All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.x509.ExtendedPKIXBuilderParameters Maven / Gradle / Ivy

Go to download

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.4.

There is a newer version: 1.79
Show newest version
package org.bouncycastle.x509;

import org.bouncycastle.util.Selector;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

/**
 * This class contains extended parameters for PKIX certification path builders.
 * 
 * @see java.security.cert.PKIXBuilderParameters
 * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
 */
public class ExtendedPKIXBuilderParameters extends ExtendedPKIXParameters
{

    private int maxPathLength = 5;

    private Set excludedCerts = Collections.EMPTY_SET;

    /**
     * Excluded certificates are not used for building a certification path.
     * 

* The returned set is immutable. * * @return Returns the excluded certificates. */ public Set getExcludedCerts() { return Collections.unmodifiableSet(excludedCerts); } /** * Sets the excluded certificates which are not used for building a * certification path. If the Set is null an * empty set is assumed. *

* The given set is cloned to protect it against subsequent modifications. * * @param excludedCerts The excluded certificates to set. */ public void setExcludedCerts(Set excludedCerts) { if (excludedCerts == null) { excludedCerts = Collections.EMPTY_SET; } else { this.excludedCerts = new HashSet(excludedCerts); } } /** * Creates an instance of PKIXBuilderParameters with the * specified Set of most-trusted CAs. Each element of the set * is a {@link TrustAnchor TrustAnchor}. * *

* Note that the Set is copied to protect against subsequent * modifications. * * @param trustAnchors a Set of TrustAnchors * @param targetConstraints a Selector specifying the * constraints on the target certificate or attribute * certificate. * @throws InvalidAlgorithmParameterException if trustAnchors * is empty. * @throws NullPointerException if trustAnchors is * null * @throws ClassCastException if any of the elements of * trustAnchors is not of type * java.security.cert.TrustAnchor */ public ExtendedPKIXBuilderParameters(Set trustAnchors, Selector targetConstraints) throws InvalidAlgorithmParameterException { super(trustAnchors); setTargetConstraints(targetConstraints); } /** * Sets the maximum number of intermediate non-self-issued certificates in a * certification path. The PKIX CertPathBuilder must not * build paths longer then this length. *

* A value of 0 implies that the path can only contain a single certificate. * A value of -1 does not limit the length. The default length is 5. * *

* * The basic constraints extension of a CA certificate overrides this value * if smaller. * * @param maxPathLength the maximum number of non-self-issued intermediate * certificates in the certification path * @throws InvalidParameterException if maxPathLength is set * to a value less than -1 * * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi * @see #getMaxPathLength */ public void setMaxPathLength(int maxPathLength) { if (maxPathLength < -1) { throw new InvalidParameterException("The maximum path " + "length parameter can not be less than -1."); } this.maxPathLength = maxPathLength; } /** * Returns the value of the maximum number of intermediate non-self-issued * certificates in the certification path. * * @return the maximum number of non-self-issued intermediate certificates * in the certification path, or -1 if no limit exists. * * @see #setMaxPathLength(int) */ public int getMaxPathLength() { return maxPathLength; } /** * Can alse handle ExtendedPKIXBuilderParameters and * PKIXBuilderParameters. * * @param params Parameters to set. * @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters) */ protected void setParams(PKIXParameters params) { super.setParams(params); if (params instanceof ExtendedPKIXBuilderParameters) { ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params; maxPathLength = _params.maxPathLength; excludedCerts = new HashSet(_params.excludedCerts); } if (params instanceof PKIXBuilderParameters) { PKIXBuilderParameters _params = (PKIXBuilderParameters) params; maxPathLength = _params.getMaxPathLength(); } } /** * Makes a copy of this PKIXParameters object. Changes to the * copy will not affect the original and vice versa. * * @return a copy of this PKIXParameters object */ public Object clone() { ExtendedPKIXBuilderParameters params = null; try { params = new ExtendedPKIXBuilderParameters(getTrustAnchors(), getTargetConstraints()); } catch (Exception e) { // cannot happen throw new RuntimeException(e.getMessage()); } params.setParams(this); return params; } /** * Returns an instance of ExtendedPKIXParameters which can be * safely casted to ExtendedPKIXBuilderParameters. *

* This method can be used to get a copy from other * PKIXBuilderParameters, PKIXParameters, * and ExtendedPKIXParameters instances. * * @param pkixParams The PKIX parameters to create a copy of. * @return An ExtendedPKIXBuilderParameters instance. */ public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) { ExtendedPKIXBuilderParameters params; try { params = new ExtendedPKIXBuilderParameters(pkixParams .getTrustAnchors(), X509CertStoreSelector .getInstance((X509CertSelector) pkixParams .getTargetCertConstraints())); } catch (Exception e) { // cannot happen throw new RuntimeException(e.getMessage()); } params.setParams(pkixParams); return params; } }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy