public final class CertificateVerifier extends Object
|Modifier and Type||Method and Description|
Checks whether given X.509 certificate is self-signed.
Attempts to build a certification chain for given certificate and to verify it.
public static PKIXCertPathBuilderResult verifyCertificate(X509Certificate cert, Set<X509Certificate> additionalCerts, boolean verifySelfSignedCert, Date signDate) throws CertificateVerificationException
cert- - certificate for validation
additionalCerts- - set of trusted root CA certificates that will be used as "trust anchors" and intermediate CA certificates that will be used as part of the certification chain. All self-signed certificates are considered to be trusted root CA certificates. All the rest are considered to be intermediate CA certificates.
verifySelfSignedCert- true if a self-signed certificate is accepted, false if not.
signDate- the date when the signing took place
CertificateVerificationException- - if the certification is not successful (e.g. certification path cannot be built or some certificate in the chain is expired or CRL checks are failed)
public static boolean isSelfSigned(X509Certificate cert) throws GeneralSecurityException
cert- The X.509 certificate to check.
Copyright © 2002–2018 The Apache Software Foundation. All rights reserved.