FileDocCategorySizeDatePackage
PKIXParameters.javaAPI DocAndroid 1.5 API23873Wed May 06 22:41:06 BST 2009java.security.cert

PKIXParameters

public class PKIXParameters extends Object implements CertPathParameters
This class implements the parameters for the {@code PKIX CertPathValidator}.

The parameters must be created with trusted certificate authorities (trust anchors).

see
CertPathValidator
see
CertPathParameters
since
Android 1.0

Fields Summary
private Set
trustAnchors
private Set
initialPolicies
private List
certStores
private Date
date
private List
certPathCheckers
private String
sigProvider
private CertSelector
targetCertConstraints
private boolean
revocationEnabled
private boolean
explicitPolicyRequired
private boolean
policyMappingInhibited
private boolean
anyPolicyInhibited
private boolean
policyQualifiersRejected
Constructors Summary
public PKIXParameters(Set trustAnchors)
Creates a new {@code PKIXParameters} instance with the specified set of trusted certificate authorities.

param
trustAnchors the trusted CAs.
throws
InvalidAlgorithmParameterException if {@code trustAnchors} is empty.
since
Android 1.0


                                                              
      
          
        if (trustAnchors == null) {
            throw new NullPointerException(Messages.getString("security.6F")); //$NON-NLS-1$
        }
        checkTrustAnchors(trustAnchors);
        this.trustAnchors = new HashSet<TrustAnchor>(trustAnchors);
    
public PKIXParameters(KeyStore keyStore)
Creates a new {@code PKIXParameters} instance with the trusted {@code X509Certificate} entries from the specified {@code KeyStore}.

param
keyStore the key store containing trusted certificates.
throws
KeyStoreException if the {@code keyStore} is not initialized.
throws
InvalidAlgorithmParameterException if {@code keyStore} does not contained any trusted certificate entry.
since
Android 1.0

        if (keyStore == null) {
            throw new NullPointerException(Messages.getString("security.41")); //$NON-NLS-1$
        }
        // Will throw KeyStoreException if
        // keyStore has not been initialized (loaded)
        if (keyStore.size() == 0) {
            throw new InvalidAlgorithmParameterException(
                    Messages.getString("security.6A")); //$NON-NLS-1$
        }
        // keyStore is not null and loaded
        trustAnchors = new HashSet<TrustAnchor>();
        for (Enumeration i = keyStore.aliases(); i.hasMoreElements();) {
            String alias = (String) i.nextElement();
            if (keyStore.isCertificateEntry(alias)) {
                // this is trusted certificate entry
                // check if it is X509Cerificate
                Certificate c = keyStore.getCertificate(alias);
                // add only X509Cerificate
                // ignore all other types
                if (c instanceof X509Certificate) {
                    trustAnchors.add(new TrustAnchor((X509Certificate)c, null));
                }
            }
        }
        checkTrustAnchors(trustAnchors);
    
Methods Summary
public voidaddCertPathChecker(java.security.cert.PKIXCertPathChecker checker)
Adds the specified {@code PKIXCertPathChecker} to the list of certification path checkers.

param
checker the {@code PKIXCertPathChecker} to add, if {@code null}, it will be ignored.
since
Android 1.0

        if (checker == null) {
            // do nothing if null provided
            return;
        }
        if (certPathCheckers == null) {
            // set to empty List if has not been set yet
            certPathCheckers = new ArrayList<PKIXCertPathChecker>();
        }
        // add a copy to avoid possible modifications
        certPathCheckers.add((PKIXCertPathChecker) checker.clone());
    
public voidaddCertStore(java.security.cert.CertStore store)
Adds a certificate store to the list of certificate stores that are used to find certificates and CRLs.

param
store the store to add, if {@code null}, it will be ignored.
since
Android 1.0

        if (store == null) {
            // do nothing if null provided
            return;
        }
        if (certStores == null) {
            // set to empty List if has not been set yet
            certStores = new ArrayList();
        }
        // add store
        certStores.add(store);
    
private voidcheckTrustAnchors(java.util.Set trustAnchors)

        if (trustAnchors.isEmpty()) {
            throw new InvalidAlgorithmParameterException(
                    Messages.getString("security.6D")); //$NON-NLS-1$
        }
        for (Iterator i = trustAnchors.iterator(); i.hasNext();) {
            if (!(i.next() instanceof TrustAnchor)) {
                throw new ClassCastException(
             Messages.getString("security.6E")); //$NON-NLS-1$
            }
        }
    
public java.lang.Objectclone()
Clones this {@code PKIXParameters} instance.

return
the cloned instance.
since
Android 1.0

        try {
            // do shallow copy first
            PKIXParameters ret = (PKIXParameters)super.clone();
            // copy fields containing references to mutable objects
            if (this.certStores != null) {
                ret.certStores = new ArrayList(this.certStores);
            }
            if (this.certPathCheckers != null) {
                ret.certPathCheckers = new ArrayList(this.certPathCheckers);
            }
            return ret;
        } catch (CloneNotSupportedException e) {
            throw new Error(e);
        }
    
public java.util.ListgetCertPathCheckers()
Returns the list of checkers for the certification path.

The list is unmodifiable and the entries in the list are cloned.

return
the list of checkers for the certification path.
since
Android 1.0

        if (certPathCheckers == null) {
            // set to empty List if has not been set yet
            certPathCheckers = new ArrayList<PKIXCertPathChecker>();
        }
        if (certPathCheckers.isEmpty()) {
            // no content - no need to copy,
            // just return immutable view of the same
            // empty List each time
            return Collections.unmodifiableList(certPathCheckers);
        }
        // List is not empty - do deep copy
        ArrayList<PKIXCertPathChecker> modifiableList = 
            new ArrayList<PKIXCertPathChecker>();
        for (Iterator<PKIXCertPathChecker> i 
                = certPathCheckers.iterator(); i.hasNext();) {
            modifiableList.add((PKIXCertPathChecker)i.next().clone());
        }
        return Collections.unmodifiableList(modifiableList);
    
public java.util.ListgetCertStores()
Returns the list of certificate stores that are used to find certificates and CRLs.

return
an immutable list of certificate stores.
since
Android 1.0

        if (certStores == null) {
            // set to empty List if has not been set yet
            certStores = new ArrayList<CertStore>();
        }
        if (certStores.isEmpty()) {
            // no content - no need to copy,
            // just return immutable view of the same
            // empty List each time
            return Collections.unmodifiableList(certStores);
        }
        // List is not empty - do shallow copy
        ArrayList<CertStore> modifiableList 
            = new ArrayList<CertStore>(certStores);
        return Collections.unmodifiableList(modifiableList);
    
public java.util.DategetDate()
Returns the time for which the validation of the certification path should be evaluated.

return
the time for the validation, or {@code null} for the current time.
since
Android 1.0

        return date == null ? null : (Date)date.clone();
    
public java.util.SetgetInitialPolicies()
Returns the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.

return
the unmodifiable list of policies, or an empty set if any policy is acceptable.
since
Android 1.0

        if (initialPolicies == null) {
            // set to empty Set if has not been set yet
            initialPolicies = new HashSet();
        }
        if (initialPolicies.isEmpty()) {
            // no content - no need to copy,
            // just return immutable view of the same
            // empty Set each time
            return Collections.unmodifiableSet(initialPolicies);
        }
        // List is not empty - do shallow copy
        HashSet modifiableSet = new HashSet(initialPolicies);
        return Collections.unmodifiableSet(modifiableSet);
    
public booleangetPolicyQualifiersRejected()
Returns whether certificates are rejected that include policy qualifiers in a certificate policy extension that is marked as critical.

return
{@code true} if the certificates should be rejected, otherwise {@code false}.
since
Android 1.0

        return policyQualifiersRejected;
    
public java.lang.StringgetSigProvider()
Returns the name of the signature provider.

return
the name of the signature provider, or {@code null} if none is set.
since
Android 1.0

        return sigProvider;
    
public java.security.cert.CertSelectorgetTargetCertConstraints()
Returns the constraints that are required for the target certificate.

return
the constraints for the target certificate, or {@code null} if none are set.
since
Android 1.0

        return (targetCertConstraints == null ? null
                :(CertSelector)targetCertConstraints.clone());
    
public java.util.SetgetTrustAnchors()
Returns a unmodifiable set of the trusted certificate authorities.

return
a unmodifiable set of the trusted certificate authorities.
since
Android 1.0

        return Collections.unmodifiableSet(trustAnchors);
    
public booleanisAnyPolicyInhibited()
Returns whether the any policy OID will be inhibited if it's included in a certificate.

return
{@code true} if the any policy OID will be inhibited, otherwise {@code false}.
since
Android 1.0

        return anyPolicyInhibited;
    
public booleanisExplicitPolicyRequired()
Returns whether an acceptable policy needs to be explicit identified in every certificate.

return
{@code true} if an explicit policy is required, otherwise {@code false}.
since
Android 1.0

        return explicitPolicyRequired;
    
public booleanisPolicyMappingInhibited()
Returns whether policy mapping is inhibited.

return
{@code true} if policy mapping is inhibited, otherwise {@code false}.
since
Android 1.0

        return policyMappingInhibited;
    
public booleanisRevocationEnabled()
Returns whether the default revocation checking mechanism of the underlying service provider is used.

return
{@code true} if the default revocation checking mechanism is used, otherwise {@code false}.
since
Android 1.0

        return revocationEnabled;
    
public voidsetAnyPolicyInhibited(boolean anyPolicyInhibited)
Sets whether the any policy OID should be inhibited if it's included in a certificate.

param
anyPolicyInhibited {@code true} if the any policy OID should be inhibited, otherwise {@code false}.
since
Android 1.0

        this.anyPolicyInhibited = anyPolicyInhibited;
    
public voidsetCertPathCheckers(java.util.List certPathCheckers)
Sets the list of checkers for the certification path.

The list is copied and the entries are cloned.

param
certPathCheckers the list of checkers for the certification path, or {@code null} to clear the checkers.
since
Android 1.0

        if (certPathCheckers == null || certPathCheckers.isEmpty()) {
            // empty list or null provided
            if (this.certPathCheckers != null &&
               !this.certPathCheckers.isEmpty()) {
                // discard non-empty list
                this.certPathCheckers = null;
            }
            return;
        }
        // non-empty list provided - do deep copy
        this.certPathCheckers = new ArrayList<PKIXCertPathChecker>();
        for (Iterator<PKIXCertPathChecker> i 
                = certPathCheckers.iterator(); i.hasNext();) {
            this.certPathCheckers.add((PKIXCertPathChecker)i.next().clone());
        }
    
public voidsetCertStores(java.util.List certStores)
Set the list of certificate stores that are used to find certificates and CRLs.

param
certStores the list of certificate stores.
since
Android 1.0

        if (certStores == null || certStores.isEmpty()) {
            // empty list or null provided
            if (this.certStores != null && !this.certStores.isEmpty()) {
                // discard non-empty list
                this.certStores = null;
            }
            return;
        }
        // non-empty list provided - do shallow copy
        this.certStores = new ArrayList(certStores);
        // check that all elements are CertStore
        for (Iterator i = this.certStores.iterator(); i.hasNext();) {
            if (!(i.next() instanceof CertStore)) {
                throw new ClassCastException(Messages.getString("security.6B")); //$NON-NLS-1$
            }
        }
    
public voidsetDate(java.util.Date date)
Sets the time for which the validation of the certification path sould be evaluated.

param
date the time for the validation, or {@code null} for the current time.
since
Android 1.0

        this.date = (date == null ? null : new Date(date.getTime()));
    
public voidsetExplicitPolicyRequired(boolean explicitPolicyRequired)
Sets whether an an acceptable policy needs to be explicit identified in every certificate.

param
explicitPolicyRequired {@code true} if an explicit policy is required, otherwise {@code false}.
since
Android 1.0

        this.explicitPolicyRequired = explicitPolicyRequired;
    
public voidsetInitialPolicies(java.util.Set initialPolicies)
Sets the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.

param
initialPolicies the list of policies, or an empty set or {@code null} if any policy is acceptable.
since
Android 1.0

        if (initialPolicies == null || initialPolicies.isEmpty()) {
            // empty list or null provided
            if (this.initialPolicies != null &&
               !this.initialPolicies.isEmpty()) {
                // discard non-empty list
                this.initialPolicies = null;
            }
            return;
        }
        // non-empty list provided - do shallow copy
        this.initialPolicies = new HashSet(initialPolicies);
        // check that all elements are String
        for (Iterator i = this.initialPolicies.iterator(); i.hasNext();) {
            if (!(i.next() instanceof String)) {
                throw new ClassCastException(Messages.getString("security.6C")); //$NON-NLS-1$
            }
        }
    
public voidsetPolicyMappingInhibited(boolean policyMappingInhibited)
Sets whether policy mapping is to be inhibited.

param
policyMappingInhibited {@code true} if policy mapping is to be inhibited, otherwise {@code false}.
since
Android 1.0

        this.policyMappingInhibited = policyMappingInhibited;
    
public voidsetPolicyQualifiersRejected(boolean policyQualifiersRejected)
Sets whether certificates should be rejected that include policy qualifiers in a certificate policy extension that is marked as critical.

param
policyQualifiersRejected {@code true} if the certificates should be rejected, otherwise {@code false}.
since
Android 1.0

        this.policyQualifiersRejected = policyQualifiersRejected;
    
public voidsetRevocationEnabled(boolean revocationEnabled)
Sets whether the default revocation checking mechanism of the underlying service provider should be used.

param
revocationEnabled {@code true} id the default revocation checking mechanism should be used, otherwise {@code false}.
since
Android 1.0

        this.revocationEnabled = revocationEnabled;
    
public voidsetSigProvider(java.lang.String sigProvider)
Sets the name of the preferred signature provider.

If set, the specified provider will be preferred for creating signatures. If not set, the first provider found supporting creation of signatures will be used.

param
sigProvider the name of the preferred signature provider, or {@code null} if none is preferred.
since
Android 1.0

        this.sigProvider = sigProvider;
    
public voidsetTargetCertConstraints(java.security.cert.CertSelector targetCertConstraints)
Sets the constraints that are required for the target certificate.

param
targetCertConstraints the constraints for the target certificate, or {@code null} if none should be used.
since
Android 1.0

        this.targetCertConstraints = (targetCertConstraints == null ? null
                : (CertSelector)targetCertConstraints.clone());
    
public voidsetTrustAnchors(java.util.Set trustAnchors)
Sets the set of trusted certificate authorities.

param
trustAnchors the set of trusted certificate authorities.
throws
InvalidAlgorithmParameterException if {@code trustAnchors} is empty.
since
Android 1.0

        if (trustAnchors == null) {
            throw new NullPointerException(
                    Messages.getString("security.6F")); //$NON-NLS-1$
        }
        checkTrustAnchors(trustAnchors);
        // make shallow copy
        this.trustAnchors = new HashSet<TrustAnchor>(trustAnchors);
    
public java.lang.StringtoString()
Returns a string representation of this {@code PKIXParameters} instance.

return
a string representation of this {@code PKIXParameters} instance.
since
Android 1.0

        StringBuffer sb =
            new StringBuffer("[\n Trust Anchors: "); //$NON-NLS-1$
        sb.append(trustAnchors);
        sb.append("\n Revocation Enabled: "); //$NON-NLS-1$
        sb.append(revocationEnabled);
        sb.append("\n Explicit Policy Required: "); //$NON-NLS-1$
        sb.append(explicitPolicyRequired);
        sb.append("\n Policy Mapping Inhibited: "); //$NON-NLS-1$
        sb.append(policyMappingInhibited);
        sb.append("\n Any Policy Inhibited: "); //$NON-NLS-1$
        sb.append(anyPolicyInhibited);
        sb.append("\n Policy Qualifiers Rejected: "); //$NON-NLS-1$
        sb.append(policyQualifiersRejected);
        sb.append("\n Initial Policy OIDs: "); //$NON-NLS-1$
        sb.append((initialPolicies == null || initialPolicies.isEmpty())
                ? "any" : initialPolicies.toString()); //$NON-NLS-1$
        sb.append("\n Cert Stores: "); //$NON-NLS-1$
        sb.append((certStores==null||certStores.isEmpty())?
                "no":certStores.toString()); //$NON-NLS-1$
        sb.append("\n Validity Date: "); //$NON-NLS-1$
        sb.append(date);
        sb.append("\n Cert Path Checkers: "); //$NON-NLS-1$
        sb.append((certPathCheckers==null||certPathCheckers.isEmpty())?
                "no":certPathCheckers.toString()); //$NON-NLS-1$
        sb.append("\n Signature Provider: "); //$NON-NLS-1$
        sb.append(sigProvider);
        sb.append("\n Target Certificate Constraints: "); //$NON-NLS-1$
        sb.append(targetCertConstraints);
        sb.append("\n]"); //$NON-NLS-1$
        return sb.toString();