android-platform-libcore/luni/src/main/java/java/security/cert/PKIXCertPathChecker.java - nest-cam/4320010/android-platform-libcore - Git at Google

 /*
  *  Licensed to the Apache Software Foundation (ASF) under one or more
  *  contributor license agreements.  See the NOTICE file distributed with
  *  this work for additional information regarding copyright ownership.
  *  The ASF licenses this file to You under the Apache License, Version 2.0
  *  (the "License"); you may not use this file except in compliance with
  *  the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */

 package java.security.cert;

 import java.util.Collection;
 import java.util.Set;

 /**
  * The class specifying the interface to extend the certification path
  * validation algorithm by checks to perform on an {@code X509Certificate}.
  * <p>
  * The checks are added to a certification path validation using the
  * {@link PKIXParameters#setCertPathCheckers(java.util.List)
  * setCertPathCheckers} or
  * {@link PKIXBuilderParameters#addCertPathChecker(PKIXCertPathChecker)
  * addCertPathChecker} of the {@code PKIXParameters} and {@code
  * PKIXBuilderParameters} class respectively. The
  * {@link #check(Certificate, Collection) check} method will be called for each
  * certificate processed by a {@code CertPathBuilder} of {@code
  * CertPathValidator}.
  * <p>
  * A {@code PKIXCertPathChecker} implementation <u>must</u> support reverse
  * checking (from trusted CA to target) and <u>may</u> support forward checking
  * (from target to trusted CA). The return value of {@code
  * isForwardCheckingSupported} indicates whether forward checking is supported.
  */
 public abstract class PKIXCertPathChecker implements Cloneable {

     /**
      * Creates a new {@code PKIXCertPathChecker} instance.
      */
     protected PKIXCertPathChecker() {}

     /**
      * Clones this {@code PKIXCertPathChecker} instance.
      *
      * @return the cloned instance.
      */
     public Object clone() {
         try {
             return super.clone();
         } catch (CloneNotSupportedException e) {
             throw new AssertionError(e); // android-changed
         }
     }

     /**
      * Initializes this {@code PKIXCertPathChecker} instance for specified
      * <i>checking direction</i>.
      *
      * @param forward
      *            the direction of the certification path processing, {@code
      *            true} if the certificates are processed in forward direction
      *            (from target to trusted CA), {@code false} if processed in
      *            reverse direction (from trusted CA to target).
      * @throws CertPathValidatorException
      *             if initialization of this {@code PKIXCertPathChecker}
      *             instance fails, or if it cannot process certificates in the
      *             specified order.
      */
     public abstract void init(boolean forward)
         throws CertPathValidatorException;

     /**
      * Returns whether this {@code PKIXCertPathChecker} instance supports
      * <i>forward checking</i>.
      *
      * @return {@code true} if this {@code PKIXCertPathChecker} instance
      *         supports forward checking, otherwise {@code false}.
      */
     public abstract boolean isForwardCheckingSupported();

     /**
      * Returns the list of extensions of X.509 certificates that this {@code
      * PKIXCertPathChecker} is able to process.
      *
      * @return the list of extensions of X.509 certificates that this {@code
      *         PKIXCertPathChecker} is able to process, or {@code null} if there
      *         are none.
      */
     public abstract Set<String> getSupportedExtensions();

     /**
      * Checks the specified certificate and removes the processed critical
      * extensions from the specified list of X.509 extension <i>OID</i>s.
      *
      * @param cert
      *            the certificate.
      * @param unresolvedCritExts
      *            the list of critical X.509 extension OID strings.
      * @throws CertPathValidatorException
      *             if check(s) fail on the specified certificate.
      */
     public abstract void check(Certificate cert, Collection<String> unresolvedCritExts)
         throws CertPathValidatorException;
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package java.security.cert;

	import java.util.Collection;
	import java.util.Set;

	/**
	* The class specifying the interface to extend the certification path
	* validation algorithm by checks to perform on an {@code X509Certificate}.
	* <p>
	* The checks are added to a certification path validation using the
	* {@link PKIXParameters#setCertPathCheckers(java.util.List)
	* setCertPathCheckers} or
	* {@link PKIXBuilderParameters#addCertPathChecker(PKIXCertPathChecker)
	* addCertPathChecker} of the {@code PKIXParameters} and {@code
	* PKIXBuilderParameters} class respectively. The
	* {@link #check(Certificate, Collection) check} method will be called for each
	* certificate processed by a {@code CertPathBuilder} of {@code
	* CertPathValidator}.
	* <p>
	* A {@code PKIXCertPathChecker} implementation <u>must</u> support reverse
	* checking (from trusted CA to target) and <u>may</u> support forward checking
	* (from target to trusted CA). The return value of {@code
	* isForwardCheckingSupported} indicates whether forward checking is supported.
	*/
	public abstract class PKIXCertPathChecker implements Cloneable {

	/**
	* Creates a new {@code PKIXCertPathChecker} instance.
	*/
	protected PKIXCertPathChecker() {}

	/**
	* Clones this {@code PKIXCertPathChecker} instance.
	*
	* @return the cloned instance.
	*/
	public Object clone() {
	try {
	return super.clone();
	} catch (CloneNotSupportedException e) {
	throw new AssertionError(e); // android-changed
	}
	}

	/**
	* Initializes this {@code PKIXCertPathChecker} instance for specified
	* <i>checking direction</i>.
	*
	* @param forward
	* the direction of the certification path processing, {@code
	* true} if the certificates are processed in forward direction
	* (from target to trusted CA), {@code false} if processed in
	* reverse direction (from trusted CA to target).
	* @throws CertPathValidatorException
	* if initialization of this {@code PKIXCertPathChecker}
	* instance fails, or if it cannot process certificates in the
	* specified order.
	*/
	public abstract void init(boolean forward)
	throws CertPathValidatorException;

	/**
	* Returns whether this {@code PKIXCertPathChecker} instance supports
	* <i>forward checking</i>.
	*
	* @return {@code true} if this {@code PKIXCertPathChecker} instance
	* supports forward checking, otherwise {@code false}.
	*/
	public abstract boolean isForwardCheckingSupported();

	/**
	* Returns the list of extensions of X.509 certificates that this {@code
	* PKIXCertPathChecker} is able to process.
	*
	* @return the list of extensions of X.509 certificates that this {@code
	* PKIXCertPathChecker} is able to process, or {@code null} if there
	* are none.
	*/
	public abstract Set<String> getSupportedExtensions();

	/**
	* Checks the specified certificate and removes the processed critical
	* extensions from the specified list of X.509 extension <i>OID</i>s.
	*
	* @param cert
	* the certificate.
	* @param unresolvedCritExts
	* the list of critical X.509 extension OID strings.
	* @throws CertPathValidatorException
	* if check(s) fail on the specified certificate.
	*/
	public abstract void check(Certificate cert, Collection<String> unresolvedCritExts)
	throws CertPathValidatorException;
	}