Public key infrastructure (PKI) supports a number of security measures including data security, company confidentiality, and entity authentication. The PKI services relate to the proper use of public/private key pairs. The Public component of the key pair is issued in the form of a public key certificate and associated with appropriate to cryptographic algorithms is used to verify digital signature, encrypt data or the like.
Before a certificate can be used, it must be validated. In order to validate a certificate, a chain of certificates or certification path between the certificate and an established point of trust must be established, and every certificate in the path must be checked. This process is referred to as certification path processing.
Certification path processing includes path construction or certificate lookup, and path validation. Path construction includes building one or more candidate certification paths. Path validation includes making sure that each certificate in the path is within the established validity period, hasn't been revoked and has integrity. An example of a certificate chain is the X.509 certificate chain. Typically, the certificate chain includes a root certificate signed by itself, the next certificate signed by the root certificate and so on until the final certificate signed by the next to the last certificate.
A Java Application Programming Interface (API) for implementing lookup and validation of X.509 certificate chains is the CertPath API which is a part of the Java Development Kit (JDK) available from Sun Microsystems of Santa Clara, Calif.