|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectjava.security.cert.PKIXCertPathChecker
public abstract class PKIXCertPathChecker
A validator for X.509 certificates when approving certificate chains.
Concrete subclasses can be passed to the PKIXParameters.setCertPathCheckers(java.util.List)
and PKIXParameters.addCertPathChecker(java.security.cert.PKIXCertPathChecker)
methods, which are then used to set up PKIX certificate chain
builders or validators. These classes then call the check(java.security.cert.Certificate,java.util.Collection)
method
of this class, performing whatever checks on the certificate,
throwing an exception if any check fails.
Subclasses of this must be able to perform their checks in the backward direction -- from the most-trusted certificate to the target -- and may optionally support forward checking -- from the target to the most-trusted certificate.
PKIXParameters
Constructor Summary | |
---|---|
protected |
PKIXCertPathChecker()
Default constructor. |
Method Summary | |
---|---|
abstract void |
check(Certificate cert,
Collection<String> unresolvedCritExts)
Checks a certificate, removing any critical extensions that are resolved in this check. |
Object |
clone()
This method may be called to create a new copy of the Object. |
abstract Set<String> |
getSupportedExtensions()
Returns an immutable set of X.509 extension object identifiers (OIDs) supported by this PKIXCertPathChecker. |
abstract void |
init(boolean forward)
Initialize this PKIXCertPathChecker. |
abstract boolean |
isForwardCheckingSupported()
Returns whether or not this class supports forward checking. |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
protected PKIXCertPathChecker()
Method Detail |
---|
public Object clone()
Object
o == o.clone()
is falseo.getClass() == o.clone().getClass()
is trueo.equals(o)
is trueHowever, these are not strict requirements, and may
be violated if necessary. Of the three requirements, the
last is the most commonly violated, particularly if the
subclass does not override Object.equals(Object)
.
If the Object you call clone() on does not implement
Cloneable
(which is a placeholder interface), then
a CloneNotSupportedException is thrown. Notice that
Object does not implement Cloneable; this method exists
as a convenience for subclasses that do.
Object's implementation of clone allocates space for the new Object using the correct class, without calling any constructors, and then fills in all of the new field values with the old field values. Thus, it is a shallow copy. However, subclasses are permitted to make a deep copy.
All array types implement Cloneable, and override
this method as follows (it should never fail):
public Object clone() { try { super.clone(); } catch (CloneNotSupportedException e) { throw new InternalError(e.getMessage()); } }
clone
in class Object
Cloneable
public abstract void init(boolean forward) throws CertPathValidatorException
forward
- The direction of this PKIXCertPathChecker.
CertPathValidatorException
- If forward is true and
this class does not support forward checking.public abstract boolean isForwardCheckingSupported()
public abstract Set<String> getSupportedExtensions()
public abstract void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException
cert
- The certificate to check.unresolvedCritExts
- The (mutable) collection of as-of-yet
unresolved critical extensions, as OID strings.
CertPathValidatorException
- If this certificate fails this
check.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |