📄 pkixparameters.java
字号:
*/ public boolean isExplicitPolicyRequired() { return explicitPolicyRequired; } /** * Sets the PolicyMappingInhibited flag. If this flag is true, policy * mapping is inhibited. By default, policy mapping is not inhibited (the * flag is false). * * @param val <code>true</code> if policy mapping is to be inhibited, * <code>false</code> otherwise */ public void setPolicyMappingInhibited(boolean val) { policyMappingInhibited = val; } /** * Checks if policy mapping is inhibited. If this flag is true, policy * mapping is inhibited. By default, policy mapping is not inhibited (the * flag is false). * * @return true if policy mapping is inhibited, false otherwise */ public boolean isPolicyMappingInhibited() { return policyMappingInhibited; } /** * Sets state to determine if the any policy OID should be processed * if it is included in a certificate. By default, the any policy OID * is not inhibited ({@link #isAnyPolicyInhibited isAnyPolicyInhibited()} * returns <code>false</code>). * * @param val <code>true</code> if the any policy OID is to be * inhibited, <code>false</code> otherwise */ public void setAnyPolicyInhibited(boolean val) { anyPolicyInhibited = val; } /** * Checks whether the any policy OID should be processed if it * is included in a certificate. * * @return <code>true</code> if the any policy OID is inhibited, * <code>false</code> otherwise */ public boolean isAnyPolicyInhibited() { return anyPolicyInhibited; } /** * Sets the PolicyQualifiersRejected flag. If this flag is true, * certificates that include policy qualifiers in a certificate * policies extension that is marked critical are rejected. * If the flag is false, certificates are not rejected on this basis. * * <p> When a <code>PKIXParameters</code> object is created, this flag is * set to true. This setting reflects the most common (and simplest) * strategy for processing policy qualifiers. Applications that want to use * a more sophisticated policy must set this flag to false. * <p> * Note that the PKIX certification path validation algorithm specifies * that any policy qualifier in a certificate policies extension that is * marked critical must be processed and validated. Otherwise the * certification path must be rejected. If the policyQualifiersRejected flag * is set to false, it is up to the application to validate all policy * qualifiers in this manner in order to be PKIX compliant. * * @param qualifiersRejected the new value of the PolicyQualifiersRejected * flag * @see #getPolicyQualifiersRejected * @see PolicyQualifierInfo */ public void setPolicyQualifiersRejected(boolean qualifiersRejected) { policyQualifiersRejected = qualifiersRejected; } /** * Gets the PolicyQualifiersRejected flag. If this flag is true, * certificates that include policy qualifiers in a certificate policies * extension that is marked critical are rejected. * If the flag is false, certificates are not rejected on this basis. * * <p> When a <code>PKIXParameters</code> object is created, this flag is * set to true. This setting reflects the most common (and simplest) * strategy for processing policy qualifiers. Applications that want to use * a more sophisticated policy must set this flag to false. * * @return the current value of the PolicyQualifiersRejected flag * @see #setPolicyQualifiersRejected */ public boolean getPolicyQualifiersRejected() { return policyQualifiersRejected; } /** * Returns the time for which the validity of the certification path * should be determined. If <code>null</code>, the current time is used. * <p> * Note that the <code>Date</code> returned is copied to protect against * subsequent modifications. * * @return the <code>Date</code>, or <code>null</code> if not set * @see #setDate */ public Date getDate() { if (date == null) return null; else return (Date) this.date.clone(); } /** * Sets the time for which the validity of the certification path * should be determined. If <code>null</code>, the current time is used. * <p> * Note that the <code>Date</code> supplied here is copied to protect * against subsequent modifications. * * @param date the <code>Date</code>, or <code>null</code> for the * current time * @see #getDate */ public void setDate(Date date) { if (date != null) this.date = (Date) date.clone(); else date = null; } /** * Sets a <code>List</code> of additional certification path checkers. If * the specified <code>List</code> contains an object that is not a * <code>PKIXCertPathChecker</code>, it is ignored. * <p> * Each <code>PKIXCertPathChecker</code> specified implements * additional checks on a certificate. Typically, these are checks to * process and verify private extensions contained in certificates. * Each <code>PKIXCertPathChecker</code> should be instantiated with any * initialization parameters needed to execute the check. * <p> * This method allows sophisticated applications to extend a PKIX * <code>CertPathValidator</code> or <code>CertPathBuilder</code>. * Each of the specified <code>PKIXCertPathChecker</code>s will be called, * in turn, by a PKIX <code>CertPathValidator</code> or * <code>CertPathBuilder</code> for each certificate processed or * validated. * <p> * Regardless of whether these additional <code>PKIXCertPathChecker</code>s * are set, a PKIX <code>CertPathValidator</code> or * <code>CertPathBuilder</code> must perform all of the required PKIX * checks on each certificate. The one exception to this rule is if the * RevocationEnabled flag is set to false (see the {@link * #setRevocationEnabled setRevocationEnabled} method). * <p> * Note that the <code>List</code> supplied here is copied and each * <code>PKIXCertPathChecker</code> in the list is cloned to protect * against subsequent modifications. * * @param checkers a <code>List</code> of <code>PKIXCertPathChecker</code>s. * May be <code>null</code>, in which case no additional checkers will be * used. * @throws ClassCastException if any of the elements in the list * are not of type <code>java.security.cert.PKIXCertPathChecker</code> * @see #getCertPathCheckers */ public void setCertPathCheckers(List checkers) { if (checkers != null) { ArrayList tmpList = new ArrayList(); Iterator it = checkers.iterator(); while (it.hasNext()) { PKIXCertPathChecker ck = (PKIXCertPathChecker) it.next(); tmpList.add(ck.clone()); } this.certPathCheckers = tmpList; } else this.certPathCheckers = new ArrayList(); } /** * Returns the <code>List</code> of certification path checkers. * The returned <code>List</code> is immutable, and each * <code>PKIXCertPathChecker</code> in the <code>List</code> is cloned * to protect against subsequent modifications. * * @return an immutable <code>List</code> of * <code>PKIXCertPathChecker</code>s (may be empty, but not * <code>null</code>) * @see #setCertPathCheckers */ public List getCertPathCheckers() { ArrayList tmpList = new ArrayList(); Iterator it = certPathCheckers.iterator(); while (it.hasNext()) { PKIXCertPathChecker ck = (PKIXCertPathChecker) it.next(); tmpList.add(ck.clone()); } return Collections.unmodifiableList(tmpList); } /** * Adds a <code>PKIXCertPathChecker</code> to the list of certification * path checkers. See the {@link #setCertPathCheckers setCertPathCheckers} * method for more details. * <p> * Note that the <code>PKIXCertPathChecker</code> is cloned to protect * against subsequent modifications. * * @param checker a <code>PKIXCertPathChecker</code> to add to the list of * checks. If <code>null</code>, the checker is ignored (not added to list). */ public void addCertPathChecker(PKIXCertPathChecker checker) { if (checker != null) certPathCheckers.add(checker.clone()); } /** * Returns the signature provider's name, or <code>null</code> * if not set. * * @return the signature provider's name (or <code>null</code>) * @see #setSigProvider */ public String getSigProvider() { return this.sigProvider; } /** * Sets the signature provider's name. The specified provider will be * preferred when creating {@link java.security.Signature Signature} * objects. If <code>null</code> or not set, the first provider found * supporting the algorithm will be used. * * @param sigProvider the signature provider's name (or <code>null</code>) * @see #getSigProvider */ public void setSigProvider(String sigProvider) { this.sigProvider = sigProvider; } /** * Returns the required constraints on the target certificate. * The constraints are returned as an instance of <code>CertSelector</code>. * If <code>null</code>, no constraints are defined. * * <p>Note that the <code>CertSelector</code> returned is cloned * to protect against subsequent modifications. * * @return a <code>CertSelector</code> specifying the constraints * on the target certificate (or <code>null</code>) * @see #setTargetCertConstraints */ public CertSelector getTargetCertConstraints() { if (certSelector != null) return (CertSelector) certSelector.clone(); else return null; } /** * Sets the required constraints on the target certificate. * The constraints are specified as an instance of * <code>CertSelector</code>. If <code>null</code>, no constraints are * defined. * * <p>Note that the <code>CertSelector</code> specified is cloned * to protect against subsequent modifications. * * @param selector a <code>CertSelector</code> specifying the constraints * on the target certificate (or <code>null</code>) * @see #getTargetCertConstraints */ public void setTargetCertConstraints(CertSelector selector) { if (selector != null) certSelector = (CertSelector) selector.clone(); else certSelector = null; } /** * Makes a copy of this <code>PKIXParameters</code> object. Changes * to the copy will not affect the original and vice versa. * * @return a copy of this <code>PKIXParameters</code> object */ public Object clone() { try { Object copy = super.clone(); // Must clone these because addCertStore, et al. modify them if (certStores != null) { certStores = new ArrayList(certStores); } if (certPathCheckers != null) { certPathCheckers = new ArrayList(certPathCheckers); } return copy; } catch (CloneNotSupportedException e) { /* Cannot happen */ throw new InternalError(e.toString()); } } /** * Returns a formatted string describing the parameters. * * @return a formatted string describing the parameters. */ public String toString() { StringBuffer sb = new StringBuffer(); sb.append("[\n"); /* start with trusted anchor info */ if (unmodTrustAnchors != null) { sb.append(" Trust Anchors: " + unmodTrustAnchors.toString() + "\n"); } /* now, append initial state information */ if (unmodInitialPolicies != null) { if (unmodInitialPolicies.isEmpty()) { sb.append(" Initial Policy OIDs: any\n"); } else { sb.append(" Initial Policy OIDs: [" + unmodInitialPolicies.toString() + "]\n"); } } /* now, append constraints on all certificates in the path */ sb.append(" Validity Date: " + String.valueOf(date) + "\n"); sb.append(" Signature Provider: " + String.valueOf(sigProvider) + "\n"); sb.append(" Default Revocation Enabled: " + revocationEnabled + "\n"); sb.append(" Explicit Policy Required: " + explicitPolicyRequired + "\n"); sb.append(" Policy Mapping Inhibited: " + policyMappingInhibited + "\n"); sb.append(" Any Policy Inhibited: " + anyPolicyInhibited + "\n"); sb.append(" Policy Qualifiers Rejected: " + policyQualifiersRejected + "\n"); /* now, append target cert requirements */ sb.append(" Target Cert Constraints: " + String.valueOf(certSelector) + "\n"); /* finally, append miscellaneous parameters */ if (certPathCheckers != null) sb.append(" Certification Path Checkers: [" + certPathCheckers.toString() + "]\n"); if (certStores != null) sb.append(" CertStores: [" + certStores.toString() + "]\n"); sb.append("]"); return sb.toString(); }}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -