PKIXParameters

public class PKIXParameters extends Object
implements CertPathParameters
Known Direct Subclasses

Parameters used as input for the PKIX CertPathValidator algorithm.

A PKIX CertPathValidator uses these parameters to validate a CertPath according to the PKIX certification path validation algorithm.

To instantiate a PKIXParameters object, an application must specify one or more most-trusted CAs as defined by the PKIX certification path validation algorithm. The most-trusted CAs can be specified using one of two constructors. An application can call PKIXParameters(Set), specifying a Set of TrustAnchor objects, each of which identify a most-trusted CA. Alternatively, an application can call PKIXParameters(KeyStore), specifying a KeyStore instance containing trusted certificate entries, each of which will be considered as a most-trusted CA.

Once a PKIXParameters object has been created, other parameters can be specified (by calling setInitialPolicies or setDate, for instance) and then the PKIXParameters is passed along with the CertPath to be validated to CertPathValidator.validate.

Any parameter that is not set (or is set to null) will be set to the default value for that parameter. The default value for the date parameter is null, which indicates the current time when the path is validated. The default for the remaining parameters is the least constrained.

Concurrent Access

Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.

Public Constructor Summary

PKIXParameters(Set<TrustAnchor> trustAnchors)
Creates an instance of PKIXParameters with the specified Set of most-trusted CAs.
PKIXParameters(KeyStore keystore)
Creates an instance of PKIXParameters that populates the set of most-trusted CAs from the trusted certificate entries contained in the specified KeyStore.

Public Method Summary

void
addCertPathChecker(PKIXCertPathChecker checker)
Adds a PKIXCertPathChecker to the list of certification path checkers.
void
addCertStore(CertStore store)
Adds a CertStore to the end of the list of CertStores used in finding certificates and CRLs.
Object
clone()
Makes a copy of this PKIXParameters object.
List<PKIXCertPathChecker>
getCertPathCheckers()
Returns the List of certification path checkers.
List<CertStore>
getCertStores()
Returns an immutable List of CertStores that are used to find certificates and CRLs.
Date
getDate()
Returns the time for which the validity of the certification path should be determined.
Set<String>
getInitialPolicies()
Returns an immutable Set of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing.
boolean
getPolicyQualifiersRejected()
Gets the PolicyQualifiersRejected flag.
String
getSigProvider()
Returns the signature provider's name, or null if not set.
CertSelector
getTargetCertConstraints()
Returns the required constraints on the target certificate.
Set<TrustAnchor>
getTrustAnchors()
Returns an immutable Set of the most-trusted CAs.
boolean
isAnyPolicyInhibited()
Checks whether the any policy OID should be processed if it is included in a certificate.
boolean
isExplicitPolicyRequired()
Checks if explicit policy is required.
boolean
isPolicyMappingInhibited()
Checks if policy mapping is inhibited.
boolean
isRevocationEnabled()
Checks the RevocationEnabled flag.
void
setAnyPolicyInhibited(boolean val)
Sets state to determine if the any policy OID should be processed if it is included in a certificate.
void
setCertPathCheckers(List<PKIXCertPathChecker> checkers)
Sets a List of additional certification path checkers.
void
setCertStores(List<CertStore> stores)
Sets the list of CertStores to be used in finding certificates and CRLs.
void
setDate(Date date)
Sets the time for which the validity of the certification path should be determined.
void
setExplicitPolicyRequired(boolean val)
Sets the ExplicitPolicyRequired flag.
void
setInitialPolicies(Set<String> initialPolicies)
Sets the Set of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing.
void
setPolicyMappingInhibited(boolean val)
Sets the PolicyMappingInhibited flag.
void
setPolicyQualifiersRejected(boolean qualifiersRejected)
Sets the PolicyQualifiersRejected flag.
void
setRevocationEnabled(boolean val)
Sets the RevocationEnabled flag.
void
setSigProvider(String sigProvider)
Sets the signature provider's name.
void
setTargetCertConstraints(CertSelector selector)
Sets the required constraints on the target certificate.
void
setTrustAnchors(Set<TrustAnchor> trustAnchors)
Sets the Set of most-trusted CAs.
String
toString()
Returns a formatted string describing the parameters.

Inherited Method Summary