Skip to content

Most visited

Recently visited

navigation
Added in API level 1

PKIXParameters

public class PKIXParameters
extends Object implements CertPathParameters

java.lang.Object
   ↳ java.security.cert.PKIXParameters
Known Direct Subclasses


This class implements the parameters for the PKIX CertPathValidator.

The parameters must be created with trusted certificate authorities (trust anchors).

See also:

Summary

Public constructors

PKIXParameters(Set<TrustAnchor> trustAnchors)

Creates a new PKIXParameters instance with the specified set of trusted certificate authorities.

PKIXParameters(KeyStore keyStore)

Creates a new PKIXParameters instance with the trusted X509Certificate entries from the specified KeyStore.

Public methods

void addCertPathChecker(PKIXCertPathChecker checker)

Adds the specified PKIXCertPathChecker to the list of certification path checkers.

void addCertStore(CertStore store)

Adds a certificate store to the list of certificate stores that are used to find certificates and CRLs.

Object clone()

Clones this PKIXParameters instance.

List<PKIXCertPathChecker> getCertPathCheckers()

Returns the list of checkers for the certification path.

List<CertStore> getCertStores()

Returns the list of certificate stores that are used to find certificates and CRLs.

Date getDate()

Returns the time for which the validation of the certification path should be evaluated.

Set<String> getInitialPolicies()

Returns the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.

boolean getPolicyQualifiersRejected()

Returns whether certificates are rejected that include policy qualifiers in a certificate policy extension that is marked as critical.

String getSigProvider()

Returns the name of the signature provider.

CertSelector getTargetCertConstraints()

Returns the constraints that are required for the target certificate.

Set<TrustAnchor> getTrustAnchors()

Returns a unmodifiable set of the trusted certificate authorities.

boolean isAnyPolicyInhibited()

Returns whether the any policy OID will be inhibited if it's included in a certificate.

boolean isExplicitPolicyRequired()

Returns whether an acceptable policy needs to be explicit identified in every certificate.

boolean isPolicyMappingInhibited()

Returns whether policy mapping is inhibited.

boolean isRevocationEnabled()

Returns whether the default revocation checking mechanism of the underlying service provider is used.

void setAnyPolicyInhibited(boolean anyPolicyInhibited)

Sets whether the any policy OID should be inhibited if it's included in a certificate.

void setCertPathCheckers(List<PKIXCertPathChecker> certPathCheckers)

Sets the list of checkers for the certification path.

void setCertStores(List<CertStore> certStores)

Set the list of certificate stores that are used to find certificates and CRLs.

void setDate(Date date)

Sets the time for which the validation of the certification path should be evaluated.

void setExplicitPolicyRequired(boolean explicitPolicyRequired)

Sets whether an an acceptable policy needs to be explicit identified in every certificate.

void setInitialPolicies(Set<String> initialPolicies)

Sets the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.

void setPolicyMappingInhibited(boolean policyMappingInhibited)

Sets whether policy mapping is to be inhibited.

void setPolicyQualifiersRejected(boolean policyQualifiersRejected)

Sets whether certificates should be rejected that include policy qualifiers in a certificate policy extension that is marked as critical.

void setRevocationEnabled(boolean revocationEnabled)

Sets whether the default revocation checking mechanism of the underlying service provider should be used.

void setSigProvider(String sigProvider)

Sets the name of the preferred signature provider.

void setTargetCertConstraints(CertSelector targetCertConstraints)

Sets the constraints that are required for the target certificate.

void setTrustAnchors(Set<TrustAnchor> trustAnchors)

Sets the set of trusted certificate authorities.

String toString()

Returns a string representation of this PKIXParameters instance.

Inherited methods

From class java.lang.Object
From interface java.security.cert.CertPathParameters

Public constructors

PKIXParameters

Added in API level 1
PKIXParameters (Set<TrustAnchor> trustAnchors)

Creates a new PKIXParameters instance with the specified set of trusted certificate authorities.

Parameters
trustAnchors Set: the trusted CAs.
Throws
InvalidAlgorithmParameterException if trustAnchors is empty.

PKIXParameters

Added in API level 1
PKIXParameters (KeyStore keyStore)

Creates a new PKIXParameters instance with the trusted X509Certificate entries from the specified KeyStore.

Parameters
keyStore KeyStore: the key store containing trusted certificates.
Throws
KeyStoreException if the keyStore is not initialized.
InvalidAlgorithmParameterException if keyStore does not contained any trusted certificate entry.

Public methods

addCertPathChecker

Added in API level 1
void addCertPathChecker (PKIXCertPathChecker checker)

Adds the specified PKIXCertPathChecker to the list of certification path checkers.

Parameters
checker PKIXCertPathChecker: the PKIXCertPathChecker to add, if null, it will be ignored.

addCertStore

Added in API level 1
void addCertStore (CertStore store)

Adds a certificate store to the list of certificate stores that are used to find certificates and CRLs.

Parameters
store CertStore: the store to add, if null, it will be ignored.

clone

Added in API level 1
Object clone ()

Clones this PKIXParameters instance.

Returns
Object the cloned instance.

getCertPathCheckers

Added in API level 1
List<PKIXCertPathChecker> getCertPathCheckers ()

Returns the list of checkers for the certification path.

The list is unmodifiable and the entries in the list are cloned.

Returns
List<PKIXCertPathChecker> the list of checkers for the certification path.

getCertStores

Added in API level 1
List<CertStore> getCertStores ()

Returns the list of certificate stores that are used to find certificates and CRLs.

Returns
List<CertStore> an immutable list of certificate stores.

getDate

Added in API level 1
Date getDate ()

Returns the time for which the validation of the certification path should be evaluated.

Returns
Date the time for the validation, or null for the current time.

getInitialPolicies

Added in API level 1
Set<String> getInitialPolicies ()

Returns the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.

Returns
Set<String> the unmodifiable list of policies, or an empty set if any policy is acceptable.

getPolicyQualifiersRejected

Added in API level 1
boolean getPolicyQualifiersRejected ()

Returns whether certificates are rejected that include policy qualifiers in a certificate policy extension that is marked as critical.

Returns
boolean true if the certificates should be rejected, otherwise false.

getSigProvider

Added in API level 1
String getSigProvider ()

Returns the name of the signature provider.

Returns
String the name of the signature provider, or null if none is set.

getTargetCertConstraints

Added in API level 1
CertSelector getTargetCertConstraints ()

Returns the constraints that are required for the target certificate.

Returns
CertSelector the constraints for the target certificate, or null if none are set.

getTrustAnchors

Added in API level 1
Set<TrustAnchor> getTrustAnchors ()

Returns a unmodifiable set of the trusted certificate authorities.

Returns
Set<TrustAnchor> a unmodifiable set of the trusted certificate authorities.

isAnyPolicyInhibited

Added in API level 1
boolean isAnyPolicyInhibited ()

Returns whether the any policy OID will be inhibited if it's included in a certificate.

Returns
boolean true if the any policy OID will be inhibited, otherwise false.

isExplicitPolicyRequired

Added in API level 1
boolean isExplicitPolicyRequired ()

Returns whether an acceptable policy needs to be explicit identified in every certificate.

Returns
boolean true if an explicit policy is required, otherwise false.

isPolicyMappingInhibited

Added in API level 1
boolean isPolicyMappingInhibited ()

Returns whether policy mapping is inhibited.

Returns
boolean true if policy mapping is inhibited, otherwise false.

isRevocationEnabled

Added in API level 1
boolean isRevocationEnabled ()

Returns whether the default revocation checking mechanism of the underlying service provider is used.

Returns
boolean true if the default revocation checking mechanism is used, otherwise false.

setAnyPolicyInhibited

Added in API level 1
void setAnyPolicyInhibited (boolean anyPolicyInhibited)

Sets whether the any policy OID should be inhibited if it's included in a certificate.

Parameters
anyPolicyInhibited boolean: true if the any policy OID should be inhibited, otherwise false.

setCertPathCheckers

Added in API level 1
void setCertPathCheckers (List<PKIXCertPathChecker> certPathCheckers)

Sets the list of checkers for the certification path.

The list is copied and the entries are cloned.

Parameters
certPathCheckers List: the list of checkers for the certification path, or null to clear the checkers.

setCertStores

Added in API level 1
void setCertStores (List<CertStore> certStores)

Set the list of certificate stores that are used to find certificates and CRLs.

Parameters
certStores List: the list of certificate stores.

setDate

Added in API level 1
void setDate (Date date)

Sets the time for which the validation of the certification path should be evaluated.

Parameters
date Date: the time for the validation, or null for the current time.

setExplicitPolicyRequired

Added in API level 1
void setExplicitPolicyRequired (boolean explicitPolicyRequired)

Sets whether an an acceptable policy needs to be explicit identified in every certificate.

Parameters
explicitPolicyRequired boolean: true if an explicit policy is required, otherwise false.

setInitialPolicies

Added in API level 1
void setInitialPolicies (Set<String> initialPolicies)

Sets the list of policies (as OID strings) that would be acceptable for the purpose of certification path processing.

Parameters
initialPolicies Set: the list of policies, or an empty set or null if any policy is acceptable.

setPolicyMappingInhibited

Added in API level 1
void setPolicyMappingInhibited (boolean policyMappingInhibited)

Sets whether policy mapping is to be inhibited.

Parameters
policyMappingInhibited boolean: true if policy mapping is to be inhibited, otherwise false.

setPolicyQualifiersRejected

Added in API level 1
void setPolicyQualifiersRejected (boolean policyQualifiersRejected)

Sets whether certificates should be rejected that include policy qualifiers in a certificate policy extension that is marked as critical.

Parameters
policyQualifiersRejected boolean: true if the certificates should be rejected, otherwise false.

setRevocationEnabled

Added in API level 1
void setRevocationEnabled (boolean revocationEnabled)

Sets whether the default revocation checking mechanism of the underlying service provider should be used.

Parameters
revocationEnabled boolean: true id the default revocation checking mechanism should be used, otherwise false.

setSigProvider

Added in API level 1
void setSigProvider (String sigProvider)

Sets the name of the preferred signature provider.

If set, the specified provider will be preferred for creating signatures. If not set, the first provider found supporting creation of signatures will be used.

Parameters
sigProvider String: the name of the preferred signature provider, or null if none is preferred.

setTargetCertConstraints

Added in API level 1
void setTargetCertConstraints (CertSelector targetCertConstraints)

Sets the constraints that are required for the target certificate.

Parameters
targetCertConstraints CertSelector: the constraints for the target certificate, or null if none should be used.

setTrustAnchors

Added in API level 1
void setTrustAnchors (Set<TrustAnchor> trustAnchors)

Sets the set of trusted certificate authorities.

Parameters
trustAnchors Set: the set of trusted certificate authorities.
Throws
InvalidAlgorithmParameterException if trustAnchors is empty.

toString

Added in API level 1
String toString ()

Returns a string representation of this PKIXParameters instance.

Returns
String a string representation of this PKIXParameters instance.
This site uses cookies to store your preferences for site-specific language and display options.

Hooray!

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.