Appendix A: Standard Names
The Java™ Certification Path API requires and utilizes a set of standard names for certification path validation algorithms, encodings, and certificate storage types. It supplements the list of standard names defined in Appendix A in the Java Cryptography Architecture API Specification and Reference. Note that algorithm names are treated as case-insensitive (for comparison).
Note that a service provider may choose to define a new name for
a proprietary or non-standard algorithm not mentioned in the following
list. However, to prevent name collisions, consider using a prefix
with the reverse Internet domain name of the provider's organization
- The PKIX certification path validation algorithm as defined in the ValidationAlgorithm service attribute.
- The PKIX certification path validation algorithm as defined in
the ValidationAlgorithm service attribute.
The output of
CertPathBuilderinstances that implements this algorithm is a certification path validated against the PKIX validation algorithm.
CertStoreimplementation that fetches certificates and CRLs from an LDAP directory using the schema defined in the LDAPSchema service attribute.
CertStoreimplementation that retrieves certificates and CRLs from a
Collection. This type of
CertStoreis particularly useful in applications where certificates or CRLs are received in a bag or some sort of attachment, such as with a signed email message or in an SSL negotiation.
getEncoded method of
generateCertPath(InputStream inStream, String encoding) method
- A PKCS#7 SignedData object, with the only significant field being
certificates. In particular, the signature and the contents are ignored.
If no certificates are present, a zero-length
CertPathis assumed. Attention: PKCS#7 does not maintain the order of certificates in a certification path. This means that if a
CertPathis converted to PKCS#7 encoded bytes and then converted back, the order of the certificates might change, and the
CertPathmight no longer work. Users should be aware of this behavior.
an ASN.1 DER encoded sequence of certificates, defined as follows:
PkiPath ::= SEQUENCE OF Certificate
Within the sequence, the order of certificates is such that the subject of the first certificate is the issuer of the second certificate, and so on. Each certificate in
PkiPathshall be unique. No certificate may appear more than once in a value of
PkiPathformat is defined in defect report 279 against X.509 (2000) and is incorporated into Draft Technical Corrigenda 2 for the fourth edition (2000) of X.509.
The name of the specification that defines the certification path validation algorithm that an implementation of
CertPathValidatorsupports. RFCs should be specified as "RFC#" (ex: "RFC3280") and Internet Drafts as the name of the draft (ex: "draft-ietf-pkix-rfc2560bis-01.txt"). Values for this attribute that are specified as selection criteria to the
getProvidersmethod will be compared using the
equalsIgnoreCasemethod. All PKIX implementations of
CertPathValidatorshould provide a value for this attribute.
The name of the specification that defines the LDAP schema that an implementation of an LDAP CertStore uses to retrieve certificates and CRLs. The format and semantics of this attribute is the same as described for the ValidationAlgorithm attribute. All LDAP implementations of
CertStoreshould provide a value for this attribute.