|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.digt.trusted.jce.cert.DIGTPKIXParameters
public class DIGTPKIXParameters
Parameters used as input for the PKIX CertPathValidator algorithm.
A PKIX CertPathValidator
uses these parameters to validate a
CertPath
according to the PKIX certification path validation
algorithm.
To instantiate a PKIXParameters
object, an application must specify
one or more most-trusted CAs as defined by the PKIX certification
path validation algorithm. The most-trusted CAs can be specified
using one of two constructors. An application can call
DIGTPKIXParameters(Set)
, specifying a Set of TrustAnchor
objects, each
of which identify a most-trusted CA. Alternatively, an application
can call DIGTPKIXParameters(KeyStore)
, specifying a KeyStore
instance
containing trusted certificate entries, each of which will be
considered as a most-trusted CA.
Once a PKIXParameters
object has been created, other parameters can
be specified (by calling setInitialPolicies(java.util.Set)
or setDate(java.util.Date)
, for
instance) and then the PKIXParameters
is passed along with the
CertPath
to be validated to CertPathValidator.validate(java.security.cert.CertPath, java.security.cert.CertPathParameters)
.
Any parameter that is not set (or is set to null) will be set to the
default value for that parameter. The default value for the date
parameter is null, which indicates the current time when the path is
validated. The default for the remaining parameters is the least
constrained.
Concurrent Access
Unless otherwise specified, the methods defined in this class are
not thread-safe. Multiple threads that need to access a single
object concurrently should synchronize amongst themselves and
provide the necessary locking. Multiple threads each manipulating
separate objects need not synchronize.
CertPathValidator
Constructor Summary | |
---|---|
DIGTPKIXParameters(java.security.KeyStore keystore)
Creates an instance of PKIXParameters that populates the set of most-trusted CAs from the trusted certificate entries contained in the specified KeyStore. |
|
DIGTPKIXParameters(java.util.Set trustAnchors)
Creates an instance of PKIXParameters with the specified Set of most-trusted CAs. |
Method Summary | |
---|---|
void |
addCertPathChecker(java.security.cert.PKIXCertPathChecker checker)
Adds a PKIXCertPathChecker to the list of certification path checkers. |
void |
addCertStore(CAPICertStore store)
Adds a CAPICertStore to the end of the list of CAPICertStores used in finding certificates and CRLs. |
java.lang.Object |
clone()
Makes a copy of this PKIXParameters object. |
java.util.List |
getCertPathCheckers()
Returns the List of certification path checkers. |
java.util.List |
getCertStores()
Returns an immutable List of CertStores that are used to find certificates and CRLs. |
java.util.Date |
getDate()
Returns the time for which the validity of the certification path should be determined. |
java.util.Set |
getInitialPolicies()
Returns an immutable Set of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing. |
boolean |
getPolicyQualifiersRejected()
Gets the PolicyQualifiersRejected flag. |
java.lang.String |
getSigProvider()
Returns the signature provider's name, or null if not set. |
java.security.cert.CertSelector |
getTargetCertConstraints()
Returns the required constraints on the target certificate. |
java.util.Set |
getTrustAnchors()
Returns an immutable Set of the most-trusted CAs. |
boolean |
isAnyPolicyInhibited()
Checks whether the any policy OID should be processed if it is included in a certificate. |
boolean |
isExplicitPolicyRequired()
Checks if explicit policy is required. |
boolean |
isPolicyMappingInhibited()
Checks if policy mapping is inhibited. |
boolean |
isRevocationEnabled()
Checks the RevocationEnabled flag. |
void |
setAnyPolicyInhibited(boolean val)
Sets state to determine if the any policy OID should be processed if it is included in a certificate. |
void |
setCertPathCheckers(java.util.List checkers)
Sets a List of additional certification path checkers. |
void |
setCertStores(java.util.List stores)
Sets the list of CertStores to be used in finding certificates and CRLs. |
void |
setDate(java.util.Date date)
Sets the time for which the validity of the certification path should be determined. |
void |
setExplicitPolicyRequired(boolean val)
Sets the ExplicitPolicyRequired flag. |
void |
setInitialPolicies(java.util.Set initialPolicies)
Sets the Set of initial policy identifiers (OID strings),
indicating that any one of these policies would be
acceptable to the certificate user for the purposes of
certification path processing. |
void |
setPolicyMappingInhibited(boolean val)
Sets the PolicyMappingInhibited flag. |
void |
setPolicyQualifiersRejected(boolean qualifiersRejected)
Sets the PolicyQualifiersRejected flag. |
void |
setRevocationEnabled(boolean val)
Sets the RevocationEnabled flag. |
void |
setSigProvider(java.lang.String sigProvider)
Sets the signature provider's name. |
void |
setTargetCertConstraints(java.security.cert.CertSelector selector)
Sets the required constraints on the target certificate. |
void |
setTrustAnchors(java.util.Set trustAnchors)
Sets the Set of most-trusted CAs. |
java.lang.String |
toString()
Returns a formatted string describing the parameters. |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public DIGTPKIXParameters(java.util.Set trustAnchors) throws java.security.InvalidAlgorithmParameterException
trustAnchors
- a Set of TrustAnchors
java.security.InvalidAlgorithmParameterException
- if the
specified Set is empty (trustAnchors.isEmpty() == true)
java.lang.NullPointerException
- if the specified Set is null
java.lang.ClassCastException
- if any of the elements in the
Set are not of type
java.security.cert.TrustAnchor
public DIGTPKIXParameters(java.security.KeyStore keystore) throws java.security.KeyStoreException, java.security.InvalidAlgorithmParameterException
keystore
- a KeyStore from which the set of
most-trusted CAs will be populated
java.security.KeyStoreException
- if the keystore has not been
initialized
java.security.InvalidAlgorithmParameterException
- if the keystore
does not contain at least one trusted certificate entry
java.lang.NullPointerException
- if the keystore is nullMethod Detail |
---|
public java.util.Set getTrustAnchors()
Set
of
TrustAnchors
(never null
)setTrustAnchors(java.util.Set)
public void setTrustAnchors(java.util.Set trustAnchors) throws java.security.InvalidAlgorithmParameterException
trustAnchors
- a Set of TrustAnchors
java.security.InvalidAlgorithmParameterException
- if the specified Set is empty (trustAnchors.isEmpty() == true)
java.lang.NullPointerException
- if the specified Set is null
java.lang.ClassCastException
- if any of the elements in
the set are not of type java.security.cert.TrustAnchorgetTrustAnchors()
public java.util.Set getInitialPolicies()
Set
, which is interpreted as meaning that any
policy would be acceptable.
Set
of initial policy
OIDs in String format, or an empty Set
(implying any policy
is acceptable). Never returns null
.setInitialPolicies(java.util.Set)
public void setInitialPolicies(java.util.Set initialPolicies)
Set
of initial policy identifiers (OID strings),
indicating that any one of these policies would be
acceptable to the certificate user for the purposes of
certification path processing. By default, any policy is
acceptable (i.e. all policies), so a user that wants to
allow any policy as acceptable does not need to call this
method, or can call it with an empty Set
(or null
).
initialPolicies
- a Set of initial policy OIDs in String format (or null
)
java.lang.ClassCastException
- if any of the elements in the
set are not of type StringgetInitialPolicies()
public void setCertStores(java.util.List stores)
stores
- a List of CertStores (or null
)
java.lang.ClassCastException
- if any of the elements in the
list are not of type java.security.cert.CertStore
getCertStores()
public void addCertStore(CAPICertStore store)
store
- the CAPICertStore
to add. If
null
public java.util.List getCertStores()
null
)setCertStores(java.util.List)
public void setRevocationEnabled(boolean val)
PKIXParameters
object is created, this flag is set
to true. This setting reflects the most common strategy for checking
revocation, since each service provider must support revocation
checking to be PKIX compliant. Sophisticated applications should set
this flag to false when it is not practical to use a PKIX service
provider's default revocation checking mechanism or when an alternative
revocation checking mechanism is to be substituted (by also calling the
addCertPathChecker
or setCertPathCheckers
methods).
val
- the new value of the RevocationEnabled flagpublic boolean isRevocationEnabled()
public void setExplicitPolicyRequired(boolean val)
val
- true if explicit policy is to be required, false
otherwisepublic boolean isExplicitPolicyRequired()
public void setPolicyMappingInhibited(boolean val)
val
- true if policy mapping is to be inhibited, false otherwisepublic boolean isPolicyMappingInhibited()
public void setAnyPolicyInhibited(boolean val)
isAnyPolicyInhibited()
returns false).
public boolean isAnyPolicyInhibited()
true
if the any policy OID is inhibited, false
otherwisepublic void setPolicyQualifiersRejected(boolean qualifiersRejected)
PKIXParameters
object is created, this flag is set
to true. This setting reflects the most common (and
simplest) strategy for processing policy
qualifiers. Applications that want to use a more
sophisticated policy must set this flag to false.
qualifiersRejected
- the new value of the PolicyQualifiersRejected flaggetPolicyQualifiersRejected()
,
PolicyQualifierInfo
public boolean getPolicyQualifiersRejected()
setPolicyQualifiersRejected(boolean)
public java.util.Date getDate()
null
if not setsetDate(java.util.Date)
public void setDate(java.util.Date date)
date
- the Date, or null
for the current timegetDate()
public void setCertPathCheckers(java.util.List checkers)
List
of additional certification path checkers. If
the specified List contains an object that is not a
PKIXCertPathChecker, it is ignored.PKIXCertPathChecker
specified implements additional
checks on a certificate. Typically, these are checks to
process and verify private extensions contained in
certificates. Each PKIXCertPathChecker
should be
instantiated with any initialization parameters needed to
execute the check.CertPathValidator
or CertPathBuilder
. Each of the
specified PKIXCertPathCheckers will be called, in turn, by
a PKIX CertPathValidator
or CertPathBuilder
for each
certificate processed or validated.CertPathValidator
or CertPathBuilder
must
perform all of the required PKIX checks on each
certificate. The one exception to this rule is if the
RevocationEnabled flag is set to false (see the
setRevocationEnabled
method).
checkers
- a List of PKIXCertPathCheckers. May be
null, in which case no additional checkers will be used.
java.lang.ClassCastException
- if any of the elements in the
list are not of type
java.security.cert.PKIXCertPathChecker
getCertPathCheckers()
public java.util.List getCertPathCheckers()
null
)setCertPathCheckers(java.util.List)
public void addCertPathChecker(java.security.cert.PKIXCertPathChecker checker)
setCertPathCheckers(java.util.List)
method for more
details.PKIXCertPathChecker
is cloned to protect
against subsequent modifications.
checker
- a PKIXCertPathChecker
to add
to the list of checks. If null
, the checker is
ignored (not added to list).public java.lang.String getSigProvider()
null
if not set.
null
)setSigProvider(java.lang.String)
public void setSigProvider(java.lang.String sigProvider)
sigProvider
- the signature provider's name (or null
)getSigProvider()
public java.security.cert.CertSelector getTargetCertConstraints()
null
, no constraints are defined.
null
)public void setTargetCertConstraints(java.security.cert.CertSelector selector)
selector
- a CertSelector specifying the constraints
on the target certificate (or null
)getTargetCertConstraints()
public java.lang.Object clone()
clone
in interface java.security.cert.CertPathParameters
clone
in class java.lang.Object
PKIXParameters
objectpublic java.lang.String toString()
toString
in class java.lang.Object
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |