Example

This is an example of a stateless PKIXCertPathChecker implementation that checks if a private extension exists in a certificate and processes it according to some rules.

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import java.security.cert.PKIXCertPathChecker;
import java.security.cert.CertPathValidatorException;

public class MyChecker extends PKIXCertPathChecker {

private static Set supportedExtensions = Collections.singleton("2.16.840.1.113730.1.1");

/*
* Initialize checker
*/

public void init(boolean forward)
throws CertPathValidatorException {

// nothing to initialize
}


   public Set getSupportedExtensions() {        
	   return supportedExtensions;
   }


   public boolean isForwardCheckingSupported() {
	   return true;
   }


   /*
	* Check certificate for presence of Netscape's
	* private extension
	* with OID "2.16.840.1.113730.1.1"
	*/

   public void check(Certificate cert, 
					 Collection unresolvedCritExts)
					 throws CertPathValidatorException 
   {
	   X509Certificate xcert = (X509Certificate) cert;
	   byte[] ext = xcert.getExtensionValue("2.16.840.1.113730.1.1");

	   if (ext == null)
		   return;

	   // process private extension according to some 
	   // rules - if check fails, throw a 
	   // CertPathValidatorException ...
	   // {insert code here}

	   // remove extension from collection of unresolved
	   // extensions (if it exists)
	   if (unresolvedCritExts != null)
		   unresolvedCritExts.remove("2.16.840.1.113730.1.1");
   }

   }