4

I needed to perform chain validation and revocation checking for the given X509 certificate. So I went through this guide, and also explored the JavaDoc for CertPathValidator and CertPathBuilder APIs as well as examples in github repositories.

After all, I am kind of confused as I can not see clear difference between CertPathValidator and CertPathBuilder classes. Java doc says:

CertPathValidator

A class for validating certification paths (also known as certificate chains)

CertPathBuilder

A class for building certification paths (also known as certificate chains).

Both classes support revocation checking and almost same methods. So my question in which cases should each class be used and what is validating certificate versus building?

Community
  • 1
  • 1
CoderGirl
  • 61
  • 1
  • 4

1 Answers1

1

Use CertPathValidator when you have an array/list/etc of certificates and you want to check that they're a certification path.

Use CertPathBuilder when you don't have an array/list/etc likely to be a certification path, but apart from the certificate you want to verify, you also have:

  • A set of zero or more intermediate certificates. Some of which may not be part of the path.
  • A set of one or more trusted certificates.
Gus
  • 1,132
  • 13
  • 21