com.tencent.kona.sun.security.provider.certpath

Class AlgorithmChecker

java.lang.Object

java.security.cert.PKIXCertPathChecker

com.tencent.kona.sun.security.provider.certpath.AlgorithmChecker

All Implemented Interfaces:

java.lang.Cloneable, java.security.cert.CertPathChecker

public final class AlgorithmChecker
extends java.security.cert.PKIXCertPathChecker

A PKIXCertPathChecker implementation to check whether a specified certificate contains the required algorithm constraints.

Certificate fields such as the subject public key, the signature algorithm, key usage, extended key usage, etc. need to conform to the specified algorithm constraints.

See Also:

PKIXCertPathChecker, PKIXParameters

Constructor Summary

Constructors

Constructor and Description
AlgorithmChecker(java.security.AlgorithmConstraints constraints, java.lang.String variant) Create a new AlgorithmChecker with the given AlgorithmConstraints and String variant.
AlgorithmChecker(java.security.cert.TrustAnchor anchor, java.security.AlgorithmConstraints constraints, java.util.Date date, java.lang.String variant) Create a new AlgorithmChecker with the given TrustAnchor, AlgorithmConstraints, Date, and String variant.
AlgorithmChecker(java.security.cert.TrustAnchor anchor, java.util.Date date, java.lang.String variant) Create a new AlgorithmChecker with the given TrustAnchor, PKIXParameter date, and variant.
AlgorithmChecker(java.security.cert.TrustAnchor anchor, java.lang.String variant) Create a new AlgorithmChecker with the given TrustAnchor and String variant.

Method Summary

Modifier and Type	Method and Description
void	check(java.security.cert.Certificate cert, java.util.Collection<java.lang.String> unresolvedCritExts)
java.util.Set<java.lang.String>	getSupportedExtensions()
void	init(boolean forward)
boolean	isForwardCheckingSupported()

Methods inherited from class java.security.cert.PKIXCertPathChecker

check, clone

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AlgorithmChecker

public AlgorithmChecker(java.security.cert.TrustAnchor anchor,
                        java.lang.String variant)

Create a new AlgorithmChecker with the given TrustAnchor and String variant.

Parameters:

anchor - the trust anchor selected to validate the target certificate

variant - the Validator variant of the operation. A null value passed will set it to Validator.GENERIC.

AlgorithmChecker

public AlgorithmChecker(java.security.AlgorithmConstraints constraints,
                        java.lang.String variant)

Create a new AlgorithmChecker with the given AlgorithmConstraints and String variant. Note that this constructor can initialize a variation of situations where the AlgorithmConstraints or Variant maybe known.

Parameters:

constraints - the algorithm constraints (or null)

variant - the Validator variant of the operation. A null value passed will set it to Validator.GENERIC.

AlgorithmChecker

public AlgorithmChecker(java.security.cert.TrustAnchor anchor,
                        java.security.AlgorithmConstraints constraints,
                        java.util.Date date,
                        java.lang.String variant)

Create a new AlgorithmChecker with the given TrustAnchor, AlgorithmConstraints, Date, and String variant.

Parameters:

anchor - the trust anchor selected to validate the target certificate

constraints - the algorithm constraints (or null)

date - the date specified by the PKIXParameters date, or the timestamp if JAR files are being validated and the JAR is timestamped. May be null if no timestamp or PKIXParameter date is set.

variant - the Validator variant of the operation. A null value passed will set it to Validator.GENERIC.

AlgorithmChecker

public AlgorithmChecker(java.security.cert.TrustAnchor anchor,
                        java.util.Date date,
                        java.lang.String variant)

Create a new AlgorithmChecker with the given TrustAnchor, PKIXParameter date, and variant.

Parameters:

anchor - the trust anchor selected to validate the target certificate

date - the date specified by the PKIXParameters date, or the timestamp if JAR files are being validated and the JAR is timestamped. May be null if no timestamp or PKIXParameter date is set.

variant - the Validator variant of the operation. A null value passed will set it to Validator.GENERIC.

Method Detail

init

public void init(boolean forward)
          throws java.security.cert.CertPathValidatorException

Specified by:

init in interface java.security.cert.CertPathChecker

Specified by:

init in class java.security.cert.PKIXCertPathChecker

Throws:

java.security.cert.CertPathValidatorException

isForwardCheckingSupported

public boolean isForwardCheckingSupported()

Specified by:

isForwardCheckingSupported in interface java.security.cert.CertPathChecker

Specified by:

isForwardCheckingSupported in class java.security.cert.PKIXCertPathChecker

getSupportedExtensions

public java.util.Set<java.lang.String> getSupportedExtensions()

Specified by:

getSupportedExtensions in class java.security.cert.PKIXCertPathChecker

check

public void check(java.security.cert.Certificate cert,
                  java.util.Collection<java.lang.String> unresolvedCritExts)
           throws java.security.cert.CertPathValidatorException

Specified by:

check in class java.security.cert.PKIXCertPathChecker

Throws:

java.security.cert.CertPathValidatorException