|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.digt.trusted.jce.cert.DIGTPKIXParameters
com.digt.trusted.jce.cert.DIGTPKIXBuilderParameters
public class DIGTPKIXBuilderParameters
Parameters used as input for the PKIX CertPathBuilder
algorithm.
A PKIX CertPathBuilder
uses these parameters to build
a CertPath
which has been
validated according to the PKIX certification path validation algorithm.
To instantiate a PKIXBuilderParameters
object, an
application must specify one or more most-trusted CAs as defined by
the PKIX certification path validation algorithm. The most-trusted CA
can be specified using one of two constructors. An application
can call PKIXBuilderParameters(Set, CertSelector)
, specifying a
Set
of TrustAnchor
objects, each of which
identifies a most-trusted CA. Alternatively, an application can call
PKIXBuilderParameters(KeyStore, CertSelector)
, specifying a
KeyStore
instance containing trusted certificate entries, each
of which will be considered as a most-trusted CA.
In addition, an application must specify constraints on the target
certificate that the CertPathBuilder
will attempt
to build a path to. The constraints are specified as a
CertSelector
object. These constraints should provide the
CertPathBuilder
with enough search criteria to find the target
certificate. Minimal criteria for an X509Certificate
usually
include the subject name and/or one or more subject alternative names.
If enough criteria is not specified, the CertPathBuilder
may throw a CertPathBuilderException
.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not
thread-safe. Multiple threads that need to access a single
object concurrently should synchronize amongst themselves and
provide the necessary locking. Multiple threads each manipulating
separate objects need not synchronize.
CertPathBuilder
Constructor Summary | |
---|---|
DIGTPKIXBuilderParameters(java.security.KeyStore keystore,
java.security.cert.CertSelector targetConstraints)
Creates an instance of PKIXBuilderParameters that
populates the set of most-trusted CAs from the trusted
certificate entries contained in the specified KeyStore . |
|
DIGTPKIXBuilderParameters(java.util.Set trustAnchors,
java.security.cert.CertSelector targetConstraints)
Creates an instance of PKIXBuilderParameters with
the specified Set of most-trusted CAs. |
Method Summary | |
---|---|
int |
getMaxPathLength()
Returns the value of the maximum number of intermediate non-self-issued certificates that may exist in a certification path. |
void |
setMaxPathLength(int maxPathLength)
Sets the value of the maximum number of non-self-issued intermediate certificates that may exist in a certification path. |
java.lang.String |
toString()
Returns a formatted string describing the parameters. |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public DIGTPKIXBuilderParameters(java.util.Set trustAnchors, java.security.cert.CertSelector targetConstraints) throws java.security.InvalidAlgorithmParameterException
PKIXBuilderParameters
with
the specified Set
of most-trusted CAs.
Each element of the set is a TrustAnchor
.Set
is copied to protect against
subsequent modifications.
trustAnchors
- a Set
of TrustAnchor
stargetConstraints
- a CertSelector
specifying the
constraints on the target certificate
java.security.InvalidAlgorithmParameterException
- if trustAnchors
is empty (trustAnchors.isEmpty() == true)
java.lang.NullPointerException
- if trustAnchors
is
null
java.lang.ClassCastException
- if any of the elements of
trustAnchors
are not of type
java.security.cert.TrustAnchor
public DIGTPKIXBuilderParameters(java.security.KeyStore keystore, java.security.cert.CertSelector targetConstraints) throws java.security.KeyStoreException, java.security.InvalidAlgorithmParameterException
PKIXBuilderParameters
that
populates the set of most-trusted CAs from the trusted
certificate entries contained in the specified KeyStore
.
Only keystore entries that contain trusted X509Certificate
s
are considered; all other certificate types are ignored.
keystore
- a KeyStore
from which the set of
most-trusted CAs will be populatedtargetConstraints
- a CertSelector
specifying the
constraints on the target certificate
java.security.KeyStoreException
- if keystore
has not been
initialized
java.security.InvalidAlgorithmParameterException
- if keystore
does
not contain at least one trusted certificate entry
java.lang.NullPointerException
- if keystore
is
null
Method Detail |
---|
public void setMaxPathLength(int maxPathLength)
CertPathBuilder
instance must not build
paths longer than the length specified.BasicConstraintsExtension
, the value of the
pathLenConstraint
field of the extension overrides
the maximum path length parameter whenever the result is a
certification path of smaller length.
maxPathLength
- the maximum number of non-self-issued intermediate
certificates that may exist in a certification path
java.security.InvalidParameterException
- if maxPathLength
is set
to a value less than -1getMaxPathLength()
public int getMaxPathLength()
setMaxPathLength(int)
method for more details.
setMaxPathLength(int)
public java.lang.String toString()
toString
in class DIGTPKIXParameters
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |