org.bouncycastle.x509.ExtendedPKIXBuilderParameters Maven / Gradle / Ivy
Show all versions of bcprov-jdk14 Show documentation
package org.bouncycastle.x509;
import org.bouncycastle.util.Selector;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidParameterException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CertSelector;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
/**
* This class contains extended parameters for PKIX certification path builders.
*
* @see java.security.cert.PKIXBuilderParameters
* @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
*/
public class ExtendedPKIXBuilderParameters extends ExtendedPKIXParameters
{
private int maxPathLength = 5;
private Set excludedCerts = Collections.EMPTY_SET;
/**
* Excluded certificates are not used for building a certification path.
*
* The returned set is immutable.
*
* @return Returns the excluded certificates.
*/
public Set getExcludedCerts()
{
return Collections.unmodifiableSet(excludedCerts);
}
/**
* Sets the excluded certificates which are not used for building a
* certification path. If the Set
is null
an
* empty set is assumed.
*
* The given set is cloned to protect it against subsequent modifications.
*
* @param excludedCerts The excluded certificates to set.
*/
public void setExcludedCerts(Set excludedCerts)
{
if (excludedCerts == null)
{
excludedCerts = Collections.EMPTY_SET;
}
else
{
this.excludedCerts = new HashSet(excludedCerts);
}
}
/**
* Creates an instance of PKIXBuilderParameters
with the
* specified Set
of most-trusted CAs. Each element of the set
* is a {@link TrustAnchor TrustAnchor}.
*
*
* Note that the Set
is copied to protect against subsequent
* modifications.
*
* @param trustAnchors a Set
of TrustAnchor
s
* @param targetConstraints a Selector
specifying the
* constraints on the target certificate or attribute
* certificate.
* @throws InvalidAlgorithmParameterException if trustAnchors
* is empty.
* @throws NullPointerException if trustAnchors
is
* null
* @throws ClassCastException if any of the elements of
* trustAnchors
is not of type
* java.security.cert.TrustAnchor
*/
public ExtendedPKIXBuilderParameters(Set trustAnchors,
Selector targetConstraints)
throws InvalidAlgorithmParameterException
{
super(trustAnchors);
setTargetConstraints(targetConstraints);
}
/**
* Sets the maximum number of intermediate non-self-issued certificates in a
* certification path. The PKIX CertPathBuilder
must not
* build paths longer then this length.
*
* A value of 0 implies that the path can only contain a single certificate.
* A value of -1 does not limit the length. The default length is 5.
*
*
*
* The basic constraints extension of a CA certificate overrides this value
* if smaller.
*
* @param maxPathLength the maximum number of non-self-issued intermediate
* certificates in the certification path
* @throws InvalidParameterException if maxPathLength
is set
* to a value less than -1
*
* @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
* @see #getMaxPathLength
*/
public void setMaxPathLength(int maxPathLength)
{
if (maxPathLength < -1)
{
throw new InvalidParameterException("The maximum path "
+ "length parameter can not be less than -1.");
}
this.maxPathLength = maxPathLength;
}
/**
* Returns the value of the maximum number of intermediate non-self-issued
* certificates in the certification path.
*
* @return the maximum number of non-self-issued intermediate certificates
* in the certification path, or -1 if no limit exists.
*
* @see #setMaxPathLength(int)
*/
public int getMaxPathLength()
{
return maxPathLength;
}
/**
* Can alse handle ExtendedPKIXBuilderParameters
and
* PKIXBuilderParameters
.
*
* @param params Parameters to set.
* @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters)
*/
protected void setParams(PKIXParameters params)
{
super.setParams(params);
if (params instanceof ExtendedPKIXBuilderParameters)
{
ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params;
maxPathLength = _params.maxPathLength;
excludedCerts = new HashSet(_params.excludedCerts);
}
if (params instanceof PKIXBuilderParameters)
{
PKIXBuilderParameters _params = (PKIXBuilderParameters) params;
maxPathLength = _params.getMaxPathLength();
}
}
/**
* Makes a copy of this PKIXParameters
object. Changes to the
* copy will not affect the original and vice versa.
*
* @return a copy of this PKIXParameters
object
*/
public Object clone()
{
ExtendedPKIXBuilderParameters params = null;
try
{
params = new ExtendedPKIXBuilderParameters(getTrustAnchors(),
getTargetConstraints());
}
catch (Exception e)
{
// cannot happen
throw new RuntimeException(e.getMessage());
}
params.setParams(this);
return params;
}
/**
* Returns an instance of ExtendedPKIXParameters
which can be
* safely casted to ExtendedPKIXBuilderParameters
.
*
* This method can be used to get a copy from other
* PKIXBuilderParameters
, PKIXParameters
,
* and ExtendedPKIXParameters
instances.
*
* @param pkixParams The PKIX parameters to create a copy of.
* @return An ExtendedPKIXBuilderParameters
instance.
*/
public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
{
ExtendedPKIXBuilderParameters params;
try
{
params = new ExtendedPKIXBuilderParameters(pkixParams
.getTrustAnchors(), X509CertStoreSelector
.getInstance((X509CertSelector) pkixParams
.getTargetCertConstraints()));
}
catch (Exception e)
{
// cannot happen
throw new RuntimeException(e.getMessage());
}
params.setParams(pkixParams);
return params;
}
}