java.security.cert
Class PKIXParameters

java.lang.Object
  extended by java.security.cert.PKIXParameters
All Implemented Interfaces:
Cloneable, CertPathParameters
Direct Known Subclasses:
PKIXBuilderParameters

public class PKIXParameters
extends Object
implements CertPathParameters

Parameters for verifying certificate paths using the PKIX (Public-Key Infrastructure (X.509)) algorithm.

Since:
1.4
See Also:
CertPathBuilder

Constructor Summary
PKIXParameters(KeyStore keystore)
          Create a new PKIXParameters object, populating the trusted certificates set with all certificates found in the given key store.
PKIXParameters(Set<TrustAnchor> trustAnchors)
          Create a new PKIXParameters object, populating the trusted certificates set with the elements of the given set, each of which must be a TrustAnchor.
 
Method Summary
 void addCertPathChecker(PKIXCertPathChecker checker)
          Add a certificate path checker.
 void addCertStore(CertStore store)
          Add a CertStore to the list of cert stores.
 Object clone()
          Returns a copy of these parameters.
 List<PKIXCertPathChecker> getCertPathCheckers()
          Returns an immutable list of all certificate path checkers.
 List<CertStore> getCertStores()
          Returns an immutable list of cert stores.
 Date getDate()
          Returns the date for which the certificate path should be validated, or null if the current time should be used.
 Set<String> getInitialPolicies()
          Returns the set of initial policy identifiers (as OID strings).
 boolean getPolicyQualifiersRejected()
          Returns the value of the policy qualifiers enabled flag.
 String getSigProvider()
          Returns the signature algorithm provider, or null if not set.
 CertSelector getTargetCertConstraints()
          Returns the constraints placed on the target certificate, or null if there are none.
 Set<TrustAnchor> getTrustAnchors()
          Returns an immutable set of trust anchors.
 boolean isAnyPolicyInhibited()
          Returns the value of the any policy inhibited flag.
 boolean isExplicitPolicyRequired()
          Returns the value of the explicit policy required flag.
 boolean isPolicyMappingInhibited()
          Returns the value of the policy mapping inhibited flag.
 boolean isRevocationEnabled()
          Returns the value of the revocation enabled flag.
 void setAnyPolicyInhibited(boolean value)
          Sets the value of the any policy inhibited flag.
 void setCertPathCheckers(List<PKIXCertPathChecker> pathCheckers)
          Sets the certificate path checkers.
 void setCertStores(List<CertStore> certStores)
          Set the cert stores.
 void setDate(Date date)
          Sets the date for which the certificate path should be validated, or null if the current time should be used.
 void setExplicitPolicyRequired(boolean value)
          Sets the value of the explicit policy required flag.
 void setInitialPolicies(Set<String> initPolicies)
          Sets the initial policy identifiers (as OID strings).
 void setPolicyMappingInhibited(boolean value)
          Sets the value of the policy mapping inhibited flag.
 void setPolicyQualifiersRejected(boolean value)
          Sets the value of the policy qualifiers enabled flag.
 void setRevocationEnabled(boolean value)
          Sets the value of the revocation enabled flag.
 void setSigProvider(String sigProvider)
          Sets the signature algorithm provider, or null if there is no preferred provider.
 void setTargetCertConstraints(CertSelector targetConstraints)
          Sets the constraints placed on the target certificate.
 void setTrustAnchors(Set<TrustAnchor> trustAnchors)
          Sets the trust anchors of this class, replacing the current trust anchors with those in the given set.
 String toString()
          Returns a printable representation of these parameters.
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

PKIXParameters

public PKIXParameters(KeyStore keystore)
               throws KeyStoreException,
                      InvalidAlgorithmParameterException
Create a new PKIXParameters object, populating the trusted certificates set with all certificates found in the given key store. All certificates found in the key store are assumed to be trusted by this constructor.

Parameters:
keystore - The key store.
Throws:
KeyStoreException - If the certificates cannot be retrieved from the key store.
InvalidAlgorithmParameterException - If there are no certificates in the key store.
NullPointerException - If keystore is null.

PKIXParameters

public PKIXParameters(Set<TrustAnchor> trustAnchors)
               throws InvalidAlgorithmParameterException
Create a new PKIXParameters object, populating the trusted certificates set with the elements of the given set, each of which must be a TrustAnchor.

Parameters:
trustAnchors - The set of trust anchors.
Throws:
InvalidAlgorithmParameterException - If there are no certificates in the set.
NullPointerException - If trustAnchors is null.
ClassCastException - If every element in trustAnchors is not a TrustAnchor.
Method Detail

getTrustAnchors

public Set<TrustAnchor> getTrustAnchors()
Returns an immutable set of trust anchors. The set returned will never be null and will never be empty.

Returns:
A (never null, never empty) immutable set of trust anchors.

setTrustAnchors

public void setTrustAnchors(Set<TrustAnchor> trustAnchors)
                     throws InvalidAlgorithmParameterException
Sets the trust anchors of this class, replacing the current trust anchors with those in the given set. The supplied set is copied to prevent modification.

Parameters:
trustAnchors - The new set of trust anchors.
Throws:
InvalidAlgorithmParameterException - If there are no certificates in the set.
NullPointerException - If trustAnchors is null.
ClassCastException - If every element in trustAnchors is not a TrustAnchor.

getInitialPolicies

public Set<String> getInitialPolicies()
Returns the set of initial policy identifiers (as OID strings). If any policy is accepted, this method returns the empty set.

Returns:
An immutable set of initial policy OID strings, or the empty set if any policy is acceptable.

setInitialPolicies

public void setInitialPolicies(Set<String> initPolicies)
Sets the initial policy identifiers (as OID strings). If the argument is null or the empty set, then any policy identifier will be accepted.

Parameters:
initPolicies - The new set of policy strings, or null.
Throws:
ClassCastException - If any element in initPolicies is not a string.

addCertStore

public void addCertStore(CertStore store)
Add a CertStore to the list of cert stores.

Parameters:
store - The CertStore to add.

getCertStores

public List<CertStore> getCertStores()
Returns an immutable list of cert stores. This method never returns null.

Returns:
The list of cert stores.

setCertStores

public void setCertStores(List<CertStore> certStores)
Set the cert stores. If the argument is null the list of cert stores will be empty.

Parameters:
certStores - The cert stores.

isRevocationEnabled

public boolean isRevocationEnabled()
Returns the value of the revocation enabled flag. The default value for this flag is true.

Returns:
The revocation enabled flag.

setRevocationEnabled

public void setRevocationEnabled(boolean value)
Sets the value of the revocation enabled flag.

Parameters:
value - The new value.

isExplicitPolicyRequired

public boolean isExplicitPolicyRequired()
Returns the value of the explicit policy required flag. The default value of this flag is false.

Returns:
The explicit policy required flag.

setExplicitPolicyRequired

public void setExplicitPolicyRequired(boolean value)
Sets the value of the explicit policy required flag.

Parameters:
value - The new value.

isPolicyMappingInhibited

public boolean isPolicyMappingInhibited()
Returns the value of the policy mapping inhibited flag. The default value of this flag is false.

Returns:
The policy mapping inhibited flag.

setPolicyMappingInhibited

public void setPolicyMappingInhibited(boolean value)
Sets the value of the policy mapping inhibited flag.

Parameters:
value - The new value.

isAnyPolicyInhibited

public boolean isAnyPolicyInhibited()
Returns the value of the any policy inhibited flag. The default value of this flag is false.

Returns:
The any policy inhibited flag.

setAnyPolicyInhibited

public void setAnyPolicyInhibited(boolean value)
Sets the value of the any policy inhibited flag.

Parameters:
value - The new value.

getPolicyQualifiersRejected

public boolean getPolicyQualifiersRejected()
Returns the value of the policy qualifiers enabled flag. The default value of this flag is true.

Returns:
The policy qualifiers enabled flag.

setPolicyQualifiersRejected

public void setPolicyQualifiersRejected(boolean value)
Sets the value of the policy qualifiers enabled flag.

Parameters:
value - The new value.

getDate

public Date getDate()
Returns the date for which the certificate path should be validated, or null if the current time should be used. The date object is copied to prevent subsequent modification.

Returns:
The date, or null if not set.

setDate

public void setDate(Date date)
Sets the date for which the certificate path should be validated, or null if the current time should be used.

Parameters:
date - The new date, or null.

addCertPathChecker

public void addCertPathChecker(PKIXCertPathChecker checker)
Add a certificate path checker.

Parameters:
checker - The certificate path checker to add.

getCertPathCheckers

public List<PKIXCertPathChecker> getCertPathCheckers()
Returns an immutable list of all certificate path checkers.

Returns:
An immutable list of all certificate path checkers.

setCertPathCheckers

public void setCertPathCheckers(List<PKIXCertPathChecker> pathCheckers)
Sets the certificate path checkers. If the argument is null, the list of checkers will merely be cleared.

Parameters:
pathCheckers - The new list of certificate path checkers.
Throws:
ClassCastException - If any element of pathCheckers is not a PKIXCertPathChecker.

getSigProvider

public String getSigProvider()
Returns the signature algorithm provider, or null if not set.

Returns:
The signature algorithm provider, or null if not set.

setSigProvider

public void setSigProvider(String sigProvider)
Sets the signature algorithm provider, or null if there is no preferred provider.

Parameters:
sigProvider - The signature provider name.

getTargetCertConstraints

public CertSelector getTargetCertConstraints()
Returns the constraints placed on the target certificate, or null if there are none. The target constraints are copied to prevent subsequent modification.

Returns:
The target constraints, or null.

setTargetCertConstraints

public void setTargetCertConstraints(CertSelector targetConstraints)
Sets the constraints placed on the target certificate.

Parameters:
targetConstraints - The target constraints.

clone

public Object clone()
Returns a copy of these parameters.

Specified by:
clone in interface CertPathParameters
Overrides:
clone in class Object
Returns:
The copy.
See Also:
Cloneable

toString

public String toString()
Returns a printable representation of these parameters.

Overrides:
toString in class Object
Returns:
A printable representation of these parameters.
See Also:
Object.getClass(), Object.hashCode(), Class.getName(), Integer.toHexString(int)