java.security.cert
Class PKIXCertPathChecker
- Cloneable
A validator for X.509 certificates when approving certificate chains.
Concrete subclasses can be passed to the
PKIXParameters.setCertPathCheckers(java.util.List) and
PKIXParameters.addCertPathChecker(PKIXCertPathChecker)
methods, which are then used to set up PKIX certificate chain
builders or validators. These classes then call the
check(java.security.cert.Certificate,java.util.Collection) method
of this class, performing whatever checks on the certificate,
throwing an exception if any check fails.
Subclasses of this must be able to perform their checks in the
backward direction -- from the most-trusted certificate to the target
-- and may optionally support forward checking -- from the target to
the most-trusted certificate.
abstract void | check(Certificate cert, Collection unresolvedCritExts)- Checks a certificate, removing any critical extensions that are
resolved in this check.
|
Object | clone()- This method may be called to create a new copy of the
Object.
|
abstract Set | getSupportedExtensions()- Returns an immutable set of X.509 extension object identifiers (OIDs)
supported by this PKIXCertPathChecker.
|
abstract void | init(boolean forward)- Initialize this PKIXCertPathChecker.
|
abstract boolean | isForwardCheckingSupported()- Returns whether or not this class supports forward checking.
|
clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait |
check
public abstract void check(Certificate cert,
Collection unresolvedCritExts)
throws CertPathValidatorException Checks a certificate, removing any critical extensions that are
resolved in this check.
cert - The certificate to check.unresolvedCritExts - The (mutable) collection of as-of-yet
unresolved critical extensions, as OID strings.
clone
public Object clone()
This method may be called to create a new copy of the
Object. The typical behavior is as follows:
o == o.clone() is falseo.getClass() == o.clone().getClass()
is trueo.equals(o) is true
However, these are not strict requirements, and may
be violated if necessary. Of the three requirements, the
last is the most commonly violated, particularly if the
subclass does not override
Object.equals(Object).
If the Object you call clone() on does not implement
Cloneable (which is a placeholder interface), then
a CloneNotSupportedException is thrown. Notice that
Object does not implement Cloneable; this method exists
as a convenience for subclasses that do.
Object's implementation of clone allocates space for the
new Object using the correct class, without calling any
constructors, and then fills in all of the new field values
with the old field values. Thus, it is a shallow copy.
However, subclasses are permitted to make a deep copy.
All array types implement Cloneable, and override
this method as follows (it should never fail):
public Object clone()
{
try
{
super.clone();
}
catch (CloneNotSupportedException e)
{
throw new InternalError(e.getMessage());
}
}
- clone in interface Object
getSupportedExtensions
public abstract Set getSupportedExtensions()
Returns an immutable set of X.509 extension object identifiers (OIDs)
supported by this PKIXCertPathChecker.
- An immutable set of Strings of the supported X.509 OIDs, or
null if no extensions are supported.
init
public abstract void init(boolean forward)
throws CertPathValidatorException Initialize this PKIXCertPathChecker. If subclasses support forward
checking, a value of true can be passed to this method, and
certificates can be validated from the target certificate to the
most-trusted certifcate.
forward - The direction of this PKIXCertPathChecker.
isForwardCheckingSupported
public abstract boolean isForwardCheckingSupported()
Returns whether or not this class supports forward checking.
- Whether or not this class supports forward checking.
PKIXCertPathChecker.java -- checks X.509 certificate paths.
Copyright (C) 2003 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version.