FileDocCategorySizeDatePackage
PKIXCertPathChecker.javaAPI DocAndroid 1.5 API4671Wed May 06 22:41:06 BST 2009java.security.cert

PKIXCertPathChecker.java

/*
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */

/**
* @author Vladimir N. Molotkov
* @version $Revision$
*/

package java.security.cert;

import java.util.Collection;
import java.util.Set;

/**
 * The class specifying the interface to extend the certification path
 * validation algorithm by checks to perform on an {@code X509Certificate}.
 * <p>
 * The checks are added to a certification path validation using the
 * {@link PKIXParameters#setCertPathCheckers(java.util.List)
 * setCertPathCheckers} or
 * {@link PKIXBuilderParameters#addCertPathChecker(PKIXCertPathChecker)
 * addCertPathChecker} of the {@code PKIXParameters} and {@code
 * PKIXBuilderParameters} class respectively. The
 * {@link #check(Certificate, Collection) check} method will be called for each
 * certificate processed by a {@code CertPathBuilder} of {@code
 * CertPathValidator}.
 * </p>
 * <p>
 * A {@code PKIXCertPathChecker} implementation <u>must</u> support reverse
 * checking (from trusted CA to target) and <u>may</u> support forward checking
 * (from target to trusted CA). The return value of {@code
 * isForwardCheckingSupported} indicates whether forward checking is supported.
 * </p>
 * 
 * @since Android 1.0
 */
public abstract class PKIXCertPathChecker implements Cloneable {

    /**
     * Creates a new {@code PKIXCertPathChecker} instance.
     * 
     * @since Android 1.0
     */
    protected PKIXCertPathChecker() {}

    /**
     * Clones this {@code PKIXCertPathChecker} instance.
     * 
     * @return the cloned instance.
     * @since Android 1.0
     */
    public Object clone() {
        try {
            return super.clone();
        } catch (CloneNotSupportedException e) {
            throw new Error(e);
        }
    }

    /**
     * Initializes this {@code PKIXCertPathChecker} instance for specified
     * <i>checking direction</i>.
     * 
     * @param forward
     *            the direction of the certification path processing, {@code
     *            true} if the certificates are processed in forward direction
     *            (from target to trusted CA), {@code false} if processed in
     *            reverse direction (from trusted CA to target).
     * @throws CertPathValidatorException
     *             if initialization of this {@code PKIXCertPathChecker}
     *             instance fails, or if it cannot process certificates in the
     *             specified order.
     * @since Android 1.0
     */
    public abstract void init(boolean forward)
        throws CertPathValidatorException;

    /**
     * Returns whether this {@code PKIXCertPathChecker} instance supports
     * <i>forward checking</i>.
     * 
     * @return {@code true} if this {@code PKIXCertPathChecker} instance
     *         supports forward checking, otherwise {@code false}.
     * @since Android 1.0
     */
    public abstract boolean isForwardCheckingSupported();

    /**
     * Returns the list of extensions of X.509 certificates that this {@code
     * PKIXCertPathChecker} is able to process.
     * 
     * @return the list of extensions of X.509 certificates that this {@code
     *         PKIXCertPathChecker} is able to process, or {@code null} if there
     *         are none.
     * @since Android 1.0
     */
    public abstract Set<String> getSupportedExtensions();

    /**
     * Checks the specified certificate and removes the processed critical
     * extensions from the specified list of X.509 extension <i>OID</i>s.
     * 
     * @param cert
     *            the certificate.
     * @param unresolvedCritExts
     *            the list of critical X.509 extension OID strings.
     * @throws CertPathValidatorException
     *             if check(s) fail on the specified certificate.
     * @since Android 1.0
     */
    public abstract void check(Certificate cert, Collection<String> unresolvedCritExts)
        throws CertPathValidatorException;
}