Spec-Zone .ru
спецификации, руководства, описания, API
|
public class PKIXBuilderParameters extends PKIXParameters
CertPathBuilder
algorithm.
A PKIX CertPathBuilder
uses these parameters to build
a CertPath
which has been
validated according to the PKIX certification path validation algorithm.
To instantiate a PKIXBuilderParameters
object, an
application must specify one or more most-trusted CAs as defined by
the PKIX certification path validation algorithm. The most-trusted CA
can be specified using one of two constructors. An application
can call PKIXBuilderParameters(Set, CertSelector)
, specifying a
Set
of TrustAnchor
objects, each of which
identifies a most-trusted CA. Alternatively, an application can call
PKIXBuilderParameters(KeyStore, CertSelector)
, specifying a
KeyStore
instance containing trusted certificate entries, each
of which will be considered as a most-trusted CA.
In addition, an application must specify constraints on the target
certificate that the CertPathBuilder
will attempt
to build a path to. The constraints are specified as a
CertSelector
object. These constraints should provide the
CertPathBuilder
with enough search criteria to find the target
certificate. Minimal criteria for an X509Certificate
usually
include the subject name and/or one or more subject alternative names.
If enough criteria is not specified, the CertPathBuilder
may throw a CertPathBuilderException
.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
CertPathBuilder
Constructor and Description |
---|
PKIXBuilderParameters(KeyStore keystore,
CertSelector targetConstraints)
Creates an instance of
PKIXBuilderParameters that
populates the set of most-trusted CAs from the trusted
certificate entries contained in the specified KeyStore . |
PKIXBuilderParameters(Set<TrustAnchor> trustAnchors,
CertSelector targetConstraints)
Creates an instance of
PKIXBuilderParameters with
the specified Set of most-trusted CAs. |
Modifier and Type | Method and Description |
---|---|
int |
getMaxPathLength()
Returns the value of the maximum number of intermediate non-self-issued
certificates that may exist in a certification path.
|
void |
setMaxPathLength(int maxPathLength)
Sets the value of the maximum number of non-self-issued intermediate
certificates that may exist in a certification path.
|
String |
toString()
Returns a formatted string describing the parameters.
|
addCertPathChecker, addCertStore, clone, getCertPathCheckers, getCertStores, getDate, getInitialPolicies, getPolicyQualifiersRejected, getSigProvider, getTargetCertConstraints, getTrustAnchors, isAnyPolicyInhibited, isExplicitPolicyRequired, isPolicyMappingInhibited, isRevocationEnabled, setAnyPolicyInhibited, setCertPathCheckers, setCertStores, setDate, setExplicitPolicyRequired, setInitialPolicies, setPolicyMappingInhibited, setPolicyQualifiersRejected, setRevocationEnabled, setSigProvider, setTargetCertConstraints, setTrustAnchors
public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, CertSelector targetConstraints) throws InvalidAlgorithmParameterException
PKIXBuilderParameters
with
the specified Set
of most-trusted CAs.
Each element of the set is a TrustAnchor
.
Note that the Set
is copied to protect against
subsequent modifications.
trustAnchors
- a Set
of TrustAnchor
stargetConstraints
- a CertSelector
specifying the
constraints on the target certificateInvalidAlgorithmParameterException
- if trustAnchors
is empty (trustAnchors.isEmpty() == true)
NullPointerException
- if trustAnchors
is
null
ClassCastException
- if any of the elements of
trustAnchors
are not of type
java.security.cert.TrustAnchor
public PKIXBuilderParameters(KeyStore keystore, CertSelector targetConstraints) throws KeyStoreException, InvalidAlgorithmParameterException
PKIXBuilderParameters
that
populates the set of most-trusted CAs from the trusted
certificate entries contained in the specified KeyStore
.
Only keystore entries that contain trusted X509Certificate
s
are considered; all other certificate types are ignored.keystore
- a KeyStore
from which the set of
most-trusted CAs will be populatedtargetConstraints
- a CertSelector
specifying the
constraints on the target certificateKeyStoreException
- if keystore
has not been
initializedInvalidAlgorithmParameterException
- if keystore
does
not contain at least one trusted certificate entryNullPointerException
- if keystore
is
null
public void setMaxPathLength(int maxPathLength)
CertPathBuilder
instance must not build
paths longer than the length specified.
A value of 0 implies that the path can only contain a single certificate. A value of -1 implies that the path length is unconstrained (i.e. there is no maximum). The default maximum path length, if not specified, is 5. Setting a value less than -1 will cause an exception to be thrown.
If any of the CA certificates contain the
BasicConstraintsExtension
, the value of the
pathLenConstraint
field of the extension overrides
the maximum path length parameter whenever the result is a
certification path of smaller length.
maxPathLength
- the maximum number of non-self-issued intermediate
certificates that may exist in a certification pathInvalidParameterException
- if maxPathLength
is set
to a value less than -1getMaxPathLength()
public int getMaxPathLength()
setMaxPathLength(int)
method for more details.setMaxPathLength(int)
public String toString()
toString
in class PKIXParameters
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2013, Oracle and/or its affiliates. All rights reserved.
DRAFT ea-b92