieves certificates based on the distinguished name of the certificate's subject. |
Iterator |
certificates(Principal subject,
int keyUsage)
Retrieves certificates based on the distinguished name of the certificate's subject and a number of key usage bits. |
X509Certificate |
getCertificate(Principal issuer,
BigInteger serial)
This method retrieves a certificate based on the distinguished name of the certificate's issuer as well as its serial number, as assigned by the issuer. |
| Field Detail |
public static final int ALL
public static final int NON_REPUDIATION
nonRepudiation
bit set.public static final int KEY_ENCIPHERMENT
keyEncipherment
bit set.public static final int DATA_ENCIPHERMENT
dataEncipherment
bit set.public static final int KEY_AGREEMENT
keyAgreement
bit set.public static final int KEY_CERT_SIGN
keyCertSign
bit set.| Method Detail |
public X509Certificate getCertificate(Principal issuer,
BigInteger serial)
issuer - The issuer distinguished name.serial - The serial number.null if it is not found.public Iterator certificates(Principal subject)
subject - The subject DN of the certificate that should be
retrieved.Iterator of all known certificates with the
given subject DN.CertificateIterator
public Iterator certificates(Principal subject,
int keyUsage)
subject - The subject DN of the certificate that should be
retrieved. A value of null matches every
subject DN.keyUsage - The mask of key usage bits; at least one of these bits
must be set in the key usage extension of matching
certificates. A value of 0 disables key usage checking.Iterator of all known certificates with the
given subject DN that match at least one of the given key usage
bits.CertificateIterator
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||