|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Objectjava.security.cert.PKIXParameters
java.security.cert.PKIXBuilderParameters
public class PKIXBuilderParameters
Parameters used as input for the PKIX CertPathBuilder
algorithm.
A PKIX CertPathBuilder uses these parameters to build a CertPath which has been
validated according to the PKIX certification path validation algorithm.
To instantiate a PKIXBuilderParameters object, an
application must specify one or more most-trusted CAs as defined by
the PKIX certification path validation algorithm. The most-trusted CA
can be specified using one of two constructors. An application
can call PKIXBuilderParameters(Set, CertSelector), specifying a
Set of TrustAnchor objects, each of which
identifies a most-trusted CA. Alternatively, an application can call
PKIXBuilderParameters(KeyStore, CertSelector), specifying a
KeyStore instance containing trusted certificate entries, each
of which will be considered as a most-trusted CA.
In addition, an application must specify constraints on the target
certificate that the CertPathBuilder will attempt
to build a path to. The constraints are specified as a
CertSelector object. These constraints should provide the
CertPathBuilder with enough search criteria to find the target
certificate. Minimal criteria for an X509Certificate usually
include the subject name and/or one or more subject alternative names.
If enough criteria is not specified, the CertPathBuilder
may throw a CertPathBuilderException.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
CertPathBuilder| Constructor Summary | |
|---|---|
PKIXBuilderParameters(KeyStore keystore,
CertSelector targetConstraints)
Creates an instance of PKIXBuilderParameters that populates
the set of most-trusted CA certificates from the trusted certificate entries
contained in the specified KeyStore. |
|
PKIXBuilderParameters(Set<TrustAnchor> trustAnchors,
CertSelector targetConstraints)
Creates an instance of PKIXBuilderParameters with the specified
Set of most-trusted CAs. |
|
| Method Summary | |
|---|---|
int |
getMaxPathLength()
Returns the value of the maximum number of intermediate non-self-issued certificates that may exist in a certification path. |
void |
setMaxPathLength(int maxPathLength)
Sets the value of the maximum number of non-self-issued intermediate certificates that may exist in a certification path. |
String |
toString()
Returns a formatted string describing the parameters. |
| Methods inherited from class java.lang.Object |
|---|
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
| Constructor Detail |
|---|
public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors,
CertSelector targetConstraints)
throws InvalidAlgorithmParameterException
PKIXBuilderParameters with the specified
Set of most-trusted CAs. Each element of the set
is a TrustAnchor.
Note that the Set is copied to protect against subsequent
modifications.
trustAnchors - a Set of TrustAnchorstargetConstraints - a CertSelector specifying the constraints
on the target certificate
ClassCastException - if any of the elements in the set are not of type
java.security.cert.TrustAnchor
NullPointerException - if the trustAnchors set is null
InvalidAlgorithmParameterException - if the trustAnchors set is empty (trustAnchors.isEmpty() == true)
public PKIXBuilderParameters(KeyStore keystore,
CertSelector targetConstraints)
throws KeyStoreException,
InvalidAlgorithmParameterException
PKIXBuilderParameters that populates
the set of most-trusted CA certificates from the trusted certificate entries
contained in the specified KeyStore. Only keystore entries
that contain trusted X509Certificates are considered; all other
certificate types are ignored.
keystore - A KeyStore from which the set of most-trusted CA
certificates will be populated.targetConstraints - a CertSelector specifying the constraints
on the target certificate
KeyStoreException - if the keystore has not been initialized
NullPointerException - if the keystore is null
InvalidAlgorithmParameterException - if the keystore is empty| Method Detail |
|---|
public void setMaxPathLength(int maxPathLength)
CertPathBuilder instance must not build
paths longer than the length specified.
A value of 0 implies that the path can only contain a single certificate. A value of -1 implies that the path length is unconstrained (i.e. there is no maximum). The default maximum path length, if not specified, is 5. Setting a value less than -1 will cause an exception to be thrown.
If any of the CA certificates contain the
BasicConstraintsExtension, the value of the
pathLenConstraint field of the extension overrides
the maximum path length parameter whenever the result is a
certification path of smaller length.
maxPathLength - the maximum number of non-self-issued intermediate
certificates that may exist in a certification path
InvalidParameterException - if the maximum path length
parameter is set to a value less than -1public int getMaxPathLength()
setMaxPathLength(int) method for more details.
public String toString()
toString in class PKIXParameters
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||