OpenJDK 1.23 · sun.security.provider.certpath.PKIXExtendedParameters

Modifier and Type	Field and Description
private Timestamp	jarTimestamp
private final PKIXBuilderParameters	p
private final String	variant

Access	Constructor and Description
public	PKIXExtendedParameters(PKIXBuilderParameters params, Timestamp timestamp, String variant)

Method Summary

Modifier and Type	Method and Description
public void	addCertPathChecker(PKIXCertPathChecker a `PKIXCertPathChecker` to add to the list of checks. If `null`, the checker is ignored (not added to list). c) Overrides java.security.cert.PKIXParameters.addCertPathChecker. Adds a `PKIXCertPathChecker` to the list of certification path checkers.
public void	addCertStore(CertStore the `CertStore` to add. If `null`, the store is ignored (not added to list). store) Overrides java.security.cert.PKIXParameters.addCertStore. Adds a `CertStore` to the end of the list of `CertStore`s used in finding certificates and CRLs.
public List<PKIXCertPathChecker>	getCertPathCheckers() Overrides java.security.cert.PKIXParameters.getCertPathCheckers. Returns the `List` of certification path checkers.
public List<CertStore>	getCertStores() Overrides java.security.cert.PKIXParameters.getCertStores. Returns an immutable `List` of `CertStore`s that are used to find certificates and CRLs.
public Date	getDate() Overrides java.security.cert.PKIXParameters.getDate. Returns the time for which the validity of the certification path should be determined.
public Set<String>	getInitialPolicies() Overrides java.security.cert.PKIXParameters.getInitialPolicies. Returns an immutable `Set` of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing.
public int	getMaxPathLength() Overrides java.security.cert.PKIXBuilderParameters.getMaxPathLength. Returns the value of the maximum number of intermediate non-self-issued certificates that may exist in a certification path.
public boolean	getPolicyQualifiersRejected() Overrides java.security.cert.PKIXParameters.getPolicyQualifiersRejected. Gets the PolicyQualifiersRejected flag.
public String	getSigProvider() Overrides java.security.cert.PKIXParameters.getSigProvider. Returns the signature provider's name, or `null` if not set.
public CertSelector	getTargetCertConstraints() Overrides java.security.cert.PKIXParameters.getTargetCertConstraints. Returns the required constraints on the target certificate.
public Timestamp	getTimestamp()
public Set<TrustAnchor>	getTrustAnchors() Overrides java.security.cert.PKIXParameters.getTrustAnchors. Returns an immutable `Set` of the most-trusted CAs.
public String	getVariant()
public boolean	isAnyPolicyInhibited() Overrides java.security.cert.PKIXParameters.isAnyPolicyInhibited. Checks whether the any policy OID should be processed if it is included in a certificate.
public boolean	isExplicitPolicyRequired() Overrides java.security.cert.PKIXParameters.isExplicitPolicyRequired. Checks if explicit policy is required.
public boolean	isPolicyMappingInhibited() Overrides java.security.cert.PKIXParameters.isPolicyMappingInhibited. Checks if policy mapping is inhibited.
public boolean	isRevocationEnabled() Overrides java.security.cert.PKIXParameters.isRevocationEnabled. Checks the RevocationEnabled flag.
public void	setAnyPolicyInhibited(boolean `true` if the any policy OID is to be inhibited, `false` otherwise val) Overrides java.security.cert.PKIXParameters.setAnyPolicyInhibited. Sets state to determine if the any policy OID should be processed if it is included in a certificate.
public void	setCertPathCheckers(List<PKIXCertPathChecker> a `List` of `PKIXCertPathChecker`s. May be `null`, in which case no additional checkers will be used. checkers) Overrides java.security.cert.PKIXParameters.setCertPathCheckers. Sets a `List` of additional certification path checkers.
public void	setCertStores(List<CertStore> a `List` of `CertStore`s (or `null`) stores) Overrides java.security.cert.PKIXParameters.setCertStores. Sets the list of `CertStore`s to be used in finding certificates and CRLs.
public void	setDate(Date the `Date`, or `null` for the current time d) Overrides java.security.cert.PKIXParameters.setDate. Sets the time for which the validity of the certification path should be determined.
public void	setExplicitPolicyRequired(boolean `true` if explicit policy is to be required, `false` otherwise val) Overrides java.security.cert.PKIXParameters.setExplicitPolicyRequired. Sets the ExplicitPolicyRequired flag.
public void	setInitialPolicies(Set<String> a `Set` of initial policy OIDs in `String` format (or `null`) initialPolicies) Overrides java.security.cert.PKIXParameters.setInitialPolicies. Sets the `Set` of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing.
public void	setMaxPathLength(int the maximum number of non-self-issued intermediate certificates that may exist in a certification path maxPathLength) Overrides java.security.cert.PKIXBuilderParameters.setMaxPathLength. Sets the value of the maximum number of non-self-issued intermediate certificates that may exist in a certification path.
public void	setPolicyMappingInhibited(boolean `true` if policy mapping is to be inhibited, `false` otherwise val) Overrides java.security.cert.PKIXParameters.setPolicyMappingInhibited. Sets the PolicyMappingInhibited flag.
public void	setPolicyQualifiersRejected(boolean the new value of the PolicyQualifiersRejected flag qualifiersRejected) Overrides java.security.cert.PKIXParameters.setPolicyQualifiersRejected. Sets the PolicyQualifiersRejected flag.
public void	setRevocationEnabled(boolean the new value of the RevocationEnabled flag val) Overrides java.security.cert.PKIXParameters.setRevocationEnabled. Sets the RevocationEnabled flag.
public void	setSigProvider(String the signature provider's name (or `null`) sigProvider) Overrides java.security.cert.PKIXParameters.setSigProvider. Sets the signature provider's name.
public void	setTargetCertConstraints(CertSelector a `CertSelector` specifying the constraints on the target certificate (or `null`) selector) Overrides java.security.cert.PKIXParameters.setTargetCertConstraints. Sets the required constraints on the target certificate.
public void	setTimestamp(Timestamp t)
public void	setTrustAnchors(Set<TrustAnchor> a `Set` of `TrustAnchor`s trustAnchors) Overrides java.security.cert.PKIXParameters.setTrustAnchors. Sets the `Set` of most-trusted CAs.
public String	toString() Overrides java.security.cert.PKIXBuilderParameters.toString. Returns a formatted string describing the parameters.

jarTimestamp	back to summary
private Timestamp jarTimestamp

p	back to summary
private final PKIXBuilderParameters p

variant	back to summary
private final String variant

PKIXExtendedParameters	back to summary
public PKIXExtendedParameters(PKIXBuilderParameters params, Timestamp timestamp, String variant) throws InvalidAlgorithmParameterException

Method Detail

addCertPathChecker back to summary

addCertPathChecker	back to summary
public void addCertPathChecker(PKIXCertPathChecker c) Overrides java.security.cert.PKIXParameters.addCertPathChecker. Doc from java.security.cert.PKIXParameters.addCertPathChecker. Adds a `PKIXCertPathChecker` to the list of certification path checkers. See the `setCertPathCheckers` method for more details. Note that the `PKIXCertPathChecker` is cloned to protect against subsequent modifications. Parameters c:PKIXCertPathChecker a `PKIXCertPathChecker` to add to the list of checks. If `null`, the checker is ignored (not added to list). Annotations @Override

public void addCertPathChecker(PKIXCertPathChecker c)

Overrides java.security.cert.PKIXParameters.addCertPathChecker.

Doc from java.security.cert.PKIXParameters.addCertPathChecker.

Adds a PKIXCertPathChecker to the list of certification path checkers. See the setCertPathCheckers method for more details.

Note that the PKIXCertPathChecker is cloned to protect against subsequent modifications.

Parameters

c:PKIXCertPathChecker: a PKIXCertPathChecker to add to the list of checks. If null, the checker is ignored (not added to list).

Annotations

@Override

addCertStore back to summary

addCertStore	back to summary
public void addCertStore(CertStore store) Overrides java.security.cert.PKIXParameters.addCertStore. Doc from java.security.cert.PKIXParameters.addCertStore. Adds a `CertStore` to the end of the list of `CertStore`s used in finding certificates and CRLs. Parameters store:CertStore the `CertStore` to add. If `null`, the store is ignored (not added to list). Annotations @Override

public void addCertStore(CertStore store)

Overrides java.security.cert.PKIXParameters.addCertStore.

Doc from java.security.cert.PKIXParameters.addCertStore.

Adds a CertStore to the end of the list of CertStores used in finding certificates and CRLs.

Parameters

store:CertStore: the CertStore to add. If null, the store is ignored (not added to list).

Annotations

@Override

getCertPathCheckers back to summary

getCertPathCheckers	back to summary
public List<PKIXCertPathChecker> getCertPathCheckers() Overrides java.security.cert.PKIXParameters.getCertPathCheckers. Doc from java.security.cert.PKIXParameters.getCertPathCheckers. Returns the `List` of certification path checkers. The returned `List` is immutable, and each `PKIXCertPathChecker` in the `List` is cloned to protect against subsequent modifications. Returns:List<PKIXCertPathChecker> an immutable `List` of `PKIXCertPathChecker`s (may be empty, but not `null`) Annotations @Override

public List<PKIXCertPathChecker> getCertPathCheckers()

Overrides java.security.cert.PKIXParameters.getCertPathCheckers.

Doc from java.security.cert.PKIXParameters.getCertPathCheckers.

Returns the List of certification path checkers. The returned List is immutable, and each PKIXCertPathChecker in the List is cloned to protect against subsequent modifications.

Returns:List<PKIXCertPathChecker>

an immutable List of PKIXCertPathCheckers (may be empty, but not null)

Annotations

@Override

getCertStores back to summary

getCertStores	back to summary
public List<CertStore> getCertStores() Overrides java.security.cert.PKIXParameters.getCertStores. Doc from java.security.cert.PKIXParameters.getCertStores. Returns an immutable `List` of `CertStore`s that are used to find certificates and CRLs. Returns:List<CertStore> an immutable `List` of `CertStore`s (may be empty, but never `null`) Annotations @Override

public List<CertStore> getCertStores()

Overrides java.security.cert.PKIXParameters.getCertStores.

Doc from java.security.cert.PKIXParameters.getCertStores.

Returns an immutable List of CertStores that are used to find certificates and CRLs.

Returns:List<CertStore>

an immutable List of CertStores (may be empty, but never null)

Annotations

@Override

getDate back to summary

getDate	back to summary
public Date getDate() Overrides java.security.cert.PKIXParameters.getDate. Doc from java.security.cert.PKIXParameters.getDate. Returns the time for which the validity of the certification path should be determined. If `null`, the current time is used. Note that the `Date` returned is copied to protect against subsequent modifications. Returns:Date the `Date`, or `null` if not set Annotations @Override

public Date getDate()

Overrides java.security.cert.PKIXParameters.getDate.

Doc from java.security.cert.PKIXParameters.getDate.

Returns the time for which the validity of the certification path should be determined. If null, the current time is used.

Note that the Date returned is copied to protect against subsequent modifications.

Returns:Date

the Date, or null if not set

Annotations

@Override

getInitialPolicies back to summary

getInitialPolicies	back to summary
public Set<String> getInitialPolicies() Overrides java.security.cert.PKIXParameters.getInitialPolicies. Doc from java.security.cert.PKIXParameters.getInitialPolicies. Returns an immutable `Set` of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing. The default return value is an empty `Set`, which is interpreted as meaning that any policy would be acceptable. Returns:Set<String> an immutable `Set` of initial policy OIDs in `String` format, or an empty `Set` (implying any policy is acceptable). Never returns `null`. Annotations @Override

public Set<String> getInitialPolicies()

Overrides java.security.cert.PKIXParameters.getInitialPolicies.

Doc from java.security.cert.PKIXParameters.getInitialPolicies.

Returns an immutable Set of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing. The default return value is an empty Set, which is interpreted as meaning that any policy would be acceptable.

Returns:Set<String>

an immutable Set of initial policy OIDs in String format, or an empty Set (implying any policy is acceptable). Never returns null.

Annotations

@Override

getMaxPathLength back to summary

getMaxPathLength	back to summary
public int getMaxPathLength() Overrides java.security.cert.PKIXBuilderParameters.getMaxPathLength. Doc from java.security.cert.PKIXBuilderParameters.getMaxPathLength. Returns the value of the maximum number of intermediate non-self-issued certificates that may exist in a certification path. See the `setMaxPathLength` method for more details. Returns:int the maximum number of non-self-issued intermediate certificates that may exist in a certification path, or -1 if there is no limit Annotations @Override

public int getMaxPathLength()

Overrides java.security.cert.PKIXBuilderParameters.getMaxPathLength.

Doc from java.security.cert.PKIXBuilderParameters.getMaxPathLength.

Returns the value of the maximum number of intermediate non-self-issued certificates that may exist in a certification path. See the setMaxPathLength method for more details.

Returns:int

the maximum number of non-self-issued intermediate certificates that may exist in a certification path, or -1 if there is no limit

Annotations

@Override

getPolicyQualifiersRejected back to summary

getPolicyQualifiersRejected	back to summary
public boolean getPolicyQualifiersRejected() Overrides java.security.cert.PKIXParameters.getPolicyQualifiersRejected. Doc from java.security.cert.PKIXParameters.getPolicyQualifiersRejected. Gets the PolicyQualifiersRejected flag. If this flag is true, certificates that include policy qualifiers in a certificate policies extension that is marked critical are rejected. If the flag is false, certificates are not rejected on this basis. When a `PKIXParameters` object is created, this flag is set to true. This setting reflects the most common (and simplest) strategy for processing policy qualifiers. Applications that want to use a more sophisticated policy must set this flag to false. Returns:boolean the current value of the PolicyQualifiersRejected flag Annotations @Override

public boolean getPolicyQualifiersRejected()

Overrides java.security.cert.PKIXParameters.getPolicyQualifiersRejected.

Doc from java.security.cert.PKIXParameters.getPolicyQualifiersRejected.

Gets the PolicyQualifiersRejected flag. If this flag is true, certificates that include policy qualifiers in a certificate policies extension that is marked critical are rejected. If the flag is false, certificates are not rejected on this basis.

When a PKIXParameters object is created, this flag is set to true. This setting reflects the most common (and simplest) strategy for processing policy qualifiers. Applications that want to use a more sophisticated policy must set this flag to false.

Returns:boolean

the current value of the PolicyQualifiersRejected flag

Annotations

@Override

getSigProvider back to summary

getSigProvider	back to summary
public String getSigProvider() Overrides java.security.cert.PKIXParameters.getSigProvider. Doc from java.security.cert.PKIXParameters.getSigProvider. Returns the signature provider's name, or `null` if not set. Returns:String the signature provider's name (or `null`) Annotations @Override

public String getSigProvider()

Overrides java.security.cert.PKIXParameters.getSigProvider.

Doc from java.security.cert.PKIXParameters.getSigProvider.

Returns the signature provider's name, or null if not set.

Returns:String

the signature provider's name (or null)

Annotations

@Override

getTargetCertConstraints back to summary

getTargetCertConstraints	back to summary
public CertSelector getTargetCertConstraints() Overrides java.security.cert.PKIXParameters.getTargetCertConstraints. Doc from java.security.cert.PKIXParameters.getTargetCertConstraints. Returns the required constraints on the target certificate. The constraints are returned as an instance of `CertSelector`. If `null`, no constraints are defined. Note that the `CertSelector` returned is cloned to protect against subsequent modifications. Returns:CertSelector a `CertSelector` specifying the constraints on the target certificate (or `null`) Annotations @Override

public CertSelector getTargetCertConstraints()

Overrides java.security.cert.PKIXParameters.getTargetCertConstraints.

Doc from java.security.cert.PKIXParameters.getTargetCertConstraints.

Returns the required constraints on the target certificate. The constraints are returned as an instance of CertSelector. If null, no constraints are defined.

Note that the CertSelector returned is cloned to protect against subsequent modifications.

Returns:CertSelector

a CertSelector specifying the constraints on the target certificate (or null)

Annotations

@Override

getTimestamp	back to summary
public Timestamp getTimestamp()

getTrustAnchors back to summary

getTrustAnchors	back to summary
public Set<TrustAnchor> getTrustAnchors() Overrides java.security.cert.PKIXParameters.getTrustAnchors. Doc from java.security.cert.PKIXParameters.getTrustAnchors. Returns an immutable `Set` of the most-trusted CAs. Returns:Set<TrustAnchor> an immutable `Set` of `TrustAnchor`s (never `null`) Annotations @Override

public Set<TrustAnchor> getTrustAnchors()

Overrides java.security.cert.PKIXParameters.getTrustAnchors.

Doc from java.security.cert.PKIXParameters.getTrustAnchors.

Returns an immutable Set of the most-trusted CAs.

Returns:Set<TrustAnchor>

an immutable Set of TrustAnchors (never null)

Annotations

@Override

getVariant	back to summary
public String getVariant()

isAnyPolicyInhibited back to summary

isAnyPolicyInhibited	back to summary
public boolean isAnyPolicyInhibited() Overrides java.security.cert.PKIXParameters.isAnyPolicyInhibited. Doc from java.security.cert.PKIXParameters.isAnyPolicyInhibited. Checks whether the any policy OID should be processed if it is included in a certificate. Returns:boolean `true` if the any policy OID is inhibited, `false` otherwise Annotations @Override

public boolean isAnyPolicyInhibited()

Overrides java.security.cert.PKIXParameters.isAnyPolicyInhibited.

Doc from java.security.cert.PKIXParameters.isAnyPolicyInhibited.

Checks whether the any policy OID should be processed if it is included in a certificate.

Returns:boolean

true if the any policy OID is inhibited, false otherwise

Annotations

@Override

isExplicitPolicyRequired back to summary

isExplicitPolicyRequired	back to summary
public boolean isExplicitPolicyRequired() Overrides java.security.cert.PKIXParameters.isExplicitPolicyRequired. Doc from java.security.cert.PKIXParameters.isExplicitPolicyRequired. Checks if explicit policy is required. If this flag is true, an acceptable policy needs to be explicitly identified in every certificate. By default, the ExplicitPolicyRequired flag is false. Returns:boolean `true` if explicit policy is required, `false` otherwise Annotations @Override

public boolean isExplicitPolicyRequired()

Overrides java.security.cert.PKIXParameters.isExplicitPolicyRequired.

Doc from java.security.cert.PKIXParameters.isExplicitPolicyRequired.

Checks if explicit policy is required. If this flag is true, an acceptable policy needs to be explicitly identified in every certificate. By default, the ExplicitPolicyRequired flag is false.

Returns:boolean

true if explicit policy is required, false otherwise

Annotations

@Override

isPolicyMappingInhibited	back to summary
public boolean isPolicyMappingInhibited() Overrides java.security.cert.PKIXParameters.isPolicyMappingInhibited. Doc from java.security.cert.PKIXParameters.isPolicyMappingInhibited. Checks if policy mapping is inhibited. If this flag is true, policy mapping is inhibited. By default, policy mapping is not inhibited (the flag is false). Returns:boolean true if policy mapping is inhibited, false otherwise Annotations @Override

isPolicyMappingInhibited

back to summary

public boolean isPolicyMappingInhibited()

Overrides java.security.cert.PKIXParameters.isPolicyMappingInhibited.

Doc from java.security.cert.PKIXParameters.isPolicyMappingInhibited.

Checks if policy mapping is inhibited. If this flag is true, policy mapping is inhibited. By default, policy mapping is not inhibited (the flag is false).

Returns:boolean

true if policy mapping is inhibited, false otherwise

Annotations

@Override

isRevocationEnabled back to summary

isRevocationEnabled	back to summary
public boolean isRevocationEnabled() Overrides java.security.cert.PKIXParameters.isRevocationEnabled. Doc from java.security.cert.PKIXParameters.isRevocationEnabled. Checks the RevocationEnabled flag. If this flag is true, the default revocation checking mechanism of the underlying PKIX service provider will be used, unless a `PKIXRevocationChecker` is passed in as a `CertPathChecker`. If this flag is false, the default revocation checking mechanism will be disabled (not used). See the `setRevocationEnabled` method for more details on setting the value of this flag. Returns:boolean the current value of the RevocationEnabled flag Annotations @Override

public boolean isRevocationEnabled()

Overrides java.security.cert.PKIXParameters.isRevocationEnabled.

Doc from java.security.cert.PKIXParameters.isRevocationEnabled.

Checks the RevocationEnabled flag. If this flag is true, the default revocation checking mechanism of the underlying PKIX service provider will be used, unless a PKIXRevocationChecker is passed in as a CertPathChecker. If this flag is false, the default revocation checking mechanism will be disabled (not used). See the setRevocationEnabled method for more details on setting the value of this flag.

Returns:boolean

the current value of the RevocationEnabled flag

Annotations

@Override

setAnyPolicyInhibited back to summary

setAnyPolicyInhibited	back to summary
public void setAnyPolicyInhibited(boolean val) Overrides java.security.cert.PKIXParameters.setAnyPolicyInhibited. Doc from java.security.cert.PKIXParameters.setAnyPolicyInhibited. Sets state to determine if the any policy OID should be processed if it is included in a certificate. By default, the any policy OID is not inhibited (`isAnyPolicyInhibited()` returns `false`). Parameters val:boolean `true` if the any policy OID is to be inhibited, `false` otherwise Annotations @Override

public void setAnyPolicyInhibited(boolean val)

Overrides java.security.cert.PKIXParameters.setAnyPolicyInhibited.

Doc from java.security.cert.PKIXParameters.setAnyPolicyInhibited.

Sets state to determine if the any policy OID should be processed if it is included in a certificate. By default, the any policy OID is not inhibited (isAnyPolicyInhibited() returns false).

Parameters

val:boolean: true if the any policy OID is to be inhibited, false otherwise

Annotations

@Override

setCertPathCheckers back to summary

setCertPathCheckers	back to summary
public void setCertPathCheckers(List<PKIXCertPathChecker> checkers) Overrides java.security.cert.PKIXParameters.setCertPathCheckers. Doc from java.security.cert.PKIXParameters.setCertPathCheckers. Sets a `List` of additional certification path checkers. If the specified `List` contains an object that is not a `PKIXCertPathChecker`, it is ignored. Each `PKIXCertPathChecker` specified implements additional checks on a certificate. Typically, these are checks to process and verify private extensions contained in certificates. Each `PKIXCertPathChecker` should be instantiated with any initialization parameters needed to execute the check. This method allows sophisticated applications to extend a PKIX `CertPathValidator` or `CertPathBuilder`. Each of the specified `PKIXCertPathChecker`s will be called, in turn, by a PKIX `CertPathValidator` or `CertPathBuilder` for each certificate processed or validated. Regardless of whether these additional `PKIXCertPathChecker`s are set, a PKIX `CertPathValidator` or `CertPathBuilder` must perform all of the required PKIX checks on each certificate. The one exception to this rule is if the RevocationEnabled flag is set to false (see the `setRevocationEnabled` method). Note that the `List` supplied here is copied and each `PKIXCertPathChecker` in the list is cloned to protect against subsequent modifications. Parameters checkers:List<PKIXCertPathChecker> a `List` of `PKIXCertPathChecker`s. May be `null`, in which case no additional checkers will be used. Annotations @Override

public void setCertPathCheckers(List<PKIXCertPathChecker> checkers)

Overrides java.security.cert.PKIXParameters.setCertPathCheckers.

Doc from java.security.cert.PKIXParameters.setCertPathCheckers.

Sets a List of additional certification path checkers. If the specified List contains an object that is not a PKIXCertPathChecker, it is ignored.

Each PKIXCertPathChecker specified implements additional checks on a certificate. Typically, these are checks to process and verify private extensions contained in certificates. Each PKIXCertPathChecker should be instantiated with any initialization parameters needed to execute the check.

This method allows sophisticated applications to extend a PKIX CertPathValidator or CertPathBuilder. Each of the specified PKIXCertPathCheckers will be called, in turn, by a PKIX CertPathValidator or CertPathBuilder for each certificate processed or validated.

Regardless of whether these additional PKIXCertPathCheckers are set, a PKIX CertPathValidator or CertPathBuilder must perform all of the required PKIX checks on each certificate. The one exception to this rule is if the RevocationEnabled flag is set to false (see the setRevocationEnabled method).

Note that the List supplied here is copied and each PKIXCertPathChecker in the list is cloned to protect against subsequent modifications.

Parameters

checkers:List<PKIXCertPathChecker>: a List of PKIXCertPathCheckers. May be null, in which case no additional checkers will be used.

Annotations

@Override

setCertStores back to summary

setCertStores	back to summary
public void setCertStores(List<CertStore> stores) Overrides java.security.cert.PKIXParameters.setCertStores. Doc from java.security.cert.PKIXParameters.setCertStores. Sets the list of `CertStore`s to be used in finding certificates and CRLs. May be `null`, in which case no `CertStore`s will be used. The first `CertStore`s in the list may be preferred to those that appear later. Note that the `List` is copied to protect against subsequent modifications. Parameters stores:List<CertStore> a `List` of `CertStore`s (or `null`) Annotations @Override

public void setCertStores(List<CertStore> stores)

Overrides java.security.cert.PKIXParameters.setCertStores.

Doc from java.security.cert.PKIXParameters.setCertStores.

Sets the list of CertStores to be used in finding certificates and CRLs. May be null, in which case no CertStores will be used. The first CertStores in the list may be preferred to those that appear later.

Note that the List is copied to protect against subsequent modifications.

Parameters

stores:List<CertStore>: a List of CertStores (or null)

Annotations

@Override

setDate back to summary

setDate	back to summary
public void setDate(Date d) Overrides java.security.cert.PKIXParameters.setDate. Doc from java.security.cert.PKIXParameters.setDate. Sets the time for which the validity of the certification path should be determined. If `null`, the current time is used. Note that the `Date` supplied here is copied to protect against subsequent modifications. Parameters d:Date the `Date`, or `null` for the current time Annotations @Override

public void setDate(Date d)

Overrides java.security.cert.PKIXParameters.setDate.

Doc from java.security.cert.PKIXParameters.setDate.

Sets the time for which the validity of the certification path should be determined. If null, the current time is used.

Note that the Date supplied here is copied to protect against subsequent modifications.

Parameters

d:Date: the Date, or null for the current time

Annotations

@Override

setExplicitPolicyRequired back to summary

setExplicitPolicyRequired	back to summary
public void setExplicitPolicyRequired(boolean val) Overrides java.security.cert.PKIXParameters.setExplicitPolicyRequired. Doc from java.security.cert.PKIXParameters.setExplicitPolicyRequired. Sets the ExplicitPolicyRequired flag. If this flag is true, an acceptable policy needs to be explicitly identified in every certificate. By default, the ExplicitPolicyRequired flag is false. Parameters val:boolean `true` if explicit policy is to be required, `false` otherwise Annotations @Override

public void setExplicitPolicyRequired(boolean val)

Overrides java.security.cert.PKIXParameters.setExplicitPolicyRequired.

Doc from java.security.cert.PKIXParameters.setExplicitPolicyRequired.

Sets the ExplicitPolicyRequired flag. If this flag is true, an acceptable policy needs to be explicitly identified in every certificate. By default, the ExplicitPolicyRequired flag is false.

Parameters

val:boolean: true if explicit policy is to be required, false otherwise

Annotations

@Override

setInitialPolicies back to summary

setInitialPolicies	back to summary
public void setInitialPolicies(Set<String> initialPolicies) Overrides java.security.cert.PKIXParameters.setInitialPolicies. Doc from java.security.cert.PKIXParameters.setInitialPolicies. Sets the `Set` of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing. By default, any policy is acceptable (i.e. all policies), so a user that wants to allow any policy as acceptable does not need to call this method, or can call it with an empty `Set` (or `null`). Note that the `Set` is copied to protect against subsequent modifications. Parameters initialPolicies:Set<String> a `Set` of initial policy OIDs in `String` format (or `null`) Annotations @Override

public void setInitialPolicies(Set<String> initialPolicies)

Overrides java.security.cert.PKIXParameters.setInitialPolicies.

Doc from java.security.cert.PKIXParameters.setInitialPolicies.

Sets the Set of initial policy identifiers (OID strings), indicating that any one of these policies would be acceptable to the certificate user for the purposes of certification path processing. By default, any policy is acceptable (i.e. all policies), so a user that wants to allow any policy as acceptable does not need to call this method, or can call it with an empty Set (or null).

Note that the Set is copied to protect against subsequent modifications.

Parameters

initialPolicies:Set<String>: a Set of initial policy OIDs in String format (or null)

Annotations

@Override

setMaxPathLength back to summary

setMaxPathLength	back to summary
public void setMaxPathLength(int maxPathLength) Overrides java.security.cert.PKIXBuilderParameters.setMaxPathLength. Doc from java.security.cert.PKIXBuilderParameters.setMaxPathLength. Sets the value of the maximum number of non-self-issued intermediate certificates that may exist in a certification path. A certificate is self-issued if the DNs that appear in the subject and issuer fields are identical and are not empty. Note that the last certificate in a certification path is not an intermediate certificate, and is not included in this limit. Usually the last certificate is an end entity certificate, but it can be a CA certificate. A PKIX `CertPathBuilder` instance must not build paths longer than the length specified. A value of 0 implies that the path can only contain a single certificate. A value of -1 implies that the path length is unconstrained (i.e. there is no maximum). The default maximum path length, if not specified, is 5. Setting a value less than -1 will cause an exception to be thrown. If any of the CA certificates contain the `BasicConstraintsExtension`, the value of the `pathLenConstraint` field of the extension overrides the maximum path length parameter whenever the result is a certification path of smaller length. Parameters maxPathLength:int the maximum number of non-self-issued intermediate certificates that may exist in a certification path Annotations @Override

public void setMaxPathLength(int maxPathLength)

Overrides java.security.cert.PKIXBuilderParameters.setMaxPathLength.

Doc from java.security.cert.PKIXBuilderParameters.setMaxPathLength.

Sets the value of the maximum number of non-self-issued intermediate certificates that may exist in a certification path. A certificate is self-issued if the DNs that appear in the subject and issuer fields are identical and are not empty. Note that the last certificate in a certification path is not an intermediate certificate, and is not included in this limit. Usually the last certificate is an end entity certificate, but it can be a CA certificate. A PKIX CertPathBuilder instance must not build paths longer than the length specified.

A value of 0 implies that the path can only contain a single certificate. A value of -1 implies that the path length is unconstrained (i.e. there is no maximum). The default maximum path length, if not specified, is 5. Setting a value less than -1 will cause an exception to be thrown.

If any of the CA certificates contain the BasicConstraintsExtension, the value of the pathLenConstraint field of the extension overrides the maximum path length parameter whenever the result is a certification path of smaller length.

Parameters

maxPathLength:int: the maximum number of non-self-issued intermediate certificates that may exist in a certification path

Annotations

@Override

setPolicyMappingInhibited back to summary

setPolicyMappingInhibited	back to summary
public void setPolicyMappingInhibited(boolean val) Overrides java.security.cert.PKIXParameters.setPolicyMappingInhibited. Doc from java.security.cert.PKIXParameters.setPolicyMappingInhibited. Sets the PolicyMappingInhibited flag. If this flag is true, policy mapping is inhibited. By default, policy mapping is not inhibited (the flag is false). Parameters val:boolean `true` if policy mapping is to be inhibited, `false` otherwise Annotations @Override

public void setPolicyMappingInhibited(boolean val)

Overrides java.security.cert.PKIXParameters.setPolicyMappingInhibited.

Doc from java.security.cert.PKIXParameters.setPolicyMappingInhibited.

Sets the PolicyMappingInhibited flag. If this flag is true, policy mapping is inhibited. By default, policy mapping is not inhibited (the flag is false).

Parameters

val:boolean: true if policy mapping is to be inhibited, false otherwise

Annotations

@Override

setPolicyQualifiersRejected back to summary

setPolicyQualifiersRejected	back to summary
public void setPolicyQualifiersRejected(boolean qualifiersRejected) Overrides java.security.cert.PKIXParameters.setPolicyQualifiersRejected. Doc from java.security.cert.PKIXParameters.setPolicyQualifiersRejected. Sets the PolicyQualifiersRejected flag. If this flag is true, certificates that include policy qualifiers in a certificate policies extension that is marked critical are rejected. If the flag is false, certificates are not rejected on this basis. When a `PKIXParameters` object is created, this flag is set to true. This setting reflects the most common (and simplest) strategy for processing policy qualifiers. Applications that want to use a more sophisticated policy must set this flag to false. Note that the PKIX certification path validation algorithm specifies that any policy qualifier in a certificate policies extension that is marked critical must be processed and validated. Otherwise the certification path must be rejected. If the policyQualifiersRejected flag is set to false, it is up to the application to validate all policy qualifiers in this manner in order to be PKIX compliant. Parameters qualifiersRejected:boolean the new value of the PolicyQualifiersRejected flag Annotations @Override

public void setPolicyQualifiersRejected(boolean qualifiersRejected)

Overrides java.security.cert.PKIXParameters.setPolicyQualifiersRejected.

Doc from java.security.cert.PKIXParameters.setPolicyQualifiersRejected.

Sets the PolicyQualifiersRejected flag. If this flag is true, certificates that include policy qualifiers in a certificate policies extension that is marked critical are rejected. If the flag is false, certificates are not rejected on this basis.

Note that the PKIX certification path validation algorithm specifies that any policy qualifier in a certificate policies extension that is marked critical must be processed and validated. Otherwise the certification path must be rejected. If the policyQualifiersRejected flag is set to false, it is up to the application to validate all policy qualifiers in this manner in order to be PKIX compliant.

Parameters

qualifiersRejected:boolean: the new value of the PolicyQualifiersRejected flag

Annotations

@Override

setRevocationEnabled back to summary

setRevocationEnabled	back to summary
public void setRevocationEnabled(boolean val) Overrides java.security.cert.PKIXParameters.setRevocationEnabled. Doc from java.security.cert.PKIXParameters.setRevocationEnabled. Sets the RevocationEnabled flag. If this flag is true, the default revocation checking mechanism of the underlying PKIX service provider will be used, unless a `PKIXRevocationChecker` is passed in as a `CertPathChecker` (see below for further explanation). If this flag is false, the default revocation checking mechanism will be disabled (not used). When a `PKIXParameters` object is created, this flag is set to true. This setting reflects the most common strategy for checking revocation, since each service provider must support revocation checking to be PKIX compliant. Sophisticated applications should set this flag to false when it is not practical to use a PKIX service provider's default revocation checking mechanism or when an alternative revocation checking mechanism is to be substituted (by also calling the `addCertPathChecker` or `setCertPathCheckers` methods). Note that when a `PKIXRevocationChecker` is passed in as a parameter via the `addCertPathChecker` or `setCertPathCheckers` methods, it will be used to check revocation irrespective of the setting of the RevocationEnabled flag. Parameters val:boolean the new value of the RevocationEnabled flag Annotations @Override

public void setRevocationEnabled(boolean val)

Overrides java.security.cert.PKIXParameters.setRevocationEnabled.

Doc from java.security.cert.PKIXParameters.setRevocationEnabled.

Sets the RevocationEnabled flag. If this flag is true, the default revocation checking mechanism of the underlying PKIX service provider will be used, unless a PKIXRevocationChecker is passed in as a CertPathChecker (see below for further explanation). If this flag is false, the default revocation checking mechanism will be disabled (not used).

When a PKIXParameters object is created, this flag is set to true. This setting reflects the most common strategy for checking revocation, since each service provider must support revocation checking to be PKIX compliant. Sophisticated applications should set this flag to false when it is not practical to use a PKIX service provider's default revocation checking mechanism or when an alternative revocation checking mechanism is to be substituted (by also calling the addCertPathChecker or setCertPathCheckers methods).

Note that when a PKIXRevocationChecker is passed in as a parameter via the addCertPathChecker or setCertPathCheckers methods, it will be used to check revocation irrespective of the setting of the RevocationEnabled flag.

Parameters

val:boolean: the new value of the RevocationEnabled flag

Annotations

@Override

setSigProvider back to summary

setSigProvider	back to summary
public void setSigProvider(String sigProvider) Overrides java.security.cert.PKIXParameters.setSigProvider. Doc from java.security.cert.PKIXParameters.setSigProvider. Sets the signature provider's name. The specified provider will be preferred when creating `Signature` objects. If `null` or not set, the first provider found supporting the algorithm will be used. Parameters sigProvider:String the signature provider's name (or `null`) Annotations @Override

public void setSigProvider(String sigProvider)

Overrides java.security.cert.PKIXParameters.setSigProvider.

Doc from java.security.cert.PKIXParameters.setSigProvider.

Sets the signature provider's name. The specified provider will be preferred when creating Signature objects. If null or not set, the first provider found supporting the algorithm will be used.

Parameters

sigProvider:String: the signature provider's name (or null)

Annotations

@Override

setTargetCertConstraints back to summary

setTargetCertConstraints	back to summary
public void setTargetCertConstraints(CertSelector selector) Overrides java.security.cert.PKIXParameters.setTargetCertConstraints. Doc from java.security.cert.PKIXParameters.setTargetCertConstraints. Sets the required constraints on the target certificate. The constraints are specified as an instance of `CertSelector`. If `null`, no constraints are defined. Note that the `CertSelector` specified is cloned to protect against subsequent modifications. Parameters selector:CertSelector a `CertSelector` specifying the constraints on the target certificate (or `null`) Annotations @Override

public void setTargetCertConstraints(CertSelector selector)

Overrides java.security.cert.PKIXParameters.setTargetCertConstraints.

Doc from java.security.cert.PKIXParameters.setTargetCertConstraints.

Sets the required constraints on the target certificate. The constraints are specified as an instance of CertSelector. If null, no constraints are defined.

Note that the CertSelector specified is cloned to protect against subsequent modifications.

Parameters

selector:CertSelector: a CertSelector specifying the constraints on the target certificate (or null)

Annotations

@Override

setTimestamp	back to summary
public void setTimestamp(Timestamp t)

setTrustAnchors back to summary

setTrustAnchors	back to summary
public void setTrustAnchors(Set<TrustAnchor> trustAnchors) throws InvalidAlgorithmParameterException Overrides java.security.cert.PKIXParameters.setTrustAnchors. Doc from java.security.cert.PKIXParameters.setTrustAnchors. Sets the `Set` of most-trusted CAs. Note that the `Set` is copied to protect against subsequent modifications. Parameters trustAnchors:Set<TrustAnchor> a `Set` of `TrustAnchor`s Annotations @Override Exceptions InvalidAlgorithmParameterException: if the specified `Set` is empty `(trustAnchors.isEmpty() == true)`

public void setTrustAnchors(Set<TrustAnchor> trustAnchors) throws InvalidAlgorithmParameterException

Overrides java.security.cert.PKIXParameters.setTrustAnchors.

Doc from java.security.cert.PKIXParameters.setTrustAnchors.

Sets the Set of most-trusted CAs.

Note that the Set is copied to protect against subsequent modifications.

Parameters

trustAnchors:Set<TrustAnchor>: a Set of TrustAnchors

Annotations

@Override

Exceptions

InvalidAlgorithmParameterException:: if the specified Set is empty (trustAnchors.isEmpty() == true)

toString	back to summary
public String toString() Overrides java.security.cert.PKIXBuilderParameters.toString. Doc from java.security.cert.PKIXBuilderParameters.toString. Returns a formatted string describing the parameters. Returns:String a formatted string describing the parameters Annotations @Override

toString

back to summary

public String toString()

Overrides java.security.cert.PKIXBuilderParameters.toString.

Doc from java.security.cert.PKIXBuilderParameters.toString.

Returns a formatted string describing the parameters.

Returns:String

a formatted string describing the parameters

Annotations

@Override

public Class PKIXExtendedParameters

Field Summary

Constructor Summary

Method Summary

Field Detail

Constructor Detail

Method Detail