aboutsummaryrefslogtreecommitdiffstats
path: root/libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java
diff options
context:
space:
mode:
Diffstat (limited to 'libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java')
-rw-r--r--libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java770
1 files changed, 770 insertions, 0 deletions
diff --git a/libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java b/libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java
new file mode 100644
index 000000000..3c55d7e49
--- /dev/null
+++ b/libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java
@@ -0,0 +1,770 @@
+package java.security.cert;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * Parameters used as input for the PKIX CertPathValidator algorithm.<br />
+ * <br />
+ * A PKIX <code>CertPathValidator</code> uses these parameters to validate a
+ * <code>CertPath</code> according to the PKIX certification path validation
+ * algorithm.<br />
+ * <br />
+ * To instantiate a <code>PKIXParameters</code> object, an application must specify
+ * one or more <i>most-trusted CAs</i> as defined by the PKIX certification
+ * path validation algorithm. The most-trusted CAs can be specified
+ * using one of two constructors. An application can call
+ * {@link #PKIXParameters(Set)}, specifying a Set of <code>TrustAnchor</code> objects, each
+ * of which identify a most-trusted CA. Alternatively, an application
+ * can call {@link #PKIXParameters(KeyStore)}, specifying a <code>KeyStore</code> instance
+ * containing trusted certificate entries, each of which will be
+ * considered as a most-trusted CA.<br />
+ * <br />
+ * Once a <code>PKIXParameters</code> object has been created, other parameters can
+ * be specified (by calling {@link #setInitialPolicies} or {@link #setDate}, for
+ * instance) and then the <code>PKIXParameters</code> is passed along with the
+ * <code>CertPath</code> to be validated to {@link CertPathValidator#validate}.<br />
+ * <br />
+ * Any parameter that is not set (or is set to null) will be set to the
+ * default value for that parameter. The default value for the date
+ * parameter is null, which indicates the current time when the path is
+ * validated. The default for the remaining parameters is the least
+ * constrained.<br />
+ * <br />
+ * <b>Concurrent Access</b><br />
+ * <br />
+ * Unless otherwise specified, the methods defined in this class are
+ * not thread-safe. Multiple threads that need to access a single
+ * object concurrently should synchronize amongst themselves and
+ * provide the necessary locking. Multiple threads each manipulating
+ * separate objects need not synchronize.
+ *
+ * @see CertPathValidator
+ **/
+public class PKIXParameters implements CertPathParameters {
+ private Set trustAnchors;
+ private Set initialPolicies = new HashSet();
+ private List certStores = new ArrayList();
+ private CertSelector certSelector;
+ private List certPathCheckers = new ArrayList();
+ private boolean revocationEnabled = true;
+ private boolean explicitPolicyRequired = false;
+ private boolean policyMappingInhibited = false;
+ private boolean anyPolicyInhibited = false;
+ private boolean policyQualifiersRejected = true;
+ private Date date;
+ private String sigProvider;
+
+ /**
+ * Creates an instance of PKIXParameters with the specified
+ * Set of most-trusted CAs. Each element of the set is a
+ * TrustAnchor.<br />
+ * <br />
+ * Note that the Set is copied to protect against subsequent
+ * modifications.
+ *
+ * @param trustAnchors a Set of TrustAnchors
+ *
+ * @exception InvalidAlgorithmParameterException if the
+ * specified Set is empty <code>(trustAnchors.isEmpty() == true)</code>
+ * @exception NullPointerException if the specified Set is <code>null</code>
+ * @exception ClassCastException if any of the elements in the
+ * Set are not of type
+ * <code>java.security.cert.TrustAnchor</code>
+ **/
+ public PKIXParameters(Set trustAnchors)
+ throws InvalidAlgorithmParameterException
+ {
+ setTrustAnchors( trustAnchors );
+ }
+
+ /**
+ * Creates an instance of PKIXParameters that populates the
+ * set of most-trusted CAs from the trusted certificate
+ * entries contained in the specified KeyStore. Only keystore
+ * entries that contain trusted X509Certificates are
+ * considered; all other certificate types are ignored.
+ *
+ * @param keystore a KeyStore from which the set of
+ * most-trusted CAs will be populated
+ *
+ * @exception KeyStoreException if the keystore has not been
+ * initialized
+ * @exception InvalidAlgorithmParameterException if the keystore
+ * does not contain at least one trusted certificate entry
+ * @exception NullPointerException if the keystore is null
+ **/
+ public PKIXParameters(KeyStore keystore)
+ throws KeyStoreException,
+ InvalidAlgorithmParameterException
+ {
+ if ( keystore == null )
+ throw new NullPointerException( "the keystore parameter must be non-null" );
+
+ Set trustAnchors = new HashSet();
+ String alias;
+ Certificate cert;
+ Enumeration enum = keystore.aliases();
+ while ( enum.hasMoreElements() ) {
+ alias = (String)enum.nextElement();
+ if ( keystore.isCertificateEntry( alias ) ) {
+ cert = keystore.getCertificate( alias );
+ if ( cert instanceof X509Certificate )
+ trustAnchors.add( new TrustAnchor( (X509Certificate)cert, null ) );
+ }
+ }
+ setTrustAnchors( trustAnchors );
+ }
+
+ /**
+ * Returns an immutable Set of the most-trusted CAs.
+ *
+ * @return an immutable <code>Set</code> of
+ * <code>TrustAnchors</code> (never <code>null</code>)
+ *
+ * @see #setTrustAnchors
+ **/
+ public Set getTrustAnchors()
+ {
+ return Collections.unmodifiableSet(trustAnchors);
+ }
+
+ /**
+ * Sets the Set of most-trusted CAs.<br />
+ * <br />
+ * Note that the Set is copied to protect against subsequent
+ * modifications.<br />
+ * <br />
+ * @param trustAnchors a Set of TrustAnchors
+ *
+ * @exception InvalidAlgorithmParameterException if the specified Set is empty <code>(trustAnchors.isEmpty() == true)</code>
+ * @exception NullPointerException if the specified Set is <code>null</code>
+ * @exception ClassCastException if any of the elements in
+ * the set are not of type java.security.cert.TrustAnchor
+ *
+ * @see #getTrustAnchors
+ **/
+ public void setTrustAnchors(Set trustAnchors)
+ throws InvalidAlgorithmParameterException
+ {
+ if ( trustAnchors == null )
+ throw new NullPointerException("the trustAnchors parameter must be non-null");
+ if ( trustAnchors.isEmpty() )
+ throw new InvalidAlgorithmParameterException("the trustAnchors parameter must be non-empty");
+
+ Iterator iter = trustAnchors.iterator();
+ TrustAnchor obj;
+ this.trustAnchors = new HashSet();
+ while( iter.hasNext() ) {
+ obj = (TrustAnchor)iter.next();
+ if ( obj != null ) {
+ this .trustAnchors.add( obj );
+ }
+ }
+ }
+
+ /**
+ * Returns an immutable Set of initial policy identifiers (OID
+ * strings), indicating that any one of these policies would
+ * be acceptable to the certificate user for the purposes of
+ * certification path processing. The default return value is
+ * an empty <code>Set</code>, which is interpreted as meaning that any
+ * policy would be acceptable.
+ *
+ * @return an immutable <code>Set</code> of initial policy
+ * OIDs in String format, or an empty <code>Set</code> (implying any policy
+ * is acceptable). Never returns <code>null</code>.
+ *
+ * @see #setInitialPolicies(java.util.Set)
+ **/
+ public Set getInitialPolicies()
+ {
+ Set returnSet = initialPolicies;
+ if ( initialPolicies == null )
+ returnSet = new HashSet();
+
+ return Collections.unmodifiableSet( returnSet );
+ }
+
+ /**
+ * Sets the <code>Set</code> of initial policy identifiers (OID strings),
+ * indicating that any one of these policies would be
+ * acceptable to the certificate user for the purposes of
+ * certification path processing. By default, any policy is
+ * acceptable (i.e. all policies), so a user that wants to
+ * allow any policy as acceptable does not need to call this
+ * method, or can call it with an empty <code>Set</code> (or <code>null</code>).<br />
+ * <br />
+ * Note that the Set is copied to protect against subsequent
+ * modifications.<br />
+ * <br />
+ * @param initialPolicies a Set of initial policy OIDs in String format (or <code>null</code>)
+ *
+ * @exception ClassCastException if any of the elements in the
+ * set are not of type String
+ *
+ * @see #getInitialPolicies()
+ **/
+ public void setInitialPolicies(Set initialPolicies)
+ {
+ if ( initialPolicies == null || initialPolicies.isEmpty() )
+ {
+ this.initialPolicies = null;
+ }
+ else
+ {
+ Iterator iter = initialPolicies.iterator();
+ this.initialPolicies = new HashSet();
+ String obj;
+ while ( iter.hasNext() )
+ {
+ obj = (String)iter.next();
+ if ( obj != null ) {
+ this.initialPolicies.add( obj );
+ }
+ }
+ }
+ }
+
+ /**
+ * Sets the list of CertStores to be used in finding
+ * certificates and CRLs. May be null, in which case no
+ * CertStores will be used. The first CertStores in the list
+ * may be preferred to those that appear later.<br />
+ * <br />
+ * Note that the List is copied to protect against subsequent
+ * modifications.<br />
+ * <br />
+ * @param stores a List of CertStores (or <code>null</code>)
+ *
+ * @exception ClassCastException if any of the elements in the
+ * list are not of type <code>java.security.cert.CertStore</code>
+ *
+ * @see #getCertStores()
+ **/
+ public void setCertStores(List stores)
+ {
+ certStores = new ArrayList();
+ if ( stores != null && ! stores.isEmpty() )
+ {
+ Iterator iter = stores.iterator();
+ CertStore obj;
+ while ( iter.hasNext() )
+ {
+ obj = (CertStore)iter.next();
+ if ( obj != null )
+ {
+ certStores.add( obj );
+ }
+ }
+ }
+ }
+
+ /**
+ * Adds a CertStore to the end of the list of CertStores used
+ * in finding certificates and CRLs.
+ *
+ * @param store the <code>CertStore</code> to add. If
+ * <code>null</code<, the store is ignored (not added to
+ * list).
+ **/
+ public void addCertStore(CertStore store)
+ {
+ if ( store != null )
+ certStores.add( store );
+ }
+
+ /**
+ * Returns an immutable List of CertStores that are used to
+ * find certificates and CRLs.
+ *
+ * @return an immutable List of CertStores (may be empty, but never <code>null</code>)
+ *
+ * @see #setCertStores(java.util.List)
+ **/
+ public List getCertStores()
+ {
+ return Collections.unmodifiableList(certStores);
+ }
+
+ /**
+ * Sets the RevocationEnabled flag. If this flag is true, the default
+ * revocation checking mechanism of the underlying PKIX service provider
+ * will be used. If this flag is false, the default revocation checking
+ * mechanism will be disabled (not used).<br />
+ * <br />
+ * When a <code>PKIXParameters</code> object is created, this flag is set
+ * to true. This setting reflects the most common strategy for checking
+ * revocation, since each service provider must support revocation
+ * checking to be PKIX compliant. Sophisticated applications should set
+ * this flag to false when it is not practical to use a PKIX service
+ * provider's default revocation checking mechanism or when an alternative
+ * revocation checking mechanism is to be substituted (by also calling the
+ * {@link #addCertPathChecker addCertPathChecker} or {@link
+ * #setCertPathCheckers setCertPathCheckers} methods).
+ *
+ * @param val the new value of the RevocationEnabled flag
+ **/
+ public void setRevocationEnabled(boolean val)
+ {
+ revocationEnabled = val;
+ }
+
+ /**
+ * Checks the RevocationEnabled flag. If this flag is true,
+ * the default revocation checking mechanism of the underlying
+ * PKIX service provider will be used. If this flag is false,
+ * the default revocation checking mechanism will be disabled
+ * (not used). See the setRevocationEnabled method for more
+ * details on setting the value of this flag.
+ *
+ * @return the current value of the RevocationEnabled flag
+ **/
+ public boolean isRevocationEnabled()
+ {
+ return revocationEnabled;
+ }
+
+ /**
+ * Sets the ExplicitPolicyRequired flag. If this flag is true,
+ * an acceptable policy needs to be explicitly identified in
+ * every certificate. By default, the ExplicitPolicyRequired
+ * flag is false.
+ *
+ * @param val true if explicit policy is to be required, false
+ * otherwise
+ **/
+ public void setExplicitPolicyRequired(boolean val)
+ {
+ explicitPolicyRequired = val;
+ }
+
+ /**
+ * Checks if explicit policy is required. If this flag is
+ * true, an acceptable policy needs to be explicitly
+ * identified in every certificate. By default, the
+ * ExplicitPolicyRequired flag is false.
+ *
+ * @return true if explicit policy is required, false otherwise
+ **/
+ public boolean isExplicitPolicyRequired()
+ {
+ return explicitPolicyRequired;
+ }
+
+ /**
+ * Sets the PolicyMappingInhibited flag. If this flag is true,
+ * policy mapping is inhibited. By default, policy mapping is
+ * not inhibited (the flag is false).
+ *
+ * @param val true if policy mapping is to be inhibited, false otherwise
+ **/
+ public void setPolicyMappingInhibited(boolean val)
+ {
+ policyMappingInhibited = val;
+ }
+
+ /**
+ * Checks if policy mapping is inhibited. If this flag is
+ * true, policy mapping is inhibited. By default, policy
+ * mapping is not inhibited (the flag is false).
+ *
+ * @return true if policy mapping is inhibited, false otherwise
+ **/
+ public boolean isPolicyMappingInhibited()
+ {
+ return policyMappingInhibited;
+ }
+
+ /**
+ * Sets state to determine if the any policy OID should be
+ * processed if it is included in a certificate. By default,
+ * the any policy OID is not inhibited ({@link #isAnyPolicyInhibited()}
+ * returns false).
+ *
+ * @return val - <code>true</code> if the any policy OID is to be inhibited, <code>false</code> otherwise
+ **/
+ public void setAnyPolicyInhibited(boolean val)
+ {
+ anyPolicyInhibited = val;
+ }
+
+ /**
+ * Checks whether the any policy OID should be processed if it
+ * is included in a certificate.
+ *
+ * @return <code>true</code> if the any policy OID is inhibited, <code>false</code> otherwise
+ **/
+ public boolean isAnyPolicyInhibited()
+ {
+ return anyPolicyInhibited;
+ }
+
+ /**
+ * Sets the PolicyQualifiersRejected flag. If this flag is
+ * true, certificates that include policy qualifiers in a
+ * certificate policies extension that is marked critical are
+ * rejected. If the flag is false, certificates are not
+ * rejected on this basis.<br />
+ * <br />
+ * When a <code>PKIXParameters</code> object is created, this flag is set
+ * to true. This setting reflects the most common (and
+ * simplest) strategy for processing policy
+ * qualifiers. Applications that want to use a more
+ * sophisticated policy must set this flag to false.<br />
+ * <br />
+ * Note that the PKIX certification path validation algorithm
+ * specifies that any policy qualifier in a certificate
+ * policies extension that is marked critical must be
+ * processed and validated. Otherwise the certification path
+ * must be rejected. If the policyQualifiersRejected flag is
+ * set to false, it is up to the application to validate all
+ * policy qualifiers in this manner in order to be PKIX
+ * compliant.
+ *
+ * @param qualifiersRejected the new value of the PolicyQualifiersRejected flag
+ *
+ * @see #getPolicyQualifiersRejected()
+ * @see PolicyQualifierInfo
+ **/
+ public void setPolicyQualifiersRejected(boolean qualifiersRejected)
+ {
+ policyQualifiersRejected = qualifiersRejected;
+ }
+
+ /**
+ * Gets the PolicyQualifiersRejected flag. If this flag is
+ * true, certificates that include policy qualifiers in a
+ * certificate policies extension that is marked critical are
+ * rejected. If the flag is false, certificates are not
+ * rejected on this basis.<br />
+ * <br />
+ * When a PKIXParameters object is created, this flag is set to
+ * true. This setting reflects the most common (and simplest)
+ * strategy for processing policy qualifiers. Applications that
+ * want to use a more sophisticated policy must set this flag
+ * to false.
+ *
+ * @return the current value of the PolicyQualifiersRejected flag
+ *
+ * @see #setPolicyQualifiersRejected(boolean)
+ **/
+ public boolean getPolicyQualifiersRejected()
+ {
+ return policyQualifiersRejected;
+ }
+
+ /**
+ * Returns the time for which the validity of the
+ * certification path should be determined. If null, the
+ * current time is used.<br />
+ * <br />
+ * Note that the Date returned is copied to protect against
+ * subsequent modifications.
+ *
+ * @return the Date, or <code>null</code> if not set
+ *
+ * @see #setDate(java.util.Date)
+ **/
+ public Date getDate()
+ {
+ if ( date == null )
+ return null;
+
+ return new Date( date.getTime() );
+ }
+
+ /**
+ * Sets the time for which the validity of the certification
+ * path should be determined. If null, the current time is
+ * used.<br />
+ * <br />
+ * Note that the Date supplied here is copied to protect
+ * against subsequent modifications.
+ *
+ * @param date the Date, or <code>null</code> for the current time
+ *
+ * @see #getDate()
+ **/
+ public void setDate(Date date)
+ {
+ if ( date == null )
+ this.date = null;
+ else
+ this.date = new Date( date.getTime() );
+ }
+
+ /**
+ * Sets a <code>List</code> of additional certification path checkers. If
+ * the specified List contains an object that is not a
+ * PKIXCertPathChecker, it is ignored.<br />
+ * <br />
+ * Each <code>PKIXCertPathChecker</code> specified implements additional
+ * checks on a certificate. Typically, these are checks to
+ * process and verify private extensions contained in
+ * certificates. Each <code>PKIXCertPathChecker</code> should be
+ * instantiated with any initialization parameters needed to
+ * execute the check.<br />
+ * <br />
+ * This method allows sophisticated applications to extend a
+ * PKIX <code>CertPathValidator</code> or <code>CertPathBuilder</code>. Each of the
+ * specified PKIXCertPathCheckers will be called, in turn, by
+ * a PKIX <code>CertPathValidator</code> or <code>CertPathBuilder</code> for each
+ * certificate processed or validated.<br />
+ * <br />
+ * Regardless of whether these additional PKIXCertPathCheckers
+ * are set, a PKIX <code>CertPathValidator</code> or <code>CertPathBuilder</code> must
+ * perform all of the required PKIX checks on each
+ * certificate. The one exception to this rule is if the
+ * RevocationEnabled flag is set to false (see the
+ * {@link #setRevocationEnabled(boolean) setRevocationEnabled} method).<br />
+ * <br />
+ * Note that the List supplied here is copied and each
+ * PKIXCertPathChecker in the list is cloned to protect against
+ * subsequent modifications.
+ *
+ * @param checkers a List of PKIXCertPathCheckers. May be
+ * null, in which case no additional checkers will be used.
+ * @exception ClassCastException if any of the elements in the
+ * list are not of type
+ * <code>java.security.cert.PKIXCertPathChecker</code>
+ * @see #getCertPathCheckers()
+ **/
+ public void setCertPathCheckers(List checkers)
+ {
+ certPathCheckers = new ArrayList();
+ if ( checkers == null )
+ return;
+ Iterator iter = checkers.iterator();
+ while ( iter.hasNext() )
+ certPathCheckers.add( (PKIXCertPathChecker)((PKIXCertPathChecker)iter.next()).clone() );
+ }
+
+ /**
+ * Returns the List of certification path checkers. The
+ * returned List is immutable, and each PKIXCertPathChecker in
+ * the List is cloned to protect against subsequent
+ * modifications.
+ *
+ * @return an immutable List of PKIXCertPathCheckers (may be empty, but not <code>null</code>)
+ *
+ * @see #setCertPathCheckers(java.util.List)
+ **/
+ public List getCertPathCheckers()
+ {
+ List checkers = new ArrayList();
+ Iterator iter = certPathCheckers.iterator();
+ while ( iter.hasNext() )
+ {
+ checkers.add( (PKIXCertPathChecker)((PKIXCertPathChecker)iter.next()).clone() );
+ }
+ return Collections.unmodifiableList(checkers);
+ }
+
+ /**
+ * Adds a PKIXCertPathChecker to the list of certification
+ * path checkers. See the {@link #setCertPathCheckers} method for more
+ * details.<br />
+ * <br />
+ * Note that the <code>PKIXCertPathChecker</code> is cloned to protect
+ * against subsequent modifications.
+ *
+ * @param checker a <code>PKIXCertPathChecker</code> to add
+ * to the list of checks. If <code>null</code>, the checker is
+ * ignored (not added to list).
+ **/
+ public void addCertPathChecker( PKIXCertPathChecker checker )
+ {
+ if ( checker != null )
+ {
+ certPathCheckers.add( checker.clone() );
+ }
+ }
+
+ /**
+ * Returns the signature provider's name, or <code>null</code> if not set.
+ *
+ * @return the signature provider's name (or <code>null</code>)
+ *
+ * @see #setSigProvider(java.lang.String)
+ **/
+ public String getSigProvider()
+ {
+ return sigProvider;
+ }
+
+ /**
+ * Sets the signature provider's name. The specified provider
+ * will be preferred when creating Signature objects. If null
+ * or not set, the first provider found supporting the
+ * algorithm will be used.
+ *
+ * @param sigProvider the signature provider's name (or <code>null</code>)
+ *
+ * @see #getSigProvider()
+ **/
+ public void setSigProvider(String sigProvider)
+ {
+ this.sigProvider = sigProvider;
+ }
+
+ /**
+ * Returns the required constraints on the target
+ * certificate. The constraints are returned as an instance of
+ * CertSelector. If <code>null</code>, no constraints are defined.<br />
+ * <br />
+ * Note that the CertSelector returned is cloned to protect
+ * against subsequent modifications.
+ *
+ * @return a CertSelector specifying the constraints on the target certificate (or <code>null</code>)
+ *
+ * @see #setTargetCertConstraints(java.security.cert.CertSelector)
+ **/
+ public CertSelector getTargetCertConstraints()
+ {
+ if ( certSelector == null )
+ return null;
+
+ return (CertSelector)certSelector.clone();
+ }
+
+ /**
+ * Sets the required constraints on the target
+ * certificate. The constraints are specified as an instance
+ * of CertSelector. If null, no constraints are defined.<br />
+ * <br />
+ * Note that the CertSelector specified is cloned to protect
+ * against subsequent modifications.
+ *
+ * @param selector a CertSelector specifying the constraints
+ * on the target certificate (or <code>null</code>)
+ *
+ * @see #getTargetCertConstraints()
+ **/
+ public void setTargetCertConstraints(CertSelector selector)
+ {
+ if ( selector == null )
+ certSelector = null;
+ else
+ certSelector = (CertSelector)selector.clone();
+ }
+
+ /**
+ * Makes a copy of this PKIXParameters object. Changes to the
+ * copy will not affect the original and vice versa.
+ *
+ * @return a copy of this <code>PKIXParameters</code> object
+ **/
+ public Object clone()
+ {
+ try {
+ PKIXParameters obj = (PKIXParameters)super.clone();
+ obj.certStores = new ArrayList( certStores );
+ Iterator iter = certPathCheckers.iterator();
+ obj.certPathCheckers = new ArrayList();
+ while ( iter.hasNext() )
+ {
+ obj.certPathCheckers.add( ((PKIXCertPathChecker)iter.next()).clone() );
+ }
+ if ( initialPolicies != null )
+ {
+ obj.initialPolicies = new HashSet( initialPolicies );
+ }
+ if ( trustAnchors != null )
+ {
+ obj.trustAnchors = new HashSet( trustAnchors );
+ }
+ if ( certSelector != null )
+ {
+ obj.certSelector = (CertSelector)certSelector.clone();
+ }
+ return obj;
+ } catch ( CloneNotSupportedException ex ) {
+ throw new InternalError();
+ }
+ }
+
+ /**
+ * Returns a formatted string describing the parameters.
+ *
+ * @return a formatted string describing the parameters.
+ **/
+ public String toString()
+ {
+ StringBuffer s = new StringBuffer();
+ s.append("[\n");
+ if ( trustAnchors != null )
+ {
+ s.append(" Trust Anchors: ").append(trustAnchors).append('\n');
+ }
+ if ( initialPolicies != null )
+ {
+ if ( initialPolicies.isEmpty() )
+ {
+ s.append(" Initial Policy OIDs: any\n" );
+ }
+ else
+ {
+ s.append(" Initial Policy OIDs: [").append(initialPolicies).append("]\n");
+ }
+ }
+ s.append(" Validity Date: ");
+ if ( date != null )
+ s.append(date);
+ else
+ s.append("null");
+ s.append('\n');
+
+ s.append(" Signature Provider: ");
+ if ( sigProvider != null )
+ s.append(sigProvider);
+ else
+ s.append("null");
+ s.append('\n');
+
+ s.append(" Default Revocation Enabled: ");
+ s.append(revocationEnabled);
+ s.append('\n' );
+
+ s.append(" Explicit Policy Required: ");
+ s.append(explicitPolicyRequired);
+ s.append('\n');
+
+ s.append(" Policy Mapping Inhibited: ");
+ s.append(policyMappingInhibited);
+ s.append('\n');
+
+ s.append(" Any Policy Inhibited: ");
+ s.append(anyPolicyInhibited);
+ s.append('\n');
+
+ s.append(" Policy Qualifiers Rejected: ");
+ s.append(policyQualifiersRejected);
+ s.append('\n');
+
+ s.append(" Target Cert Constraints: ");
+ s.append(certSelector);
+ s.append('\n');
+
+ s.append(" Certification Path Checkers: [");
+ s.append(certPathCheckers);
+ s.append( "}\n");
+
+ s.append(" CertStores: [");
+ s.append(certStores);
+ s.append("}\n");
+
+ s.append("]\n");
+
+ return s.toString();
+ }
+}