Validator

Class Overview

Validator abstract base class. Concrete classes are instantiated by calling one of the getInstance() methods. All methods defined in this class must be safe for concurrent use by multiple threads.

The model is that a Validator instance is created specifying validation settings, such as trust anchors or PKIX parameters. Then one or more paths are validated using those parameters. In some cases, additional information can be provided per path validation. This is independent of the validation parameters and currently only used for TLS server validation.

Path validation is performed by calling one of the validate() methods. It specifies a suggested path to be used for validation if available, or only the end entity certificate otherwise. Optionally additional certificates can be specified that the caller believes could be helpful. Implementations are free to make use of this information or validate the path using other means. validate() also checks that the end entity certificate is suitable for the intended purpose as described below.

There are two orthogonal parameters to select the Validator implementation: type and variant. Type selects the validation algorithm. Currently supported are TYPE_SIMPLE and TYPE_PKIX. See SimpleValidator and PKIXValidator for details.

Variant controls additional extension checks. Currently supported are five variants:

• VAR_GENERIC (no additional checks),
• VAR_TLS_CLIENT (TLS client specific checks)
• VAR_TLS_SERVER (TLS server specific checks), and
• VAR_CODE_SIGNING (code signing specific checks).
• VAR_JCE_SIGNING (JCE code signing specific checks).
• VAR_TSA_SERVER (TSA server specific checks).
• VAR_PLUGIN_CODE_SIGNING (Plugin/WebStart code signing specific checks).

Examples:

   // instantiate validator specifying type, variant, and trust anchors
   Validator validator = Validator.getInstance(Validator.TYPE_PKIX,
                                               Validator.VAR_TLS_CLIENT,
                                               trustedCerts);
   // validate one or more chains using the validator
   validator.validate(chain); // throws CertificateException if failed
 

Summary

[Expand] Inherited Methods

From class java.lang.Object Object clone() Creates and returns a copy of this object. boolean equals(Object obj) Indicates whether some other object is "equal to" this one. void finalize() Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. final Class<?> getClass() Returns the runtime class of this Object. int hashCode() Returns a hash code value for the object. final void notify() Wakes up a single thread that is waiting on this object's monitor. final void notifyAll() Wakes up all threads that are waiting on this object's monitor. String toString() Returns a string representation of the object. final void wait() Causes the current thread to wait until another thread invokes the notify() method or the notifyAll() method for this object. final void wait(long timeout, int nanos) Causes the current thread to wait until another thread invokes the notify() method or the notifyAll() method for this object, or some other thread interrupts the current thread, or a certain amount of real time has elapsed. final void wait(long timeout) Causes the current thread to wait until either another thread invokes the notify() method or the notifyAll() method for this object, or a specified amount of time has elapsed.