Top Description Fields Constructors Methods
sun.security.provider.certpath

public final Class SunCertPathBuilder

extends CertPathBuilderSpi
Class Inheritance
Imports
java.io.IOException, java.security.GeneralSecurityException, .InvalidAlgorithmParameterException, .PublicKey, java.security.cert.*, .CertPathValidatorException.BasicReason, .PKIXReason, java.util.ArrayList, .Arrays, .Collection, .Collections, .List, .LinkedList, .Set, javax.security.auth.x500.X500Principal, sun.security.provider.certpath.PKIX.BuilderParams, sun.security.x509.SubjectAlternativeNameExtension, .X509CertImpl, sun.security.util.Debug
This class builds certification paths in the forward direction.

If successful, it returns a certification path which has successfully satisfied all the constraints and requirements specified in the PKIXBuilderParameters object and has been validated according to the PKIX path validation algorithm defined in RFC 5280.

This implementation uses a depth-first search approach to finding certification paths. If it comes to a point in which it cannot find any more certificates leading to the target OR the path length is too long it backtracks to previous paths until the target has been found or all possible paths have been exhausted.

This implementation is not thread-safe.

Authors
Sean Mullan, Yassir Elley
Since
1.4

Field Summary

Modifier and TypeField and Description
private PKIX.BuilderParams
buildParams

private final CertificateFactory
cf

private static final Debug
debug

private PublicKey
finalPublicKey

private boolean
pathCompleted

private PolicyNode
policyTreeResult

private TrustAnchor
trustAnchor

Constructor Summary

AccessConstructor and Description
public
SunCertPathBuilder()

Create an instance of SunCertPathBuilder.

Method Summary

Modifier and TypeMethod and Description
private static List<Vertex>
addVertices(Collection<X509Certificate> certs, List<List<Vertex>> adjList, List<X509Certificate> cpList)

private static boolean
altNamesEqual(X509Certificate currCert, X509Certificate nextCert)

Return true if two certificates have the same subject alternative names.

private static boolean
anchorIsTarget(TrustAnchor anchor, CertSelector sel)

Returns true if trust anchor certificate matches specified certificate constraints.

private PKIXCertPathBuilderResult
build()

private PKIXCertPathBuilderResult
buildCertPath(boolean searchAllCertStores, List<List<Vertex>> adjList)

private void
buildForward(List<List<Vertex>> adjacencyList, LinkedList<X509Certificate> certPathList, boolean searchAllCertStores)

private void
depthFirstSearchForward(X500Principal dN, ForwardState currentState, ForwardBuilder builder, List<List<Vertex>> adjList, LinkedList<X509Certificate> cpList)

public CertPathBuilderResult

Returns:

a certification path builder result.
engineBuild(CertPathParameters
the parameter set for building a path. Must be an instance of PKIXBuilderParameters.
params)

Implements abstract java.security.cert.CertPathBuilderSpi.engineBuild.

Attempts to build a certification path using the Sun build algorithm from a trusted anchor(s) to a target subject, which must both be specified in the input parameter set.
public CertPathChecker
engineGetRevocationChecker()

Overrides java.security.cert.CertPathBuilderSpi.engineGetRevocationChecker.

Returns a CertPathChecker that this implementation uses to check the revocation status of certificates.
private static boolean
repeated(X509Certificate currCert, X509Certificate nextCert)

Return true if two certificates are equal or have the same subject, public key, and subject alternative names.

Field Detail

buildParamsback to summary
private PKIX.BuilderParams buildParams
cfback to summary
private final CertificateFactory cf
debugback to summary
private static final Debug debug
finalPublicKeyback to summary
private PublicKey finalPublicKey
pathCompletedback to summary
private boolean pathCompleted
policyTreeResultback to summary
private PolicyNode policyTreeResult
trustAnchorback to summary
private TrustAnchor trustAnchor

Constructor Detail

SunCertPathBuilderback to summary
public SunCertPathBuilder() throws CertPathBuilderException

Create an instance of SunCertPathBuilder.

Exceptions
CertPathBuilderException:
if an error occurs

Method Detail

addVerticesback to summary
private static List<Vertex> addVertices(Collection<X509Certificate> certs, List<List<Vertex>> adjList, List<X509Certificate> cpList)
altNamesEqualback to summary
private static boolean altNamesEqual(X509Certificate currCert, X509Certificate nextCert)

Return true if two certificates have the same subject alternative names.

anchorIsTargetback to summary
private static boolean anchorIsTarget(TrustAnchor anchor, CertSelector sel)

Returns true if trust anchor certificate matches specified certificate constraints.

buildback to summary
private PKIXCertPathBuilderResult build() throws CertPathBuilderException
buildCertPathback to summary
private PKIXCertPathBuilderResult buildCertPath(boolean searchAllCertStores, List<List<Vertex>> adjList) throws CertPathBuilderException
buildForwardback to summary
private void buildForward(List<List<Vertex>> adjacencyList, LinkedList<X509Certificate> certPathList, boolean searchAllCertStores) throws GeneralSecurityException, IOException
depthFirstSearchForwardback to summary
private void depthFirstSearchForward(X500Principal dN, ForwardState currentState, ForwardBuilder builder, List<List<Vertex>> adjList, LinkedList<X509Certificate> cpList) throws GeneralSecurityException, IOException
engineBuildback to summary
public CertPathBuilderResult engineBuild(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException

Implements abstract java.security.cert.CertPathBuilderSpi.engineBuild.

Attempts to build a certification path using the Sun build algorithm from a trusted anchor(s) to a target subject, which must both be specified in the input parameter set. This method will attempt to build in the forward direction: from the target to the CA.

The certification path that is constructed is validated according to the PKIX specification.

Parameters
params:CertPathParameters

the parameter set for building a path. Must be an instance of PKIXBuilderParameters.

Returns:CertPathBuilderResult

a certification path builder result.

Annotations
@Override
Exceptions
CertPathBuilderException:
Exception thrown if builder is unable to build a complete certification path from the trusted anchor(s) to the target subject.
InvalidAlgorithmParameterException:
if the given parameters are inappropriate for this certification path builder.
engineGetRevocationCheckerback to summary
public CertPathChecker engineGetRevocationChecker()

Overrides java.security.cert.CertPathBuilderSpi.engineGetRevocationChecker.

Doc from java.security.cert.CertPathBuilderSpi.engineGetRevocationChecker.

Returns a CertPathChecker that this implementation uses to check the revocation status of certificates. A PKIX implementation returns objects of type PKIXRevocationChecker.

The primary purpose of this method is to allow callers to specify additional input parameters and options specific to revocation checking. See the class description of CertPathBuilder for an example.

This method was added to version 1.8 of the Java Platform Standard Edition. In order to maintain backwards compatibility with existing service providers, this method cannot be abstract and by default throws an UnsupportedOperationException.

Returns:CertPathChecker

a CertPathChecker that this implementation uses to check the revocation status of certificates

Annotations
@Override
repeatedback to summary
private static boolean repeated(X509Certificate currCert, X509Certificate nextCert)

Return true if two certificates are equal or have the same subject, public key, and subject alternative names.