AI-generated Key Takeaways
-
The
java.security.certpackage provides classes and interfaces for working with certificates, certificate revocation lists (CRLs), and certification paths, including support for X.509 v3 certificates and X.509 v2 CRLs. -
It offers functionalities such as parsing certificate encodings, building and validating certification paths, and managing certificate stores.
-
The package includes various classes like
CertificateFactory,CertPathBuilder,CertPathValidator, andCertStorefor core certificate operations. -
It also defines a range of exceptions for handling certificate-related errors, such as
CertificateException,CertPathValidatorException, andCertStoreException. -
Developers can utilize the provided interfaces and classes to implement custom certificate management solutions and integrate with existing security infrastructure.
Provides classes and interfaces for parsing and managing
certificates, certificate revocation lists (CRLs), and
certification paths. It contains support for X.509 v3
certificates and X.509 v2 CRLs.
Package Specification
- Java™ Cryptography Architecture (JCA) Reference Guide
- RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
- RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
- Java™ Cryptography Architecture Standard Algorithm Name Documentation
Related Documentation
For information about X.509 certificates and CRLs, please see:Interfaces
| CertPathBuilderResult | A specification of the result of a certification path builder algorithm. |
| CertPathChecker | Performs one or more checks on each |
| CertPathParameters | A specification of certification path algorithm parameters. |
| CertPathValidatorException.Reason | The reason the validation algorithm failed. |
| CertPathValidatorResult | A specification of the result of a certification path validator algorithm. |
| CertSelector | A selector that defines a set of criteria for selecting
Certificates. |
| CertStoreParameters | A specification of CertStore parameters. |
| CRLSelector | A selector that defines a set of criteria for selecting CRLs. |
| Extension | This interface represents an X.509 extension. |
| PolicyNode | An immutable valid policy tree node as defined by the PKIX certification path validation algorithm. |
| X509Extension | Interface for an X.509 extension. |
Classes
| Certificate | Abstract class for managing a variety of identity certificates. |
| Certificate.CertificateRep | Alternate Certificate class for serialization. |
| CertificateFactory | This class defines the functionality of a certificate factory, which is
used to generate certificate, certification path (CertPath)
and certificate revocation list (CRL) objects from their encodings. |
| CertificateFactorySpi | This class defines the Service Provider Interface (SPI)
for the CertificateFactory class. |
| CertPath | An immutable sequence of certificates (a certification path). |
| CertPath.CertPathRep | Alternate CertPath class for serialization. |
| CertPathBuilder | A class for building certification paths (also known as certificate chains). |
| CertPathBuilderSpi | The Service Provider Interface (SPI)
for the CertPathBuilder class. |
| CertPathValidator | A class for validating certification paths (also known as certificate chains). |
| CertPathValidatorSpi | The Service Provider Interface (SPI)
for the CertPathValidator class. |
| CertStore | A class for retrieving Certificates and CRLs
from a repository. |
| CertStoreSpi | The Service Provider Interface (SPI)
for the CertStore class. |
| CollectionCertStoreParameters | Parameters used as input for the Collection CertStore
algorithm. |
| CRL | This class is an abstraction of certificate revocation lists (CRLs) that have different formats but important common uses. |
| LDAPCertStoreParameters | Parameters used as input for the LDAP CertStore algorithm. |
| PKIXBuilderParameters | Parameters used as input for the PKIX CertPathBuilder
algorithm. |
| PKIXCertPathBuilderResult | This class represents the successful result of the PKIX certification path builder algorithm. |
| PKIXCertPathChecker | An abstract class that performs one or more checks on an
X509Certificate. |
| PKIXCertPathValidatorResult | This class represents the successful result of the PKIX certification path validation algorithm. |
| PKIXParameters | Parameters used as input for the PKIX CertPathValidator
algorithm. |
| PKIXRevocationChecker | A PKIXCertPathChecker for checking the revocation status of
certificates with the PKIX algorithm. |
| PolicyQualifierInfo | An immutable policy qualifier represented by the ASN.1 PolicyQualifierInfo structure. |
| TrustAnchor | A trust anchor or most-trusted Certification Authority (CA). |
| X509Certificate | Abstract class for X.509 certificates. |
| X509CertSelector | A CertSelector that selects X509Certificates that
match all specified criteria. |
| X509CRL | Abstract class for an X.509 Certificate Revocation List (CRL). |
| X509CRLEntry | Abstract class for a revoked certificate in a CRL (Certificate Revocation List). |
| X509CRLSelector | A CRLSelector that selects X509CRLs that
match all specified criteria. |
Enums
| CertPathValidatorException.BasicReason | The BasicReason enumerates the potential reasons that a certification path of any type may be invalid. |
| CRLReason | The CRLReason enumeration specifies the reason that a certificate is revoked, as defined in RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. |
| PKIXReason | The PKIXReason enumerates the potential PKIX-specific reasons
that an X.509 certification path may be invalid according to the PKIX
(RFC 3280) standard. |
| PKIXRevocationChecker.Option | Various revocation options that can be specified for the revocation checking mechanism. |
Exceptions
| CertificateEncodingException | Certificate Encoding Exception. |
| CertificateException | This exception indicates one of a variety of certificate problems. |
| CertificateExpiredException | Certificate Expired Exception. |
| CertificateNotYetValidException | Certificate is not yet valid exception. |
| CertificateParsingException | Certificate Parsing Exception. |
| CertificateRevokedException | An exception that indicates an X.509 certificate is revoked. |
| CertPathBuilderException | An exception indicating one of a variety of problems encountered when
building a certification path with a CertPathBuilder. |
| CertPathValidatorException | An exception indicating one of a variety of problems encountered when validating a certification path. |
| CertStoreException | An exception indicating one of a variety of problems retrieving
certificates and CRLs from a CertStore. |
| CRLException | CRL (Certificate Revocation List) Exception. |