Package java.security.cert

Class PKIXCertPathChecker

  • All Implemented Interfaces:
    Cloneable
    public abstract class PKIXCertPathChecker
extends Object
implements Cloneable
    The class specifying the interface to extend the certification path validation algorithm by checks to perform on an X509Certificate.

    The checks are added to a certification path validation using the setCertPathCheckers or addCertPathChecker of the PKIXParameters and PKIXBuilderParameters class respectively. The check method will be called for each certificate processed by a CertPathBuilder of CertPathValidator.

    A PKIXCertPathChecker implementation must support reverse checking (from trusted CA to target) and may support forward checking (from target to trusted CA). The return value of isForwardCheckingSupported indicates whether forward checking is supported.

    • Constructor Detail

      • PKIXCertPathChecker

        protected PKIXCertPathChecker()
        Creates a new PKIXCertPathChecker instance.

    • Method Detail

      • clone

        public Object clone()
        Clones this PKIXCertPathChecker instance.
        Overrides:
        clone in class Object
        Returns:
        the cloned instance.

      • init

        public abstract void init​(boolean forward)
                   throws CertPathValidatorException
        Initializes this PKIXCertPathChecker instance for specified checking direction.
        Parameters:
        forward - the direction of the certification path processing, true if the certificates are processed in forward direction (from target to trusted CA), false if processed in reverse direction (from trusted CA to target).
        Throws:
        CertPathValidatorException - if initialization of this PKIXCertPathChecker instance fails, or if it cannot process certificates in the specified order.

      • isForwardCheckingSupported

        public abstract boolean isForwardCheckingSupported()
        Returns whether this PKIXCertPathChecker instance supports forward checking.
        Returns:
        true if this PKIXCertPathChecker instance supports forward checking, otherwise false.

      • getSupportedExtensions

        public abstract Set<String> getSupportedExtensions()
        Returns the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process.
        Returns:
        the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process, or null if there are none.

      • check

        public abstract void check​(Certificate cert,
                           Collection<String> unresolvedCritExts)
                    throws CertPathValidatorException
        Checks the specified certificate and removes the processed critical extensions from the specified list of X.509 extension OIDs.
        Parameters:
        cert - the certificate.
        unresolvedCritExts - the list of critical X.509 extension OID strings.
        Throws:
        CertPathValidatorException - if check(s) fail on the specified certificate.