|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.security.cert.PKIXParameters | +--java.security.cert.PKIXBuilderParameters
Parameters used as input for the PKIX CertPathBuilder
algorithm.
A PKIX CertPathBuilder
uses these parameters to build
a CertPath
which has been
validated according to the PKIX certification path validation algorithm.
To instantiate a PKIXBuilderParameters
object, an
application must specify the most-trusted CA as defined by
the PKIX certification path validation algorithm. The most-trusted CA
can be specified using one of several constructors. First, an application
can call either PKIXBuilderParameters(PublicKey, String, CertSelector)
or
PKIXBuilderParameters(PublicKey, String, boolean[], CertSelector)
,
specifying the public key, distinguished name, and optionally the subject
unique identifier of the most-trusted CA. Alternatively, if more than
one CA is trusted, an application can call PKIXBuilderParameters(Set, CertSelector)
, specifying a
Set
of trusted X509Certificate
s. Finally, an
application can call PKIXBuilderParameters(KeyStore, CertSelector)
, specifying a
KeyStore
instance containing trusted certificate entries, each
of which will be considered as a most-trusted CA.
In addition, an application must specify constraints on the target
certificate that the CertPathBuilder
will attempt
to build a path to. The constraints are specified as a
CertSelector
object. These constraints should provide the
CertPathBuilder
with enough search criteria to find the target
certificate. Minimal criteria for an X509Certificate
usually
include the subject name and/or one or more subject alternative names.
If enough criteria is not specified, the CertPathBuilder
may throw a CertPathBuilderException
.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
CertPathBuilder
Constructor Summary | |
PKIXBuilderParameters(KeyStore keystore,
CertSelector targetConstraints)
Creates an instance of PKIXBuilderParameters that
populates the set of most-trusted CA certificates from the trusted
certificate entries contained in the specified KeyStore . |
|
PKIXBuilderParameters(PublicKey pubKey,
String caName,
boolean[] uniqueID,
CertSelector targetConstraints)
Creates an instance of PKIXBuilderParameters with
the specified parameter values. |
|
PKIXBuilderParameters(PublicKey pubKey,
String caName,
CertSelector targetConstraints)
Creates an instance of PKIXBuilderParameters where the
most-trusted CA is specified as a public key and distinguished
name. |
|
PKIXBuilderParameters(Set trustedCerts,
CertSelector targetConstraints)
Creates an instance of PKIXBuilderParameters with
the specified Set of most-trusted CA certificate(s). |
Method Summary | |
boolean |
equals(Object other)
Compares this object for equality with the specified object. |
int |
getMaxPathLength()
Returns the value of the maximum number of CA certificates that may exist in a certification path. |
int |
hashCode()
Returns a hash code value for this object. |
void |
setMaxPathLength(int maxPathLength)
Sets the value of the maximum number of CA certificates that may exist in a certification path. |
String |
toString()
Returns a formatted string describing the parameters. |
Methods inherited from class java.lang.Object |
finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
public PKIXBuilderParameters(Set trustedCerts, CertSelector targetConstraints)
PKIXBuilderParameters
with
the specified Set
of most-trusted CA certificate(s).
Each element of the set is a trusted X509Certificate
.
Note that the Set
is copied to protect against
subsequent modifications.
trustedCerts
- a Set
of X509Certificate
stargetConstraints
- a CertSelector
specifying the
constraints on the target certificateClassCastException
- if any of the elements in the set
are not of type java.security.cert.X509Certificate
public PKIXBuilderParameters(KeyStore keystore, CertSelector targetConstraints) throws KeyStoreException
PKIXBuilderParameters
that
populates the set of most-trusted CA certificates from the trusted
certificate entries contained in the specified KeyStore
.
Only keystore entries that contain trusted X509Certificates
are considered; all other certificate types are ignored.keystore
- A KeyStore
from which the set of
most-trusted CA certificates will be populated.targetConstraints
- a CertSelector
specifying the
constraints on the target certificateKeyStoreException
- if the keystore has not been initializedNullPointerException
- if the keystore is null
public PKIXBuilderParameters(PublicKey pubKey, String caName, CertSelector targetConstraints) throws IOException
PKIXBuilderParameters
where the
most-trusted CA is specified as a public key and distinguished
name. The caName
parameter should contain an X.500
distinguished name in RFC 2253 String
format.pubKey
- the public key of the most-trusted CAcaName
- the X.500 distinguished name of the most-trusted CAtargetConstraints
- a CertSelector
specifying the
constraints on the target certificateIOException
- if an error occurs parsing the caName
public PKIXBuilderParameters(PublicKey pubKey, String caName, boolean[] uniqueID, CertSelector targetConstraints) throws IOException
PKIXBuilderParameters
with
the specified parameter values.pubKey
- the public key of the most-trusted CAcaName
- the distinguished name of the most-trusted CA in RFC 2253
String
formatuniqueID
- the unique identifier of the most-trusted CA. The array
is cloned to protect against subsequent modifications.targetConstraints
- a CertSelector
specifying the
constraints on the target certificateIOException
- if an error occurs parsing the caName
Method Detail |
public void setMaxPathLength(int maxPathLength) throws InvalidAlgorithmParameterException
CertPathBuilder
instance must not build
paths longer than the length specified.
A value of 0 implies that the path can only contain a single end-entity certificate. A value of -1 implies that the path length is unconstrained (i.e. there is no maximum). The default maximum path length, if not specified, is 5. Setting a value less than -1 will cause an exception to be thrown.
If any of the CA certificates contain the
BasicConstraintsExtension
, the value of the
pathLenConstraint
field of the extension overrides
the maximum path length parameter whenever the result is a
certification path of smaller length.
maxPathLength
- the maximum number of CA certificates
that may exist in a certification pathInvalidAlgorithmParameterException
- if the maximum path length
parameter is set to a value less than -1public int getMaxPathLength()
public boolean equals(Object other)
PKIXBuilderParameters
,
return false
. Otherwise, return true
if the
parameters of the objects are equal.equals
in class PKIXParameters
other
- the object to test for equalitytrue
if the objects are equal,
false
otherwisepublic int hashCode()
hashCode
in class PKIXParameters
public String toString()
toString
in class PKIXParameters
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |