Package java.security.cert

Class PKIXCertPathChecker

java.lang.Object
java.security.cert.PKIXCertPathChecker
All Implemented Interfaces:
Cloneable
public abstract class PKIXCertPathChecker
extends Object
implements Cloneable
The class specifying the interface to extend the certification path validation algorithm by checks to perform on an X509Certificate.

The checks are added to a certification path validation using the setCertPathCheckers or addCertPathChecker of the PKIXParameters and PKIXBuilderParameters class respectively. The check method will be called for each certificate processed by a CertPathBuilder of CertPathValidator.

A PKIXCertPathChecker implementation must support reverse checking (from trusted CA to target) and may support forward checking (from target to trusted CA). The return value of isForwardCheckingSupported indicates whether forward checking is supported.

  • Constructor Summary

    Constructors
    Modifier Constructor Description
    protected PKIXCertPathChecker()
    Creates a new PKIXCertPathChecker instance.

  • Method Summary

    Modifier and Type Method Description
    abstract void check​(Certificate cert, Collection<String> unresolvedCritExts)
    Checks the specified certificate and removes the processed critical extensions from the specified list of X.509 extension OIDs.
    Object clone()
    Clones this PKIXCertPathChecker instance.
    abstract Set<String> getSupportedExtensions()
    Returns the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process.
    abstract void init​(boolean forward)
    Initializes this PKIXCertPathChecker instance for specified checking direction.
    abstract boolean isForwardCheckingSupported()
    Returns whether this PKIXCertPathChecker instance supports forward checking.

    Methods inherited from class java.lang.Object

    equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • PKIXCertPathChecker

      protected PKIXCertPathChecker()
      Creates a new PKIXCertPathChecker instance.

  • Method Details

    • clone

      public Object clone()
      Clones this PKIXCertPathChecker instance.
      Overrides:
      clone in class Object
      Returns:
      the cloned instance.

    • init

      public abstract void init​(boolean forward) throws CertPathValidatorException
      Initializes this PKIXCertPathChecker instance for specified checking direction.
      Parameters:
      forward - the direction of the certification path processing, true if the certificates are processed in forward direction (from target to trusted CA), false if processed in reverse direction (from trusted CA to target).
      Throws:
      CertPathValidatorException - if initialization of this PKIXCertPathChecker instance fails, or if it cannot process certificates in the specified order.

    • isForwardCheckingSupported

      public abstract boolean isForwardCheckingSupported()
      Returns whether this PKIXCertPathChecker instance supports forward checking.
      Returns:
      true if this PKIXCertPathChecker instance supports forward checking, otherwise false.

    • getSupportedExtensions

      public abstract Set<String> getSupportedExtensions()
      Returns the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process.
      Returns:
      the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process, or null if there are none.

    • check

      public abstract void check​(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException
      Checks the specified certificate and removes the processed critical extensions from the specified list of X.509 extension OIDs.
      Parameters:
      cert - the certificate.
      unresolvedCritExts - the list of critical X.509 extension OID strings.
      Throws:
      CertPathValidatorException - if check(s) fail on the specified certificate.