- All Implemented Interfaces:
- Cloneable,- CertPathParameters
CertPathBuilder
 algorithm.
 
 A PKIX CertPathBuilder uses these parameters to build a CertPath which has been
 validated according to the PKIX certification path validation algorithm.
 
To instantiate a PKIXBuilderParameters object, an
 application must specify one or more most-trusted CAs as defined by
 the PKIX certification path validation algorithm. The most-trusted CA
 can be specified using one of two constructors. An application
 can call PKIXBuilderParameters(Set, CertSelector), specifying a
 Set of TrustAnchor objects, each of which
 identifies a most-trusted CA. Alternatively, an application can call
 PKIXBuilderParameters(KeyStore, CertSelector), specifying a
 KeyStore instance containing trusted certificate entries, each
 of which will be considered as a most-trusted CA.
 
In addition, an application must specify constraints on the target
 certificate that the CertPathBuilder will attempt
 to build a path to. The constraints are specified as a
 CertSelector object. These constraints should provide the
 CertPathBuilder with enough search criteria to find the target
 certificate. Minimal criteria for an X509Certificate usually
 include the subject name and/or one or more subject alternative names.
 If enough criteria is not specified, the CertPathBuilder
 may throw a CertPathBuilderException.
 
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
- Since:
- 1.4
- See Also:
- 
Constructor SummaryConstructorsConstructorDescriptionPKIXBuilderParameters(KeyStore keystore, CertSelector targetConstraints) Creates an instance ofPKIXBuilderParametersthat populates the set of most-trusted CAs from the trusted certificate entries contained in the specifiedKeyStore.PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, CertSelector targetConstraints) Creates an instance ofPKIXBuilderParameterswith the specifiedSetof most-trusted CAs.
- 
Method SummaryModifier and TypeMethodDescriptionintReturns the value of the maximum number of intermediate non-self-issued certificates that may exist in a certification path.voidsetMaxPathLength(int maxPathLength) Sets the value of the maximum number of non-self-issued intermediate certificates that may exist in a certification path.toString()Returns a formatted string describing the parameters.Methods declared in class java.security.cert.PKIXParametersaddCertPathChecker, addCertStore, clone, getCertPathCheckers, getCertStores, getDate, getInitialPolicies, getPolicyQualifiersRejected, getSigProvider, getTargetCertConstraints, getTrustAnchors, isAnyPolicyInhibited, isExplicitPolicyRequired, isPolicyMappingInhibited, isRevocationEnabled, setAnyPolicyInhibited, setCertPathCheckers, setCertStores, setDate, setExplicitPolicyRequired, setInitialPolicies, setPolicyMappingInhibited, setPolicyQualifiersRejected, setRevocationEnabled, setSigProvider, setTargetCertConstraints, setTrustAnchors
- 
Constructor Details- 
PKIXBuilderParameterspublic PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, CertSelector targetConstraints) throws InvalidAlgorithmParameterException Creates an instance ofPKIXBuilderParameterswith the specifiedSetof most-trusted CAs. Each element of the set is aTrustAnchor.Note that the Setis copied to protect against subsequent modifications.- Parameters:
- trustAnchors- a- Setof- TrustAnchors
- targetConstraints- a- CertSelectorspecifying the constraints on the target certificate
- Throws:
- InvalidAlgorithmParameterException- if- trustAnchorsis empty- (trustAnchors.isEmpty() == true)
- NullPointerException- if- trustAnchorsis- null
- ClassCastException- if any of the elements of- trustAnchorsare not of type- java.security.cert.TrustAnchor
 
- 
PKIXBuilderParameterspublic PKIXBuilderParameters(KeyStore keystore, CertSelector targetConstraints) throws KeyStoreException, InvalidAlgorithmParameterException Creates an instance ofPKIXBuilderParametersthat populates the set of most-trusted CAs from the trusted certificate entries contained in the specifiedKeyStore. Only keystore entries that contain trustedX509Certificates are considered; all other certificate types are ignored.- Parameters:
- keystore- a- KeyStorefrom which the set of most-trusted CAs will be populated
- targetConstraints- a- CertSelectorspecifying the constraints on the target certificate
- Throws:
- KeyStoreException- if- keystorehas not been initialized
- InvalidAlgorithmParameterException- if- keystoredoes not contain at least one trusted certificate entry
- NullPointerException- if- keystoreis- null
 
 
- 
- 
Method Details- 
setMaxPathLengthpublic void setMaxPathLength(int maxPathLength) Sets the value of the maximum number of non-self-issued intermediate certificates that may exist in a certification path. A certificate is self-issued if the DNs that appear in the subject and issuer fields are identical and are not empty. Note that the last certificate in a certification path is not an intermediate certificate, and is not included in this limit. Usually the last certificate is an end entity certificate, but it can be a CA certificate. A PKIXCertPathBuilderinstance must not build paths longer than the length specified.A value of 0 implies that the path can only contain a single certificate. A value of -1 implies that the path length is unconstrained (i.e. there is no maximum). The default maximum path length, if not specified, is 5. Setting a value less than -1 will cause an exception to be thrown. If any of the CA certificates contain the BasicConstraintsExtension, the value of thepathLenConstraintfield of the extension overrides the maximum path length parameter whenever the result is a certification path of smaller length.- Parameters:
- maxPathLength- the maximum number of non-self-issued intermediate certificates that may exist in a certification path
- Throws:
- InvalidParameterException- if- maxPathLengthis set to a value less than -1
- See Also:
 
- 
getMaxPathLengthpublic int getMaxPathLength()Returns the value of the maximum number of intermediate non-self-issued certificates that may exist in a certification path. See thesetMaxPathLength(int)method for more details.- Returns:
- the maximum number of non-self-issued intermediate certificates that may exist in a certification path, or -1 if there is no limit
- See Also:
 
- 
toStringReturns a formatted string describing the parameters.- Overrides:
- toStringin class- PKIXParameters
- Returns:
- a formatted string describing the parameters
 
 
-