Bouncy Castle Cryptography Library 1.37 | |
Prev Class | Next Class | Frames | No Frames |
Summary: Nested | Field | Method | Constr | Detail: Nested | Field | Method | Constr |
PKIXParameters
org.bouncycastle.x509.ExtendedPKIXParameters
public class ExtendedPKIXParameters
extends PKIXParameters
Field Summary | |
static int |
|
static int |
|
Constructor Summary | |
|
Method Summary | |
void |
|
void |
|
void | |
Object |
|
List |
|
Set |
|
static ExtendedPKIXParameters |
|
Set |
|
Set |
|
List |
|
Selector |
|
Set |
|
int | |
boolean |
|
boolean |
|
void |
|
void |
|
void |
|
void |
|
protected void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
void |
|
public static final int CHAIN_VALIDITY_MODEL
This model uses the following validity model. Each certificate must have been valid at the moment where is was used. That means the end certificate must have been valid at the time the signature was done. The CA certificate which signed the end certificate must have been valid, when the end certificate was signed. The CA (or Root CA) certificate must have been valid, when the CA certificate was signed and so on. So thePKIXParameters.setDate(java.util.Date)
method sets the time, when the end certificate must have been valid. It is used e.g. in the German signature law.
- Field Value:
- 1
public static final int PKIX_VALIDITY_MODEL
This is the default PKIX validity model. Actually there are two variants of this: The PKIX model and the modified PKIX model. The PKIX model verifies that all involved certificates must have been valid at the current time. The modified PKIX model verifies that all involved certificates were valid at the signing time. Both are indirectly choosen with thePKIXParameters.setDate(java.util.Date)
method, so this methods sets the Date when all certificates must have been valid.
- Field Value:
- 0
public ExtendedPKIXParameters(Set trustAnchors) throws InvalidAlgorithmParameterException
Creates an instance ofPKIXParameters
with the specifiedSet
of most-trusted CAs. Each element of the set is aTrustAnchor
. Note that theSet
is copied to protect against subsequent modifications.
- Parameters:
trustAnchors
- aSet
ofTrustAnchor
s
public void addAddionalStore(Store store)
Adds a additional Bouncy CastleStore
to find CRLs, certificates, attribute certificates or cross certificates. You should not use this method. This method is used for adding additional X.509 stores, which are used to add (remote) locations, e.g. LDAP, found during X.509 object processing, e.g. in certificates or CRLs. This method is used in PKIX certification path processing. Ifstore
isnull
it is ignored.
- Parameters:
store
- The store to add.
- See Also:
getStores()
public void addCertStore(CertStore store)
Adds a Java CertStore to this extended PKIX parameters. If the store uses initialisation parameters of typeCollectionCertStoreParameters
orthe corresponding Bouncy Castle
Store
type is created additionally to it.
public void addStore(Store store)
Adds a Bouncy CastleStore
to find CRLs, certificates, attribute certificates or cross certificates. This method should be used to add local stores, like collection based X.509 stores, if available. Local stores should be considered first, before trying to use additional (remote) locations, because they do not need possible additional network traffic. Ifstore
isnull
it is ignored.
- Parameters:
store
- The store to add.
- See Also:
getStores()
public Object clone()
public List getAddionalStores()
Returns an immutableList
of additional Bouncy CastleStore
s used for finding CRLs, certificates, attribute certificates or cross certificates.
- Returns:
- an immutable
List
of additional Bouncy CastleStore
s. Nevernull
.
- See Also:
addAddionalStore(Store)
public Set getAttrCertCheckers()
Returns the attribute certificate checker. The returned set containsPKIXAttrCertChecker
s and is immutable.
- Returns:
- Returns the attribute certificate checker. Is never
null
.
public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
Returns an instance with the parameters of a givenPKIXParameters
object.
- Parameters:
pkixParams
- The givenPKIXParameters
- Returns:
- an extended PKIX params object
public Set getNecessaryACAttributes()
Returns the neccessary attributes which must be contained in an attribute certificate. The returnedSet
is immutable and containsString
s with the OIDs.
- Returns:
- Returns the necessary AC attributes.
public Set getProhibitedACAttributes()
Returns the attribute certificates which are not allowed. The returnedSet
is immutable and containsString
s with the OIDs.
- Returns:
- Returns the prohibited AC attributes. Is never
null
.
public List getStores()
Returns an immutableList
of Bouncy CastleStore
s used for finding CRLs, certificates, attribute certificates or cross certificates.
- Returns:
- an immutable
List
of Bouncy CastleStore
s. Nevernull
.
- See Also:
setStores(List)
public Selector getTargetConstraints()
Returns the required constraints on the target certificate or attribute certificate. The constraints are returned as an instance ofSelector
. Ifnull
, no constraints are defined. The target certificate in a PKIX path may be a certificate or an attribute certificate. Note that theSelector
returned is cloned to protect against subsequent modifications.
- Returns:
- a
Selector
specifying the constraints on the target certificate or attribute certificate (ornull
)
public Set getTrustedACIssuers()
Returns the trusted attribute certificate issuers. If attribute certificates is verified the trusted AC issuers must be set. The returnedSet
consists ofTrustAnchor
s. The returnedSet
is immutable. Nevernull
- Returns:
- Returns an immutable set of the trusted AC issuers.
public int getValidityModel()
- Returns:
- Returns the validity model.
- See Also:
CHAIN_VALIDITY_MODEL
,PKIX_VALIDITY_MODEL
public boolean isAdditionalLocationsEnabled()
Returns if additionalX509Store
s for locations like LDAP found in certificates or CRLs should be used.
- Returns:
- Returns
true
if additional stores are used.
public boolean isUseDeltasEnabled()
Defaults tofalse
.
- Returns:
- Returns if delta CRLs should be used.
public void setAdditionalLocationsEnabled(boolean enabled)
Sets if additionalX509Store
s for locations like LDAP found in certificates or CRLs should be used.
- Parameters:
enabled
-true
if additional stores are used.
public void setAttrCertCheckers(Set attrCertCheckers)
Sets the attribute certificate checkers. All elements in theSet
must aPKIXAttrCertChecker
. The given set is cloned.
- Parameters:
attrCertCheckers
- The attribute certificate checkers to set. Is nevernull
.
public void setCertStores(List stores)
Sets the Java CertStore to this extended PKIX parameters. If the stores use initialisation parameters of typeCollectionCertStoreParameters
orthe corresponding Bouncy Castle
Store
types are created additionally to it.
public void setNecessaryACAttributes(Set necessaryACAttributes)
Sets the neccessary which must be contained in an attribute certificate. TheSet
must containString
s with the OIDs. The set is cloned.
- Parameters:
necessaryACAttributes
- The necessary AC attributes to set.
protected void setParams(PKIXParameters params)
Method to supportclone()
under J2ME.super.clone()
does not exist and fields are not copied.
- Parameters:
params
- Parameters to set. If this areExtendedPKIXParameters
they are copied to.
public void setProhibitedACAttributes(Set prohibitedACAttributes)
Sets the attribute certificates which are not allowed. TheSet
must containString
s with the OIDs. The set is cloned.
- Parameters:
prohibitedACAttributes
- The prohibited AC attributes to set.
public void setStores(List stores)
Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute certificates or cross certificates. TheList
is cloned.
- Parameters:
stores
- A list of stores to use.
- See Also:
getStores()
public void setTargetCertConstraints(CertSelector selector)
Sets the required constraints on the target certificate. The constraints are specified as an instance ofX509CertSelector
. Ifnull
, no constraints are defined. This method wraps the givenX509CertSelector
into aX509CertStoreSelector
. Note that theX509CertSelector
specified is cloned to protect against subsequent modifications.
- Parameters:
selector
- aX509CertSelector
specifying the constraints on the target certificate (ornull
)
- See Also:
ExtendedPKIXParameters
,X509CertStoreSelector
public void setTargetConstraints(Selector selector)
Sets the required constraints on the target certificate or attribute certificate. The constraints are specified as an instance ofSelector
. Ifnull
, no constraints are defined. The target certificate in a PKIX path may be a certificate or an attribute certificate. Note that theSelector
specified is cloned to protect against subsequent modifications.
- Parameters:
selector
- aSelector
specifying the constraints on the target certificate or attribute certificate (ornull
)
public void setTrustedACIssuers(Set trustedACIssuers)
Sets the trusted attribute certificate issuers. If attribute certificates is verified the trusted AC issuers must be set. ThetrustedACIssuers
must be aSet
ofTrustAnchor
The given set is cloned.
- Parameters:
trustedACIssuers
- The trusted AC issuers to set. Is nevernull
.
public void setUseDeltasEnabled(boolean useDeltas)
Sets if delta CRLs should be used for checking the revocation status.
- Parameters:
useDeltas
-true
if delta CRLs should be used.
public void setValidityModel(int validityModel)
- Parameters:
validityModel
- The validity model to set.
- See Also:
CHAIN_VALIDITY_MODEL
,PKIX_VALIDITY_MODEL