I needed to perform chain validation and revocation checking for the given X509 certificate. So I went through this guide , and also explored the JavaDoc for CertPathValidator and CertPathBuilder APIs as well as examples in github repositories.
After all, I am kind of confused as I can not see clear difference between CertPathValidator
and CertPathBuilder
classes. Java doc says:
CertPathValidator
A class for validating certification paths (also known as certificate chains)
CertPathBuilder
A class for building certification paths (also known as certificate chains).
Both classes support revocation checking and almost same methods. So my question in which cases should each class be used and what is validating certificate versus building?
Use CertPathValidator
when you have an array/list/etc of certificates and you want to check that they're a certification path.
Use CertPathBuilder
when you don't have an array/list/etc likely to be a certification path, but apart from the certificate you want to verify, you also have:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.