File Doc Category Size Date Package
PKIXParameters.java API Doc Android 1.5 API 23873 Wed May 06 22:41:06 BST 2009 java.security.cert

PKIXParameters

java.lang.Object

public class PKIXParameters extends Object implements CertPathParameters

This class implements the parameters for the {@code PKIX CertPathValidator}.

The parameters must be created with trusted certificate authorities (trust anchors).

see: CertPathValidator
see: CertPathParameters
since: Android 1.0

Fields Summary
private Set
trustAnchors
private Set
initialPolicies
private List
certStores
private Date
date
private List
certPathCheckers
private String
sigProvider
private CertSelector
targetCertConstraints
private boolean
revocationEnabled
private boolean
explicitPolicyRequired
private boolean
policyMappingInhibited
private boolean
anyPolicyInhibited
private boolean
policyQualifiersRejected
Constructors Summary
public PKIXParameters(Set trustAnchors)
Creates a new {@code PKIXParameters} instance with the specified set of trusted certificate authorities.
param
trustAnchors the trusted CAs.
throws
InvalidAlgorithmParameterException if {@code trustAnchors} is empty.
since
Android 1.0
if (trustAnchors == null) { throw new NullPointerException(Messages.getString("security.6F")); //$NON-NLS-1$ } checkTrustAnchors(trustAnchors); this.trustAnchors = new HashSet<TrustAnchor>(trustAnchors);
public PKIXParameters(KeyStore keyStore)
Creates a new {@code PKIXParameters} instance with the trusted {@code X509Certificate} entries from the specified {@code KeyStore}.
param
keyStore the key store containing trusted certificates.
throws
KeyStoreException if the {@code keyStore} is not initialized.
throws
InvalidAlgorithmParameterException if {@code keyStore} does not contained any trusted certificate entry.
since
Android 1.0
if (keyStore == null) { throw new NullPointerException(Messages.getString("security.41")); //$NON-NLS-1$ } // Will throw KeyStoreException if // keyStore has not been initialized (loaded) if (keyStore.size() == 0) { throw new InvalidAlgorithmParameterException( Messages.getString("security.6A")); //$NON-NLS-1$ } // keyStore is not null and loaded trustAnchors = new HashSet<TrustAnchor>(); for (Enumeration i = keyStore.aliases(); i.hasMoreElements();) { String alias = (String) i.nextElement(); if (keyStore.isCertificateEntry(alias)) { // this is trusted certificate entry // check if it is X509Cerificate Certificate c = keyStore.getCertificate(alias); // add only X509Cerificate // ignore all other types if (c instanceof X509Certificate) { trustAnchors.add(new TrustAnchor((X509Certificate)c, null)); } } } checkTrustAnchors(trustAnchors);
Methods Summary
public void addCertPathChecker(java.security.cert.PKIXCertPathChecker checker)
Adds the specified {@code PKIXCertPathChecker} to the list of certification path checkers.
param
checker the {@code PKIXCertPathChecker} to add, if {@code null}, it will be ignored.
since
Android 1.0
if (checker == null) { // do nothing if null provided return; } if (certPathCheckers == null) { // set to empty List if has not been set yet certPathCheckers = new ArrayList<PKIXCertPathChecker>(); } // add a copy to avoid possible modifications certPathCheckers.add((PKIXCertPathChecker) checker.clone());
public void addCertStore(java.security.cert.CertStore store)
Adds a certificate store to the list of certificate stores that are used to find certificates and CRLs.
param
store the store to add, if {@code null}, it will be ignored.
since
Android 1.0
if (store == null) { // do nothing if null provided return; } if (certStores == null) { // set to empty List if has not been set yet certStores = new ArrayList(); } // add store certStores.add(store);
private void checkTrustAnchors(java.util.Set trustAnchors)
if (trustAnchors.isEmpty()) { throw new InvalidAlgorithmParameterException( Messages.getString("security.6D")); //$NON-NLS-1$ } for (Iterator i = trustAnchors.iterator(); i.hasNext();) { if (!(i.next() instanceof TrustAnchor)) { throw new ClassCastException( Messages.getString("security.6E")); //$NON-NLS-1$ } }
public java.lang.Object clone()
Clones this {@code PKIXParameters} instance.
return
the cloned instance.
since
Android 1.0
try { // do shallow copy first PKIXParameters ret = (PKIXParameters)super.clone(); // copy fields containing references to mutable objects if (this.certStores != null) { ret.certStores = new ArrayList(this.certStores); } if (this.certPathCheckers != null) { ret.certPathCheckers = new ArrayList(this.certPathCheckers); } return ret; } catch (CloneNotSupportedException e) { throw new Error(e); }
public java.util.List getCertPathCheckers()
Returns the list of checkers for the certification path.
The list is unmodifiable and the entries in the list are cloned.
return
the list of checkers for the certification path.
since
Android 1.0
if (certPathCheckers == null) { // set to empty List if has not been set yet certPathCheckers = new ArrayList<PKIXCertPathChecker>(); } if (certPathCheckers.isEmpty()) { // no content - no need to copy, // just return immutable view of the same // empty List each time return Collections.unmodifiableList(certPathCheckers); } // List is not empty - do deep copy ArrayList<PKIXCertPathChecker> modifiableList = new ArrayList<PKIXCertPathChecker>(); for (Iterator<PKIXCertPathChecker> i = certPathCheckers.iterator(); i.hasNext();) { modifiableList.add((PKIXCertPathChecker)i.next().clone()); } return Collections.unmodifiableList(modifiableList);
public java.util.List getCertStores()
Returns the list of certificate stores that are used to find certificates and CRLs.
return
an immutable list of certificate stores.
since
Android 1.0
if (certStores == null) { // set to empty List if has not been set yet certStores = new ArrayList<CertStore>(); } if (certStores.isEmpty()) { // no content - no need to copy, // just return immutable view of the same // empty List each time return Collections.unmodifiableList(certStores); } // List is not empty - do shallow copy ArrayList<CertStore> modifiableList = new ArrayList<CertStore>(certStores); return Collections.unmodifiableList(modifiableList);
public java.util.Date getDate()
Returns the time for which the validation of the certification path should be evaluated.
return
the time for the validation, or {@code null} for the current time.
since
Android 1.0
return date == null ? null : (Date)date.clone();
public java.util.Set getInitialPolicies()
Returns the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.
return
the unmodifiable list of policies, or an empty set if any policy is acceptable.
since
Android 1.0
if (initialPolicies == null) { // set to empty Set if has not been set yet initialPolicies = new HashSet(); } if (initialPolicies.isEmpty()) { // no content - no need to copy, // just return immutable view of the same // empty Set each time return Collections.unmodifiableSet(initialPolicies); } // List is not empty - do shallow copy HashSet modifiableSet = new HashSet(initialPolicies); return Collections.unmodifiableSet(modifiableSet);
public boolean getPolicyQualifiersRejected()
Returns whether certificates are rejected that include policy qualifiers in a certificate policy extension that is marked as critical.
return
{@code true} if the certificates should be rejected, otherwise {@code false}.
since
Android 1.0
return policyQualifiersRejected;
public java.lang.String getSigProvider()
Returns the name of the signature provider.
return
the name of the signature provider, or {@code null} if none is set.
since
Android 1.0
return sigProvider;
public java.security.cert.CertSelector getTargetCertConstraints()
Returns the constraints that are required for the target certificate.
return
the constraints for the target certificate, or {@code null} if none are set.
since
Android 1.0
return (targetCertConstraints == null ? null :(CertSelector)targetCertConstraints.clone());
public java.util.Set getTrustAnchors()
Returns a unmodifiable set of the trusted certificate authorities.
return
a unmodifiable set of the trusted certificate authorities.
since
Android 1.0
return Collections.unmodifiableSet(trustAnchors);
public boolean isAnyPolicyInhibited()
Returns whether the any policy OID will be inhibited if it's included in a certificate.
return
{@code true} if the any policy OID will be inhibited, otherwise {@code false}.
since
Android 1.0
return anyPolicyInhibited;
public boolean isExplicitPolicyRequired()
Returns whether an acceptable policy needs to be explicit identified in every certificate.
return
{@code true} if an explicit policy is required, otherwise {@code false}.
since
Android 1.0
return explicitPolicyRequired;
public boolean isPolicyMappingInhibited()
Returns whether policy mapping is inhibited.
return
{@code true} if policy mapping is inhibited, otherwise {@code false}.
since
Android 1.0
return policyMappingInhibited;
public boolean isRevocationEnabled()
Returns whether the default revocation checking mechanism of the underlying service provider is used.
return
{@code true} if the default revocation checking mechanism is used, otherwise {@code false}.
since
Android 1.0
return revocationEnabled;
public void setAnyPolicyInhibited(boolean anyPolicyInhibited)
Sets whether the any policy OID should be inhibited if it's included in a certificate.
param
anyPolicyInhibited {@code true} if the any policy OID should be inhibited, otherwise {@code false}.
since
Android 1.0
this.anyPolicyInhibited = anyPolicyInhibited;
public void setCertPathCheckers(java.util.List certPathCheckers)
Sets the list of checkers for the certification path.
The list is copied and the entries are cloned.
param
certPathCheckers the list of checkers for the certification path, or {@code null} to clear the checkers.
since
Android 1.0
if (certPathCheckers == null || certPathCheckers.isEmpty()) { // empty list or null provided if (this.certPathCheckers != null && !this.certPathCheckers.isEmpty()) { // discard non-empty list this.certPathCheckers = null; } return; } // non-empty list provided - do deep copy this.certPathCheckers = new ArrayList<PKIXCertPathChecker>(); for (Iterator<PKIXCertPathChecker> i = certPathCheckers.iterator(); i.hasNext();) { this.certPathCheckers.add((PKIXCertPathChecker)i.next().clone()); }
public void setCertStores(java.util.List certStores)
Set the list of certificate stores that are used to find certificates and CRLs.
param
certStores the list of certificate stores.
since
Android 1.0
if (certStores == null || certStores.isEmpty()) { // empty list or null provided if (this.certStores != null && !this.certStores.isEmpty()) { // discard non-empty list this.certStores = null; } return; } // non-empty list provided - do shallow copy this.certStores = new ArrayList(certStores); // check that all elements are CertStore for (Iterator i = this.certStores.iterator(); i.hasNext();) { if (!(i.next() instanceof CertStore)) { throw new ClassCastException(Messages.getString("security.6B")); //$NON-NLS-1$ } }
public void setDate(java.util.Date date)
Sets the time for which the validation of the certification path sould be evaluated.
param
date the time for the validation, or {@code null} for the current time.
since
Android 1.0
this.date = (date == null ? null : new Date(date.getTime()));
public void setExplicitPolicyRequired(boolean explicitPolicyRequired)
Sets whether an an acceptable policy needs to be explicit identified in every certificate.
param
explicitPolicyRequired {@code true} if an explicit policy is required, otherwise {@code false}.
since
Android 1.0
this.explicitPolicyRequired = explicitPolicyRequired;
public void setInitialPolicies(java.util.Set initialPolicies)
Sets the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.
param
initialPolicies the list of policies, or an empty set or {@code null} if any policy is acceptable.
since
Android 1.0
if (initialPolicies == null || initialPolicies.isEmpty()) { // empty list or null provided if (this.initialPolicies != null && !this.initialPolicies.isEmpty()) { // discard non-empty list this.initialPolicies = null; } return; } // non-empty list provided - do shallow copy this.initialPolicies = new HashSet(initialPolicies); // check that all elements are String for (Iterator i = this.initialPolicies.iterator(); i.hasNext();) { if (!(i.next() instanceof String)) { throw new ClassCastException(Messages.getString("security.6C")); //$NON-NLS-1$ } }
public void setPolicyMappingInhibited(boolean policyMappingInhibited)
Sets whether policy mapping is to be inhibited.
param
policyMappingInhibited {@code true} if policy mapping is to be inhibited, otherwise {@code false}.
since
Android 1.0
this.policyMappingInhibited = policyMappingInhibited;
public void setPolicyQualifiersRejected(boolean policyQualifiersRejected)
Sets whether certificates should be rejected that include policy qualifiers in a certificate policy extension that is marked as critical.
param
policyQualifiersRejected {@code true} if the certificates should be rejected, otherwise {@code false}.
since
Android 1.0
this.policyQualifiersRejected = policyQualifiersRejected;
public void setRevocationEnabled(boolean revocationEnabled)
Sets whether the default revocation checking mechanism of the underlying service provider should be used.
param
revocationEnabled {@code true} id the default revocation checking mechanism should be used, otherwise {@code false}.
since
Android 1.0
this.revocationEnabled = revocationEnabled;
public void setSigProvider(java.lang.String sigProvider)
Sets the name of the preferred signature provider.
If set, the specified provider will be preferred for creating signatures. If not set, the first provider found supporting creation of signatures will be used.
param
sigProvider the name of the preferred signature provider, or {@code null} if none is preferred.
since
Android 1.0
this.sigProvider = sigProvider;
public void setTargetCertConstraints(java.security.cert.CertSelector targetCertConstraints)
Sets the constraints that are required for the target certificate.
param
targetCertConstraints the constraints for the target certificate, or {@code null} if none should be used.
since
Android 1.0
this.targetCertConstraints = (targetCertConstraints == null ? null : (CertSelector)targetCertConstraints.clone());
public void setTrustAnchors(java.util.Set trustAnchors)
Sets the set of trusted certificate authorities.
param
trustAnchors the set of trusted certificate authorities.
throws
InvalidAlgorithmParameterException if {@code trustAnchors} is empty.
since
Android 1.0
if (trustAnchors == null) { throw new NullPointerException( Messages.getString("security.6F")); //$NON-NLS-1$ } checkTrustAnchors(trustAnchors); // make shallow copy this.trustAnchors = new HashSet<TrustAnchor>(trustAnchors);
public java.lang.String toString()
Returns a string representation of this {@code PKIXParameters} instance.
return
a string representation of this {@code PKIXParameters} instance.
since
Android 1.0
StringBuffer sb = new StringBuffer("[\n Trust Anchors: "); //$NON-NLS-1$ sb.append(trustAnchors); sb.append("\n Revocation Enabled: "); //$NON-NLS-1$ sb.append(revocationEnabled); sb.append("\n Explicit Policy Required: "); //$NON-NLS-1$ sb.append(explicitPolicyRequired); sb.append("\n Policy Mapping Inhibited: "); //$NON-NLS-1$ sb.append(policyMappingInhibited); sb.append("\n Any Policy Inhibited: "); //$NON-NLS-1$ sb.append(anyPolicyInhibited); sb.append("\n Policy Qualifiers Rejected: "); //$NON-NLS-1$ sb.append(policyQualifiersRejected); sb.append("\n Initial Policy OIDs: "); //$NON-NLS-1$ sb.append((initialPolicies == null || initialPolicies.isEmpty()) ? "any" : initialPolicies.toString()); //$NON-NLS-1$ sb.append("\n Cert Stores: "); //$NON-NLS-1$ sb.append((certStores==null||certStores.isEmpty())? "no":certStores.toString()); //$NON-NLS-1$ sb.append("\n Validity Date: "); //$NON-NLS-1$ sb.append(date); sb.append("\n Cert Path Checkers: "); //$NON-NLS-1$ sb.append((certPathCheckers==null||certPathCheckers.isEmpty())? "no":certPathCheckers.toString()); //$NON-NLS-1$ sb.append("\n Signature Provider: "); //$NON-NLS-1$ sb.append(sigProvider); sb.append("\n Target Certificate Constraints: "); //$NON-NLS-1$ sb.append(targetCertConstraints); sb.append("\n]"); //$NON-NLS-1$ return sb.toString();