java.lang.Object | ||
↳ | java.security.cert.PKIXParameters | |
↳ | org.bouncycastle.x509.ExtendedPKIXParameters |
Known Direct Subclasses |
This class extends the PKIXParameters with a validity model parameter.
Constants | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
int | CHAIN_VALIDITY_MODEL | This model uses the following validity model. | |||||||||
int | PKIX_VALIDITY_MODEL | This is the default PKIX validity model. |
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Creates an instance of
PKIXParameters with the specified
Set of most-trusted CAs. |
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
This method is deprecated.
No replacement.
| |||||||||||
Adds an additional Bouncy Castle
Store to find CRLs, certificates,
attribute certificates or cross certificates. | |||||||||||
Adds a Bouncy Castle
Store to find CRLs, certificates, attribute
certificates or cross certificates. | |||||||||||
Returns an immutable
List of additional Bouncy Castle
Store s used for finding CRLs, certificates, attribute
certificates or cross certificates. | |||||||||||
Returns the attribute certificate checker.
| |||||||||||
Returns an instance with the parameters of a given
PKIXParameters object. | |||||||||||
Returns the neccessary attributes which must be contained in an attribute
certificate.
| |||||||||||
Returns the attribute certificates which are not allowed.
| |||||||||||
Returns an immutable
List of Bouncy Castle
Store s used for finding CRLs, certificates, attribute
certificates or cross certificates. | |||||||||||
Returns the required constraints on the target certificate or attribute
certificate.
| |||||||||||
Returns the trusted attribute certificate issuers.
| |||||||||||
Returns if additional
X509Store s for locations like LDAP found
in certificates or CRLs should be used. | |||||||||||
Defaults to
false . | |||||||||||
Sets if additional
X509Store s for locations like LDAP found in
certificates or CRLs should be used. | |||||||||||
Sets the attribute certificate checkers.
| |||||||||||
Sets the Java CertStore to this extended PKIX parameters.
| |||||||||||
Sets the neccessary which must be contained in an attribute certificate.
| |||||||||||
Sets the attribute certificates which are not allowed.
| |||||||||||
Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute
certificates or cross certificates.
| |||||||||||
Sets the required constraints on the target certificate.
| |||||||||||
Sets the required constraints on the target certificate or attribute
certificate.
| |||||||||||
Sets the trusted attribute certificate issuers.
| |||||||||||
Sets if delta CRLs should be used for checking the revocation status.
| |||||||||||
Protected Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Method to support
clone() under J2ME. |
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.security.cert.PKIXParameters
| |||||||||||
From class
java.lang.Object
| |||||||||||
From interface
java.security.cert.CertPathParameters
|
This model uses the following validity model. Each certificate must have
been valid at the moment where is was used. That means the end
certificate must have been valid at the time the signature was done. The
CA certificate which signed the end certificate must have been valid,
when the end certificate was signed. The CA (or Root CA) certificate must
have been valid, when the CA certificate was signed and so on. So the
setDate(java.util.Date)
method sets the time, when
the end certificate must have been valid.
This is the default PKIX validity model. Actually there are two variants
of this: The PKIX model and the modified PKIX model. The PKIX model
verifies that all involved certificates must have been valid at the
current time. The modified PKIX model verifies that all involved
certificates were valid at the signing time. Both are indirectly choosen
with the setDate(java.util.Date)
method, so this
methods sets the Date when all certificates must have been
valid.
Creates an instance of PKIXParameters
with the specified
Set
of most-trusted CAs. Each element of the set is a
TrustAnchor
.
Set
is copied to protect against subsequent modifications.trustAnchors | a Set of TrustAnchor s |
---|
InvalidAlgorithmParameterException | if the specified
Set is empty. |
---|---|
NullPointerException | if the specified Set is
null |
ClassCastException | if any of the elements in the Set
is not of type java.security.cert.TrustAnchor
|
Adds an additional Bouncy Castle Store
to find CRLs, certificates,
attribute certificates or cross certificates.
You should not use this method. This method is used for adding additional X.509 stores, which are used to add (remote) locations, e.g. LDAP, found during X.509 object processing, e.g. in certificates or CRLs. This method is used in PKIX certification path processing.
If store
is null
it is ignored.
store | The store to add. |
---|
Adds a Bouncy Castle Store
to find CRLs, certificates, attribute
certificates or cross certificates.
This method should be used to add local stores, like collection based X.509 stores, if available. Local stores should be considered first, before trying to use additional (remote) locations, because they do not need possible additional network traffic.
If store
is null
it is ignored.
store | The store to add. |
---|
Returns an immutable List
of additional Bouncy Castle
Store
s used for finding CRLs, certificates, attribute
certificates or cross certificates.
List
of additional Bouncy Castle
Store
s. Never null
.Returns the attribute certificate checker. The returned set contains
PKIXAttrCertChecker
s and is immutable.
null
.
Returns an instance with the parameters of a given
PKIXParameters
object.
pkixParams | The given PKIXParameters |
---|
Returns the neccessary attributes which must be contained in an attribute certificate.
The returned Set
is immutable and contains
String
s with the OIDs.
Returns the attribute certificates which are not allowed.
The returned Set
is immutable and contains
String
s with the OIDs.
null
.
Returns an immutable List
of Bouncy Castle
Store
s used for finding CRLs, certificates, attribute
certificates or cross certificates.
List
of Bouncy Castle
Store
s. Never null
.Returns the required constraints on the target certificate or attribute
certificate. The constraints are returned as an instance of
Selector
. If null
, no constraints are
defined.
The target certificate in a PKIX path may be a certificate or an attribute certificate.
Note that the Selector
returned is cloned to protect
against subsequent modifications.
Selector
specifying the constraints on the
target certificate or attribute certificate (or null
)Returns the trusted attribute certificate issuers. If attribute certificates is verified the trusted AC issuers must be set.
The returned Set
consists of TrustAnchor
s.
The returned Set
is immutable. Never null
Returns if additional X509Store
s for locations like LDAP found
in certificates or CRLs should be used.
true
if additional stores are used.
Defaults to false
.
Sets if additional X509Store
s for locations like LDAP found in
certificates or CRLs should be used.
enabled | true if additional stores are used.
|
---|
Sets the attribute certificate checkers.
All elements in the Set
must a PKIXAttrCertChecker
.
The given set is cloned.
attrCertCheckers | The attribute certificate checkers to set. Is
never null . |
---|
ClassCastException | if an element of attrCertCheckers
is not a PKIXAttrCertChecker .
|
---|
Sets the Java CertStore to this extended PKIX parameters.
ClassCastException | if an element of stores is not
a CertStore .
|
---|
Sets the neccessary which must be contained in an attribute certificate.
The Set
must contain String
s with the
OIDs.
The set is cloned.
necessaryACAttributes | The necessary AC attributes to set. |
---|
ClassCastException | if an element of
necessaryACAttributes is not a
String .
|
---|
Sets the attribute certificates which are not allowed.
The Set
must contain String
s with the
OIDs.
The set is cloned.
prohibitedACAttributes | The prohibited AC attributes to set. |
---|
ClassCastException | if an element of
prohibitedACAttributes is not a
String .
|
---|
Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute certificates or cross certificates.
The List
is cloned.
stores | A list of stores to use. |
---|
ClassCastException | if an element of stores is not
a Store .
|
---|
Sets the required constraints on the target certificate. The constraints
are specified as an instance of X509CertSelector
. If
null
, no constraints are defined.
This method wraps the given X509CertSelector
into a
X509CertStoreSelector
.
Note that the X509CertSelector
specified is cloned to
protect against subsequent modifications.
selector | a X509CertSelector specifying the
constraints on the target certificate (or null ) |
---|
Sets the required constraints on the target certificate or attribute
certificate. The constraints are specified as an instance of
Selector
. If null
, no constraints are
defined.
The target certificate in a PKIX path may be a certificate or an attribute certificate.
Note that the Selector
specified is cloned to protect
against subsequent modifications.
selector | a Selector specifying the constraints on
the target certificate or attribute certificate (or
null ) |
---|
Sets the trusted attribute certificate issuers. If attribute certificates is verified the trusted AC issuers must be set.
The trustedACIssuers
must be a Set
of
TrustAnchor
The given set is cloned.
trustedACIssuers | The trusted AC issuers to set. Is never
null . |
---|
ClassCastException | if an element of stores is not
a TrustAnchor .
|
---|
Sets if delta CRLs should be used for checking the revocation status.
useDeltas | true if delta CRLs should be used.
|
---|
validityModel | The validity model to set. |
---|
Method to support clone()
under J2ME.
super.clone()
does not exist and fields are not copied.
params | Parameters to set. If this are
ExtendedPKIXParameters they are copied to.
|
---|