public class

PKIXParameters

extends Object
implements CertPathParameters
java.lang.Object
   ↳ java.security.cert.PKIXParameters
Known Direct Subclasses

Class Overview

This class implements the parameters for the PKIX CertPathValidator.

The parameters must be created with trusted certificate authorities (trust anchors).

Summary

Public Constructors
PKIXParameters(Set<TrustAnchor> trustAnchors)
Creates a new PKIXParameters instance with the specified set of trusted certificate authorities.
PKIXParameters(KeyStore keyStore)
Creates a new PKIXParameters instance with the trusted X509Certificate entries from the specified KeyStore.
Public Methods
void addCertPathChecker(PKIXCertPathChecker checker)
Adds the specified PKIXCertPathChecker to the list of certification path checkers.
void addCertStore(CertStore store)
Adds a certificate store to the list of certificate stores that are used to find certificates and CRLs.
Object clone()
Clones this PKIXParameters instance.
List<PKIXCertPathChecker> getCertPathCheckers()
Returns the list of checkers for the certification path.
List<CertStore> getCertStores()
Returns the list of certificate stores that are used to find certificates and CRLs.
Date getDate()
Returns the time for which the validation of the certification path should be evaluated.
Set<String> getInitialPolicies()
Returns the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.
boolean getPolicyQualifiersRejected()
Returns whether certificates are rejected that include policy qualifiers in a certificate policy extension that is marked as critical.
String getSigProvider()
Returns the name of the signature provider.
CertSelector getTargetCertConstraints()
Returns the constraints that are required for the target certificate.
Set<TrustAnchor> getTrustAnchors()
Returns a unmodifiable set of the trusted certificate authorities.
boolean isAnyPolicyInhibited()
Returns whether the any policy OID will be inhibited if it's included in a certificate.
boolean isExplicitPolicyRequired()
Returns whether an acceptable policy needs to be explicit identified in every certificate.
boolean isPolicyMappingInhibited()
Returns whether policy mapping is inhibited.
boolean isRevocationEnabled()
Returns whether the default revocation checking mechanism of the underlying service provider is used.
void setAnyPolicyInhibited(boolean anyPolicyInhibited)
Sets whether the any policy OID should be inhibited if it's included in a certificate.
void setCertPathCheckers(List<PKIXCertPathChecker> certPathCheckers)
Sets the list of checkers for the certification path.
void setCertStores(List<CertStore> certStores)
Set the list of certificate stores that are used to find certificates and CRLs.
void setDate(Date date)
Sets the time for which the validation of the certification path sould be evaluated.
void setExplicitPolicyRequired(boolean explicitPolicyRequired)
Sets whether an an acceptable policy needs to be explicit identified in every certificate.
void setInitialPolicies(Set<String> initialPolicies)
Sets the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.
void setPolicyMappingInhibited(boolean policyMappingInhibited)
Sets whether policy mapping is to be inhibited.
void setPolicyQualifiersRejected(boolean policyQualifiersRejected)
Sets whether certificates should be rejected that include policy qualifiers in a certificate policy extension that is marked as critical.
void setRevocationEnabled(boolean revocationEnabled)
Sets whether the default revocation checking mechanism of the underlying service provider should be used.
void setSigProvider(String sigProvider)
Sets the name of the preferred signature provider.
void setTargetCertConstraints(CertSelector targetCertConstraints)
Sets the constraints that are required for the target certificate.
void setTrustAnchors(Set<TrustAnchor> trustAnchors)
Sets the set of trusted certificate authorities.
String toString()
Returns a string representation of this PKIXParameters instance.
[Expand]
Inherited Methods
From class java.lang.Object
From interface java.security.cert.CertPathParameters

Public Constructors

public PKIXParameters (Set<TrustAnchor> trustAnchors)

Creates a new PKIXParameters instance with the specified set of trusted certificate authorities.

Parameters
trustAnchors the trusted CAs.
Throws
InvalidAlgorithmParameterException if trustAnchors is empty.

public PKIXParameters (KeyStore keyStore)

Creates a new PKIXParameters instance with the trusted X509Certificate entries from the specified KeyStore.

Parameters
keyStore the key store containing trusted certificates.
Throws
KeyStoreException if the keyStore is not initialized.
InvalidAlgorithmParameterException if keyStore does not contained any trusted certificate entry.

Public Methods

public void addCertPathChecker (PKIXCertPathChecker checker)

Adds the specified PKIXCertPathChecker to the list of certification path checkers.

Parameters
checker the PKIXCertPathChecker to add, if null, it will be ignored.

public void addCertStore (CertStore store)

Adds a certificate store to the list of certificate stores that are used to find certificates and CRLs.

Parameters
store the store to add, if null, it will be ignored.

public Object clone ()

Clones this PKIXParameters instance.

Returns
  • the cloned instance.

public List<PKIXCertPathChecker> getCertPathCheckers ()

Returns the list of checkers for the certification path.

The list is unmodifiable and the entries in the list are cloned.

Returns
  • the list of checkers for the certification path.

public List<CertStore> getCertStores ()

Returns the list of certificate stores that are used to find certificates and CRLs.

Returns
  • an immutable list of certificate stores.

public Date getDate ()

Returns the time for which the validation of the certification path should be evaluated.

Returns
  • the time for the validation, or null for the current time.

public Set<String> getInitialPolicies ()

Returns the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.

Returns
  • the unmodifiable list of policies, or an empty set if any policy is acceptable.

public boolean getPolicyQualifiersRejected ()

Returns whether certificates are rejected that include policy qualifiers in a certificate policy extension that is marked as critical.

Returns
  • true if the certificates should be rejected, otherwise false.

public String getSigProvider ()

Returns the name of the signature provider.

Returns
  • the name of the signature provider, or null if none is set.

public CertSelector getTargetCertConstraints ()

Returns the constraints that are required for the target certificate.

Returns
  • the constraints for the target certificate, or null if none are set.

public Set<TrustAnchor> getTrustAnchors ()

Returns a unmodifiable set of the trusted certificate authorities.

Returns
  • a unmodifiable set of the trusted certificate authorities.

public boolean isAnyPolicyInhibited ()

Returns whether the any policy OID will be inhibited if it's included in a certificate.

Returns
  • true if the any policy OID will be inhibited, otherwise false.

public boolean isExplicitPolicyRequired ()

Returns whether an acceptable policy needs to be explicit identified in every certificate.

Returns
  • true if an explicit policy is required, otherwise false.

public boolean isPolicyMappingInhibited ()

Returns whether policy mapping is inhibited.

Returns
  • true if policy mapping is inhibited, otherwise false.

public boolean isRevocationEnabled ()

Returns whether the default revocation checking mechanism of the underlying service provider is used.

Returns
  • true if the default revocation checking mechanism is used, otherwise false.

public void setAnyPolicyInhibited (boolean anyPolicyInhibited)

Sets whether the any policy OID should be inhibited if it's included in a certificate.

Parameters
anyPolicyInhibited true if the any policy OID should be inhibited, otherwise false.

public void setCertPathCheckers (List<PKIXCertPathChecker> certPathCheckers)

Sets the list of checkers for the certification path.

The list is copied and the entries are cloned.

Parameters
certPathCheckers the list of checkers for the certification path, or null to clear the checkers.

public void setCertStores (List<CertStore> certStores)

Set the list of certificate stores that are used to find certificates and CRLs.

Parameters
certStores the list of certificate stores.

public void setDate (Date date)

Sets the time for which the validation of the certification path sould be evaluated.

Parameters
date the time for the validation, or null for the current time.

public void setExplicitPolicyRequired (boolean explicitPolicyRequired)

Sets whether an an acceptable policy needs to be explicit identified in every certificate.

Parameters
explicitPolicyRequired true if an explicit policy is required, otherwise false.

public void setInitialPolicies (Set<String> initialPolicies)

Sets the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.

Parameters
initialPolicies the list of policies, or an empty set or null if any policy is acceptable.

public void setPolicyMappingInhibited (boolean policyMappingInhibited)

Sets whether policy mapping is to be inhibited.

Parameters
policyMappingInhibited true if policy mapping is to be inhibited, otherwise false.

public void setPolicyQualifiersRejected (boolean policyQualifiersRejected)

Sets whether certificates should be rejected that include policy qualifiers in a certificate policy extension that is marked as critical.

Parameters
policyQualifiersRejected true if the certificates should be rejected, otherwise false.

public void setRevocationEnabled (boolean revocationEnabled)

Sets whether the default revocation checking mechanism of the underlying service provider should be used.

Parameters
revocationEnabled true id the default revocation checking mechanism should be used, otherwise false.

public void setSigProvider (String sigProvider)

Sets the name of the preferred signature provider.

If set, the specified provider will be preferred for creating signatures. If not set, the first provider found supporting creation of signatures will be used.

Parameters
sigProvider the name of the preferred signature provider, or null if none is preferred.

public void setTargetCertConstraints (CertSelector targetCertConstraints)

Sets the constraints that are required for the target certificate.

Parameters
targetCertConstraints the constraints for the target certificate, or null if none should be used.

public void setTrustAnchors (Set<TrustAnchor> trustAnchors)

Sets the set of trusted certificate authorities.

Parameters
trustAnchors the set of trusted certificate authorities.
Throws
InvalidAlgorithmParameterException if trustAnchors is empty.

public String toString ()

Returns a string representation of this PKIXParameters instance.

Returns
  • a string representation of this PKIXParameters instance.