| Methods Summary |
|---|
| public void | addCertPathChecker(java.security.cert.PKIXCertPathChecker checker)Adds a PKIXCertPathChecker to the list of certification
path checkers. See the {@link #setCertPathCheckers setCertPathCheckers}
method for more details.
Note that the PKIXCertPathChecker is cloned to protect
against subsequent modifications.
if (checker != null) {
certPathCheckers.add((PKIXCertPathChecker)checker.clone());
}
|
| public void | addCertStore(java.security.cert.CertStore store)Adds a CertStore to the end of the list of
CertStores used in finding certificates and CRLs.
if (store != null) {
this.certStores.add(store);
}
|
| public java.lang.Object | clone()Makes a copy of this PKIXParameters object. Changes
to the copy will not affect the original and vice versa.
try {
Object copy = super.clone();
// Must clone these because addCertStore, et al. modify them
if (certStores != null) {
certStores = new ArrayList<CertStore>(certStores);
}
if (certPathCheckers != null) {
certPathCheckers =
new ArrayList<PKIXCertPathChecker>(certPathCheckers);
}
return copy;
} catch (CloneNotSupportedException e) {
/* Cannot happen */
throw new InternalError(e.toString());
}
|
| public java.util.List | getCertPathCheckers()Returns the List of certification path checkers.
The returned List is immutable, and each
PKIXCertPathChecker in the List is cloned
to protect against subsequent modifications.
List<PKIXCertPathChecker> tmpList = new ArrayList<PKIXCertPathChecker>();
for (PKIXCertPathChecker ck : certPathCheckers) {
tmpList.add((PKIXCertPathChecker)ck.clone());
}
return Collections.unmodifiableList(tmpList);
|
| public java.util.List | getCertStores()Returns an immutable List of CertStores that
are used to find certificates and CRLs.
return Collections.unmodifiableList
(new ArrayList<CertStore>(this.certStores));
|
| public java.util.Date | getDate()Returns the time for which the validity of the certification path
should be determined. If null, the current time is used.
Note that the Date returned is copied to protect against
subsequent modifications.
if (date == null)
return null;
else
return (Date) this.date.clone();
|
| public java.util.Set | getInitialPolicies()Returns an immutable Set of initial
policy identifiers (OID strings), indicating that any one of these
policies would be acceptable to the certificate user for the purposes of
certification path processing. The default return value is an empty
Set, which is interpreted as meaning that any policy would
be acceptable.
return this.unmodInitialPolicies;
|
| public boolean | getPolicyQualifiersRejected()Gets the PolicyQualifiersRejected flag. If this flag is true,
certificates that include policy qualifiers in a certificate policies
extension that is marked critical are rejected.
If the flag is false, certificates are not rejected on this basis.
When a PKIXParameters object is created, this flag is
set to true. This setting reflects the most common (and simplest)
strategy for processing policy qualifiers. Applications that want to use
a more sophisticated policy must set this flag to false.
return policyQualifiersRejected;
|
| public java.lang.String | getSigProvider()Returns the signature provider's name, or null
if not set.
return this.sigProvider;
|
| public java.security.cert.CertSelector | getTargetCertConstraints()Returns the required constraints on the target certificate.
The constraints are returned as an instance of CertSelector.
If null, no constraints are defined.
Note that the CertSelector returned is cloned
to protect against subsequent modifications.
if (certSelector != null) {
return (CertSelector) certSelector.clone();
} else {
return null;
}
|
| public java.util.Set | getTrustAnchors()Returns an immutable Set of the most-trusted
CAs.
return this.unmodTrustAnchors;
|
| public boolean | isAnyPolicyInhibited()Checks whether the any policy OID should be processed if it
is included in a certificate.
return anyPolicyInhibited;
|
| public boolean | isExplicitPolicyRequired()Checks if explicit policy is required. If this flag is true, an
acceptable policy needs to be explicitly identified in every certificate.
By default, the ExplicitPolicyRequired flag is false.
return explicitPolicyRequired;
|
| public boolean | isPolicyMappingInhibited()Checks if policy mapping is inhibited. If this flag is true, policy
mapping is inhibited. By default, policy mapping is not inhibited (the
flag is false).
return policyMappingInhibited;
|
| public boolean | isRevocationEnabled()Checks the RevocationEnabled flag. If this flag is true, the default
revocation checking mechanism of the underlying PKIX service provider
will be used. If this flag is false, the default revocation checking
mechanism will be disabled (not used). See the {@link
#setRevocationEnabled setRevocationEnabled} method for more details on
setting the value of this flag.
return revocationEnabled;
|
| public void | setAnyPolicyInhibited(boolean val)Sets state to determine if the any policy OID should be processed
if it is included in a certificate. By default, the any policy OID
is not inhibited ({@link #isAnyPolicyInhibited isAnyPolicyInhibited()}
returns false).
anyPolicyInhibited = val;
|
| public void | setCertPathCheckers(java.util.List checkers)Sets a List of additional certification path checkers. If
the specified List contains an object that is not a
PKIXCertPathChecker, it is ignored.
Each PKIXCertPathChecker specified implements
additional checks on a certificate. Typically, these are checks to
process and verify private extensions contained in certificates.
Each PKIXCertPathChecker should be instantiated with any
initialization parameters needed to execute the check.
This method allows sophisticated applications to extend a PKIX
CertPathValidator or CertPathBuilder.
Each of the specified PKIXCertPathCheckers will be called,
in turn, by a PKIX CertPathValidator or
CertPathBuilder for each certificate processed or
validated.
Regardless of whether these additional PKIXCertPathCheckers
are set, a PKIX CertPathValidator or
CertPathBuilder must perform all of the required PKIX
checks on each certificate. The one exception to this rule is if the
RevocationEnabled flag is set to false (see the {@link
#setRevocationEnabled setRevocationEnabled} method).
Note that the List supplied here is copied and each
PKIXCertPathChecker in the list is cloned to protect
against subsequent modifications.
if (checkers != null) {
List<PKIXCertPathChecker> tmpList =
new ArrayList<PKIXCertPathChecker>();
for (PKIXCertPathChecker checker : checkers) {
tmpList.add((PKIXCertPathChecker)checker.clone());
}
this.certPathCheckers = tmpList;
} else {
this.certPathCheckers = new ArrayList<PKIXCertPathChecker>();
}
|
| public void | setCertStores(java.util.List stores)Sets the list of CertStores to be used in finding
certificates and CRLs. May be null, in which case
no CertStores will be used. The first
CertStores in the list may be preferred to those that
appear later.
Note that the List is copied to protect against
subsequent modifications.
if (stores == null) {
this.certStores = new ArrayList<CertStore>();
} else {
for (Iterator i = stores.iterator(); i.hasNext();) {
if (!(i.next() instanceof CertStore)) {
throw new ClassCastException("all elements of list must be "
+ "of type java.security.cert.CertStore");
}
}
this.certStores = new ArrayList<CertStore>(stores);
}
|
| public void | setDate(java.util.Date date)Sets the time for which the validity of the certification path
should be determined. If null, the current time is used.
Note that the Date supplied here is copied to protect
against subsequent modifications.
if (date != null)
this.date = (Date) date.clone();
else
date = null;
|
| public void | setExplicitPolicyRequired(boolean val)Sets the ExplicitPolicyRequired flag. If this flag is true, an
acceptable policy needs to be explicitly identified in every certificate.
By default, the ExplicitPolicyRequired flag is false.
explicitPolicyRequired = val;
|
| public void | setInitialPolicies(java.util.Set initialPolicies)Sets the Set of initial policy identifiers
(OID strings), indicating that any one of these
policies would be acceptable to the certificate user for the purposes of
certification path processing. By default, any policy is acceptable
(i.e. all policies), so a user that wants to allow any policy as
acceptable does not need to call this method, or can call it
with an empty Set (or null).
Note that the Set is copied to protect against
subsequent modifications.
if (initialPolicies != null) {
for (Iterator i = initialPolicies.iterator(); i.hasNext();) {
if (!(i.next() instanceof String))
throw new ClassCastException("all elements of set must be "
+ "of type java.lang.String");
}
this.unmodInitialPolicies =
Collections.unmodifiableSet(new HashSet<String>(initialPolicies));
} else
this.unmodInitialPolicies = Collections.<String>emptySet();
|
| public void | setPolicyMappingInhibited(boolean val)Sets the PolicyMappingInhibited flag. If this flag is true, policy
mapping is inhibited. By default, policy mapping is not inhibited (the
flag is false).
policyMappingInhibited = val;
|
| public void | setPolicyQualifiersRejected(boolean qualifiersRejected)Sets the PolicyQualifiersRejected flag. If this flag is true,
certificates that include policy qualifiers in a certificate
policies extension that is marked critical are rejected.
If the flag is false, certificates are not rejected on this basis.
When a PKIXParameters object is created, this flag is
set to true. This setting reflects the most common (and simplest)
strategy for processing policy qualifiers. Applications that want to use
a more sophisticated policy must set this flag to false.
Note that the PKIX certification path validation algorithm specifies
that any policy qualifier in a certificate policies extension that is
marked critical must be processed and validated. Otherwise the
certification path must be rejected. If the policyQualifiersRejected flag
is set to false, it is up to the application to validate all policy
qualifiers in this manner in order to be PKIX compliant.
policyQualifiersRejected = qualifiersRejected;
|
| public void | setRevocationEnabled(boolean val)Sets the RevocationEnabled flag. If this flag is true, the default
revocation checking mechanism of the underlying PKIX service provider
will be used. If this flag is false, the default revocation checking
mechanism will be disabled (not used).
When a PKIXParameters object is created, this flag is set
to true. This setting reflects the most common strategy for checking
revocation, since each service provider must support revocation
checking to be PKIX compliant. Sophisticated applications should set
this flag to false when it is not practical to use a PKIX service
provider's default revocation checking mechanism or when an alternative
revocation checking mechanism is to be substituted (by also calling the
{@link #addCertPathChecker addCertPathChecker} or {@link
#setCertPathCheckers setCertPathCheckers} methods).
revocationEnabled = val;
|
| public void | setSigProvider(java.lang.String sigProvider)Sets the signature provider's name. The specified provider will be
preferred when creating {@link java.security.Signature Signature}
objects. If null or not set, the first provider found
supporting the algorithm will be used.
this.sigProvider = sigProvider;
|
| public void | setTargetCertConstraints(java.security.cert.CertSelector selector)Sets the required constraints on the target certificate.
The constraints are specified as an instance of
CertSelector. If null, no constraints are
defined.
Note that the CertSelector specified is cloned
to protect against subsequent modifications.
if (selector != null)
certSelector = (CertSelector) selector.clone();
else
certSelector = null;
|
| public void | setTrustAnchors(java.util.Set trustAnchors)Sets the Set of most-trusted CAs.
Note that the Set is copied to protect against
subsequent modifications.
if (trustAnchors == null) {
throw new NullPointerException("the trustAnchors parameters must" +
" be non-null");
}
if (trustAnchors.isEmpty()) {
throw new InvalidAlgorithmParameterException("the trustAnchors " +
"parameter must be non-empty");
}
for (Iterator i = trustAnchors.iterator(); i.hasNext(); ) {
if (!(i.next() instanceof TrustAnchor)) {
throw new ClassCastException("all elements of set must be "
+ "of type java.security.cert.TrustAnchor");
}
}
this.unmodTrustAnchors = Collections.unmodifiableSet
(new HashSet<TrustAnchor>(trustAnchors));
|
| public java.lang.String | toString()Returns a formatted string describing the parameters.
StringBuffer sb = new StringBuffer();
sb.append("[\n");
/* start with trusted anchor info */
if (unmodTrustAnchors != null) {
sb.append(" Trust Anchors: " + unmodTrustAnchors.toString()
+ "\n");
}
/* now, append initial state information */
if (unmodInitialPolicies != null) {
if (unmodInitialPolicies.isEmpty()) {
sb.append(" Initial Policy OIDs: any\n");
} else {
sb.append(" Initial Policy OIDs: ["
+ unmodInitialPolicies.toString() + "]\n");
}
}
/* now, append constraints on all certificates in the path */
sb.append(" Validity Date: " + String.valueOf(date) + "\n");
sb.append(" Signature Provider: " + String.valueOf(sigProvider) + "\n");
sb.append(" Default Revocation Enabled: " + revocationEnabled + "\n");
sb.append(" Explicit Policy Required: " + explicitPolicyRequired + "\n");
sb.append(" Policy Mapping Inhibited: " + policyMappingInhibited + "\n");
sb.append(" Any Policy Inhibited: " + anyPolicyInhibited + "\n");
sb.append(" Policy Qualifiers Rejected: " + policyQualifiersRejected + "\n");
/* now, append target cert requirements */
sb.append(" Target Cert Constraints: " + String.valueOf(certSelector) + "\n");
/* finally, append miscellaneous parameters */
if (certPathCheckers != null)
sb.append(" Certification Path Checkers: ["
+ certPathCheckers.toString() + "]\n");
if (certStores != null)
sb.append(" CertStores: [" + certStores.toString() + "]\n");
sb.append("]");
return sb.toString();
|
