Appendix A: Standard Names

The Java™ Certification Path API requires and utilizes a set of standard names for certification path validation algorithms, encodings, and certificate storage types. It supplements the list of standard names defined in Appendix A in the Java Cryptography Architecture API Specification and Reference. Note that algorithm names are treated as case-insensitive (for comparison).

Note that a service provider may choose to define a new name for a proprietary or non-standard algorithm not mentioned in the following list. However, to prevent name collisions, consider using a prefix with the reverse Internet domain name of the provider's organization (for example: com.ibm.MyCertPathValidator).

CertPathValidator Algorithms

The algorithm names in this section can be specified when generating an instance of CertPathValidator.
PKIX
The PKIX certification path validation algorithm as defined in the ValidationAlgorithm service attribute.

CertPathBuilder Algorithms

The algorithm names in this section can be specified when generating an instance of CertPathBuilder.
PKIX
The PKIX certification path validation algorithm as defined in the ValidationAlgorithm service attribute. The output of CertPathBuilderinstances that implements this algorithm is a certification path validated against the PKIX validation algorithm.

CertStore Types

The following types can be specified when generating an instance of CertStore:
LDAP
A CertStore implementation that fetches certificates and CRLs from an LDAP directory using the schema defined in the LDAPSchema service attribute.
Collection
A CertStore implementation that retrieves certificates and CRLs from a Collection. This type of CertStore is particularly useful in applications where certificates or CRLs are received in a bag or some sort of attachment, such as with a signed email message or in an SSL negotiation.

CertPath Encodings

The following encodings may be passed to the getEncoded method of CertPath or the generateCertPath(InputStream inStream, String encoding) method of CertificateFactory.
PKCS7
A PKCS#7 SignedData object, with the only significant field being certificates. In particular, the signature and the contents are ignored. If no certificates are present, a zero-length CertPath is assumed. Attention: PKCS#7 does not maintain the order of certificates in a certification path. This means that if a CertPath is converted to PKCS#7 encoded bytes and then converted back, the order of the certificates might change, and the CertPath might no longer work. Users should be aware of this behavior.
PkiPath

an ASN.1 DER encoded sequence of certificates, defined as follows:

PkiPath ::= SEQUENCE OF Certificate

Within the sequence, the order of certificates is such that the subject of the first certificate is the issuer of the second certificate, and so on. Each certificate in PkiPath shall be unique. No certificate may appear more than once in a value of Certificate in PkiPath. The PkiPath format is defined in defect report 279 against X.509 (2000) and is incorporated into Draft Technical Corrigenda 2 for the fourth edition (2000) of X.509.

Service Attributes

ValidationAlgorithm

The name of the specification that defines the certification path validation algorithm that an implementation of CertPathBuilder or CertPathValidator supports. RFCs should be specified as "RFC#" (ex: "RFC3280") and Internet Drafts as the name of the draft (ex: "draft-ietf-pkix-rfc2560bis-01.txt"). Values for this attribute that are specified as selection criteria to the Security.getProviders method will be compared using the String.equalsIgnoreCase method. All PKIX implementations of CertPathBuilder and CertPathValidator should provide a value for this attribute.

LDAPSchema

The name of the specification that defines the LDAP schema that an implementation of an LDAP CertStore uses to retrieve certificates and CRLs. The format and semantics of this attribute is the same as described for the ValidationAlgorithm attribute. All LDAP implementations of CertStore should provide a value for this attribute.