public class PKIXParameters extends Object implements CertPathParameters
CertPathValidator
algorithm.
A PKIX CertPathValidator uses these parameters to
validate a CertPath according to the PKIX certification path
validation algorithm.
To instantiate a PKIXParameters object, an
application must specify one or more most-trusted CAs as defined by
the PKIX certification path validation algorithm. The most-trusted CAs
can be specified using one of two constructors. An application
can call PKIXParameters(Set),
specifying a Set of TrustAnchor objects, each
of which identify a most-trusted CA. Alternatively, an application can call
PKIXParameters(KeyStore), specifying a
KeyStore instance containing trusted certificate entries, each
of which will be considered as a most-trusted CA.
Once a PKIXParameters object has been created, other parameters
can be specified (by calling setInitialPolicies
or setDate, for instance) and then the
PKIXParameters is passed along with the CertPath
to be validated to CertPathValidator.validate.
Any parameter that is not set (or is set to null) will
be set to the default value for that parameter. The default value for the
date parameter is null, which indicates
the current time when the path is validated. The default for the
remaining parameters is the least constrained.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
CertPathValidator| Constructor and Description |
|---|
PKIXParameters(KeyStore keystore)
Creates an instance of
PKIXParameters that
populates the set of most-trusted CAs from the trusted
certificate entries contained in the specified KeyStore. |
PKIXParameters(Set<TrustAnchor> trustAnchors)
Creates an instance of
PKIXParameters with the specified
Set of most-trusted CAs. |
| Modifier and Type | Method and Description |
|---|---|
void |
addCertPathChecker(PKIXCertPathChecker checker)
Adds a
PKIXCertPathChecker to the list of certification
path checkers. |
void |
addCertStore(CertStore store)
Adds a
CertStore to the end of the list of
CertStores used in finding certificates and CRLs. |
Object |
clone()
Makes a copy of this
PKIXParameters object. |
List<PKIXCertPathChecker> |
getCertPathCheckers()
Returns the
List of certification path checkers. |
List<CertStore> |
getCertStores()
Returns an immutable
List of CertStores that
are used to find certificates and CRLs. |
Date |
getDate()
Returns the time for which the validity of the certification path
should be determined.
|
Set<String> |
getInitialPolicies()
Returns an immutable
Set of initial
policy identifiers (OID strings), indicating that any one of these
policies would be acceptable to the certificate user for the purposes of
certification path processing. |
boolean |
getPolicyQualifiersRejected()
Gets the PolicyQualifiersRejected flag.
|
String |
getSigProvider()
Returns the signature provider's name, or
null
if not set. |
CertSelector |
getTargetCertConstraints()
Returns the required constraints on the target certificate.
|
Set<TrustAnchor> |
getTrustAnchors()
Returns an immutable
Set of the most-trusted
CAs. |
boolean |
|