PKIXParameters
open class PKIXParameters : CertPathParameters
kotlin.Any | |
↳ | java.security.cert.PKIXParameters |
Parameters used as input for the PKIX CertPathValidator
algorithm.
A PKIX CertPathValidator
uses these parameters to validate a CertPath
according to the PKIX certification path validation algorithm.
To instantiate a PKIXParameters
object, an application must specify one or more most-trusted CAs as defined by the PKIX certification path validation algorithm. The most-trusted CAs can be specified using one of two constructors. An application can call PKIXParameters(Set)
, specifying a Set
of TrustAnchor
objects, each of which identify a most-trusted CA. Alternatively, an application can call PKIXParameters(KeyStore)
, specifying a KeyStore
instance containing trusted certificate entries, each of which will be considered as a most-trusted CA.
Once a PKIXParameters
object has been created, other parameters can be specified (by calling setInitialPolicies
or setDate
, for instance) and then the PKIXParameters
is passed along with the CertPath
to be validated to CertPathValidator.validate
.
Any parameter that is not set (or is set to null
) will be set to the default value for that parameter. The default value for the date
parameter is null
, which indicates the current time when the path is validated. The default for the remaining parameters is the least constrained.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
Summary
Public constructors | |
---|---|
PKIXParameters(keystore: KeyStore!) Creates an instance of |
|
PKIXParameters(trustAnchors: MutableSet<TrustAnchor!>!) Creates an instance of |
Public methods | |
---|---|
open Unit |
addCertPathChecker(checker: PKIXCertPathChecker!) Adds a |
open Unit |
addCertStore(store: CertStore!) Adds a |
open Any |
clone() Makes a copy of this |
open MutableList<PKIXCertPathChecker!>! |
Returns the |
open MutableList<CertStore!>! |
Returns an immutable |
open Date! |
getDate() Returns the time for which the validity of the certification path should be determined. |
open MutableSet<String!>! |
Returns an immutable |
open Boolean |
Gets the PolicyQualifiersRejected flag. |
open String! |
Returns the signature provider's name, or |
open CertSelector! |
Returns the required constraints on the target certificate. |
open MutableSet<TrustAnchor!>! |
Returns an immutable |
open Boolean |
Checks whether the any policy OID should be processed if it is included in a certificate. |
open Boolean |
Checks if explicit policy is required. |
open Boolean |
Checks if policy mapping is inhibited. |
open Boolean |
Checks the RevocationEnabled flag. |
open Unit |
setAnyPolicyInhibited(val: Boolean) Sets state to determine if the any policy OID should be processed if it is included in a certificate. |
open Unit |
setCertPathCheckers(checkers: MutableList<PKIXCertPathChecker!>!) Sets a |
open Unit |
setCertStores(stores: MutableList<CertStore!>!) Sets the list of |
open Unit |
Sets the time for which the validity of the certification path should be determined. |
open Unit |
Sets the ExplicitPolicyRequired flag. |
open Unit |
setInitialPolicies(initialPolicies: MutableSet<String!>!) Sets the |
open Unit |
Sets the PolicyMappingInhibited flag. |
open Unit |
setPolicyQualifiersRejected(qualifiersRejected: Boolean) Sets the PolicyQualifiersRejected flag. |
open Unit |
setRevocationEnabled(val: Boolean) Sets the RevocationEnabled flag. |
open Unit |
setSigProvider(sigProvider: String!) Sets the signature provider's name. |
open Unit |
setTargetCertConstraints(selector: CertSelector!) Sets the required constraints on the target certificate. |
open Unit |
setTrustAnchors(trustAnchors: MutableSet<TrustAnchor!>!) Sets the |
open String |
toString() Returns a formatted string describing the parameters. |
Public constructors
PKIXParameters
PKIXParameters(keystore: KeyStore!)
Creates an instance of PKIXParameters
that populates the set of most-trusted CAs from the trusted certificate entries contained in the specified KeyStore
. Only keystore entries that contain trusted X509Certificates
are considered; all other certificate types are ignored.
Parameters | |
---|---|
keystore |
KeyStore!: a KeyStore from which the set of most-trusted CAs will be populated |
Exceptions | |
---|---|
java.security.KeyStoreException |
if the keystore has not been initialized |
java.security.InvalidAlgorithmParameterException |
if the keystore does not contain at least one trusted certificate entry |
java.lang.NullPointerException |
if the keystore is null |
PKIXParameters
PKIXParameters(trustAnchors: MutableSet<TrustAnchor!>!)
Creates an instance of PKIXParameters
with the specified Set
of most-trusted CAs. Each element of the set is a TrustAnchor
.
Note that the Set
is copied to protect against subsequent modifications.
Parameters | |
---|---|
trustAnchors |
MutableSet<TrustAnchor!>!: a Set of TrustAnchor s |
Exceptions | |
---|---|
java.security.InvalidAlgorithmParameterException |
if the specified Set is empty (trustAnchors.isEmpty() == true) |
java.lang.NullPointerException |
if the specified Set is null |
java.lang.ClassCastException |
if any of the elements in the Set are not of type java.security.cert.TrustAnchor |
Public methods
addCertPathChecker
open fun addCertPathChecker(checker: PKIXCertPathChecker!): Unit
Adds a PKIXCertPathChecker
to the list of certification path checkers. See the setCertPathCheckers
method for more details.
Note that the PKIXCertPathChecker
is cloned to protect against subsequent modifications.
Parameters | |
---|---|
checker |
PKIXCertPathChecker!: a PKIXCertPathChecker to add to the list of checks. If null , the checker is ignored (not added to list). |
addCertStore
open fun addCertStore(store: CertStore!): Unit
Adds a CertStore
to the end of the list of CertStore
s used in finding certificates and CRLs.
Parameters | |
---|---|
store |
CertStore!: the CertStore to add. If null , the store is ignored (not added to list). |
clone
open fun clone(): Any
Makes a copy of this PKIXParameters
object. Changes to the copy will not affect the original and vice versa.
Return | |
---|---|
Any |
a copy of this PKIXParameters object |
Exceptions | |
---|---|
java.lang.CloneNotSupportedException |
if the object's class does not support the Cloneable interface. Subclasses that override the clone method can also throw this exception to indicate that an instance cannot be cloned. |
getCertPathCheckers
open fun getCertPathCheckers(): MutableList<PKIXCertPathChecker!>!
Returns the List
of certification path checkers. The returned List
is immutable, and each PKIXCertPathChecker
in the List
is cloned to protect against subsequent modifications.
Return | |
---|---|
MutableList<PKIXCertPathChecker!>! |
an immutable List of PKIXCertPathChecker s (may be empty, but not null ) |
See Also
getCertStores
open fun getCertStores(): MutableList<CertStore!>!
Returns an immutable List
of CertStore
s that are used to find certificates and CRLs.
Return | |
---|---|
MutableList<CertStore!>! |
an immutable List of CertStore s (may be empty, but never null ) |
See Also
getDate
open fun getDate(): Date!
Returns the time for which the validity of the certification path should be determined. If null
, the current time is used.
Note that the Date
returned is copied to protect against subsequent modifications.
Return | |
---|---|
Date! |
the Date , or null if not set |
See Also
getInitialPolicies
open fun getInitialPolicies(): MutableSet<String!>!
Returns an immutable Set
of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing. The default return value is an empty Set
, which is interpreted as meaning that any policy would be acceptable.
Return | |
---|---|
MutableSet<String!>! |
an immutable Set of initial policy OIDs in String format, or an empty Set (implying any policy is acceptable). Never returns null . |
See Also
getPolicyQualifiersRejected
open fun getPolicyQualifiersRejected(): Boolean
Gets the PolicyQualifiersRejected flag. If this flag is true, certificates that include policy qualifiers in a certificate policies extension that is marked critical are rejected. If the flag is false, certificates are not rejected on this basis.
When a PKIXParameters
object is created, this flag is set to true. This setting reflects the most common (and simplest) strategy for processing policy qualifiers. Applications that want to use a more sophisticated policy must set this flag to false.
Return | |
---|---|
Boolean |
the current value of the PolicyQualifiersRejected flag |
See Also
getSigProvider
open fun getSigProvider(): String!
Returns the signature provider's name, or null
if not set.
Return | |
---|---|
String! |
the signature provider's name (or null ) |
See Also
getTargetCertConstraints
open fun getTargetCertConstraints(): CertSelector!
Returns the required constraints on the target certificate. The constraints are returned as an instance of CertSelector
. If null
, no constraints are defined.
Note that the CertSelector
returned is cloned to protect against subsequent modifications.
Return | |
---|---|
CertSelector! |
a CertSelector specifying the constraints on the target certificate (or null ) |
See Also
getTrustAnchors
open fun getTrustAnchors(): MutableSet<TrustAnchor!>!
Returns an immutable Set
of the most-trusted CAs.
Return | |
---|---|
MutableSet<TrustAnchor!>! |
an immutable Set of TrustAnchor s (never null ) |
See Also
isAnyPolicyInhibited
open fun isAnyPolicyInhibited(): Boolean
Checks whether the any policy OID should be processed if it is included in a certificate.
Return | |
---|---|
Boolean |
true if the any policy OID is inhibited, false otherwise |
isExplicitPolicyRequired
open fun isExplicitPolicyRequired(): Boolean
Checks if explicit policy is required. If this flag is true, an acceptable policy needs to be explicitly identified in every certificate. By default, the ExplicitPolicyRequired flag is false.
Return | |
---|---|
Boolean |
true if explicit policy is required, false otherwise |
isPolicyMappingInhibited
open fun isPolicyMappingInhibited(): Boolean
Checks if policy mapping is inhibited. If this flag is true, policy mapping is inhibited. By default, policy mapping is not inhibited (the flag is false).
Return | |
---|---|
Boolean |
true if policy mapping is inhibited, false otherwise |
isRevocationEnabled
open fun isRevocationEnabled(): Boolean
Checks the RevocationEnabled flag. If this flag is true, the default revocation checking mechanism of the underlying PKIX service provider will be used. If this flag is false, the default revocation checking mechanism will be disabled (not used). See the setRevocationEnabled
method for more details on setting the value of this flag.
Return | |
---|---|
Boolean |
the current value of the RevocationEnabled flag |
setAnyPolicyInhibited
open fun setAnyPolicyInhibited(val: Boolean): Unit
Sets state to determine if the any policy OID should be processed if it is included in a certificate. By default, the any policy OID is not inhibited (isAnyPolicyInhibited()
returns false
).
Parameters | |
---|---|
val |
Boolean: true if the any policy OID is to be inhibited, false otherwise |
setCertPathCheckers
open fun setCertPathCheckers(checkers: MutableList<PKIXCertPathChecker!>!): Unit
Sets a List
of additional certification path checkers. If the specified List
contains an object that is not a PKIXCertPathChecker
, it is ignored.
Each PKIXCertPathChecker
specified implements additional checks on a certificate. Typically, these are checks to process and verify private extensions contained in certificates. Each PKIXCertPathChecker
should be instantiated with any initialization parameters needed to execute the check.
This method allows sophisticated applications to extend a PKIX CertPathValidator
or CertPathBuilder
. Each of the specified PKIXCertPathChecker
s will be called, in turn, by a PKIX CertPathValidator
or CertPathBuilder
for each certificate processed or validated.
Regardless of whether these additional PKIXCertPathChecker
s are set, a PKIX CertPathValidator
or CertPathBuilder
must perform all of the required PKIX checks on each certificate. The one exception to this rule is if the RevocationEnabled flag is set to false (see the setRevocationEnabled
method).
Note that the List
supplied here is copied and each PKIXCertPathChecker
in the list is cloned to protect against subsequent modifications.
Parameters | |
---|---|
checkers |
MutableList<PKIXCertPathChecker!>!: a List of PKIXCertPathChecker s. May be null , in which case no additional checkers will be used. |
Exceptions | |
---|---|
java.lang.ClassCastException |
if any of the elements in the list are not of type java.security.cert.PKIXCertPathChecker |
See Also
setCertStores
open fun setCertStores(stores: MutableList<CertStore!>!): Unit
Sets the list of CertStore
s to be used in finding certificates and CRLs. May be null
, in which case no CertStore
s will be used. The first CertStore
s in the list may be preferred to those that appear later.
Note that the List
is copied to protect against subsequent modifications.
Parameters | |
---|---|
stores |
MutableList<CertStore!>!: a List of CertStore s (or null ) |
Exceptions | |
---|---|
java.lang.ClassCastException |
if any of the elements in the list are not of type java.security.cert.CertStore |
See Also
setDate
open fun setDate(date: Date!): Unit
Sets the time for which the validity of the certification path should be determined. If null
, the current time is used.
Note that the Date
supplied here is copied to protect against subsequent modifications.
Parameters | |
---|---|
date |
Date!: the Date , or null for the current time |
See Also
setExplicitPolicyRequired
open fun setExplicitPolicyRequired(val: Boolean): Unit
Sets the ExplicitPolicyRequired flag. If this flag is true, an acceptable policy needs to be explicitly identified in every certificate. By default, the ExplicitPolicyRequired flag is false.
Parameters | |
---|---|
val |
Boolean: true if explicit policy is to be required, false otherwise |
setInitialPolicies
open fun setInitialPolicies(initialPolicies: MutableSet<String!>!): Unit
Sets the Set
of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing. By default, any policy is acceptable (i.e. all policies), so a user that wants to allow any policy as acceptable does not need to call this method, or can call it with an empty Set
(or null
).
Note that the Set
is copied to protect against subsequent modifications.
Parameters | |
---|---|
initialPolicies |
MutableSet<String!>!: a Set of initial policy OIDs in String format (or null ) |
Exceptions | |
---|---|
java.lang.ClassCastException |
if any of the elements in the set are not of type String |
See Also
setPolicyMappingInhibited
open fun setPolicyMappingInhibited(val: Boolean): Unit
Sets the PolicyMappingInhibited flag. If this flag is true, policy mapping is inhibited. By default, policy mapping is not inhibited (the flag is false).
Parameters | |
---|---|
val |
Boolean: true if policy mapping is to be inhibited, false otherwise |
setPolicyQualifiersRejected
open fun setPolicyQualifiersRejected(qualifiersRejected: Boolean): Unit
Sets the PolicyQualifiersRejected flag. If this flag is true, certificates that include policy qualifiers in a certificate policies extension that is marked critical are rejected. If the flag is false, certificates are not rejected on this basis.
When a PKIXParameters
object is created, this flag is set to true. This setting reflects the most common (and simplest) strategy for processing policy qualifiers. Applications that want to use a more sophisticated policy must set this flag to false.
Note that the PKIX certification path validation algorithm specifies that any policy qualifier in a certificate policies extension that is marked critical must be processed and validated. Otherwise the certification path must be rejected. If the policyQualifiersRejected flag is set to false, it is up to the application to validate all policy qualifiers in this manner in order to be PKIX compliant.
Parameters | |
---|---|
qualifiersRejected |
Boolean: the new value of the PolicyQualifiersRejected flag |
setRevocationEnabled
open fun setRevocationEnabled(val: Boolean): Unit
Sets the RevocationEnabled flag. If this flag is true, the default revocation checking mechanism of the underlying PKIX service provider will be used. If this flag is false, the default revocation checking mechanism will be disabled (not used).
When a PKIXParameters
object is created, this flag is set to true. This setting reflects the most common strategy for checking revocation, since each service provider must support revocation checking to be PKIX compliant. Sophisticated applications should set this flag to false when it is not practical to use a PKIX service provider's default revocation checking mechanism or when an alternative revocation checking mechanism is to be substituted (by also calling the addCertPathChecker
or setCertPathCheckers
methods).
Parameters | |
---|---|
val |
Boolean: the new value of the RevocationEnabled flag |
setSigProvider
open fun setSigProvider(sigProvider: String!): Unit
Sets the signature provider's name. The specified provider will be preferred when creating Signature
objects. If null
or not set, the first provider found supporting the algorithm will be used.
Parameters | |
---|---|
sigProvider |
String!: the signature provider's name (or null ) |
See Also
setTargetCertConstraints
open fun setTargetCertConstraints(selector: CertSelector!): Unit
Sets the required constraints on the target certificate. The constraints are specified as an instance of CertSelector
. If null
, no constraints are defined.
Note that the CertSelector
specified is cloned to protect against subsequent modifications.
Parameters | |
---|---|
selector |
CertSelector!: a CertSelector specifying the constraints on the target certificate (or null ) |
See Also
setTrustAnchors
open fun setTrustAnchors(trustAnchors: MutableSet<TrustAnchor!>!): Unit
Sets the Set
of most-trusted CAs.
Note that the Set
is copied to protect against subsequent modifications.
Parameters | |
---|---|
trustAnchors |
MutableSet<TrustAnchor!>!: a Set of TrustAnchor s |
Exceptions | |
---|---|
java.security.InvalidAlgorithmParameterException |
if the specified Set is empty (trustAnchors.isEmpty() == true) |
java.lang.NullPointerException |
if the specified Set is null |
java.lang.ClassCastException |
if any of the elements in the set are not of type java.security.cert.TrustAnchor |
See Also
toString
open fun toString(): String
Returns a formatted string describing the parameters.
Return | |
---|---|
String |
a formatted string describing the parameters. |