com.dstc.security.ssl
Class TrustEngine

java.lang.Object
  |
  +--com.dstc.security.ssl.TrustEngine
Direct Known Subclasses:
BasicTrustEngine

public abstract class TrustEngine
extends Object

An abstraction of trust for X.509 certificate paths.

See Also:
BasicTrustEngine

Constructor Summary
TrustEngine()
           
 
Method Summary
abstract  Iterator getTrustedCerts()
          Get the list of trusted certificates used by this TrustEngine.
abstract  void validateCertPath(X509Certificate[] path)
          Validate a candidate certificate path against this TrustEngine.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TrustEngine

public TrustEngine()
Method Detail

getTrustedCerts

public abstract Iterator getTrustedCerts()
Get the list of trusted certificates used by this TrustEngine.
Returns:
an Iterator for the list of X509Certificate instances. The Iterator should not allow modification.

validateCertPath

public abstract void validateCertPath(X509Certificate[] path)
                               throws CertificateException,
                                      CertPathValidationException
Validate a candidate certificate path against this TrustEngine. Returns void for success, throws exceptions for failure.

This method may be invoked concurrently from multiple threads, so its implementation should be multithread-safe; this is straightforward if it maintains no state, i.e. has no mutable instance variables (or mutable objects reached from those instance variables).

Parameters:
path - the candidate certificate path to check. path[0] should contain the subject's certificate; any subsequent entries should be CA certificates in the normal order.
Throws:
CertificateException - if some certificate in the path is deemed unsuitable
CertPathValidationException - if validation of the certificate path failed