OpenJDK 1.23 · sun.security.provider.certpath.KeyChecker

Modifier and Type	Field and Description
private final int	certPathLen
private static final Debug	debug
private static final int	KEY_CERT_SIGN
private int	remainingCerts
private Set<String>	supportedExts
private final CertSelector	targetConstraints

Access	Constructor and Description
pack-priv	KeyChecker(int allowable cert path length certPathLen, CertSelector a CertSelector object specifying the constraints on the target certificate targetCertSel) Creates a KeyChecker.

Method Summary

Modifier and Type	Method and Description
public void	check(Certificate the Certificate cert, Collection<String> the unresolved critical extensions unresCritExts) Implements abstract java.security.cert.PKIXCertPathChecker.check. Checks that keyUsage and target constraints are satisfied by the specified certificate.
public Set<String>	getSupportedExtensions() Implements abstract java.security.cert.PKIXCertPathChecker.getSupportedExtensions. Returns an immutable `Set` of X.509 certificate extensions that this `PKIXCertPathChecker` supports (i.e. recognizes, is able to process), or `null` if no extensions are supported.
public void	init(boolean the order that certificates are presented to the `check` method. If `true`, certificates are presented from target to most-trusted CA (forward); if `false`, from most-trusted CA to target (reverse). forward) Implements abstract java.security.cert.PKIXCertPathChecker.init. Implements java.security.cert.CertPathChecker.init. Initializes the internal state of the checker from parameters specified in the constructor
public boolean	isForwardCheckingSupported() Implements abstract java.security.cert.PKIXCertPathChecker.isForwardCheckingSupported. Implements java.security.cert.CertPathChecker.isForwardCheckingSupported. Indicates if forward checking is supported.
pack-priv static void	verifyCAKeyUsage(X509Certificate cert) Verifies the key usage extension in a CA cert.

Inherited from java.security.cert.PKIXCertPathChecker:: check clone

certPathLen	back to summary
private final int certPathLen

debug	back to summary
private static final Debug debug

KEY_CERT_SIGN	back to summary
private static final int KEY_CERT_SIGN

remainingCerts	back to summary
private int remainingCerts

supportedExts	back to summary
private Set<String> supportedExts

targetConstraints	back to summary
private final CertSelector targetConstraints

KeyChecker	back to summary
pack-priv KeyChecker(int certPathLen, CertSelector targetCertSel) Creates a KeyChecker. Parameters certPathLen:int allowable cert path length targetCertSel:CertSelector a CertSelector object specifying the constraints on the target certificate

Method Detail

check	back to summary
public void check(Certificate cert, Collection<String> unresCritExts) throws CertPathValidatorException Implements abstract java.security.cert.PKIXCertPathChecker.check. Checks that keyUsage and target constraints are satisfied by the specified certificate. Parameters cert:Certificate the Certificate unresCritExts:Collection<String> the unresolved critical extensions Annotations @Override Exceptions CertPathValidatorException: if certificate does not verify

check

back to summary

public void check(Certificate cert, Collection<String> unresCritExts) throws CertPathValidatorException

Implements abstract java.security.cert.PKIXCertPathChecker.check.

Checks that keyUsage and target constraints are satisfied by the specified certificate.

Parameters

cert:Certificate: the Certificate
unresCritExts:Collection<String>: the unresolved critical extensions

Annotations

@Override

Exceptions

CertPathValidatorException:: if certificate does not verify

getSupportedExtensions back to summary

getSupportedExtensions	back to summary
public Set<String> getSupportedExtensions() Implements abstract java.security.cert.PKIXCertPathChecker.getSupportedExtensions. Doc from java.security.cert.PKIXCertPathChecker.getSupportedExtensions. Returns an immutable `Set` of X.509 certificate extensions that this `PKIXCertPathChecker` supports (i.e. recognizes, is able to process), or `null` if no extensions are supported. Each element of the set is a `String` representing the Object Identifier (OID) of the X.509 extension that is supported. The OID is represented by a set of nonnegative integers separated by periods. All X.509 certificate extensions that a `PKIXCertPathChecker` might possibly be able to process should be included in the set. Returns:Set<String> an immutable `Set` of X.509 extension OIDs (in `String` format) supported by this `PKIXCertPathChecker`, or `null` if no extensions are supported Annotations @Override

public Set<String> getSupportedExtensions()

Implements abstract java.security.cert.PKIXCertPathChecker.getSupportedExtensions.

Doc from java.security.cert.PKIXCertPathChecker.getSupportedExtensions.

Returns an immutable Set of X.509 certificate extensions that this PKIXCertPathChecker supports (i.e. recognizes, is able to process), or null if no extensions are supported.

Each element of the set is a String representing the Object Identifier (OID) of the X.509 extension that is supported. The OID is represented by a set of nonnegative integers separated by periods.

All X.509 certificate extensions that a PKIXCertPathChecker might possibly be able to process should be included in the set.

Returns:Set<String>

an immutable Set of X.509 extension OIDs (in String format) supported by this PKIXCertPathChecker, or null if no extensions are supported

Annotations

@Override

init back to summary

init	back to summary
public void init(boolean forward) throws CertPathValidatorException Implements abstract java.security.cert.PKIXCertPathChecker.init. Implements java.security.cert.CertPathChecker.init. Initializes the internal state of the checker from parameters specified in the constructor Parameters forward:boolean Doc from java.security.cert.PKIXCertPathChecker.init. the order that certificates are presented to the `check` method. If `true`, certificates are presented from target to most-trusted CA (forward); if `false`, from most-trusted CA to target (reverse). Annotations @Override Exceptions CertPathValidatorException: Doc from java.security.cert.PKIXCertPathChecker.init. if this `PKIXCertPathChecker` is unable to check certificates in the specified order; it should never be thrown if the forward flag is false since reverse checking must be supported

public void init(boolean forward) throws CertPathValidatorException

Implements abstract java.security.cert.PKIXCertPathChecker.init.

Implements java.security.cert.CertPathChecker.init.

Initializes the internal state of the checker from parameters specified in the constructor

Parameters

forward:boolean

Doc from java.security.cert.PKIXCertPathChecker.init.

the order that certificates are presented to the check method. If true, certificates are presented from target to most-trusted CA (forward); if false, from most-trusted CA to target (reverse).

Annotations

@Override

Exceptions

CertPathValidatorException:

Doc from java.security.cert.PKIXCertPathChecker.init.

if this PKIXCertPathChecker is unable to check certificates in the specified order; it should never be thrown if the forward flag is false since reverse checking must be supported

isForwardCheckingSupported back to summary

isForwardCheckingSupported	back to summary
public boolean isForwardCheckingSupported() Implements abstract java.security.cert.PKIXCertPathChecker.isForwardCheckingSupported. Implements java.security.cert.CertPathChecker.isForwardCheckingSupported. Doc from java.security.cert.PKIXCertPathChecker.isForwardCheckingSupported. Indicates if forward checking is supported. Forward checking refers to the ability of the `PKIXCertPathChecker` to perform its checks when certificates are presented to the `check` method in the forward direction (from target to most-trusted CA). Returns:boolean `true` if forward checking is supported, `false` otherwise Annotations @Override

public boolean isForwardCheckingSupported()

Implements abstract java.security.cert.PKIXCertPathChecker.isForwardCheckingSupported.

Implements java.security.cert.CertPathChecker.isForwardCheckingSupported.

Doc from java.security.cert.PKIXCertPathChecker.isForwardCheckingSupported.

Indicates if forward checking is supported. Forward checking refers to the ability of the PKIXCertPathChecker to perform its checks when certificates are presented to the check method in the forward direction (from target to most-trusted CA).

Returns:boolean

true if forward checking is supported, false otherwise

Annotations

@Override

verifyCAKeyUsage	back to summary
pack-priv static void verifyCAKeyUsage(X509Certificate cert) throws CertPathValidatorException Verifies the key usage extension in a CA cert. The key usage extension, if present, must assert the keyCertSign bit. The extended key usage extension is not checked (see CR 4776794 for more information).

pack-priv Class KeyChecker

Field Summary

Constructor Summary

Method Summary

Field Detail

Constructor Detail

Method Detail