If successful, it returns a certification path which has successfully satisfied all the constraints and requirements specified in the PKIXBuilderParameters object and has been validated according to the PKIX path validation algorithm defined in RFC 5280.
This implementation uses a depth-first search approach to finding certification paths. If it comes to a point in which it cannot find any more certificates leading to the target OR the path length is too long it backtracks to previous paths until the target has been found or all possible paths have been exhausted.
This implementation is not thread-safe.
Modifier and Type | Field and Description |
---|---|
private PKIX. | |
private final CertificateFactory | |
private static final Debug | |
private PublicKey | |
private boolean | |
private PolicyNode | |
private TrustAnchor |
Access | Constructor and Description |
---|---|
public |
Modifier and Type | Method and Description |
---|---|
private static List | addVertices(Collection<X509Certificate> certs, List<List<Vertex>> adjList, List<X509Certificate> cpList)
|
private static boolean | altNamesEqual(X509Certificate currCert, X509Certificate nextCert)
Return true if two certificates have the same subject alternative names. |
private static boolean | anchorIsTarget(TrustAnchor anchor, CertSelector sel)
Returns true if trust anchor certificate matches specified certificate constraints. |
private PKIXCertPathBuilderResult | |
private PKIXCertPathBuilderResult | |
private void | buildForward(List<List<Vertex>> adjacencyList, LinkedList<X509Certificate> certPathList, boolean searchAllCertStores)
|
private void | depthFirstSearchForward(X500Principal dN, ForwardState currentState, ForwardBuilder builder, List<List<Vertex>> adjList, LinkedList<X509Certificate> cpList)
|
public CertPathBuilderResult | Returns: a certification path builder result.the parameter set for building a path. Must be an instance
of params)PKIXBuilderParameters .Implements abstract java. |
public CertPathChecker | engineGetRevocationChecker()
Overrides java. CertPathChecker that this implementation uses to
check the revocation status of certificates.
|
private static boolean | repeated(X509Certificate currCert, X509Certificate nextCert)
Return true if two certificates are equal or have the same subject, public key, and subject alternative names. |
buildParams | back to summary |
---|---|
private PKIX. |
cf | back to summary |
---|---|
private final CertificateFactory cf |
debug | back to summary |
---|---|
private static final Debug debug |
finalPublicKey | back to summary |
---|---|
private PublicKey finalPublicKey |
pathCompleted | back to summary |
---|---|
private boolean pathCompleted |
policyTreeResult | back to summary |
---|---|
private PolicyNode policyTreeResult |
trustAnchor | back to summary |
---|---|
private TrustAnchor trustAnchor |
SunCertPathBuilder | back to summary |
---|---|
public SunCertPathBuilder() throws CertPathBuilderException Create an instance of
|
addVertices | back to summary |
---|---|
private static List |
altNamesEqual | back to summary |
---|---|
private static boolean altNamesEqual(X509Certificate currCert, X509Certificate nextCert) Return true if two certificates have the same subject alternative names. |
anchorIsTarget | back to summary |
---|---|
private static boolean anchorIsTarget(TrustAnchor anchor, CertSelector sel) Returns true if trust anchor certificate matches specified certificate constraints. |
build | back to summary |
---|---|
private PKIXCertPathBuilderResult build() throws CertPathBuilderException |
buildCertPath | back to summary |
---|---|
private PKIXCertPathBuilderResult buildCertPath(boolean searchAllCertStores, List<List<Vertex>> adjList) throws CertPathBuilderException |
buildForward | back to summary |
---|---|
private void buildForward(List<List<Vertex>> adjacencyList, LinkedList<X509Certificate> certPathList, boolean searchAllCertStores) throws GeneralSecurityException, IOException |
depthFirstSearchForward | back to summary |
---|---|
private void depthFirstSearchForward(X500Principal dN, ForwardState currentState, ForwardBuilder builder, List<List<Vertex>> adjList, LinkedList<X509Certificate> cpList) throws GeneralSecurityException, IOException |
engineBuild | back to summary |
---|---|
public CertPathBuilderResult engineBuild(CertPathParameters params) throws CertPathBuilderException, InvalidAlgorithmParameterException Implements abstract java. Attempts to build a certification path using the Sun build algorithm from a trusted anchor(s) to a target subject, which must both be specified in the input parameter set. This method will attempt to build in the forward direction: from the target to the CA. The certification path that is constructed is validated according to the PKIX specification.
|
engineGetRevocationChecker | back to summary |
---|---|
public CertPathChecker engineGetRevocationChecker() Overrides java. Doc from java. Returns a The primary purpose of this method is to allow callers to specify
additional input parameters and options specific to revocation checking.
See the class description of This method was added to version 1.8 of the Java Platform Standard
Edition. In order to maintain backwards compatibility with existing
service providers, this method cannot be abstract and by default throws
an
|
repeated | back to summary |
---|---|
private static boolean repeated(X509Certificate currCert, X509Certificate nextCert) Return true if two certificates are equal or have the same subject, public key, and subject alternative names. |