CertPathPKIXTrustEvaluator (Shibboleth Identity Provider 2.3.0 API)

java.lang.Object
- org.opensaml.xml.security.x509.CertPathPKIXTrustEvaluator

すべての実装されたインタフェース:

PKIXTrustEvaluator
```
public class CertPathPKIXTrustEvaluator
extends Object
implements PKIXTrustEvaluator
```
An implementation of PKIXTrustEvaluator that is based on the Java CertPath API.

コンストラクタの概要

コンストラクタ
コンストラクタと説明

CertPathPKIXTrustEvaluator()
Constructor.

CertPathPKIXTrustEvaluator(PKIXValidationOptions newOptions)
Constructor.

コンストラクタ
コンストラクタと説明
`CertPathPKIXTrustEvaluator()` Constructor.
`CertPathPKIXTrustEvaluator(PKIXValidationOptions newOptions)` Constructor.

メソッドの概要

メソッド
修飾子とタイプ	メソッドと説明
`protected void`	`addCRLsToStoreMaterial(List<Object> storeMaterial, Collection<X509CRL> crls, Date now)` Add CRL's from the specified collection to the list of certs and CRL's being collected for the CertStore.
`protected CertStore`	`buildCertStore(PKIXValidationInformation validationInfo, X509Credential untrustedCredential)` Creates the certificate store that will be used during validation.
`protected TrustAnchor`	`buildTrustAnchor(X509Certificate cert)` Build a trust anchor from the given X509 certificate.
`protected Integer`	`getEffectiveVerificationDepth(PKIXValidationInformation validationInfo)` Get the effective maximum path depth to use when constructing PKIX cert path builder parameters.
`protected PKIXBuilderParameters`	`getPKIXBuilderParameters(PKIXValidationInformation validationInfo, X509Credential untrustedCredential)` Creates the set of PKIX builder parameters to use when building the cert path builder.
`PKIXValidationOptions`	`getPKIXValidationOptions()` Get the `PKIXValidationOptions` instance that is in use.
`protected Set<TrustAnchor>`	`getTrustAnchors(PKIXValidationInformation validationInfo)` Creates the collection of trust anchors to use during validation.
`X500DNHandler`	`getX500DNHandler()` Get the handler which process X.500 distinguished names.
`void`	`setPKIXValidationOptions(PKIXValidationOptions newOptions)` Set the desired PKIX validation options set.
`void`	`setX500DNHandler(X500DNHandler handler)` Set the handler which process X.500 distinguished names.
`protected boolean`	`storeContainsCRLs(CertStore certStore)` Determine whether there are any CRL's in the `CertStore` that is to be used.
`boolean`	`validate(PKIXValidationInformation validationInfo, X509Credential untrustedCredential)` Validate the specified credential against the specified set of trusted validation information.

クラスから継承されたメソッド java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- コンストラクタの詳細
  - CertPathPKIXTrustEvaluator
```
public CertPathPKIXTrustEvaluator()
```
    Constructor.
  - CertPathPKIXTrustEvaluator
```
public CertPathPKIXTrustEvaluator(PKIXValidationOptions newOptions)
```
    Constructor.
    
    パラメータ:
    newOptions - PKIX validation options
- メソッドの詳細
  - getPKIXValidationOptions
```
public PKIXValidationOptions getPKIXValidationOptions()
```
    Get the PKIXValidationOptions instance that is in use.
    
    定義:
    
    getPKIXValidationOptions インタフェース内 PKIXTrustEvaluator
    
    戻り値:
    the PKIXValidationOptions instance
  - setPKIXValidationOptions
```
public void setPKIXValidationOptions(PKIXValidationOptions newOptions)
```
    Set the desired PKIX validation options set.
    
    パラメータ:
    newOptions - the new set of options
  - getX500DNHandler
```
public X500DNHandler getX500DNHandler()
```
    Get the handler which process X.500 distinguished names. Defaults to InternalX500DNHandler.
    
    戻り値:
    returns the X500DNHandler instance
  - setX500DNHandler
```
public void setX500DNHandler(X500DNHandler handler)
```
    Set the handler which process X.500 distinguished names. Defaults to InternalX500DNHandler.
    
    パラメータ:
    handler - the new X500DNHandler instance
  - validate
```
public boolean validate(PKIXValidationInformation validationInfo,
               X509Credential untrustedCredential)
                 throws SecurityException
```
    Validate the specified credential against the specified set of trusted validation information.
    
    定義:
    
    validate インタフェース内 PKIXTrustEvaluator
    
    パラメータ:
    validationInfo - the set of trusted validation information
    untrustedCredential - the credential being evaluated
    
    戻り値:
    true if the credential can be successfully evaluated, false otherwise
    
    例外:
    
    SecurityException - thrown if there is an error evaluating the credential
  - getPKIXBuilderParameters
```
protected PKIXBuilderParameters getPKIXBuilderParameters(PKIXValidationInformation validationInfo,
                                             X509Credential untrustedCredential)
                                                  throws GeneralSecurityException
```
    Creates the set of PKIX builder parameters to use when building the cert path builder.
    
    パラメータ:
    validationInfo - PKIX validation information
    untrustedCredential - credential to be validated
    
    戻り値:
    PKIX builder params
    
    例外:
    
    GeneralSecurityException - thrown if the parameters can not be created
  - storeContainsCRLs
```
protected boolean storeContainsCRLs(CertStore certStore)
```
    Determine whether there are any CRL's in the CertStore that is to be used.
    
    パラメータ:
    certStore - the cert store that will be used for validation
    
    戻り値:
    true if the store contains at least 1 CRL instance, false otherwise
  - getEffectiveVerificationDepth
```
protected Integer getEffectiveVerificationDepth(PKIXValidationInformation validationInfo)
```
    Get the effective maximum path depth to use when constructing PKIX cert path builder parameters.
    
    パラメータ:
    validationInfo - PKIX validation information
    
    戻り値:
    the effective max verification depth to use
  - getTrustAnchors
```
protected Set<TrustAnchor> getTrustAnchors(PKIXValidationInformation validationInfo)
```
    Creates the collection of trust anchors to use during validation.
    
    パラメータ:
    validationInfo - PKIX validation information
    
    戻り値:
    trust anchors to use during validation
  - buildTrustAnchor
```
protected TrustAnchor buildTrustAnchor(X509Certificate cert)
```
    Build a trust anchor from the given X509 certificate. This could for example be extended by subclasses to add custom name constraints, if desired.
    
    パラメータ:
    cert - the certificate which serves as the trust anchor
    
    戻り値:
    the newly constructed TrustAnchor
  - buildCertStore
```
protected CertStore buildCertStore(PKIXValidationInformation validationInfo,
                       X509Credential untrustedCredential)
                            throws GeneralSecurityException
```
    Creates the certificate store that will be used during validation.
    
    パラメータ:
    validationInfo - PKIX validation information
    untrustedCredential - credential to be validated
    
    戻り値:
    certificate store used during validation
    
    例外:
    
    GeneralSecurityException - thrown if the certificate store can not be created from the cert and CRL material
  - addCRLsToStoreMaterial
```
protected void addCRLsToStoreMaterial(List<Object> storeMaterial,
                          Collection<X509CRL> crls,
                          Date now)
```
    Add CRL's from the specified collection to the list of certs and CRL's being collected for the CertStore.
    
    パラメータ:
    storeMaterial - list of certs and CRL's to be updated.
    crls - collection of CRL's to be processed
    now - current date/time

クラス CertPathPKIXTrustEvaluator

コンストラクタの概要

メソッドの概要

クラスから継承されたメソッド java.lang.Object

コンストラクタの詳細

CertPathPKIXTrustEvaluator

CertPathPKIXTrustEvaluator

メソッドの詳細

getPKIXValidationOptions

setPKIXValidationOptions

getX500DNHandler

setX500DNHandler

validate

getPKIXBuilderParameters

storeContainsCRLs

getEffectiveVerificationDepth

getTrustAnchors

buildTrustAnchor

buildCertStore

addCRLsToStoreMaterial