public abstract class PKIXCertPathChecker extends Object implements Cloneable
Concrete subclasses can be passed to the PKIXParameters.setCertPathCheckers(java.util.List)
and PKIXParameters#addCertPathChecker(java.security.cert.PKIXCertPathChecker
methods, which are then used to set up PKIX certificate chain
builders or validators. These classes then call the check(java.security.cert.Certificate,java.util.Collection)
method
of this class, performing whatever checks on the certificate,
throwing an exception if any check fails.
Subclasses of this must be able to perform their checks in the backward direction -- from the most-trusted certificate to the target -- and may optionally support forward checking -- from the target to the most-trusted certificate.
PKIXParameters
Modifier | Constructor and Description |
---|---|
protected |
PKIXCertPathChecker()
Default constructor.
|
Modifier and Type | Method and Description |
---|---|
abstract void |
check(Certificate cert,
Collection unresolvedCritExts)
Checks a certificate, removing any critical extensions that are
resolved in this check.
|
Object |
clone()
Default clone() method performs a "shallow" cloning of the instance.
|
abstract Set |
getSupportedExtensions()
Returns an immutable set of X.509 extension object identifiers (OIDs)
supported by this PKIXCertPathChecker.
|
abstract void |
init(boolean forward)
Initialize this PKIXCertPathChecker.
|
abstract boolean |
isForwardCheckingSupported()
Returns whether or not this class supports forward checking.
|
public Object clone()
Object
public abstract void init(boolean forward) throws CertPathValidatorException
forward
- The direction of this PKIXCertPathChecker.CertPathValidatorException
- If forward is true and
this class does not support forward checking.public abstract boolean isForwardCheckingSupported()
public abstract Set getSupportedExtensions()
public abstract void check(Certificate cert, Collection unresolvedCritExts) throws CertPathValidatorException
cert
- The certificate to check.unresolvedCritExts
- The (mutable) collection of as-of-yet
unresolved critical extensions, as OID strings.CertPathValidatorException
- If this certificate fails this
check.