diff options
Diffstat (limited to 'libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/x509/ExtendedPKIXParameters.java')
| -rw-r--r-- | libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/x509/ExtendedPKIXParameters.java | 647 |
1 files changed, 0 insertions, 647 deletions
diff --git a/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/x509/ExtendedPKIXParameters.java b/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/x509/ExtendedPKIXParameters.java deleted file mode 100644 index c2636c5b6..000000000 --- a/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/x509/ExtendedPKIXParameters.java +++ /dev/null @@ -1,647 +0,0 @@ -package org.spongycastle.x509; - -import org.spongycastle.util.Selector; -import org.spongycastle.util.Store; - -import java.security.InvalidAlgorithmParameterException; -import org.spongycastle.jce.cert.CertSelector; -import org.spongycastle.jce.cert.CertStore; -import org.spongycastle.jce.cert.CollectionCertStoreParameters; -import org.spongycastle.jce.cert.LDAPCertStoreParameters; -import org.spongycastle.jce.cert.PKIXParameters; -import org.spongycastle.jce.cert.TrustAnchor; -import org.spongycastle.jce.cert.X509CertSelector; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -/** - * This class extends the PKIXParameters with a validity model parameter. - */ -public class ExtendedPKIXParameters - extends PKIXParameters -{ - - private List stores; - - private Selector selector; - - private boolean additionalLocationsEnabled; - - private List additionalStores; - - private Set trustedACIssuers; - - private Set necessaryACAttributes; - - private Set prohibitedACAttributes; - - private Set attrCertCheckers; - - /** - * Creates an instance of <code>PKIXParameters</code> with the specified - * <code>Set</code> of most-trusted CAs. Each element of the set is a - * {@link TrustAnchor TrustAnchor}. <p/> Note that the <code>Set</code> - * is copied to protect against subsequent modifications. - * - * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s - * @throws InvalidAlgorithmParameterException if the specified - * <code>Set</code> is empty. - * @throws NullPointerException if the specified <code>Set</code> is - * <code>null</code> - * @throws ClassCastException if any of the elements in the <code>Set</code> - * is not of type <code>java.security.cert.TrustAnchor</code> - */ - public ExtendedPKIXParameters(Set trustAnchors) - throws InvalidAlgorithmParameterException - { - super(trustAnchors); - stores = new ArrayList(); - additionalStores = new ArrayList(); - trustedACIssuers = new HashSet(); - necessaryACAttributes = new HashSet(); - prohibitedACAttributes = new HashSet(); - attrCertCheckers = new HashSet(); - } - - /** - * Returns an instance with the parameters of a given - * <code>PKIXParameters</code> object. - * - * @param pkixParams The given <code>PKIXParameters</code> - * @return an extended PKIX params object - */ - public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) - { - ExtendedPKIXParameters params; - try - { - params = new ExtendedPKIXParameters(pkixParams.getTrustAnchors()); - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException(e.getMessage()); - } - params.setParams(pkixParams); - return params; - } - - /** - * Method to support <code>clone()</code> under J2ME. - * <code>super.clone()</code> does not exist and fields are not copied. - * - * @param params Parameters to set. If this are - * <code>ExtendedPKIXParameters</code> they are copied to. - */ - protected void setParams(PKIXParameters params) - { - setDate(params.getDate()); - setCertPathCheckers(params.getCertPathCheckers()); - setCertStores(params.getCertStores()); - setAnyPolicyInhibited(params.isAnyPolicyInhibited()); - setExplicitPolicyRequired(params.isExplicitPolicyRequired()); - setPolicyMappingInhibited(params.isPolicyMappingInhibited()); - setRevocationEnabled(params.isRevocationEnabled()); - setInitialPolicies(params.getInitialPolicies()); - setPolicyQualifiersRejected(params.getPolicyQualifiersRejected()); - setSigProvider(params.getSigProvider()); - setTargetCertConstraints(params.getTargetCertConstraints()); - try - { - setTrustAnchors(params.getTrustAnchors()); - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException(e.getMessage()); - } - if (params instanceof ExtendedPKIXParameters) - { - ExtendedPKIXParameters _params = (ExtendedPKIXParameters) params; - validityModel = _params.validityModel; - useDeltas = _params.useDeltas; - additionalLocationsEnabled = _params.additionalLocationsEnabled; - selector = _params.selector == null ? null - : (Selector) _params.selector.clone(); - stores = new ArrayList(_params.stores); - additionalStores = new ArrayList(_params.additionalStores); - trustedACIssuers = new HashSet(_params.trustedACIssuers); - prohibitedACAttributes = new HashSet(_params.prohibitedACAttributes); - necessaryACAttributes = new HashSet(_params.necessaryACAttributes); - attrCertCheckers = new HashSet(_params.attrCertCheckers); - } - } - - /** - * This is the default PKIX validity model. Actually there are two variants - * of this: The PKIX model and the modified PKIX model. The PKIX model - * verifies that all involved certificates must have been valid at the - * current time. The modified PKIX model verifies that all involved - * certificates were valid at the signing time. Both are indirectly choosen - * with the {@link PKIXParameters#setDate(java.util.Date)} method, so this - * methods sets the Date when <em>all</em> certificates must have been - * valid. - */ - public static final int PKIX_VALIDITY_MODEL = 0; - - /** - * This model uses the following validity model. Each certificate must have - * been valid at the moment where is was used. That means the end - * certificate must have been valid at the time the signature was done. The - * CA certificate which signed the end certificate must have been valid, - * when the end certificate was signed. The CA (or Root CA) certificate must - * have been valid, when the CA certificate was signed and so on. So the - * {@link PKIXParameters#setDate(java.util.Date)} method sets the time, when - * the <em>end certificate</em> must have been valid. <p/> It is used e.g. - * in the German signature law. - */ - public static final int CHAIN_VALIDITY_MODEL = 1; - - private int validityModel = PKIX_VALIDITY_MODEL; - - private boolean useDeltas = false; - - /** - * Defaults to <code>false</code>. - * - * @return Returns if delta CRLs should be used. - */ - public boolean isUseDeltasEnabled() - { - return useDeltas; - } - - /** - * Sets if delta CRLs should be used for checking the revocation status. - * - * @param useDeltas <code>true</code> if delta CRLs should be used. - */ - public void setUseDeltasEnabled(boolean useDeltas) - { - this.useDeltas = useDeltas; - } - - /** - * @return Returns the validity model. - * @see #CHAIN_VALIDITY_MODEL - * @see #PKIX_VALIDITY_MODEL - */ - public int getValidityModel() - { - return validityModel; - } - - /** - * Sets the Java CertStore to this extended PKIX parameters. - * - * @throws ClassCastException if an element of <code>stores</code> is not - * a <code>CertStore</code>. - */ - public void setCertStores(List stores) - { - if (stores != null) - { - Iterator it = stores.iterator(); - while (it.hasNext()) - { - addCertStore((CertStore)it.next()); - } - } - } - - /** - * Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute - * certificates or cross certificates. - * <p> - * The <code>List</code> is cloned. - * - * @param stores A list of stores to use. - * @see #getStores - * @throws ClassCastException if an element of <code>stores</code> is not - * a {@link Store}. - */ - public void setStores(List stores) - { - if (stores == null) - { - this.stores = new ArrayList(); - } - else - { - for (Iterator i = stores.iterator(); i.hasNext();) - { - if (!(i.next() instanceof Store)) - { - throw new ClassCastException( - "All elements of list must be " - + "of type org.spongycastle.util.Store."); - } - } - this.stores = new ArrayList(stores); - } - } - - /** - * Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute - * certificates or cross certificates. - * <p> - * This method should be used to add local stores, like collection based - * X.509 stores, if available. Local stores should be considered first, - * before trying to use additional (remote) locations, because they do not - * need possible additional network traffic. - * <p> - * If <code>store</code> is <code>null</code> it is ignored. - * - * @param store The store to add. - * @see #getStores - */ - public void addStore(Store store) - { - if (stores != null) - { - stores.add(store); - } - } - - /** - * Adds a additional Bouncy Castle {@link Store} to find CRLs, certificates, - * attribute certificates or cross certificates. - * <p> - * You should not use this method. This method is used for adding additional - * X.509 stores, which are used to add (remote) locations, e.g. LDAP, found - * during X.509 object processing, e.g. in certificates or CRLs. This method - * is used in PKIX certification path processing. - * <p> - * If <code>store</code> is <code>null</code> it is ignored. - * - * @param store The store to add. - * @see #getStores() - */ - public void addAddionalStore(Store store) - { - if (store != null) - { - additionalStores.add(store); - } - } - - /** - * Returns an immutable <code>List</code> of additional Bouncy Castle - * <code>Store</code>s used for finding CRLs, certificates, attribute - * certificates or cross certificates. - * - * @return an immutable <code>List</code> of additional Bouncy Castle - * <code>Store</code>s. Never <code>null</code>. - * - * @see #addAddionalStore(Store) - */ - public List getAdditionalStores() - { - return Collections.unmodifiableList(additionalStores); - } - - /** - * Returns an immutable <code>List</code> of Bouncy Castle - * <code>Store</code>s used for finding CRLs, certificates, attribute - * certificates or cross certificates. - * - * @return an immutable <code>List</code> of Bouncy Castle - * <code>Store</code>s. Never <code>null</code>. - * - * @see #setStores(List) - */ - public List getStores() - { - return Collections.unmodifiableList(new ArrayList(stores)); - } - - /** - * @param validityModel The validity model to set. - * @see #CHAIN_VALIDITY_MODEL - * @see #PKIX_VALIDITY_MODEL - */ - public void setValidityModel(int validityModel) - { - this.validityModel = validityModel; - } - - public Object clone() - { - ExtendedPKIXParameters params; - try - { - params = new ExtendedPKIXParameters(getTrustAnchors()); - } - catch (Exception e) - { - // cannot happen - throw new RuntimeException(e.getMessage()); - } - params.setParams(this); - return params; - } - - /** - * Returns if additional {@link X509Store}s for locations like LDAP found - * in certificates or CRLs should be used. - * - * @return Returns <code>true</code> if additional stores are used. - */ - public boolean isAdditionalLocationsEnabled() - { - return additionalLocationsEnabled; - } - - /** - * Sets if additional {@link X509Store}s for locations like LDAP found in - * certificates or CRLs should be used. - * - * @param enabled <code>true</code> if additional stores are used. - */ - public void setAdditionalLocationsEnabled(boolean enabled) - { - additionalLocationsEnabled = enabled; - } - - /** - * Returns the required constraints on the target certificate or attribute - * certificate. The constraints are returned as an instance of - * <code>Selector</code>. If <code>null</code>, no constraints are - * defined. - * - * <p> - * The target certificate in a PKIX path may be a certificate or an - * attribute certificate. - * <p> - * Note that the <code>Selector</code> returned is cloned to protect - * against subsequent modifications. - * - * @return a <code>Selector</code> specifying the constraints on the - * target certificate or attribute certificate (or <code>null</code>) - * @see #setTargetConstraints - * @see X509CertStoreSelector - * @see X509AttributeCertStoreSelector - */ - public Selector getTargetConstraints() - { - if (selector != null) - { - return (Selector) selector.clone(); - } - else - { - return null; - } - } - - /** - * Sets the required constraints on the target certificate or attribute - * certificate. The constraints are specified as an instance of - * <code>Selector</code>. If <code>null</code>, no constraints are - * defined. - * <p> - * The target certificate in a PKIX path may be a certificate or an - * attribute certificate. - * <p> - * Note that the <code>Selector</code> specified is cloned to protect - * against subsequent modifications. - * - * @param selector a <code>Selector</code> specifying the constraints on - * the target certificate or attribute certificate (or - * <code>null</code>) - * @see #getTargetConstraints - * @see X509CertStoreSelector - * @see X509AttributeCertStoreSelector - */ - public void setTargetConstraints(Selector selector) - { - if (selector != null) - { - this.selector = (Selector) selector.clone(); - } - else - { - this.selector = null; - } - } - - /** - * Sets the required constraints on the target certificate. The constraints - * are specified as an instance of <code>X509CertSelector</code>. If - * <code>null</code>, no constraints are defined. - * - * <p> - * This method wraps the given <code>X509CertSelector</code> into a - * <code>X509CertStoreSelector</code>. - * <p> - * Note that the <code>X509CertSelector</code> specified is cloned to - * protect against subsequent modifications. - * - * @param selector a <code>X509CertSelector</code> specifying the - * constraints on the target certificate (or <code>null</code>) - * @see #getTargetCertConstraints - * @see X509CertStoreSelector - */ - public void setTargetCertConstraints(CertSelector selector) - { - super.setTargetCertConstraints(selector); - if (selector != null) - { - this.selector = X509CertStoreSelector - .getInstance((X509CertSelector) selector); - } - else - { - this.selector = null; - } - } - - /** - * Returns the trusted attribute certificate issuers. If attribute - * certificates is verified the trusted AC issuers must be set. - * <p> - * The returned <code>Set</code> consists of <code>TrustAnchor</code>s. - * <p> - * The returned <code>Set</code> is immutable. Never <code>null</code> - * - * @return Returns an immutable set of the trusted AC issuers. - */ - public Set getTrustedACIssuers() - { - return Collections.unmodifiableSet(trustedACIssuers); - } - - /** - * Sets the trusted attribute certificate issuers. If attribute certificates - * is verified the trusted AC issuers must be set. - * <p> - * The <code>trustedACIssuers</code> must be a <code>Set</code> of - * <code>TrustAnchor</code> - * <p> - * The given set is cloned. - * - * @param trustedACIssuers The trusted AC issuers to set. Is never - * <code>null</code>. - * @throws ClassCastException if an element of <code>stores</code> is not - * a <code>TrustAnchor</code>. - */ - public void setTrustedACIssuers(Set trustedACIssuers) - { - if (trustedACIssuers == null) - { - trustedACIssuers.clear(); - return; - } - for (Iterator it = trustedACIssuers.iterator(); it.hasNext();) - { - if (!(it.next() instanceof TrustAnchor)) - { - throw new ClassCastException("All elements of set must be " - + "of type " + TrustAnchor.class.getName() + "."); - } - } - this.trustedACIssuers.clear(); - this.trustedACIssuers.addAll(trustedACIssuers); - } - - /** - * Returns the neccessary attributes which must be contained in an attribute - * certificate. - * <p> - * The returned <code>Set</code> is immutable and contains - * <code>String</code>s with the OIDs. - * - * @return Returns the necessary AC attributes. - */ - public Set getNecessaryACAttributes() - { - return Collections.unmodifiableSet(necessaryACAttributes); - } - - /** - * Sets the neccessary which must be contained in an attribute certificate. - * <p> - * The <code>Set</code> must contain <code>String</code>s with the - * OIDs. - * <p> - * The set is cloned. - * - * @param necessaryACAttributes The necessary AC attributes to set. - * @throws ClassCastException if an element of - * <code>necessaryACAttributes</code> is not a - * <code>String</code>. - */ - public void setNecessaryACAttributes(Set necessaryACAttributes) - { - if (necessaryACAttributes == null) - { - this.necessaryACAttributes.clear(); - return; - } - for (Iterator it = necessaryACAttributes.iterator(); it.hasNext();) - { - if (!(it.next() instanceof String)) - { - throw new ClassCastException("All elements of set must be " - + "of type String."); - } - } - this.necessaryACAttributes.clear(); - this.necessaryACAttributes.addAll(necessaryACAttributes); - } - - /** - * Returns the attribute certificates which are not allowed. - * <p> - * The returned <code>Set</code> is immutable and contains - * <code>String</code>s with the OIDs. - * - * @return Returns the prohibited AC attributes. Is never <code>null</code>. - */ - public Set getProhibitedACAttributes() - { - return prohibitedACAttributes; - } - - /** - * Sets the attribute certificates which are not allowed. - * <p> - * The <code>Set</code> must contain <code>String</code>s with the - * OIDs. - * <p> - * The set is cloned. - * - * @param prohibitedACAttributes The prohibited AC attributes to set. - * @throws ClassCastException if an element of - * <code>prohibitedACAttributes</code> is not a - * <code>String</code>. - */ - public void setProhibitedACAttributes(Set prohibitedACAttributes) - { - if (prohibitedACAttributes == null) - { - this.prohibitedACAttributes.clear(); - return; - } - for (Iterator it = prohibitedACAttributes.iterator(); it.hasNext();) - { - if (!(it.next() instanceof String)) - { - throw new ClassCastException("All elements of set must be " - + "of type String."); - } - } - this.prohibitedACAttributes.clear(); - this.prohibitedACAttributes.addAll(prohibitedACAttributes); - } - - /** - * Returns the attribute certificate checker. The returned set contains - * {@link PKIXAttrCertChecker}s and is immutable. - * - * @return Returns the attribute certificate checker. Is never - * <code>null</code>. - */ - public Set getAttrCertCheckers() - { - return Collections.unmodifiableSet(attrCertCheckers); - } - - /** - * Sets the attribute certificate checkers. - * <p> - * All elements in the <code>Set</code> must a {@link PKIXAttrCertChecker}. - * <p> - * The given set is cloned. - * - * @param attrCertCheckers The attribute certificate checkers to set. Is - * never <code>null</code>. - * @throws ClassCastException if an element of <code>attrCertCheckers</code> - * is not a <code>PKIXAttrCertChecker</code>. - */ -/* - public void setAttrCertCheckers(Set attrCertCheckers) - { - if (attrCertCheckers == null) - { - this.attrCertCheckers.clear(); - return; - } - for (Iterator it = attrCertCheckers.iterator(); it.hasNext();) - { - if (!(it.next() instanceof PKIXAttrCertChecker)) - { - throw new ClassCastException("All elements of set must be " - + "of type " + PKIXAttrCertChecker.class.getName() + "."); - } - } - this.attrCertCheckers.clear(); - this.attrCertCheckers.addAll(attrCertCheckers); - } -*/ -} |