org.bouncycastle.jcajce

Class PKIXExtendedParameters

java.lang.Object

org.bouncycastle.jcajce.PKIXExtendedParameters

All Implemented Interfaces:

java.lang.Cloneable, java.security.cert.CertPathParameters

public class PKIXExtendedParameters
extends java.lang.Object
implements java.security.cert.CertPathParameters

This class extends the PKIXParameters with a validity model parameter.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	PKIXExtendedParameters.Builder Builder for a PKIXExtendedParameters object.

Field Summary

Fields

Modifier and Type	Field and Description
static int	CHAIN_VALIDITY_MODEL This model uses the following validity model.
static int	PKIX_VALIDITY_MODEL This is the default PKIX validity model.

Method Summary

Modifier and Type	Method and Description
java.lang.Object	clone()
java.util.List<PKIXCertStore>	getCertificateStores()
java.util.List	getCertPathCheckers()
java.util.List<java.security.cert.CertStore>	getCertStores()
java.util.List<PKIXCRLStore>	getCRLStores()
java.util.Date	getDate() Deprecated. Use 'getValidityDate' instead (which can return null).
java.util.Set	getInitialPolicies()
java.util.Map<GeneralName,PKIXCertStore>	getNamedCertificateStoreMap()
java.util.Map<GeneralName,PKIXCRLStore>	getNamedCRLStoreMap()
boolean	getPolicyQualifiersRejected()
java.lang.String	getSigProvider()
PKIXCertStoreSelector	getTargetConstraints() Returns the required constraints on the target certificate.
java.util.Set	getTrustAnchors()
java.util.Date	getValidityDate() Returns the time at which to check the validity of the certification path.
int	getValidityModel()
boolean	isAnyPolicyInhibited()
boolean	isExplicitPolicyRequired()
boolean	isPolicyMappingInhibited()
boolean	isRevocationEnabled()
boolean	isUseDeltasEnabled() Defaults to false.

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PKIX_VALIDITY_MODEL

public static final int PKIX_VALIDITY_MODEL

This is the default PKIX validity model. Actually there are two variants of this: The PKIX model and the modified PKIX model. The PKIX model verifies that all involved certificates must have been valid at the current time. The modified PKIX model verifies that all involved certificates were valid at the signing time. Both are indirectly chosen with the PKIXParameters.setDate(Date) method, so this methods sets the Date when all certificates must have been valid.

See Also:

Constant Field Values

CHAIN_VALIDITY_MODEL

public static final int CHAIN_VALIDITY_MODEL

This model uses the following validity model. Each certificate must have been valid at the moment when it was used. That means the end certificate must have been valid at the time the signature was done. The CA certificate which signed the end certificate must have been valid, when the end certificate was signed. The CA (or Root CA) certificate must have been valid when the CA certificate was signed, and so on. So the PKIXParameters.setDate(Date) method sets the time, when the end certificate must have been valid. It is used e.g. in the German signature law.

See Also:

Constant Field Values

Method Detail

getCertificateStores

public java.util.List<PKIXCertStore> getCertificateStores()

getNamedCertificateStoreMap

public java.util.Map<GeneralName,PKIXCertStore> getNamedCertificateStoreMap()

getCRLStores

public java.util.List<PKIXCRLStore> getCRLStores()

getNamedCRLStoreMap

public java.util.Map<GeneralName,PKIXCRLStore> getNamedCRLStoreMap()

getValidityDate

public java.util.Date getValidityDate()

Returns the time at which to check the validity of the certification path. If null, the current time is used.

Returns:

the Date, or null if not set

getDate

public java.util.Date getDate()

Deprecated. Use 'getValidityDate' instead (which can return null).

isUseDeltasEnabled

public boolean isUseDeltasEnabled()

Defaults to false.

Returns:

Returns if delta CRLs should be used.

getValidityModel

public int getValidityModel()

Returns:

Returns the validity model.

See Also:

CHAIN_VALIDITY_MODEL, PKIX_VALIDITY_MODEL

clone

public java.lang.Object clone()

Specified by:

clone in interface java.security.cert.CertPathParameters

Overrides:

clone in class java.lang.Object

getTargetConstraints

public PKIXCertStoreSelector getTargetConstraints()

Returns the required constraints on the target certificate. The constraints are returned as an instance of Selector. If null, no constraints are defined.

Returns:

a Selector specifying the constraints on the target certificate or attribute certificate (or null)

See Also:

PKIXCertStoreSelector

getTrustAnchors

public java.util.Set getTrustAnchors()

getInitialPolicies

public java.util.Set getInitialPolicies()

getSigProvider

public java.lang.String getSigProvider()

isExplicitPolicyRequired

public boolean isExplicitPolicyRequired()

isAnyPolicyInhibited

public boolean isAnyPolicyInhibited()

isPolicyMappingInhibited

public boolean isPolicyMappingInhibited()

getCertPathCheckers

public java.util.List getCertPathCheckers()

getCertStores

public java.util.List<java.security.cert.CertStore> getCertStores()

isRevocationEnabled

public boolean isRevocationEnabled()

getPolicyQualifiersRejected

public boolean getPolicyQualifiersRejected()