Module java.base

Package java.security.cert

package java.security.cert

Provides classes and interfaces for parsing and managing certificates, certificate revocation lists (CRLs), and certification paths. It contains support for X.509 v3 certificates and X.509 v2 CRLs.

Package Specification

• Java Cryptography Architecture (JCA) Reference Guide
• RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
• RFC 2560: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
• Java Security Standard Algorithm Names Specification

Related Documentation

For information about X.509 certificates and CRLs, please see:

• http://www.ietf.org/rfc/rfc5280.txt
• Java PKI Programmer's Guide

Since:

1.2

Related Packages

Package	Description
java.security	Provides the classes and interfaces for the security framework.
java.security.interfaces	Provides interfaces for generating RSA (Rivest, Shamir and Adleman AsymmetricCipher algorithm) keys as defined in the RSA Laboratory Technical Note PKCS#1, and DSA (Digital Signature Algorithm) keys as defined in NIST's FIPS-186.
java.security.spec	Provides classes and interfaces for key specifications and algorithm parameter specifications.

Class	Description
Certificate	Abstract class for managing a variety of identity certificates.
Certificate.CertificateRep	Alternate Certificate class for serialization.
CertificateEncodingException	Certificate Encoding Exception.
CertificateException	This exception indicates one of a variety of certificate problems.
CertificateExpiredException	Certificate Expired Exception.
CertificateFactory	This class defines the functionality of a certificate factory, which is used to generate certificate, certification path (CertPath) and certificate revocation list (CRL) objects from their encodings.
CertificateFactorySpi	This class defines the Service Provider Interface (SPI) for the CertificateFactory class.
CertificateNotYetValidException	Certificate is not yet valid exception.
CertificateParsingException	Certificate Parsing Exception.
CertificateRevokedException	An exception that indicates an X.509 certificate is revoked.
CertPath	An immutable sequence of certificates (a certification path).
CertPath.CertPathRep	Alternate CertPath class for serialization.
CertPathBuilder	A class for building certification paths (also known as certificate chains).
CertPathBuilderException	An exception indicating one of a variety of problems encountered when building a certification path with a CertPathBuilder.
CertPathBuilderResult	A specification of the result of a certification path builder algorithm.
CertPathBuilderSpi	The Service Provider Interface (SPI) for the CertPathBuilder class.
CertPathChecker	Performs one or more checks on each Certificate of a CertPath.
CertPathParameters	A specification of certification path algorithm parameters.
CertPathValidator	A class for validating certification paths (also known as certificate chains).
CertPathValidatorException	An exception indicating one of a variety of problems encountered when validating a certification path.
CertPathValidatorException.BasicReason	The BasicReason enumerates the potential reasons that a certification path of any type may be invalid.
CertPathValidatorException.Reason	The reason the validation algorithm failed.
CertPathValidatorResult	A specification of the result of a certification path validator algorithm.
CertPathValidatorSpi	The Service Provider Interface (SPI) for the CertPathValidator class.
CertSelector	A selector that defines a set of criteria for selecting Certificates.
CertStore	A class for retrieving Certificates and CRLs from a repository.
CertStoreException	An exception indicating one of a variety of problems retrieving certificates and CRLs from a CertStore.
CertStoreParameters	A specification of CertStore parameters.
CertStoreSpi	The Service Provider Interface (SPI) for the CertStore class.
CollectionCertStoreParameters	Parameters used as input for the Collection CertStore algorithm.
CRL	This class is an abstraction of certificate revocation lists (CRLs) that have different formats but important common uses.
CRLException	CRL (Certificate Revocation List) Exception.
CRLReason	The CRLReason enumeration specifies the reason that a certificate is revoked, as defined in RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile.
CRLSelector	A selector that defines a set of criteria for selecting CRLs.
Extension	This interface represents an X.509 extension.
LDAPCertStoreParameters	Parameters used as input for the LDAP CertStore algorithm.
PKIXBuilderParameters	Parameters used as input for the PKIX CertPathBuilder algorithm.
PKIXCertPathBuilderResult	This class represents the successful result of the PKIX certification path builder algorithm.
PKIXCertPathChecker	An abstract class that performs one or more checks on an X509Certificate.
PKIXCertPathValidatorResult	This class represents the successful result of the PKIX certification path validation algorithm.
PKIXParameters	Parameters used as input for the PKIX CertPathValidator algorithm.
PKIXReason	The PKIXReason enumerates the potential PKIX-specific reasons that an X.509 certification path may be invalid according to the PKIX (RFC 5280) standard.
PKIXRevocationChecker	A PKIXCertPathChecker for checking the revocation status of certificates with the PKIX algorithm.
PKIXRevocationChecker.Option	Various revocation options that can be specified for the revocation checking mechanism.
PolicyNode	An immutable valid policy tree node as defined by the PKIX certification path validation algorithm.
PolicyQualifierInfo	An immutable policy qualifier represented by the ASN.1 PolicyQualifierInfo structure.
TrustAnchor	A trust anchor or most-trusted Certification Authority (CA).
URICertStoreParameters	Parameters used as input for CertStore algorithms which use information contained in a URI to retrieve certificates and CRLs.
X509Certificate	Abstract class for X.509 certificates.
X509CertSelector	A CertSelector that selects X509Certificates that match all specified criteria.
X509CRL	Abstract class for an X.509 Certificate Revocation List (CRL).
X509CRLEntry	Abstract class for a revoked certificate in a CRL (Certificate Revocation List).
X509CRLSelector	A CRLSelector that selects X509CRLs that match all specified criteria.
X509Extension	Interface for an X.509 extension.