2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 package java.security.cert;
20 import java.util.Collection;
24 * The class specifying the interface to extend the certification path
25 * validation algorithm by checks to perform on an {@code X509Certificate}.
27 * The checks are added to a certification path validation using the
28 * {@link PKIXParameters#setCertPathCheckers(java.util.List)
29 * setCertPathCheckers} or
30 * {@link PKIXBuilderParameters#addCertPathChecker(PKIXCertPathChecker)
31 * addCertPathChecker} of the {@code PKIXParameters} and {@code
32 * PKIXBuilderParameters} class respectively. The
33 * {@link #check(Certificate, Collection) check} method will be called for each
34 * certificate processed by a {@code CertPathBuilder} of {@code
37 * A {@code PKIXCertPathChecker} implementation <u>must</u> support reverse
38 * checking (from trusted CA to target) and <u>may</u> support forward checking
39 * (from target to trusted CA). The return value of {@code
40 * isForwardCheckingSupported} indicates whether forward checking is supported.
42 public abstract class PKIXCertPathChecker implements Cloneable {
45 * Creates a new {@code PKIXCertPathChecker} instance.
47 protected PKIXCertPathChecker() {}
50 * Clones this {@code PKIXCertPathChecker} instance.
52 * @return the cloned instance.
54 public Object clone() {
57 } catch (CloneNotSupportedException e) {
58 throw new AssertionError(e); // android-changed
63 * Initializes this {@code PKIXCertPathChecker} instance for specified
64 * <i>checking direction</i>.
67 * the direction of the certification path processing, {@code
68 * true} if the certificates are processed in forward direction
69 * (from target to trusted CA), {@code false} if processed in
70 * reverse direction (from trusted CA to target).
71 * @throws CertPathValidatorException
72 * if initialization of this {@code PKIXCertPathChecker}
73 * instance fails, or if it cannot process certificates in the
76 public abstract void init(boolean forward)
77 throws CertPathValidatorException;
80 * Returns whether this {@code PKIXCertPathChecker} instance supports
81 * <i>forward checking</i>.
83 * @return {@code true} if this {@code PKIXCertPathChecker} instance
84 * supports forward checking, otherwise {@code false}.
86 public abstract boolean isForwardCheckingSupported();
89 * Returns the list of extensions of X.509 certificates that this {@code
90 * PKIXCertPathChecker} is able to process.
92 * @return the list of extensions of X.509 certificates that this {@code
93 * PKIXCertPathChecker} is able to process, or {@code null} if there
96 public abstract Set<String> getSupportedExtensions();
99 * Checks the specified certificate and removes the processed critical
100 * extensions from the specified list of X.509 extension <i>OID</i>s.
104 * @param unresolvedCritExts
105 * the list of critical X.509 extension OID strings.
106 * @throws CertPathValidatorException
107 * if check(s) fail on the specified certificate.
109 public abstract void check(Certificate cert, Collection<String> unresolvedCritExts)
110 throws CertPathValidatorException;