Parameters used as input for the PKIX {@code CertPathBuilder}algorithm.
A PKIX {@code CertPathBuilder} uses these parameters to {@link CertPathBuilder#build build} a {@code CertPath} which has beenvalidated according to the PKIX certification path validation algorithm.
To instantiate a {@code PKIXBuilderParameters} object, anapplication must specify one or more most-trusted CAs as defined by the PKIX certification path validation algorithm. The most-trusted CA can be specified using one of two constructors. An application can call {@link #PKIXBuilderParameters(Set,CertSelector) PKIXBuilderParameters(Set, CertSelector)}, specifying a {@code Set} of {@code TrustAnchor} objects, each of whichidentifies a most-trusted CA. Alternatively, an application can call {@link #PKIXBuilderParameters(KeyStore,CertSelector) PKIXBuilderParameters(KeyStore, CertSelector)}, specifying a {@code KeyStore} instance containing trusted certificate entries, eachof which will be considered as a most-trusted CA.
In addition, an application must specify constraints on the target certificate that the {@code CertPathBuilder} will attemptto build a path to. The constraints are specified as a {@code CertSelector} object. These constraints should provide the{@code CertPathBuilder} with enough search criteria to find the targetcertificate. Minimal criteria for an {@code X509Certificate} usuallyinclude the subject name and/or one or more subject alternative names. If enough criteria is not specified, the {@code CertPathBuilder}may throw a {@code CertPathBuilderException}.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
@see CertPathBuilder
@since 1.4
@author Sean Mullan