Skip to content

Most visited

Recently visited

navigation
Added in API level 1

PKIXCertPathChecker

public abstract class PKIXCertPathChecker
extends Object implements Cloneable

java.lang.Object
   ↳ java.security.cert.PKIXCertPathChecker


The class specifying the interface to extend the certification path validation algorithm by checks to perform on an X509Certificate.

The checks are added to a certification path validation using the setCertPathCheckers or addCertPathChecker of the PKIXParameters and PKIXBuilderParameters class respectively. The check method will be called for each certificate processed by a CertPathBuilder of CertPathValidator.

A PKIXCertPathChecker implementation must support reverse checking (from trusted CA to target) and may support forward checking (from target to trusted CA). The return value of isForwardCheckingSupported indicates whether forward checking is supported.

Summary

Protected constructors

PKIXCertPathChecker()

Creates a new PKIXCertPathChecker instance.

Public methods

abstract void check(Certificate cert, Collection<String> unresolvedCritExts)

Checks the specified certificate and removes the processed critical extensions from the specified list of X.509 extension OIDs.

Object clone()

Clones this PKIXCertPathChecker instance.

abstract Set<String> getSupportedExtensions()

Returns the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process.

abstract void init(boolean forward)

Initializes this PKIXCertPathChecker instance for specified checking direction.

abstract boolean isForwardCheckingSupported()

Returns whether this PKIXCertPathChecker instance supports forward checking.

Inherited methods

From class java.lang.Object

Protected constructors

PKIXCertPathChecker

Added in API level 1
PKIXCertPathChecker ()

Creates a new PKIXCertPathChecker instance.

Public methods

check

Added in API level 1
void check (Certificate cert, 
                Collection<String> unresolvedCritExts)

Checks the specified certificate and removes the processed critical extensions from the specified list of X.509 extension OIDs.

Parameters
cert Certificate: the certificate.
unresolvedCritExts Collection: the list of critical X.509 extension OID strings.
Throws
CertPathValidatorException if check(s) fail on the specified certificate.

clone

Added in API level 1
Object clone ()

Clones this PKIXCertPathChecker instance.

Returns
Object the cloned instance.

getSupportedExtensions

Added in API level 1
Set<String> getSupportedExtensions ()

Returns the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process.

Returns
Set<String> the list of extensions of X.509 certificates that this PKIXCertPathChecker is able to process, or null if there are none.

init

Added in API level 1
void init (boolean forward)

Initializes this PKIXCertPathChecker instance for specified checking direction.

Parameters
forward boolean: the direction of the certification path processing, true if the certificates are processed in forward direction (from target to trusted CA), false if processed in reverse direction (from trusted CA to target).
Throws
CertPathValidatorException if initialization of this PKIXCertPathChecker instance fails, or if it cannot process certificates in the specified order.

isForwardCheckingSupported

Added in API level 1
boolean isForwardCheckingSupported ()

Returns whether this PKIXCertPathChecker instance supports forward checking.

Returns
boolean true if this PKIXCertPathChecker instance supports forward checking, otherwise false.
This site uses cookies to store your preferences for site-specific language and display options.

Hooray!

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.