java.security.cert
Class PKIXCertPathChecker

java.lang.Object
  extended by java.security.cert.PKIXCertPathChecker
All Implemented Interfaces:
Cloneable

public abstract class PKIXCertPathChecker
extends Object
implements Cloneable

A validator for X.509 certificates when approving certificate chains.

Concrete subclasses can be passed to the PKIXParameters.setCertPathCheckers(java.util.List) and PKIXParameters.addCertPathChecker(java.security.cert.PKIXCertPathChecker) methods, which are then used to set up PKIX certificate chain builders or validators. These classes then call the check(java.security.cert.Certificate,java.util.Collection) method of this class, performing whatever checks on the certificate, throwing an exception if any check fails.

Subclasses of this must be able to perform their checks in the backward direction -- from the most-trusted certificate to the target -- and may optionally support forward checking -- from the target to the most-trusted certificate.

Since:
1.4
See Also:
PKIXParameters

Constructor Summary
protected PKIXCertPathChecker()
          Default constructor.
 
Method Summary
abstract  void check(Certificate cert, Collection<String> unresolvedCritExts)
          Checks a certificate, removing any critical extensions that are resolved in this check.
 Object clone()
          This method may be called to create a new copy of the Object.
abstract  Set<String> getSupportedExtensions()
          Returns an immutable set of X.509 extension object identifiers (OIDs) supported by this PKIXCertPathChecker.
abstract  void init(boolean forward)
          Initialize this PKIXCertPathChecker.
abstract  boolean isForwardCheckingSupported()
          Returns whether or not this class supports forward checking.
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PKIXCertPathChecker

protected PKIXCertPathChecker()
Default constructor.

Method Detail

clone

public Object clone()
Description copied from class: Object
This method may be called to create a new copy of the Object. The typical behavior is as follows:

However, these are not strict requirements, and may be violated if necessary. Of the three requirements, the last is the most commonly violated, particularly if the subclass does not override Object.equals(Object).

If the Object you call clone() on does not implement Cloneable (which is a placeholder interface), then a CloneNotSupportedException is thrown. Notice that Object does not implement Cloneable; this method exists as a convenience for subclasses that do.

Object's implementation of clone allocates space for the new Object using the correct class, without calling any constructors, and then fills in all of the new field values with the old field values. Thus, it is a shallow copy. However, subclasses are permitted to make a deep copy.

All array types implement Cloneable, and override this method as follows (it should never fail):

 public Object clone()
 {
   try
     {
       super.clone();
     }
   catch (CloneNotSupportedException e)
     {
       throw new InternalError(e.getMessage());
     }
 }
 

Overrides:
clone in class Object
Returns:
a copy of the Object
See Also:
Cloneable

init

public abstract void init(boolean forward)
                   throws CertPathValidatorException
Initialize this PKIXCertPathChecker. If subclasses support forward checking, a value of true can be passed to this method, and certificates can be validated from the target certificate to the most-trusted certifcate.

Parameters:
forward - The direction of this PKIXCertPathChecker.
Throws:
CertPathValidatorException - If forward is true and this class does not support forward checking.

isForwardCheckingSupported

public abstract boolean isForwardCheckingSupported()
Returns whether or not this class supports forward checking.

Returns:
Whether or not this class supports forward checking.

getSupportedExtensions

public abstract Set<String> getSupportedExtensions()
Returns an immutable set of X.509 extension object identifiers (OIDs) supported by this PKIXCertPathChecker.

Returns:
An immutable set of Strings of the supported X.509 OIDs, or null if no extensions are supported.

check

public abstract void check(Certificate cert,
                           Collection<String> unresolvedCritExts)
                    throws CertPathValidatorException
Checks a certificate, removing any critical extensions that are resolved in this check.

Parameters:
cert - The certificate to check.
unresolvedCritExts - The (mutable) collection of as-of-yet unresolved critical extensions, as OID strings.
Throws:
CertPathValidatorException - If this certificate fails this check.