PKI Module

The PKI module is intended to construct and verify certificate chains according to pkix and the chain model.

Configuration

To configure the system wide parameters use the PKIFactory.configure(PKIConfiguration config) method. All other settings are so called profile data and can be specified per request.

CA-Certificates

A certificate is accepted as CA certificate if at least one of the following conditions is true:

These settings guarantee a maximum interoperability.

Limitations

Usage

First of all the module has to be configured before one can use it.
PKIFactory.getInstance().configure(config_, transactionId);
This configuration must be called every time the configuration changes. Afterwards you can get an pki instance from the PKIFactory
PKIModule pki = PKIFactory.getInstance().getPKIModule(profile);
This pki instance can now be used to validate certificates:
PKIResult result = pki.validateCertificate(date, endEntityCertificate, supplementalCertificates, endEntityKeyUsage, transactionId);