All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class sun.security.SimpleTrustDecider 

java.lang.Object
   |
   +----sun.security.SimpleTrustDecider
public final class SimpleTrustDecider
extends Object
implements TrustDecider
Implementation of a simple TrustDecider policy. This is driven purely by locally stored certificates, and attributes thereof. Examples of more complex policies include ones consulting LDAP based certificate servers, external security policy servers, checking CRLs, restricting cross certification, implementing path length checks, recognizing key usage or other restrictions associated with certs, and far too many other complex examples to enumerate here.

A particular example of a facility that this decider does NOT support is user interaction to accept previously unrecognized CA certificates. Such an interaction is supported by any sufficiently flexible user interface.

This version of this class only accepts certificates issued by Verisign. A later version will support other certificate authorities.

Constructor Index

o SimpleTrustDecider()
Construcuts a SimpleTrustDecider using the compiled-in set of Verisign certificates.

Method Index

o declareTrustFor(X509Cert, String)
Trust this certificate for the identified purpose.
o getAcceptedCAs(String)
Returns a list of CAs accepted to authenticate entities for the specified purpose.
o isTrustedFor(X509Cert[], String, Date)
Returns true if the entity named by the certificate chain is trusted for the specified purpose.

Constructors

o SimpleTrustDecider 
 public SimpleTrustDecider() throws IOException
Construcuts a SimpleTrustDecider using the compiled-in set of Verisign certificates.

Methods

o isTrustedFor 
 public boolean isTrustedFor(X509Cert entity[],
                             String purpose,
                             Date date)
Returns true if the entity named by the certificate chain is trusted for the specified purpose.

Parameters:
chain - certificates which establish an identity.
purpose - activity for which trust is being checked.
date - date for which trust is being established; null indicates "right now".
Returns:
true iff the entity is trusted for that purpose.
o declareTrustFor 
 public void declareTrustFor(X509Cert cert,
                             String purpose)
Trust this certificate for the identified purpose. This modifies the persistent state of the trust policy.

o getAcceptedCAs 
 public X509Cert[] getAcceptedCAs(String purpose)
Returns a list of CAs accepted to authenticate entities for the specified purpose.

Parameters:
purpose - activity for which CAs should be trusted
Returns:
list of CAs accepted for authenticating such tasks 
All Packages  Class Hierarchy  This Package  Previous  Next  Index