org.bouncycastle.x509
public class ExtendedPKIXParameters extends PKIXParameters
Field Summary | |
---|---|
static int | CHAIN_VALIDITY_MODEL
This model uses the following validity model. |
static int | PKIX_VALIDITY_MODEL
This is the default PKIX validity model. |
Constructor Summary | |
---|---|
ExtendedPKIXParameters(Set trustAnchors)
Creates an instance of PKIXParameters with the specified
Set of most-trusted CAs. |
Method Summary | |
---|---|
void | addAddionalStore(Store store)
Adds a additional Bouncy Castle Store to find CRLs, certificates,
attribute certificates or cross certificates.
|
void | addCertStore(CertStore store)
Adds a Java CertStore to this extended PKIX parameters. |
void | addStore(Store store)
Adds a Bouncy Castle Store to find CRLs, certificates, attribute
certificates or cross certificates.
|
Object | clone() |
List | getAddionalStores()
Returns an immutable List of additional Bouncy Castle
Store s used for finding CRLs, certificates, attribute
certificates or cross certificates.
|
Set | getAttrCertCheckers()
Returns the attribute certificate checker. |
static ExtendedPKIXParameters | getInstance(PKIXParameters pkixParams)
Returns an instance with the parameters of a given
PKIXParameters object.
|
Set | getNecessaryACAttributes()
Returns the neccessary attributes which must be contained in an attribute
certificate.
|
Set | getProhibitedACAttributes()
Returns the attribute certificates which are not allowed.
|
List | getStores()
Returns an immutable List of Bouncy Castle
Store s used for finding CRLs, certificates, attribute
certificates or cross certificates.
|
Selector | getTargetConstraints()
Returns the required constraints on the target certificate or attribute
certificate. |
Set | getTrustedACIssuers()
Returns the trusted attribute certificate issuers. |
int | getValidityModel() |
boolean | isAdditionalLocationsEnabled()
Returns if additional X509Stores for locations like LDAP found
in certificates or CRLs should be used.
|
boolean | isUseDeltasEnabled()
Defaults to false .
|
void | setAdditionalLocationsEnabled(boolean enabled)
Sets if additional X509Stores for locations like LDAP found in
certificates or CRLs should be used.
|
void | setAttrCertCheckers(Set attrCertCheckers)
Sets the attribute certificate checkers.
|
void | setCertStores(List stores)
Sets the Java CertStore to this extended PKIX parameters. |
void | setNecessaryACAttributes(Set necessaryACAttributes)
Sets the neccessary which must be contained in an attribute certificate.
|
protected void | setParams(PKIXParameters params)
Method to support clone() under J2ME.
|
void | setProhibitedACAttributes(Set prohibitedACAttributes)
Sets the attribute certificates which are not allowed.
|
void | setStores(List stores)
Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute
certificates or cross certificates.
|
void | setTargetCertConstraints(CertSelector selector)
Sets the required constraints on the target certificate. |
void | setTargetConstraints(Selector selector)
Sets the required constraints on the target certificate or attribute
certificate. |
void | setTrustedACIssuers(Set trustedACIssuers)
Sets the trusted attribute certificate issuers. |
void | setUseDeltasEnabled(boolean useDeltas)
Sets if delta CRLs should be used for checking the revocation status.
|
void | setValidityModel(int validityModel) |
PKIXParameters
with the specified
Set
of most-trusted CAs. Each element of the set is a
TrustAnchor TrustAnchor
. Note that the Set
is copied to protect against subsequent modifications.
Parameters: trustAnchors a Set
of TrustAnchor
s
Throws: InvalidAlgorithmParameterException if the specified
Set
is empty. NullPointerException if the specified Set
is
null
ClassCastException if any of the elements in the Set
is not of type java.security.cert.TrustAnchor
You should not use this method. This method is used for adding additional X.509 stores, which are used to add (remote) locations, e.g. LDAP, found during X.509 object processing, e.g. in certificates or CRLs. This method is used in PKIX certification path processing.
If store
is null
it is ignored.
Parameters: store The store to add.
See Also: getStores
CollectionCertStoreParameters
or
the
corresponding Bouncy Castle Store type is created additionally to
it.This method should be used to add local stores, like collection based X.509 stores, if available. Local stores should be considered first, before trying to use additional (remote) locations, because they do not need possible additional network traffic.
If store
is null
it is ignored.
Parameters: store The store to add.
See Also: ExtendedPKIXParameters
List
of additional Bouncy Castle
Store
s used for finding CRLs, certificates, attribute
certificates or cross certificates.
Returns: an immutable List
of additional Bouncy Castle
Store
s. Never null
.
See Also: addAddionalStore
Returns: Returns the attribute certificate checker. Is never
null
.
PKIXParameters
object.
Parameters: pkixParams The given PKIXParameters
Returns: an extended PKIX params object
The returned Set
is immutable and contains
String
s with the OIDs.
Returns: Returns the necessary AC attributes.
The returned Set
is immutable and contains
String
s with the OIDs.
Returns: Returns the prohibited AC attributes. Is never null
.
List
of Bouncy Castle
Store
s used for finding CRLs, certificates, attribute
certificates or cross certificates.
Returns: an immutable List
of Bouncy Castle
Store
s. Never null
.
See Also: setStores
Selector
. If null
, no constraints are
defined.
The target certificate in a PKIX path may be a certificate or an attribute certificate.
Note that the Selector
returned is cloned to protect
against subsequent modifications.
Returns: a Selector
specifying the constraints on the
target certificate or attribute certificate (or null
)
See Also: ExtendedPKIXParameters X509CertStoreSelector X509AttributeCertStoreSelector
The returned Set
consists of TrustAnchor
s.
The returned Set
is immutable. Never null
Returns: Returns an immutable set of the trusted AC issuers.
Returns: Returns the validity model.
See Also: CHAIN_VALIDITY_MODEL PKIX_VALIDITY_MODEL
Returns: Returns true
if additional stores are used.
false
.
Returns: Returns if delta CRLs should be used.
Parameters: enabled true
if additional stores are used.
All elements in the Set
must a PKIXAttrCertChecker.
The given set is cloned.
Parameters: attrCertCheckers The attribute certificate checkers to set. Is
never null
.
Throws: ClassCastException if an element of attrCertCheckers
is not a PKIXAttrCertChecker
.
CollectionCertStoreParameters
or
the
corresponding Bouncy Castle Store types are created additionally
to it.
Throws: ClassCastException if an element of stores
is not
a CertStore
.
The Set
must contain String
s with the
OIDs.
The set is cloned.
Parameters: necessaryACAttributes The necessary AC attributes to set.
Throws: ClassCastException if an element of
necessaryACAttributes
is not a
String
.
clone()
under J2ME.
super.clone()
does not exist and fields are not copied.
Parameters: params Parameters to set. If this are
ExtendedPKIXParameters
they are copied to.
The Set
must contain String
s with the
OIDs.
The set is cloned.
Parameters: prohibitedACAttributes The prohibited AC attributes to set.
Throws: ClassCastException if an element of
prohibitedACAttributes
is not a
String
.
The List
is cloned.
Parameters: stores A list of stores to use.
Throws: ClassCastException if an element of stores
is not
a Store.
See Also: ExtendedPKIXParameters
X509CertSelector
. If
null
, no constraints are defined.
This method wraps the given X509CertSelector
into a
X509CertStoreSelector
.
Note that the X509CertSelector
specified is cloned to
protect against subsequent modifications.
Parameters: selector a X509CertSelector
specifying the
constraints on the target certificate (or null
)
See Also: ExtendedPKIXParameters X509CertStoreSelector
Selector
. If null
, no constraints are
defined.
The target certificate in a PKIX path may be a certificate or an attribute certificate.
Note that the Selector
specified is cloned to protect
against subsequent modifications.
Parameters: selector a Selector
specifying the constraints on
the target certificate or attribute certificate (or
null
)
See Also: ExtendedPKIXParameters X509CertStoreSelector X509AttributeCertStoreSelector
The trustedACIssuers
must be a Set
of
TrustAnchor
The given set is cloned.
Parameters: trustedACIssuers The trusted AC issuers to set. Is never
null
.
Throws: ClassCastException if an element of stores
is not
a TrustAnchor
.
Parameters: useDeltas true
if delta CRLs should be used.
Parameters: validityModel The validity model to set.
See Also: CHAIN_VALIDITY_MODEL PKIX_VALIDITY_MODEL