- java.lang.Object
-
- java.security.cert.PKIXCertPathChecker
-
- All Implemented Interfaces:
- Cloneable
public abstract class PKIXCertPathChecker extends Object implements Cloneable
An abstract class that performs one or more checks on anX509Certificate
.A concrete implementation of the
PKIXCertPathChecker
class can be created to extend the PKIX certification path validation algorithm. For example, an implementation may check for and process a critical private extension of each certificate in a certification path.Instances of
PKIXCertPathChecker
are passed as parameters using thesetCertPathCheckers
oraddCertPathChecker
methods of thePKIXParameters
andPKIXBuilderParameters
class. Each of thePKIXCertPathChecker
scheck
methods will be called, in turn, for each certificate processed by a PKIXCertPathValidator
orCertPathBuilder
implementation.A
PKIXCertPathChecker
may be called multiple times on successive certificates in a certification path. Concrete subclasses are expected to maintain any internal state that may be necessary to check successive certificates. Theinit
method is used to initialize the internal state of the checker so that the certificates of a new certification path may be checked. A stateful implementation must override theclone
method if necessary in order to allow a PKIXCertPathBuilder
to efficiently backtrack and try other paths. In these situations, theCertPathBuilder
is able to restore prior path validation states by restoring the clonedPKIXCertPathChecker
s.The order in which the certificates are presented to the
PKIXCertPathChecker
may be either in the forward direction (from target to most-trusted CA) or in the reverse direction (from most-trusted CA to target). APKIXCertPathChecker
implementation must support reverse checking (the ability to perform its checks when it is presented with certificates in the reverse direction) and may support forward checking (the ability to perform its checks when it is presented with certificates in the forward direction). TheisForwardCheckingSupported
method indicates whether forward checking is supported.Additional input parameters required for executing the check may be specified through constructors of concrete implementations of this class.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
- Since:
- 1.4
- See Also:
PKIXParameters
,PKIXBuilderParameters
-
-
Constructor Summary
Constructors Modifier Constructor and Description protected
PKIXCertPathChecker()
Default constructor.
-
Method Summary
Methods Modifier and Type Method and Description abstract void
check(Certificate cert, Collection<String> unresolvedCritExts)
Performs the check(s) on the specified certificate using its internal state and removes any critical extensions that it processes from the specified collection of OID strings that represent the unresolved critical extensions.Object
clone()
Returns a clone of this object.abstract Set<String>
getSupportedExtensions()
Returns an immutableSet
of X.509 certificate extensions that thisPKIXCertPathChecker
supports (i.e.abstract void
init(boolean forward)
Initializes the internal state of thisPKIXCertPathChecker
.abstract boolean
isForwardCheckingSupported()
Indicates if forward checking is supported.
-
-
-
Method Detail
-
init
public abstract void init(boolean forward) throws CertPathValidatorException
Initializes the internal state of thisPKIXCertPathChecker
.The
forward
flag specifies the order that certificates will be passed to thecheck
method (forward or reverse). APKIXCertPathChecker
must support reverse checking and may support forward checking.- Parameters:
forward
- the order that certificates are presented to thecheck
method. Iftrue
, certificates are presented from target to most-trusted CA (forward); iffalse
, from most-trusted CA to target (reverse).- Throws:
CertPathValidatorException
- if thisPKIXCertPathChecker
is unable to check certificates in the specified order; it should never be thrown if the forward flag is false since reverse checking must be supported
-
isForwardCheckingSupported
public abstract boolean isForwardCheckingSupported()
Indicates if forward checking is supported. Forward checking refers to the ability of thePKIXCertPathChecker
to perform its checks when certificates are presented to thecheck
method in the forward direction (from target to most-trusted CA).- Returns:
true
if forward checking is supported,false
otherwise
-
getSupportedExtensions
public abstract Set<String> getSupportedExtensions()
Returns an immutableSet
of X.509 certificate extensions that thisPKIXCertPathChecker
supports (i.e. recognizes, is able to process), ornull
if no extensions are supported.Each element of the set is a
String
representing the Object Identifier (OID) of the X.509 extension that is supported. The OID is represented by a set of nonnegative integers separated by periods.All X.509 certificate extensions that a
PKIXCertPathChecker
might possibly be able to process should be included in the set.- Returns:
- an immutable
Set
of X.509 extension OIDs (inString
format) supported by thisPKIXCertPathChecker
, ornull
if no extensions are supported
-
check
public abstract void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException
Performs the check(s) on the specified certificate using its internal state and removes any critical extensions that it processes from the specified collection of OID strings that represent the unresolved critical extensions. The certificates are presented in the order specified by theinit
method.- Parameters:
cert
- theCertificate
to be checkedunresolvedCritExts
- aCollection
of OID strings representing the current set of unresolved critical extensions- Throws:
CertPathValidatorException
- if the specified certificate does not pass the check
-
-
Nederlandse vertaling
U hebt gevraagd om deze site in het Nederlands te bezoeken. Voor nu wordt alleen de interface vertaald, maar nog niet alle inhoud.Als je me wilt helpen met vertalingen, is je bijdrage welkom. Het enige dat u hoeft te doen, is u op de site registreren en mij een bericht sturen waarin u wordt gevraagd om u toe te voegen aan de groep vertalers, zodat u de gewenste pagina's kunt vertalen. Een link onderaan elke vertaalde pagina geeft aan dat u de vertaler bent en heeft een link naar uw profiel.
Bij voorbaat dank.
Document heeft de 11/06/2005 gemaakt, de laatste keer de 04/03/2020 gewijzigd
Bron van het afgedrukte document:https://www.gaudry.be/nl/java-api-rf-java/security/cert/pkixcertpathchecker.html
De infobrol is een persoonlijke site waarvan de inhoud uitsluitend mijn verantwoordelijkheid is. De tekst is beschikbaar onder CreativeCommons-licentie (BY-NC-SA). Meer info op de gebruiksvoorwaarden en de auteur.
Referenties
Deze verwijzingen en links verwijzen naar documenten die geraadpleegd zijn tijdens het schrijven van deze pagina, of die aanvullende informatie kunnen geven, maar de auteurs van deze bronnen kunnen niet verantwoordelijk worden gehouden voor de inhoud van deze pagina.
De auteur Deze site is als enige verantwoordelijk voor de manier waarop de verschillende concepten, en de vrijheden die met de referentiewerken worden genomen, hier worden gepresenteerd. Vergeet niet dat u meerdere broninformatie moet doorgeven om het risico op fouten te verkleinen.