org.bouncycastle.x509.ExtendedPKIXBuilderParameters Maven / Gradle / Ivy
Show all versions of bcprov-jdk14 Show documentation
package org.bouncycastle.x509; import org.bouncycastle.util.Selector; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidParameterException; import java.security.cert.PKIXBuilderParameters; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.security.cert.X509CertSelector; import java.util.Collections; import java.util.HashSet; import java.util.Set; /** * This class contains extended parameters for PKIX certification path builders. * * @see java.security.cert.PKIXBuilderParameters * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi * @deprecated use PKIXExtendedBuilderParameters */ public class ExtendedPKIXBuilderParameters extends ExtendedPKIXParameters { private int maxPathLength = 5; private Set excludedCerts = Collections.EMPTY_SET; /** * Excluded certificates are not used for building a certification path. *
is null an * empty set is assumed. ** The returned set is immutable. * * @return Returns the excluded certificates. */ public Set getExcludedCerts() { return Collections.unmodifiableSet(excludedCerts); } /** * Sets the excluded certificates which are not used for building a * certification path. If the Set
* The given set is cloned to protect it against subsequent modifications. * * @param excludedCerts The excluded certificates to set. */ public void setExcludedCerts(Set excludedCerts) { if (excludedCerts == null) { excludedCerts = Collections.EMPTY_SET; } else { this.excludedCerts = new HashSet(excludedCerts); } } /** * Creates an instance of PKIXBuilderParameters with the * specified Set of most-trusted CAs. Each element of the set * is a {@link TrustAnchor TrustAnchor}. * *
* Note that the Set is copied to protect against subsequent * modifications. * * @param trustAnchors a Set of TrustAnchors * @param targetConstraints a Selector specifying the * constraints on the target certificate or attribute * certificate. * @throws InvalidAlgorithmParameterException if trustAnchors * is empty. * @throws NullPointerException if trustAnchors is * null * @throws ClassCastException if any of the elements of * trustAnchors is not of type * java.security.cert.TrustAnchor */ public ExtendedPKIXBuilderParameters(Set trustAnchors, Selector targetConstraints) throws InvalidAlgorithmParameterException { super(trustAnchors); setTargetConstraints(targetConstraints); } /** * Sets the maximum number of intermediate non-self-issued certificates in a * certification path. The PKIX CertPathBuilder must not * build paths longer then this length. *
* A value of 0 implies that the path can only contain a single certificate. * A value of -1 does not limit the length. The default length is 5. * *
* * The basic constraints extension of a CA certificate overrides this value * if smaller. * * @param maxPathLength the maximum number of non-self-issued intermediate * certificates in the certification path * @throws InvalidParameterException if maxPathLength is set * to a value less than -1 * * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi * @see #getMaxPathLength */ public void setMaxPathLength(int maxPathLength) { if (maxPathLength < -1) { throw new InvalidParameterException("The maximum path " + "length parameter can not be less than -1."); } this.maxPathLength = maxPathLength; } /** * Returns the value of the maximum number of intermediate non-self-issued * certificates in the certification path. * * @return the maximum number of non-self-issued intermediate certificates * in the certification path, or -1 if no limit exists. * * @see #setMaxPathLength(int) */ public int getMaxPathLength() { return maxPathLength; } /** * Can alse handle ExtendedPKIXBuilderParameters and * PKIXBuilderParameters. * * @param params Parameters to set. * @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters) */ protected void setParams(PKIXParameters params) { super.setParams(params); if (params instanceof ExtendedPKIXBuilderParameters) { ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params; maxPathLength = _params.maxPathLength; excludedCerts = new HashSet(_params.excludedCerts); } if (params instanceof PKIXBuilderParameters) { PKIXBuilderParameters _params = (PKIXBuilderParameters) params; maxPathLength = _params.getMaxPathLength(); } } /** * Makes a copy of this PKIXParameters object. Changes to the * copy will not affect the original and vice versa. * * @return a copy of this PKIXParameters object */ public Object clone() { ExtendedPKIXBuilderParameters params = null; try { params = new ExtendedPKIXBuilderParameters(getTrustAnchors(), getTargetConstraints()); } catch (Exception e) { // cannot happen throw new RuntimeException(e.getMessage()); } params.setParams(this); return params; } /** * Returns an instance of ExtendedPKIXParameters which can be * safely casted to ExtendedPKIXBuilderParameters. *
* This method can be used to get a copy from other * PKIXBuilderParameters, PKIXParameters, * and ExtendedPKIXParameters instances. * * @param pkixParams The PKIX parameters to create a copy of. * @return An ExtendedPKIXBuilderParameters instance. */ public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) { ExtendedPKIXBuilderParameters params; try { params = new ExtendedPKIXBuilderParameters(pkixParams .getTrustAnchors(), X509CertStoreSelector .getInstance((X509CertSelector) pkixParams .getTargetCertConstraints())); } catch (Exception e) { // cannot happen throw new RuntimeException(e.getMessage()); } params.setParams(pkixParams); return params; } }