- java.lang.Object
-
- java.security.cert.PKIXParameters
-
- java.security.cert.PKIXBuilderParameters
-
- All Implemented Interfaces:
- Cloneable, CertPathParameters
public class PKIXBuilderParameters extends PKIXParameters
Parameters used as input for the PKIXCertPathBuilder
algorithm.A PKIX
CertPathBuilder
uses these parameters tobuild
aCertPath
which has been validated according to the PKIX certification path validation algorithm.To instantiate a
PKIXBuilderParameters
object, an application must specify one or more most-trusted CAs as defined by the PKIX certification path validation algorithm. The most-trusted CA can be specified using one of two constructors. An application can callPKIXBuilderParameters(Set, CertSelector)
, specifying aSet
ofTrustAnchor
objects, each of which identifies a most-trusted CA. Alternatively, an application can callPKIXBuilderParameters(KeyStore, CertSelector)
, specifying aKeyStore
instance containing trusted certificate entries, each of which will be considered as a most-trusted CA.In addition, an application must specify constraints on the target certificate that the
CertPathBuilder
will attempt to build a path to. The constraints are specified as aCertSelector
object. These constraints should provide theCertPathBuilder
with enough search criteria to find the target certificate. Minimal criteria for anX509Certificate
usually include the subject name and/or one or more subject alternative names. If enough criteria is not specified, theCertPathBuilder
may throw aCertPathBuilderException
.Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
- Since:
- 1.4
- See Also:
CertPathBuilder
-
-
Constructor Summary
Constructors Constructor and Description PKIXBuilderParameters(KeyStore keystore, CertSelector targetConstraints)
Creates an instance ofPKIXBuilderParameters
that populates the set of most-trusted CAs from the trusted certificate entries contained in the specifiedKeyStore
.PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, CertSelector targetConstraints)
Creates an instance ofPKIXBuilderParameters
with the specifiedSet
of most-trusted CAs.
-
Method Summary
Methods Modifier and Type Method and Description int
getMaxPathLength()
Returns the value of the maximum number of intermediate non-self-issued certificates that may exist in a certification path.void
setMaxPathLength(int maxPathLength)
Sets the value of the maximum number of non-self-issued intermediate certificates that may exist in a certification path.String
toString()
Returns a formatted string describing the parameters.-
Methods inherited from class java.security.cert.PKIXParameters
addCertPathChecker, addCertStore, clone, getCertPathCheckers, getCertStores, getDate, getInitialPolicies, getPolicyQualifiersRejected, getSigProvider, getTargetCertConstraints, getTrustAnchors, isAnyPolicyInhibited, isExplicitPolicyRequired, isPolicyMappingInhibited, isRevocationEnabled, setAnyPolicyInhibited, setCertPathCheckers, setCertStores, setDate, setExplicitPolicyRequired, setInitialPolicies, setPolicyMappingInhibited, setPolicyQualifiersRejected, setRevocationEnabled, setSigProvider, setTargetCertConstraints, setTrustAnchors
-
-
-
-
Constructor Detail
-
PKIXBuilderParameters
public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, CertSelector targetConstraints) throws InvalidAlgorithmParameterException
Creates an instance ofPKIXBuilderParameters
with the specifiedSet
of most-trusted CAs. Each element of the set is aTrustAnchor
.Note that the
Set
is copied to protect against subsequent modifications.- Parameters:
trustAnchors
- aSet
ofTrustAnchor
stargetConstraints
- aCertSelector
specifying the constraints on the target certificate- Throws:
InvalidAlgorithmParameterException
- iftrustAnchors
is empty(trustAnchors.isEmpty() == true)
NullPointerException
- iftrustAnchors
isnull
ClassCastException
- if any of the elements oftrustAnchors
are not of typejava.security.cert.TrustAnchor
-
PKIXBuilderParameters
public PKIXBuilderParameters(KeyStore keystore, CertSelector targetConstraints) throws KeyStoreException, InvalidAlgorithmParameterException
Creates an instance ofPKIXBuilderParameters
that populates the set of most-trusted CAs from the trusted certificate entries contained in the specifiedKeyStore
. Only keystore entries that contain trustedX509Certificate
s are considered; all other certificate types are ignored.- Parameters:
keystore
- aKeyStore
from which the set of most-trusted CAs will be populatedtargetConstraints
- aCertSelector
specifying the constraints on the target certificate- Throws:
KeyStoreException
- ifkeystore
has not been initializedInvalidAlgorithmParameterException
- ifkeystore
does not contain at least one trusted certificate entryNullPointerException
- ifkeystore
isnull
-
-
Method Detail
-
setMaxPathLength
public void setMaxPathLength(int maxPathLength)
Sets the value of the maximum number of non-self-issued intermediate certificates that may exist in a certification path. A certificate is self-issued if the DNs that appear in the subject and issuer fields are identical and are not empty. Note that the last certificate in a certification path is not an intermediate certificate, and is not included in this limit. Usually the last certificate is an end entity certificate, but it can be a CA certificate. A PKIXCertPathBuilder
instance must not build paths longer than the length specified.A value of 0 implies that the path can only contain a single certificate. A value of -1 implies that the path length is unconstrained (i.e. there is no maximum). The default maximum path length, if not specified, is 5. Setting a value less than -1 will cause an exception to be thrown.
If any of the CA certificates contain the
BasicConstraintsExtension
, the value of thepathLenConstraint
field of the extension overrides the maximum path length parameter whenever the result is a certification path of smaller length.- Parameters:
maxPathLength
- the maximum number of non-self-issued intermediate certificates that may exist in a certification path- Throws:
InvalidParameterException
- ifmaxPathLength
is set to a value less than -1- See Also:
getMaxPathLength()
-
getMaxPathLength
public int getMaxPathLength()
Returns the value of the maximum number of intermediate non-self-issued certificates that may exist in a certification path. See thesetMaxPathLength(int)
method for more details.- Returns:
- the maximum number of non-self-issued intermediate certificates that may exist in a certification path, or -1 if there is no limit
- See Also:
setMaxPathLength(int)
-
toString
public String toString()
Returns a formatted string describing the parameters.- Overrides:
toString
in classPKIXParameters
- Returns:
- a formatted string describing the parameters
-
-
Nederlandse vertaling
U hebt gevraagd om deze site in het Nederlands te bezoeken. Voor nu wordt alleen de interface vertaald, maar nog niet alle inhoud.Als je me wilt helpen met vertalingen, is je bijdrage welkom. Het enige dat u hoeft te doen, is u op de site registreren en mij een bericht sturen waarin u wordt gevraagd om u toe te voegen aan de groep vertalers, zodat u de gewenste pagina's kunt vertalen. Een link onderaan elke vertaalde pagina geeft aan dat u de vertaler bent en heeft een link naar uw profiel.
Bij voorbaat dank.
Document heeft de 11/06/2005 gemaakt, de laatste keer de 04/03/2020 gewijzigd
Bron van het afgedrukte document:https://www.gaudry.be/nl/java-api-rf-java/security/cert/PKIXBuilderParameters.html
De infobrol is een persoonlijke site waarvan de inhoud uitsluitend mijn verantwoordelijkheid is. De tekst is beschikbaar onder CreativeCommons-licentie (BY-NC-SA). Meer info op de gebruiksvoorwaarden en de auteur.
Referenties
Deze verwijzingen en links verwijzen naar documenten die geraadpleegd zijn tijdens het schrijven van deze pagina, of die aanvullende informatie kunnen geven, maar de auteurs van deze bronnen kunnen niet verantwoordelijk worden gehouden voor de inhoud van deze pagina.
De auteur Deze site is als enige verantwoordelijk voor de manier waarop de verschillende concepten, en de vrijheden die met de referentiewerken worden genomen, hier worden gepresenteerd. Vergeet niet dat u meerdere broninformatie moet doorgeven om het risico op fouten te verkleinen.