/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package java.security.cert; import java.util.Collection; import java.util.Set; /** * The class specifying the interface to extend the certification path * validation algorithm by checks to perform on an {@code X509Certificate}. *

* The checks are added to a certification path validation using the * {@link PKIXParameters#setCertPathCheckers(java.util.List) * setCertPathCheckers} or * {@link PKIXBuilderParameters#addCertPathChecker(PKIXCertPathChecker) * addCertPathChecker} of the {@code PKIXParameters} and {@code * PKIXBuilderParameters} class respectively. The * {@link #check(Certificate, Collection) check} method will be called for each * certificate processed by a {@code CertPathBuilder} of {@code * CertPathValidator}. *

* A {@code PKIXCertPathChecker} implementation must support reverse * checking (from trusted CA to target) and may support forward checking * (from target to trusted CA). The return value of {@code * isForwardCheckingSupported} indicates whether forward checking is supported. */ public abstract class PKIXCertPathChecker implements Cloneable { /** * Creates a new {@code PKIXCertPathChecker} instance. */ protected PKIXCertPathChecker() {} /** * Clones this {@code PKIXCertPathChecker} instance. * * @return the cloned instance. */ public Object clone() { try { return super.clone(); } catch (CloneNotSupportedException e) { throw new AssertionError(e); } } /** * Initializes this {@code PKIXCertPathChecker} instance for specified * checking direction. * * @param forward * the direction of the certification path processing, {@code * true} if the certificates are processed in forward direction * (from target to trusted CA), {@code false} if processed in * reverse direction (from trusted CA to target). * @throws CertPathValidatorException * if initialization of this {@code PKIXCertPathChecker} * instance fails, or if it cannot process certificates in the * specified order. */ public abstract void init(boolean forward) throws CertPathValidatorException; /** * Returns whether this {@code PKIXCertPathChecker} instance supports * forward checking. * * @return {@code true} if this {@code PKIXCertPathChecker} instance * supports forward checking, otherwise {@code false}. */ public abstract boolean isForwardCheckingSupported(); /** * Returns the list of extensions of X.509 certificates that this {@code * PKIXCertPathChecker} is able to process. * * @return the list of extensions of X.509 certificates that this {@code * PKIXCertPathChecker} is able to process, or {@code null} if there * are none. */ public abstract Set getSupportedExtensions(); /** * Checks the specified certificate and removes the processed critical * extensions from the specified list of X.509 extension OIDs. * * @param cert * the certificate. * @param unresolvedCritExts * the list of critical X.509 extension OID strings. * @throws CertPathValidatorException * if check(s) fail on the specified certificate. */ public abstract void check(Certificate cert, Collection unresolvedCritExts) throws CertPathValidatorException; }