Package java.security.cert

Class PKIXParameters

java.lang.Object
java.security.cert.PKIXParameters
All Implemented Interfaces:
Cloneable, CertPathParameters
Direct Known Subclasses:
ExtendedPKIXParameters, PKIXBuilderParameters
public class PKIXParameters
extends Object
implements CertPathParameters
This class implements the parameters for the PKIX CertPathValidator.

The parameters must be created with trusted certificate authorities (trust anchors).

See Also:
CertPathValidator, CertPathParameters

  • Constructor Summary

    Constructors
    Constructor Description
    PKIXParameters​(KeyStore keyStore)
    Creates a new PKIXParameters instance with the trusted X509Certificate entries from the specified KeyStore.
    PKIXParameters​(Set<TrustAnchor> trustAnchors)
    Creates a new PKIXParameters instance with the specified set of trusted certificate authorities.

  • Method Summary

    Modifier and Type Method Description
    void addCertPathChecker​(PKIXCertPathChecker checker)
    Adds the specified PKIXCertPathChecker to the list of certification path checkers.
    void addCertStore​(CertStore store)
    Adds a certificate store to the list of certificate stores that are used to find certificates and CRLs.
    Object clone()
    Clones this PKIXParameters instance.
    List<PKIXCertPathChecker> getCertPathCheckers()
    Returns the list of checkers for the certification path.
    List<CertStore> getCertStores()
    Returns the list of certificate stores that are used to find certificates and CRLs.
    Date getDate()
    Returns the time for which the validation of the certification path should be evaluated.
    Set<String> getInitialPolicies()
    Returns the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.
    boolean getPolicyQualifiersRejected()
    Returns whether certificates are rejected that include policy qualifiers in a certificate policy extension that is marked as critical.
    String getSigProvider()
    Returns the name of the signature provider.
    CertSelector getTargetCertConstraints()
    Returns the constraints that are required for the target certificate.
    Set<TrustAnchor> getTrustAnchors()
    Returns a unmodifiable set of the trusted certificate authorities.
    boolean isAnyPolicyInhibited()
    Returns whether the any policy OID will be inhibited if it's included in a certificate.
    boolean isExplicitPolicyRequired()
    Returns whether an acceptable policy needs to be explicit identified in every certificate.
    boolean isPolicyMappingInhibited()
    Returns whether policy mapping is inhibited.
    boolean isRevocationEnabled()
    Returns whether the default revocation checking mechanism of the underlying service provider is used.
    void setAnyPolicyInhibited​(boolean anyPolicyInhibited)
    Sets whether the any policy OID should be inhibited if it's included in a certificate.
    void setCertPathCheckers​(List<PKIXCertPathChecker> certPathCheckers)
    Sets the list of checkers for the certification path.
    void setCertStores​(List<CertStore> certStores)
    Set the list of certificate stores that are used to find certificates and CRLs.
    void setDate​(Date date)
    Sets the time for which the validation of the certification path should be evaluated.
    void setExplicitPolicyRequired​(boolean explicitPolicyRequired)
    Sets whether an an acceptable policy needs to be explicit identified in every certificate.
    void setInitialPolicies​(Set<String> initialPolicies)
    Sets the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.
    void setPolicyMappingInhibited​(boolean policyMappingInhibited)
    Sets whether policy mapping is to be inhibited.
    void setPolicyQualifiersRejected​(boolean policyQualifiersRejected)
    Sets whether certificates should be rejected that include policy qualifiers in a certificate policy extension that is marked as critical.
    void setRevocationEnabled​(boolean revocationEnabled)
    Sets whether the default revocation checking mechanism of the underlying service provider should be used.
    void setSigProvider​(String sigProvider)
    Sets the name of the preferred signature provider.
    void setTargetCertConstraints​(CertSelector targetCertConstraints)
    Sets the constraints that are required for the target certificate.
    void setTrustAnchors​(Set<TrustAnchor> trustAnchors)
    Sets the set of trusted certificate authorities.
    String toString()
    Returns a string representation of this PKIXParameters instance.

    Methods inherited from class java.lang.Object

    equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Constructor Details

  • Method Details

    • getTrustAnchors

      public Set<TrustAnchor> getTrustAnchors()
      Returns a unmodifiable set of the trusted certificate authorities.
      Returns:
      a unmodifiable set of the trusted certificate authorities.

    • setTrustAnchors

      public void setTrustAnchors​(Set<TrustAnchor> trustAnchors) throws InvalidAlgorithmParameterException
      Sets the set of trusted certificate authorities.
      Parameters:
      trustAnchors - the set of trusted certificate authorities.
      Throws:
      InvalidAlgorithmParameterException - if trustAnchors is empty.

    • isAnyPolicyInhibited

      public boolean isAnyPolicyInhibited()
      Returns whether the any policy OID will be inhibited if it's included in a certificate.
      Returns:
      true if the any policy OID will be inhibited, otherwise false.

    • setAnyPolicyInhibited

      public void setAnyPolicyInhibited​(boolean anyPolicyInhibited)
      Sets whether the any policy OID should be inhibited if it's included in a certificate.
      Parameters:
      anyPolicyInhibited - true if the any policy OID should be inhibited, otherwise false.

    • getCertPathCheckers

      public List<PKIXCertPathChecker> getCertPathCheckers()
      Returns the list of checkers for the certification path.

      The list is unmodifiable and the entries in the list are cloned.

      Returns:
      the list of checkers for the certification path.

    • setCertPathCheckers

      public void setCertPathCheckers​(List<PKIXCertPathChecker> certPathCheckers)
      Sets the list of checkers for the certification path.

      The list is copied and the entries are cloned.

      Parameters:
      certPathCheckers - the list of checkers for the certification path, or null to clear the checkers.

    • addCertPathChecker

      public void addCertPathChecker​(PKIXCertPathChecker checker)
      Adds the specified PKIXCertPathChecker to the list of certification path checkers.
      Parameters:
      checker - the PKIXCertPathChecker to add, if null, it will be ignored.

    • getCertStores

      public List<CertStore> getCertStores()
      Returns the list of certificate stores that are used to find certificates and CRLs.
      Returns:
      an immutable list of certificate stores.

    • setCertStores

      public void setCertStores​(List<CertStore> certStores)
      Set the list of certificate stores that are used to find certificates and CRLs.
      Parameters:
      certStores - the list of certificate stores.

    • addCertStore

      public void addCertStore​(CertStore store)
      Adds a certificate store to the list of certificate stores that are used to find certificates and CRLs.
      Parameters:
      store - the store to add, if null, it will be ignored.

    • getDate

      public Date getDate()
      Returns the time for which the validation of the certification path should be evaluated.
      Returns:
      the time for the validation, or null for the current time.

    • setDate

      public void setDate​(Date date)
      Sets the time for which the validation of the certification path should be evaluated.
      Parameters:
      date - the time for the validation, or null for the current time.

    • isExplicitPolicyRequired

      public boolean isExplicitPolicyRequired()
      Returns whether an acceptable policy needs to be explicit identified in every certificate.
      Returns:
      true if an explicit policy is required, otherwise false.

    • setExplicitPolicyRequired

      public void setExplicitPolicyRequired​(boolean explicitPolicyRequired)
      Sets whether an an acceptable policy needs to be explicit identified in every certificate.
      Parameters:
      explicitPolicyRequired - true if an explicit policy is required, otherwise false.

    • getInitialPolicies

      public Set<String> getInitialPolicies()
      Returns the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.
      Returns:
      the unmodifiable list of policies, or an empty set if any policy is acceptable.

    • setInitialPolicies

      public void setInitialPolicies​(Set<String> initialPolicies)
      Sets the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.
      Parameters:
      initialPolicies - the list of policies, or an empty set or null if any policy is acceptable.

    • isPolicyMappingInhibited

      public boolean isPolicyMappingInhibited()
      Returns whether policy mapping is inhibited.
      Returns:
      true if policy mapping is inhibited, otherwise false.

    • setPolicyMappingInhibited

      public void setPolicyMappingInhibited​(boolean policyMappingInhibited)
      Sets whether policy mapping is to be inhibited.
      Parameters:
      policyMappingInhibited - true if policy mapping is to be inhibited, otherwise false.

    • getPolicyQualifiersRejected

      public boolean getPolicyQualifiersRejected()
      Returns whether certificates are rejected that include policy qualifiers in a certificate policy extension that is marked as critical.
      Returns:
      true if the certificates should be rejected, otherwise false.

    • setPolicyQualifiersRejected

      public void setPolicyQualifiersRejected​(boolean policyQualifiersRejected)
      Sets whether certificates should be rejected that include policy qualifiers in a certificate policy extension that is marked as critical.
      Parameters:
      policyQualifiersRejected - true if the certificates should be rejected, otherwise false.

    • isRevocationEnabled

      public boolean isRevocationEnabled()
      Returns whether the default revocation checking mechanism of the underlying service provider is used.
      Returns:
      true if the default revocation checking mechanism is used, otherwise false.

    • setRevocationEnabled

      public void setRevocationEnabled​(boolean revocationEnabled)
      Sets whether the default revocation checking mechanism of the underlying service provider should be used.
      Parameters:
      revocationEnabled - true id the default revocation checking mechanism should be used, otherwise false.

    • getSigProvider

      public String getSigProvider()
      Returns the name of the signature provider.
      Returns:
      the name of the signature provider, or null if none is set.

    • setSigProvider

      public void setSigProvider​(String sigProvider)
      Sets the name of the preferred signature provider.

      If set, the specified provider will be preferred for creating signatures. If not set, the first provider found supporting creation of signatures will be used.

      Parameters:
      sigProvider - the name of the preferred signature provider, or null if none is preferred.

    • getTargetCertConstraints

      public CertSelector getTargetCertConstraints()
      Returns the constraints that are required for the target certificate.
      Returns:
      the constraints for the target certificate, or null if none are set.

    • setTargetCertConstraints

      public void setTargetCertConstraints​(CertSelector targetCertConstraints)
      Sets the constraints that are required for the target certificate.
      Parameters:
      targetCertConstraints - the constraints for the target certificate, or null if none should be used.

    • clone

      public Object clone()
      Clones this PKIXParameters instance.
      Specified by:
      clone in interface CertPathParameters
      Overrides:
      clone in class Object
      Returns:
      the cloned instance.

    • toString

      public String toString()
      Returns a string representation of this PKIXParameters instance.
      Overrides:
      toString in class Object
      Returns:
      a string representation of this PKIXParameters instance.