Provides classes and interfaces for parsing and managing
certificates, certificate revocation lists (CRLs), and
certification paths. It contains support for X.509 v3
certificates and X.509 v2 CRLs.
Package Specification
- Java™ Cryptography Architecture (JCA) Reference Guide
- RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
- Java™ Cryptography Architecture Standard Algorithm Name Documentation
Related Documentation
For information about X.509 certificates and CRLs, please see:Interfaces
CertPathBuilderResult | A specification of the result of a certification path builder algorithm. |
CertPathChecker | Performs one or more checks on each |
CertPathParameters | A specification of certification path algorithm parameters. |
CertPathValidatorException.Reason | The reason the validation algorithm failed. |
CertPathValidatorResult | A specification of the result of a certification path validator algorithm. |
CertSelector | A selector that defines a set of criteria for selecting
Certificate s. |
CertStoreParameters | A specification of CertStore parameters. |
CRLSelector | A selector that defines a set of criteria for selecting CRL s. |
Extension | This interface represents an X.509 extension. |
PolicyNode | An immutable valid policy tree node as defined by the PKIX certification path validation algorithm. |
X509Extension | Interface for an X.509 extension. |
Classes
Certificate | Abstract class for managing a variety of identity certificates. |
Certificate.CertificateRep | Alternate Certificate class for serialization. |
CertificateFactory | This class defines the functionality of a certificate factory, which is
used to generate certificate, certification path (CertPath )
and certificate revocation list (CRL) objects from their encodings. |
CertificateFactorySpi | This class defines the Service Provider Interface (SPI)
for the CertificateFactory class. |
CertPath | An immutable sequence of certificates (a certification path). |
CertPath.CertPathRep | Alternate CertPath class for serialization. |
CertPathBuilder | A class for building certification paths (also known as certificate chains). |
CertPathBuilderSpi | The Service Provider Interface (SPI)
for the CertPathBuilder class. |
CertPathValidator | A class for validating certification paths (also known as certificate chains). |
CertPathValidatorSpi | The Service Provider Interface (SPI)
for the CertPathValidator class. |
CertStore | A class for retrieving Certificate s and CRL s
from a repository. |
CertStoreSpi | The Service Provider Interface (SPI)
for the CertStore class. |
CollectionCertStoreParameters | Parameters used as input for the Collection CertStore
algorithm. |
CRL | This class is an abstraction of certificate revocation lists (CRLs) that have different formats but important common uses. |
LDAPCertStoreParameters | Parameters used as input for the LDAP CertStore algorithm. |
PKIXBuilderParameters | Parameters used as input for the PKIX CertPathBuilder
algorithm. |
PKIXCertPathBuilderResult | This class represents the successful result of the PKIX certification path builder algorithm. |
PKIXCertPathChecker | An abstract class that performs one or more checks on an
X509Certificate . |
PKIXCertPathValidatorResult | This class represents the successful result of the PKIX certification path validation algorithm. |
PKIXParameters | Parameters used as input for the PKIX CertPathValidator
algorithm. |
PKIXRevocationChecker | A PKIXCertPathChecker for checking the revocation status of
certificates with the PKIX algorithm. |
PolicyQualifierInfo | An immutable policy qualifier represented by the ASN.1 PolicyQualifierInfo structure. |
TrustAnchor | A trust anchor or most-trusted Certification Authority (CA). |
X509Certificate | Abstract class for X.509 certificates. |
X509CertSelector | A CertSelector that selects X509Certificates that
match all specified criteria. |
X509CRL | Abstract class for an X.509 Certificate Revocation List (CRL). |
X509CRLEntry | Abstract class for a revoked certificate in a CRL (Certificate Revocation List). |
X509CRLSelector | A CRLSelector that selects X509CRLs that
match all specified criteria. |
Enums
CertPathValidatorException.BasicReason | The BasicReason enumerates the potential reasons that a certification path of any type may be invalid. |
CRLReason | The CRLReason enumeration specifies the reason that a certificate is revoked, as defined in RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. |
PKIXReason | The PKIXReason enumerates the potential PKIX-specific reasons
that an X.509 certification path may be invalid according to the PKIX
(RFC 3280) standard. |
PKIXRevocationChecker.Option | Various revocation options that can be specified for the revocation checking mechanism. |
Exceptions
CertificateEncodingException | Certificate Encoding Exception. |
CertificateException | This exception indicates one of a variety of certificate problems. |
CertificateExpiredException | Certificate Expired Exception. |
CertificateNotYetValidException | Certificate is not yet valid exception. |
CertificateParsingException | Certificate Parsing Exception. |
CertificateRevokedException | An exception that indicates an X.509 certificate is revoked. |
CertPathBuilderException | An exception indicating one of a variety of problems encountered when
building a certification path with a CertPathBuilder . |
CertPathValidatorException | An exception indicating one of a variety of problems encountered when validating a certification path. |
CertStoreException | An exception indicating one of a variety of problems retrieving
certificates and CRLs from a CertStore . |
CRLException | CRL (Certificate Revocation List) Exception. |