public abstract class

PKIXCertPathChecker

extends Object
implements Cloneable
java.lang.Object
   ↳ java.security.cert.PKIXCertPathChecker

Class Overview

The class specifying the interface to extend the certification path validation algorithm by checks to perform on an X509Certificate.

The checks are added to a certification path validation using the setCertPathCheckers or addCertPathChecker of the PKIXParameters and PKIXBuilderParameters class respectively. The check method will be called for each certificate processed by a CertPathBuilder of CertPathValidator.

A PKIXCertPathChecker implementation must support reverse checking (from trusted CA to target) and may support forward checking (from target to trusted CA). The return value of isForwardCheckingSupported indicates whether forward checking is supported.

Summary

Protected Constructors
PKIXCertPathChecker()
Creates a new PKIXCertPathChecker instance.
Public Methods
abstract void check(Certificate cert, Collection<String> unresolvedCritExts)
Checks the specified certificate and removes the processed critical extensions from the specified list of X.509 extension OIDs.
Object clone()
Clones this PKIXCertPathChecker instance.
abstract Set<String> getSupportedExtensions()
Returns the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process.
abstract void init(boolean forward)
Initializes this PKIXCertPathChecker instance for specified checking direction.
abstract boolean isForwardCheckingSupported()
Returns whether this PKIXCertPathChecker instance supports forward checking.
[Expand]
Inherited Methods
From class java.lang.Object

Protected Constructors

protected PKIXCertPathChecker ()

Creates a new PKIXCertPathChecker instance.

Public Methods

public abstract void check (Certificate cert, Collection<String> unresolvedCritExts)

Checks the specified certificate and removes the processed critical extensions from the specified list of X.509 extension OIDs.

Parameters
cert the certificate.
unresolvedCritExts the list of critical X.509 extension OID strings.
Throws
CertPathValidatorException if check(s) fail on the specified certificate.

public Object clone ()

Clones this PKIXCertPathChecker instance.

Returns
  • the cloned instance.

public abstract Set<String> getSupportedExtensions ()

Returns the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process.

Returns
  • the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process, or null if there are none.

public abstract void init (boolean forward)

Initializes this PKIXCertPathChecker instance for specified checking direction.

Parameters
forward the direction of the certification path processing, true if the certificates are processed in forward direction (from target to trusted CA), false if processed in reverse direction (from trusted CA to target).
Throws
CertPathValidatorException if initialization of this PKIXCertPathChecker instance fails, or if it cannot process certificates in the specified order.

public abstract boolean isForwardCheckingSupported ()

Returns whether this PKIXCertPathChecker instance supports forward checking.

Returns
  • true if this PKIXCertPathChecker instance supports forward checking, otherwise false.