Parameters used as input for the PKIX
CertPathValidator
algorithm.
A PKIX CertPathValidator
uses these parameters to
validate a CertPath
according to the PKIX certification path
validation algorithm.
To instantiate a PKIXParameters
object, an
application must specify one or more most-trusted CAs as defined by
the PKIX certification path validation algorithm. The most-trusted CAs
can be specified using one of two constructors. An application
can call PKIXParameters(Set)
,
specifying a Set
of TrustAnchor
objects, each
of which identify a most-trusted CA. Alternatively, an application can call
PKIXParameters(KeyStore)
, specifying a
KeyStore
instance containing trusted certificate entries, each
of which will be considered as a most-trusted CA.
Once a PKIXParameters
object has been created, other parameters
can be specified (by calling setInitialPolicies
or setDate
, for instance) and then the
PKIXParameters
is passed along with the CertPath
to be validated to CertPathValidator.validate
.
Any parameter that is not set (or is set to null
) will
be set to the default value for that parameter. The default value for the
date
parameter is null
, which indicates
the current time when the path is validated. The default for the
remaining parameters is the least constrained.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not
thread-safe. Multiple threads that need to access a single
object concurrently should synchronize amongst themselves and
provide the necessary locking. Multiple threads each manipulating
separate objects need not synchronize.