public final class AlgorithmChecker extends PKIXCertPathChecker
PKIXCertPathChecker implementation to check whether a
specified certificate contains the required algorithm constraints.
Certificate fields such as the subject public key, the signature algorithm, key usage, extended key usage, etc. need to conform to the specified algorithm constraints.
PKIXCertPathChecker,
PKIXParameters| 限定符和类型 | 字段和说明 |
|---|---|
private TrustAnchor |
anchor |
private static sun.security.util.DisabledAlgorithmConstraints |
certPathDefaultConstraints |
private AlgorithmConstraints |
constraints |
private Date |
date |
private static sun.security.util.Debug |
debug |
private static Set<CryptoPrimitive> |
KU_PRIMITIVE_SET |
private PublicKey |
prevPubKey |
private static Set<CryptoPrimitive> |
SIGNATURE_PRIMITIVE_SET |
private PublicKey |
trustedPubKey |
private String |
variant |
| 构造器和说明 |
|---|
AlgorithmChecker(AlgorithmConstraints constraints,
String variant)
Create a new
AlgorithmChecker with the given
AlgorithmConstraints and String variant. |
AlgorithmChecker(TrustAnchor anchor,
AlgorithmConstraints constraints,
Date date,
String variant)
Create a new
AlgorithmChecker with the
given TrustAnchor, AlgorithmConstraints, Date,
and String variant. |
AlgorithmChecker(TrustAnchor anchor,
Date pkixdate,
String variant)
Create a new
AlgorithmChecker with the given TrustAnchor,
PKIXParameter date, and varient |
AlgorithmChecker(TrustAnchor anchor,
String variant)
Create a new
AlgorithmChecker with the given
TrustAnchor and String variant. |
| 限定符和类型 | 方法和说明 |
|---|---|
void |
check(Certificate cert,
Collection<String> unresolvedCritExts) |
(专用程序包) static void |
check(PublicKey key,
sun.security.x509.AlgorithmId algorithmId,
String variant,
TrustAnchor anchor)
Check the signature algorithm with the specified public key.
|
(专用程序包) static void |
check(PublicKey key,
X509CRL crl,
String variant,
TrustAnchor anchor)
Check the signature algorithm with the specified public key.
|
Set<String> |
getSupportedExtensions() |
void |
init(boolean forward) |
boolean |
isForwardCheckingSupported() |
(专用程序包) void |
trySetTrustAnchor(TrustAnchor anchor)
Try to set the trust anchor of the checker.
|
check, cloneprivate static final sun.security.util.Debug debug
private final AlgorithmConstraints constraints
private final PublicKey trustedPubKey
private final Date date
private PublicKey prevPubKey
private final String variant
private TrustAnchor anchor
private static final Set<CryptoPrimitive> SIGNATURE_PRIMITIVE_SET
private static final Set<CryptoPrimitive> KU_PRIMITIVE_SET
private static final sun.security.util.DisabledAlgorithmConstraints certPathDefaultConstraints
public AlgorithmChecker(TrustAnchor anchor, String variant)
AlgorithmChecker with the given
TrustAnchor and String variant.anchor - the trust anchor selected to validate the target
certificatevariant - the Validator variant of the operation. A null value
passed will set it to Validator.GENERIC.public AlgorithmChecker(AlgorithmConstraints constraints, String variant)
AlgorithmChecker with the given
AlgorithmConstraints and String variant.
Note that this constructor can initialize a variation of situations where
the AlgorithmConstraints or Variant maybe known.constraints - the algorithm constraints (or null)variant - the Validator variant of the operation. A null value
passed will set it to Validator.GENERIC.public AlgorithmChecker(TrustAnchor anchor, AlgorithmConstraints constraints, Date date, String variant)
AlgorithmChecker with the
given TrustAnchor, AlgorithmConstraints, Date,
and String variant.anchor - the trust anchor selected to validate the target
certificateconstraints - the algorithm constraints (or null)date - the date specified by the PKIXParameters date, or the
JAR timestamp if jar files are being validated and the
JAR is timestamped. May be null if no timestamp or
PKIXParameter date is set.variant - the Validator variant of the operation. A null value
passed will set it to Validator.GENERIC.public AlgorithmChecker(TrustAnchor anchor, Date pkixdate, String variant)
AlgorithmChecker with the given TrustAnchor,
PKIXParameter date, and varientanchor - the trust anchor selected to validate the target
certificatepkixdate - Date the constraints are checked against. The value is
either the PKIXParameters date or null for the current date.variant - the Validator variant of the operation. A null value
passed will set it to Validator.GENERIC.public void init(boolean forward)
throws CertPathValidatorException
init 在接口中 CertPathCheckerinit 在类中 PKIXCertPathCheckerCertPathValidatorExceptionpublic boolean isForwardCheckingSupported()
isForwardCheckingSupported 在接口中 CertPathCheckerisForwardCheckingSupported 在类中 PKIXCertPathCheckerpublic void check(Certificate cert, Collection<String> unresolvedCritExts) throws CertPathValidatorException
check 在类中 PKIXCertPathCheckerCertPathValidatorExceptionvoid trySetTrustAnchor(TrustAnchor anchor)
If there is no trust anchor specified and the checker has not started, set the trust anchor.
anchor - the trust anchor selected to validate the target
certificatestatic void check(PublicKey key, X509CRL crl, String variant, TrustAnchor anchor) throws CertPathValidatorException
key - the public key to verify the CRL signaturecrl - the target CRLvariant - the Validator variant of the operation. A null value
passed will set it to Validator.GENERIC.anchor - the trust anchor selected to validate the CRL issuerCertPathValidatorExceptionstatic void check(PublicKey key, sun.security.x509.AlgorithmId algorithmId, String variant, TrustAnchor anchor) throws CertPathValidatorException
key - the public key to verify the CRL signaturealgorithmId - signature algorithm Algorithm IDvariant - the Validator variant of the operation. A null
value passed will set it to Validator.GENERIC.anchor - the trust anchor selected to validate the public keyCertPathValidatorExceptionCopyright © 2023. All rights reserved.