public abstractclassCertPath
implements
Serializable
Overview
Inheritance
Members
Usage
Source
Books
Since1.4
Version1.18 05/05/07
Author(s)Yassir Elley
An immutable sequence of certificates (a certification path).
This is an abstract class that defines the methods common to all
CertPaths. Subclasses can handle different kinds of
certificates (X.509, PGP, etc.).
All CertPath objects have a type, a list of
Certificates, and one or more supported encodings. Because the
CertPath class is immutable, a CertPath cannot
change in any externally visible way after being constructed. This
stipulation applies to all public fields and methods of this class and any
added or overridden by subclasses.
The type is a String that identifies the type of
Certificates in the certification path. For each
certificate cert in a certification path certPath,
cert.getType().equals(certPath.getType()) must be
true.
The list of Certificates is an ordered List of
zero or more Certificates. This List and all
of the Certificates contained in it must be immutable.
Each CertPath object must support one or more encodings
so that the object can be translated into a byte array for storage or
transmission to other parties. Preferably, these encodings should be
well-documented standards (such as PKCS#7). One of the encodings supported
by a CertPath is considered the default encoding. This
encoding is used if no encoding is explicitly requested (for the
getEncoded() method, for instance).
All CertPath objects are also Serializable.
CertPath objects are resolved into an alternate
CertPathRep object during serialization. This allows
a CertPath object to be serialized into an equivalent
representation regardless of its underlying implementation.
CertPath objects can be created with a
CertificateFactory or they can be returned by other classes,
such as a CertPathBuilder.
By convention, X.509 CertPaths (consisting of
X509Certificates), are ordered starting with the target
certificate and ending with a certificate issued by the trust anchor. That
is, the issuer of one certificate is the subject of the following one. The
certificate representing the TrustAnchor should not be
included in the certification path. Unvalidated X.509 CertPaths
may not follow these conventions. PKIX CertPathValidators will
detect any departure from these conventions that cause the certification
path to be invalid and throw a CertPathValidatorException.
Concurrent Access
All CertPath objects must be thread-safe. That is, multiple
threads may concurrently invoke the methods defined in this class on a
single CertPath object (or more than one) with no
ill effects. This is also true for the List returned by
CertPath.getCertificates.
Requiring CertPath objects to be immutable and thread-safe
allows them to be passed around to various pieces of code without worrying
about coordinating access. Providing this thread-safety is
generally not difficult, since the CertPath and
List objects in question are immutable.
This is an abstract class that defines the methods common to all
CertPaths. Subclasses can handle different kinds of certificates (X.509, PGP, etc.).All
CertPathobjects have a type, a list ofCertificates, and one or more supported encodings. Because theCertPathclass is immutable, aCertPathcannot change in any externally visible way after being constructed. This stipulation applies to all public fields and methods of this class and any added or overridden by subclasses.The type is a
Stringthat identifies the type ofCertificates in the certification path. For each certificatecertin a certification pathcertPath,cert.getType().equals(certPath.getType())must betrue.The list of
Certificates is an orderedListof zero or moreCertificates. ThisListand all of theCertificates contained in it must be immutable.Each
CertPathobject must support one or more encodings so that the object can be translated into a byte array for storage or transmission to other parties. Preferably, these encodings should be well-documented standards (such as PKCS#7). One of the encodings supported by aCertPathis considered the default encoding. This encoding is used if no encoding is explicitly requested (for the getEncoded() method, for instance).All
CertPathobjects are alsoSerializable.CertPathobjects are resolved into an alternate CertPathRep object during serialization. This allows aCertPathobject to be serialized into an equivalent representation regardless of its underlying implementation.CertPathobjects can be created with aCertificateFactoryor they can be returned by other classes, such as aCertPathBuilder.By convention, X.509
CertPaths (consisting ofX509Certificates), are ordered starting with the target certificate and ending with a certificate issued by the trust anchor. That is, the issuer of one certificate is the subject of the following one. The certificate representing the TrustAnchor should not be included in the certification path. Unvalidated X.509CertPaths may not follow these conventions. PKIXCertPathValidators will detect any departure from these conventions that cause the certification path to be invalid and throw aCertPathValidatorException.Concurrent Access
All
CertPathobjects must be thread-safe. That is, multiple threads may concurrently invoke the methods defined in this class on a singleCertPathobject (or more than one) with no ill effects. This is also true for theListreturned byCertPath.getCertificates.Requiring
CertPathobjects to be immutable and thread-safe allows them to be passed around to various pieces of code without worrying about coordinating access. Providing this thread-safety is generally not difficult, since theCertPathandListobjects in question are immutable.