Package org.bouncycastle.jcajce

Class PKIXExtendedParameters

  • All Implemented Interfaces:
    java.lang.Cloneable, java.security.cert.CertPathParameters
    public class PKIXExtendedParameters
extends java.lang.Object
implements java.security.cert.CertPathParameters
    This class extends the PKIXParameters with a validity model parameter.

    • Field Detail

      • PKIX_VALIDITY_MODEL

        public static final int PKIX_VALIDITY_MODEL
        This is the default PKIX validity model. Actually there are two variants of this: The PKIX model and the modified PKIX model. The PKIX model verifies that all involved certificates must have been valid at the current time. The modified PKIX model verifies that all involved certificates were valid at the signing time. Both are indirectly chosen with the PKIXParameters.setDate(Date) method, so this methods sets the Date when all certificates must have been valid.
        See Also:
        Constant Field Values

      • CHAIN_VALIDITY_MODEL

        public static final int CHAIN_VALIDITY_MODEL
        This model uses the following validity model. Each certificate must have been valid at the moment when it was used. That means the end certificate must have been valid at the time the signature was done. The CA certificate which signed the end certificate must have been valid, when the end certificate was signed. The CA (or Root CA) certificate must have been valid when the CA certificate was signed, and so on. So the PKIXParameters.setDate(Date) method sets the time, when the end certificate must have been valid. It is used e.g. in the German signature law.
        See Also:
        Constant Field Values

    • Method Detail

      • getCertificateStores

        public java.util.List<PKIXCertStore> getCertificateStores()

      • getCRLStores

        public java.util.List<PKIXCRLStore> getCRLStores()

      • getValidityDate

        public java.util.Date getValidityDate()
        Returns the time at which to check the validity of the certification path. If null, the current time is used.
        Returns:
        the Date, or null if not set

      • getDate

        public java.util.Date getDate()
        Deprecated.
        Use 'getValidityDate' instead (which can return null).

      • isUseDeltasEnabled

        public boolean isUseDeltasEnabled()
        Defaults to false.
        Returns:
        Returns if delta CRLs should be used.

      • clone

        public java.lang.Object clone()
        Specified by:
        clone in interface java.security.cert.CertPathParameters
        Overrides:
        clone in class java.lang.Object

      • getTargetConstraints

        public PKIXCertStoreSelector getTargetConstraints()
        Returns the required constraints on the target certificate. The constraints are returned as an instance of Selector. If null, no constraints are defined.
        Returns:
        a Selector specifying the constraints on the target certificate or attribute certificate (or null)
        See Also:
        PKIXCertStoreSelector

      • getTrustAnchors

        public java.util.Set getTrustAnchors()

      • getInitialPolicies

        public java.util.Set getInitialPolicies()

      • getSigProvider

        public java.lang.String getSigProvider()

      • isExplicitPolicyRequired

        public boolean isExplicitPolicyRequired()

      • isAnyPolicyInhibited

        public boolean isAnyPolicyInhibited()

      • isPolicyMappingInhibited

        public boolean isPolicyMappingInhibited()

      • getCertPathCheckers

        public java.util.List getCertPathCheckers()

      • getCertStores

        public java.util.List<java.security.cert.CertStore> getCertStores()

      • isRevocationEnabled

        public boolean isRevocationEnabled()

      • getPolicyQualifiersRejected

        public boolean getPolicyQualifiersRejected()