org.bouncycastle.x509
Class ExtendedPKIXParameters
PKIXParameters
org.bouncycastle.x509.ExtendedPKIXParameters
public class ExtendedPKIXParameters
extends PKIXParameters
This class extends the PKIXParameters with a validity model parameter.
ExtendedPKIXParameters(Set trustAnchors) - Creates an instance of
PKIXParameters with the specified
Set of most-trusted CAs.
|
void | addAddionalStore(org.bouncycastle.util.Store store) - Adds a additional Bouncy Castle
Store to find CRLs, certificates,
attribute certificates or cross certificates.
|
void | addCertStore(CertStore store) - Adds a Java CertStore to this extended PKIX parameters.
|
void | addStore(org.bouncycastle.util.Store store) - Adds a Bouncy Castle
Store to find CRLs, certificates, attribute
certificates or cross certificates.
|
Object | clone()
|
List | getAddionalStores() - Returns an immutable
List of additional Bouncy Castle
Store s used for finding CRLs, certificates, attribute
certificates or cross certificates.
|
static ExtendedPKIXParameters | getInstance(PKIXParameters pkixParams) - Returns an instance with the parameters of a given
PKIXParameters object.
|
List | getStores() - Returns an immutable
List of Bouncy Castle
Store s used for finding CRLs, certificates, attribute
certificates or cross certificates.
|
org.bouncycastle.util.Selector | getTargetConstraints() - Returns the required constraints on the target certificate or attribute
certificate.
|
int | getValidityModel()
|
boolean | isAdditionalLocationsEnabled() - Returns if additional
X509Store s for locations like LDAP found
in certificates or CRLs should be used.
|
boolean | isUseDeltasEnabled() - Defaults to
false .
|
void | setAdditionalLocationsEnabled(boolean enabled) - Sets if additional
X509Store s for locations like LDAP found in
certificates or CRLs should be used.
|
void | setCertStores(List stores) - Sets the Java CertStore to this extended PKIX parameters.
|
protected void | setParams(PKIXParameters params) - Method to support
clone() under J2ME.
|
void | setStores(List stores) - Sets to Bouncy Castle Stores for finding CRLs, certificates, attribute
certificates or cross certificates.
|
void | setTargetCertConstraints(CertSelector selector) - Sets the required constraints on the target certificate.
|
void | setTargetConstraints(org.bouncycastle.util.Selector selector) - Sets the required constraints on the target certificate or attribute
certificate.
|
void | setUseDeltasEnabled(boolean useDeltas) - Sets if delta CRLs should be used for checking the revocation status.
|
void | setValidityModel(int validityModel)
|
CHAIN_VALIDITY_MODEL
public static final int CHAIN_VALIDITY_MODEL
This model uses the following validity model. Each certificate must have
been valid at the moment where is was used. That means teh end
certificate must have been valid at the time the signature was done. The
CA certificate which signed the end certificate must have been valid,
when the end certificate was signed. The CA (or Root CA) certificate must
have been valid, when the CA certificate was signed and so on. So the
PKIXParameters.setDate(java.util.Date)
method sets the time, when
the
end certificate must have been valid.
It is used e.g.
in the German signature law.
PKIX_VALIDITY_MODEL
public static final int PKIX_VALIDITY_MODEL
This is the default PKIX validity model. Actually there are two variants
of this: The PKIX model and the modified PKIX model. The PKIX model
verifies that all involved certificates must have been valid at the
current time. The modified PKIX model verifies that all involved
certificates were valid at the signing time. Both are indirectly choosen
with the PKIXParameters.setDate(java.util.Date)
method, so this
methods sets the Date when all certificates must have been
valid.
ExtendedPKIXParameters
public ExtendedPKIXParameters(Set trustAnchors)
throws InvalidAlgorithmParameterException
Creates an instance of
PKIXParameters
with the specified
Set
of most-trusted CAs. Each element of the set is a
TrustAnchor
.
Note that the
Set
is copied to protect against subsequent modifications.
trustAnchors
- a Set
of TrustAnchor
s
addAddionalStore
public void addAddionalStore(org.bouncycastle.util.Store store)
Adds a additional Bouncy Castle
Store
to find CRLs, certificates,
attribute certificates or cross certificates.
You should not use this method. This method is used for adding additional
X.509 stores, which are used to add (remote) locations, e.g. LDAP, found
during X.509 object processing, e.g. in certificates or CRLs. This method
is used in PKIX certification path processing.
If
store
is
null
it is ignored.
store
- The store to add.
addCertStore
public void addCertStore(CertStore store)
Adds a Java CertStore to this extended PKIX parameters. If the store uses
initialisation parameters of type
CollectionCertStoreParameters
or
the
corresponding Bouncy Castle Store
type is created additionally to
it.
addStore
public void addStore(org.bouncycastle.util.Store store)
Adds a Bouncy Castle
Store
to find CRLs, certificates, attribute
certificates or cross certificates.
This method should be used to add local stores, like collection based
X.509 stores, if available. Local stores should be considered first,
before trying to use additional (remote) locations, because they do not
need possible additional network traffic.
If
store
is
null
it is ignored.
store
- The store to add.
clone
public Object clone()
getAddionalStores
public List getAddionalStores()
Returns an immutable List
of additional Bouncy Castle
Store
s used for finding CRLs, certificates, attribute
certificates or cross certificates.
- an immutable
List
of additional Bouncy Castle
Store
s. Never null
.
getInstance
public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
Returns an instance with the parameters of a given
PKIXParameters
object.
pkixParams
- The given PKIXParameters
- an extended PKIX params object
getStores
public List getStores()
Returns an immutable List
of Bouncy Castle
Store
s used for finding CRLs, certificates, attribute
certificates or cross certificates.
- an immutable
List
of Bouncy Castle
Store
s. Never null
.
getTargetConstraints
public org.bouncycastle.util.Selector getTargetConstraints()
Returns the required constraints on the target certificate or attribute
certificate. The constraints are returned as an instance of
Selector
. If
null
, no constraints are
defined.
The target certificate in a PKIX path may be a certificate or an
attribute certificate.
Note that the
Selector
returned is cloned to protect
against subsequent modifications.
- a
Selector
specifying the constraints on the
target certificate or attribute certificate (or null
)
getValidityModel
public int getValidityModel()
- Returns the validity model.
isAdditionalLocationsEnabled
public boolean isAdditionalLocationsEnabled()
Returns if additional
X509Store
s for locations like LDAP found
in certificates or CRLs should be used.
- Returns
true
if additional stores are used.
isUseDeltasEnabled
public boolean isUseDeltasEnabled()
Defaults to false
.
- Returns if delta CRLs should be used.
setAdditionalLocationsEnabled
public void setAdditionalLocationsEnabled(boolean enabled)
Sets if additional
X509Store
s for locations like LDAP found in
certificates or CRLs should be used.
enabled
- true
if additional stores are used.
setCertStores
public void setCertStores(List stores)
Sets the Java CertStore to this extended PKIX parameters. If the stores
use initialisation parameters of type
CollectionCertStoreParameters
or
the
corresponding Bouncy Castle Store
types are created additionally
to it.
setParams
protected void setParams(PKIXParameters params)
Method to support clone()
under J2ME.
super.clone()
does not exist and fields are not copied.
params
- Parameters to set. If this are
ExtendedPKIXParameters
they are copied to.
setStores
public void setStores(List stores)
Sets to Bouncy Castle Stores for finding CRLs, certificates, attribute
certificates or cross certificates.
The
List
is cloned.
stores
- A list of stores to use.
setTargetCertConstraints
public void setTargetCertConstraints(CertSelector selector)
Sets the required constraints on the target certificate. The constraints
are specified as an instance of
CertSelector
. If
null
, no constraints are defined.
This method wraps the given
CertSelector
into a
X509CertStoreSelector
.
Note that the
CertSelector
specified is cloned to protect
against subsequent modifications.
selector
- a CertSelector
specifying the constraints
on the target certificate (or null
)
setTargetConstraints
public void setTargetConstraints(org.bouncycastle.util.Selector selector)
Sets the required constraints on the target certificate or attribute
certificate. The constraints are specified as an instance of
Selector
. If
null
, no constraints are
defined.
The target certificate in a PKIX path may be a certificate or an
attribute certificate.
Note that the
Selector
specified is cloned to protect
against subsequent modifications.
selector
- a Selector
specifying the constraints on
the target certificate or attribute certificate (or
null
)
setUseDeltasEnabled
public void setUseDeltasEnabled(boolean useDeltas)
Sets if delta CRLs should be used for checking the revocation status.
useDeltas
- true
if delta CRLs should be used.
setValidityModel
public void setValidityModel(int validityModel)
validityModel
- The validity model to set.