diff options
Diffstat (limited to 'libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/x509/ExtendedPKIXBuilderParameters.java')
-rw-r--r-- | libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/x509/ExtendedPKIXBuilderParameters.java | 210 |
1 files changed, 210 insertions, 0 deletions
diff --git a/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/x509/ExtendedPKIXBuilderParameters.java b/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/x509/ExtendedPKIXBuilderParameters.java new file mode 100644 index 000000000..55d80de90 --- /dev/null +++ b/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/x509/ExtendedPKIXBuilderParameters.java @@ -0,0 +1,210 @@ +package org.spongycastle.x509; + +import org.spongycastle.util.Selector; + +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidParameterException; +import org.spongycastle.jce.cert.PKIXBuilderParameters; +import org.spongycastle.jce.cert.PKIXParameters; +import org.spongycastle.jce.cert.TrustAnchor; +import org.spongycastle.jce.cert.X509CertSelector; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +/** + * This class contains extended parameters for PKIX certification path builders. + * + * @see java.security.cert.PKIXBuilderParameters + * @see org.spongycastle.jce.provider.PKIXCertPathBuilderSpi + */ +public class ExtendedPKIXBuilderParameters extends ExtendedPKIXParameters +{ + + private int maxPathLength = 5; + + private Set excludedCerts = Collections.EMPTY_SET; + + /** + * Excluded certificates are not used for building a certification path. + * <p> + * The returned set is immutable. + * + * @return Returns the excluded certificates. + */ + public Set getExcludedCerts() + { + return Collections.unmodifiableSet(excludedCerts); + } + + /** + * Sets the excluded certificates which are not used for building a + * certification path. If the <code>Set</code> is <code>null</code> an + * empty set is assumed. + * <p> + * The given set is cloned to protect it against subsequent modifications. + * + * @param excludedCerts The excluded certificates to set. + */ + public void setExcludedCerts(Set excludedCerts) + { + if (excludedCerts == null) + { + excludedCerts = Collections.EMPTY_SET; + } + else + { + this.excludedCerts = new HashSet(excludedCerts); + } + } + + /** + * Creates an instance of <code>PKIXBuilderParameters</code> with the + * specified <code>Set</code> of most-trusted CAs. Each element of the set + * is a {@link TrustAnchor TrustAnchor}. + * + * <p> + * Note that the <code>Set</code> is copied to protect against subsequent + * modifications. + * + * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s + * @param targetConstraints a <code>Selector</code> specifying the + * constraints on the target certificate or attribute + * certificate. + * @throws InvalidAlgorithmParameterException if <code>trustAnchors</code> + * is empty. + * @throws NullPointerException if <code>trustAnchors</code> is + * <code>null</code> + * @throws ClassCastException if any of the elements of + * <code>trustAnchors</code> is not of type + * <code>java.security.cert.TrustAnchor</code> + */ + public ExtendedPKIXBuilderParameters(Set trustAnchors, + Selector targetConstraints) + throws InvalidAlgorithmParameterException + { + super(trustAnchors); + setTargetConstraints(targetConstraints); + } + + /** + * Sets the maximum number of intermediate non-self-issued certificates in a + * certification path. The PKIX <code>CertPathBuilder</code> must not + * build paths longer then this length. + * <p> + * A value of 0 implies that the path can only contain a single certificate. + * A value of -1 does not limit the length. The default length is 5. + * + * <p> + * + * The basic constraints extension of a CA certificate overrides this value + * if smaller. + * + * @param maxPathLength the maximum number of non-self-issued intermediate + * certificates in the certification path + * @throws InvalidParameterException if <code>maxPathLength</code> is set + * to a value less than -1 + * + * @see org.spongycastle.jce.provider.PKIXCertPathBuilderSpi + * @see #getMaxPathLength + */ + public void setMaxPathLength(int maxPathLength) + { + if (maxPathLength < -1) + { + throw new InvalidParameterException("The maximum path " + + "length parameter can not be less than -1."); + } + this.maxPathLength = maxPathLength; + } + + /** + * Returns the value of the maximum number of intermediate non-self-issued + * certificates in the certification path. + * + * @return the maximum number of non-self-issued intermediate certificates + * in the certification path, or -1 if no limit exists. + * + * @see #setMaxPathLength(int) + */ + public int getMaxPathLength() + { + return maxPathLength; + } + + /** + * Can alse handle <code>ExtendedPKIXBuilderParameters</code> and + * <code>PKIXBuilderParameters</code>. + * + * @param params Parameters to set. + * @see org.spongycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters) + */ + protected void setParams(PKIXParameters params) + { + super.setParams(params); + if (params instanceof ExtendedPKIXBuilderParameters) + { + ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params; + maxPathLength = _params.maxPathLength; + excludedCerts = new HashSet(_params.excludedCerts); + } + if (params instanceof PKIXBuilderParameters) + { + PKIXBuilderParameters _params = (PKIXBuilderParameters) params; + maxPathLength = _params.getMaxPathLength(); + } + } + + /** + * Makes a copy of this <code>PKIXParameters</code> object. Changes to the + * copy will not affect the original and vice versa. + * + * @return a copy of this <code>PKIXParameters</code> object + */ + public Object clone() + { + ExtendedPKIXBuilderParameters params = null; + try + { + params = new ExtendedPKIXBuilderParameters(getTrustAnchors(), + getTargetConstraints()); + } + catch (Exception e) + { + // cannot happen + throw new RuntimeException(e.getMessage()); + } + params.setParams(this); + return params; + } + + /** + * Returns an instance of <code>ExtendedPKIXParameters</code> which can be + * safely casted to <code>ExtendedPKIXBuilderParameters</code>. + * <p> + * This method can be used to get a copy from other + * <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>, + * and <code>ExtendedPKIXParameters</code> instances. + * + * @param pkixParams The PKIX parameters to create a copy of. + * @return An <code>ExtendedPKIXBuilderParameters</code> instance. + */ + public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) + { + ExtendedPKIXBuilderParameters params; + try + { + params = new ExtendedPKIXBuilderParameters(pkixParams + .getTrustAnchors(), X509CertStoreSelector + .getInstance((X509CertSelector) pkixParams + .getTargetCertConstraints())); + } + catch (Exception e) + { + // cannot happen + throw new RuntimeException(e.getMessage()); + } + params.setParams(pkixParams); + return params; + } +} |