java.security.cert

Class PKIXParameters

public class PKIXParameters extends Object implements CertPathParameters

Parameters for verifying certificate paths using the PKIX (Public-Key Infrastructure (X.509)) algorithm.

Since: 1.4

Constructor Summary
	PKIXParameters(KeyStore keystore) Create a new PKIXParameters object, populating the trusted certificates set with all certificates found in the given key store.
	PKIXParameters(Set<TrustAnchor> trustAnchors) Create a new PKIXParameters object, populating the trusted certificates set with the elements of the given set, each of which must be a {@link TrustAnchor}.

Method Summary
void	addCertPathChecker(PKIXCertPathChecker checker) Add a certificate path checker.
void	addCertStore(CertStore store) Add a {@link CertStore} to the list of cert stores.
Object	clone() Returns a copy of these parameters.
List<PKIXCertPathChecker>	getCertPathCheckers() Returns an immutable list of all certificate path checkers.
List<CertStore>	getCertStores() Returns an immutable list of cert stores.
Date	getDate() Returns the date for which the certificate path should be validated, or null if the current time should be used.
Set<String>	getInitialPolicies() Returns the set of initial policy identifiers (as OID strings).
boolean	getPolicyQualifiersRejected() Returns the value of the policy qualifiers enabled flag.
String	getSigProvider() Returns the signature algorithm provider, or null if not set.
CertSelector	getTargetCertConstraints() Returns the constraints placed on the target certificate, or null if there are none.
Set<TrustAnchor>	getTrustAnchors() Returns an immutable set of trust anchors.
boolean	isAnyPolicyInhibited() Returns the value of the any policy inhibited flag.
boolean	isExplicitPolicyRequired() Returns the value of the explicit policy required flag.
boolean	isPolicyMappingInhibited() Returns the value of the policy mapping inhibited flag.
boolean	isRevocationEnabled() Returns the value of the revocation enabled flag.
void	setAnyPolicyInhibited(boolean value) Sets the value of the any policy inhibited flag.
void	setCertPathCheckers(List<PKIXCertPathChecker> pathCheckers) Sets the certificate path checkers.
void	setCertStores(List<CertStore> certStores) Set the cert stores.
void	setDate(Date date) Sets the date for which the certificate path should be validated, or null if the current time should be used.
void	setExplicitPolicyRequired(boolean value) Sets the value of the explicit policy required flag.
void	setInitialPolicies(Set<String> initPolicies) Sets the initial policy identifiers (as OID strings).
void	setPolicyMappingInhibited(boolean value) Sets the value of the policy mapping inhibited flag.
void	setPolicyQualifiersRejected(boolean value) Sets the value of the policy qualifiers enabled flag.
void	setRevocationEnabled(boolean value) Sets the value of the revocation enabled flag.
void	setSigProvider(String sigProvider) Sets the signature algorithm provider, or null if there is no preferred provider.
void	setTargetCertConstraints(CertSelector targetConstraints) Sets the constraints placed on the target certificate.
void	setTrustAnchors(Set<TrustAnchor> trustAnchors) Sets the trust anchors of this class, replacing the current trust anchors with those in the given set.
String	toString() Returns a printable representation of these parameters.

Constructor Detail

PKIXParameters

public PKIXParameters(KeyStore keystore)

Create a new PKIXParameters object, populating the trusted certificates set with all certificates found in the given key store. All certificates found in the key store are assumed to be trusted by this constructor.

Parameters: keystore The key store.

Throws: KeyStoreException If the certificates cannot be retrieved from the key store. InvalidAlgorithmParameterException If there are no certificates in the key store. NullPointerException If keystore is null.

PKIXParameters

public PKIXParameters(Set<TrustAnchor> trustAnchors)

Create a new PKIXParameters object, populating the trusted certificates set with the elements of the given set, each of which must be a {@link TrustAnchor}.

Parameters: trustAnchors The set of trust anchors.

Throws: InvalidAlgorithmParameterException If there are no certificates in the set. NullPointerException If trustAnchors is null. ClassCastException If every element in trustAnchors is not a {@link TrustAnchor}.

Method Detail

addCertPathChecker

public void addCertPathChecker(PKIXCertPathChecker checker)

Add a certificate path checker.

Parameters: checker The certificate path checker to add.

addCertStore

public void addCertStore(CertStore store)

Add a {@link CertStore} to the list of cert stores.

Parameters: store The CertStore to add.

clone

public Object clone()

Returns a copy of these parameters.

Returns: The copy.

getCertPathCheckers

public List<PKIXCertPathChecker> getCertPathCheckers()

Returns an immutable list of all certificate path checkers.

Returns: An immutable list of all certificate path checkers.

getCertStores

public List<CertStore> getCertStores()

Returns an immutable list of cert stores. This method never returns null.

Returns: The list of cert stores.

getDate

public Date getDate()

Returns the date for which the certificate path should be validated, or null if the current time should be used. The date object is copied to prevent subsequent modification.

Returns: The date, or null if not set.

getInitialPolicies

public Set<String> getInitialPolicies()

Returns the set of initial policy identifiers (as OID strings). If any policy is accepted, this method returns the empty set.

Returns: An immutable set of initial policy OID strings, or the empty set if any policy is acceptable.

getPolicyQualifiersRejected

public boolean getPolicyQualifiersRejected()

Returns the value of the policy qualifiers enabled flag. The default value of this flag is true.

Returns: The policy qualifiers enabled flag.

getSigProvider

public String getSigProvider()

Returns the signature algorithm provider, or null if not set.

Returns: The signature algorithm provider, or null if not set.

getTargetCertConstraints

public CertSelector getTargetCertConstraints()

Returns the constraints placed on the target certificate, or null if there are none. The target constraints are copied to prevent subsequent modification.

Returns: The target constraints, or null.

getTrustAnchors

public Set<TrustAnchor> getTrustAnchors()

Returns an immutable set of trust anchors. The set returned will never be null and will never be empty.

Returns: A (never null, never empty) immutable set of trust anchors.

isAnyPolicyInhibited

public boolean isAnyPolicyInhibited()

Returns the value of the any policy inhibited flag. The default value of this flag is false.

Returns: The any policy inhibited flag.

isExplicitPolicyRequired

public boolean isExplicitPolicyRequired()

Returns the value of the explicit policy required flag. The default value of this flag is false.

Returns: The explicit policy required flag.

isPolicyMappingInhibited

public boolean isPolicyMappingInhibited()

Returns the value of the policy mapping inhibited flag. The default value of this flag is false.

Returns: The policy mapping inhibited flag.

isRevocationEnabled

public boolean isRevocationEnabled()

Returns the value of the revocation enabled flag. The default value for this flag is true.

Returns: The revocation enabled flag.

setAnyPolicyInhibited

public void setAnyPolicyInhibited(boolean value)

Sets the value of the any policy inhibited flag.

Parameters: value The new value.

setCertPathCheckers

public void setCertPathCheckers(List<PKIXCertPathChecker> pathCheckers)

Sets the certificate path checkers. If the argument is null, the list of checkers will merely be cleared.

Parameters: pathCheckers The new list of certificate path checkers.

Throws: ClassCastException If any element of pathCheckers is not a {@link PKIXCertPathChecker}.

setCertStores

public void setCertStores(List<CertStore> certStores)

Set the cert stores. If the argument is null the list of cert stores will be empty.

Parameters: certStores The cert stores.

setDate

public void setDate(Date date)

Sets the date for which the certificate path should be validated, or null if the current time should be used.

Parameters: date The new date, or null.

setExplicitPolicyRequired

public void setExplicitPolicyRequired(boolean value)

Sets the value of the explicit policy required flag.

Parameters: value The new value.

setInitialPolicies

public void setInitialPolicies(Set<String> initPolicies)

Sets the initial policy identifiers (as OID strings). If the argument is null or the empty set, then any policy identifier will be accepted.

Parameters: initPolicies The new set of policy strings, or null.

Throws: ClassCastException If any element in initPolicies is not a string.

setPolicyMappingInhibited

public void setPolicyMappingInhibited(boolean value)

Sets the value of the policy mapping inhibited flag.

Parameters: value The new value.

setPolicyQualifiersRejected

public void setPolicyQualifiersRejected(boolean value)

Sets the value of the policy qualifiers enabled flag.

Parameters: value The new value.

setRevocationEnabled

public void setRevocationEnabled(boolean value)

Sets the value of the revocation enabled flag.

Parameters: value The new value.

setSigProvider

public void setSigProvider(String sigProvider)

Sets the signature algorithm provider, or null if there is no preferred provider.

Parameters: sigProvider The signature provider name.

setTargetCertConstraints

public void setTargetCertConstraints(CertSelector targetConstraints)

Sets the constraints placed on the target certificate.

Parameters: targetConstraints The target constraints.

setTrustAnchors

public void setTrustAnchors(Set<TrustAnchor> trustAnchors)

Sets the trust anchors of this class, replacing the current trust anchors with those in the given set. The supplied set is copied to prevent modification.

Parameters: trustAnchors The new set of trust anchors.

toString

public String toString()

Returns a printable representation of these parameters.

Returns: A printable representation of these parameters.