Package org.bouncycastle.jcajce

Class PKIXExtendedParameters

java.lang.Object
org.bouncycastle.jcajce.PKIXExtendedParameters
All Implemented Interfaces:
Cloneable, CertPathParameters
public class PKIXExtendedParameters extends Object implements CertPathParameters
This class extends the PKIXParameters with a validity model parameter.

  • Field Details

    • PKIX_VALIDITY_MODEL

      public static final int PKIX_VALIDITY_MODEL
      This is the default PKIX validity model. Actually there are two variants of this: The PKIX model and the modified PKIX model. The PKIX model verifies that all involved certificates must have been valid at the current time. The modified PKIX model verifies that all involved certificates were valid at the signing time. Both are indirectly chosen with the PKIXParameters.setDate(Date) method, so this methods sets the Date when all certificates must have been valid.
      See Also:

    • CHAIN_VALIDITY_MODEL

      public static final int CHAIN_VALIDITY_MODEL
      This model uses the following validity model. Each certificate must have been valid at the moment when it was used. That means the end certificate must have been valid at the time the signature was done. The CA certificate which signed the end certificate must have been valid, when the end certificate was signed. The CA (or Root CA) certificate must have been valid when the CA certificate was signed, and so on. So the PKIXParameters.setDate(Date) method sets the time, when the end certificate must have been valid. It is used e.g. in the German signature law.
      See Also:

  • Method Details

    • getCertificateStores

      public List<PKIXCertStore> getCertificateStores()

    • getNamedCertificateStoreMap

      public Map<GeneralName,PKIXCertStore> getNamedCertificateStoreMap()

    • getCRLStores

      public List<PKIXCRLStore> getCRLStores()

    • getNamedCRLStoreMap

      public Map<GeneralName,PKIXCRLStore> getNamedCRLStoreMap()

    • getValidityDate

      public Date getValidityDate()
      Returns the time at which to check the validity of the certification path. If null, the current time is used.
      Returns:
      the Date, or null if not set

    • getDate

      public Date getDate()
      Deprecated.
      Use 'getValidityDate' instead (which can return null).

    • isUseDeltasEnabled

      public boolean isUseDeltasEnabled()
      Defaults to false.
      Returns:
      Returns if delta CRLs should be used.

    • getValidityModel

      public int getValidityModel()
      Returns:
      Returns the validity model.
      See Also:

    • clone

      public Object clone()
      Specified by:
      clone in interface CertPathParameters
      Overrides:
      clone in class Object

    • getTargetConstraints

      public PKIXCertStoreSelector getTargetConstraints()
      Returns the required constraints on the target certificate. The constraints are returned as an instance of Selector. If null, no constraints are defined.
      Returns:
      a Selector specifying the constraints on the target certificate or attribute certificate (or null)
      See Also:

    • getTrustAnchors

      public Set getTrustAnchors()

    • getInitialPolicies

      public Set getInitialPolicies()

    • getSigProvider

      public String getSigProvider()

    • isExplicitPolicyRequired

      public boolean isExplicitPolicyRequired()

    • isAnyPolicyInhibited

      public boolean isAnyPolicyInhibited()

    • isPolicyMappingInhibited

      public boolean isPolicyMappingInhibited()

    • getCertPathCheckers

      public List getCertPathCheckers()

    • getCertStores

      public List<CertStore> getCertStores()

    • isRevocationEnabled

      public boolean isRevocationEnabled()

    • getPolicyQualifiersRejected

      public boolean getPolicyQualifiersRejected()