Source Code Cross Referenced for ExtendedPKIXBuilderParameters.java in  » Security » Bouncy-Castle » org » bouncycastle » x509 » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        package org.bouncycastle.x509;
002:
003:        import org.bouncycastle.util.Selector;
004:
005:        import java.security.InvalidAlgorithmParameterException;
006:        import java.security.InvalidParameterException;
007:        import java.security.cert.PKIXBuilderParameters;
008:        import java.security.cert.PKIXParameters;
009:        import java.security.cert.TrustAnchor;
010:        import java.security.cert.X509CertSelector;
011:        import java.util.Collections;
012:        import java.util.HashSet;
013:        import java.util.Set;
014:
015:        /**
016:         * This class contains extended parameters for PKIX certification path builders.
017:         * 
018:         * @see java.security.cert.PKIXBuilderParameters
019:         * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
020:         */
021:        public class ExtendedPKIXBuilderParameters extends
022:                ExtendedPKIXParameters {
023:
024:            private int maxPathLength = 5;
025:
026:            private Set excludedCerts = Collections.EMPTY_SET;
027:
028:            /**
029:             * Excluded certificates are not used for building a certification path.
030:             * <p>
031:             * The returned set is immutable.
032:             * 
033:             * @return Returns the excluded certificates.
034:             */
035:            public Set getExcludedCerts() {
036:                return Collections.unmodifiableSet(excludedCerts);
037:            }
038:
039:            /**
040:             * Sets the excluded certificates which are not used for building a
041:             * certification path. If the <code>Set</code> is <code>null</code> an
042:             * empty set is assumed.
043:             * <p>
044:             * The given set is cloned to protect it against subsequent modifications.
045:             * 
046:             * @param excludedCerts The excluded certificates to set.
047:             */
048:            public void setExcludedCerts(Set excludedCerts) {
049:                if (excludedCerts == null) {
050:                    excludedCerts = Collections.EMPTY_SET;
051:                } else {
052:                    this .excludedCerts = new HashSet(excludedCerts);
053:                }
054:            }
055:
056:            /**
057:             * Creates an instance of <code>PKIXBuilderParameters</code> with the
058:             * specified <code>Set</code> of most-trusted CAs. Each element of the set
059:             * is a {@link TrustAnchor TrustAnchor}.
060:             * 
061:             * <p>
062:             * Note that the <code>Set</code> is copied to protect against subsequent
063:             * modifications.
064:             * 
065:             * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s
066:             * @param targetConstraints a <code>Selector</code> specifying the
067:             *            constraints on the target certificate or attribute
068:             *            certificate.
069:             * @throws InvalidAlgorithmParameterException if <code>trustAnchors</code>
070:             *             is empty.
071:             * @throws NullPointerException if <code>trustAnchors</code> is
072:             *             <code>null</code>
073:             * @throws ClassCastException if any of the elements of
074:             *             <code>trustAnchors</code> is not of type
075:             *             <code>java.security.cert.TrustAnchor</code>
076:             */
077:            public ExtendedPKIXBuilderParameters(Set trustAnchors,
078:                    Selector targetConstraints)
079:                    throws InvalidAlgorithmParameterException {
080:                super (trustAnchors);
081:                setTargetConstraints(targetConstraints);
082:            }
083:
084:            /**
085:             * Sets the maximum number of intermediate non-self-issued certificates in a
086:             * certification path. The PKIX <code>CertPathBuilder</code> must not
087:             * build paths longer then this length.
088:             * <p>
089:             * A value of 0 implies that the path can only contain a single certificate.
090:             * A value of -1 does not limit the length. The default length is 5.
091:             * 
092:             * <p>
093:             * 
094:             * The basic constraints extension of a CA certificate overrides this value
095:             * if smaller.
096:             * 
097:             * @param maxPathLength the maximum number of non-self-issued intermediate
098:             *            certificates in the certification path
099:             * @throws InvalidParameterException if <code>maxPathLength</code> is set
100:             *             to a value less than -1
101:             * 
102:             * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
103:             * @see #getMaxPathLength
104:             */
105:            public void setMaxPathLength(int maxPathLength) {
106:                if (maxPathLength < -1) {
107:                    throw new InvalidParameterException("The maximum path "
108:                            + "length parameter can not be less than -1.");
109:                }
110:                this .maxPathLength = maxPathLength;
111:            }
112:
113:            /**
114:             * Returns the value of the maximum number of intermediate non-self-issued
115:             * certificates in the certification path.
116:             * 
117:             * @return the maximum number of non-self-issued intermediate certificates
118:             *         in the certification path, or -1 if no limit exists.
119:             * 
120:             * @see #setMaxPathLength(int)
121:             */
122:            public int getMaxPathLength() {
123:                return maxPathLength;
124:            }
125:
126:            /**
127:             * Can alse handle <code>ExtendedPKIXBuilderParameters</code> and
128:             * <code>PKIXBuilderParameters</code>.
129:             * 
130:             * @param params Parameters to set.
131:             * @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters)
132:             */
133:            protected void setParams(PKIXParameters params) {
134:                super .setParams(params);
135:                if (params instanceof  ExtendedPKIXBuilderParameters) {
136:                    ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params;
137:                    maxPathLength = _params.maxPathLength;
138:                    excludedCerts = new HashSet(_params.excludedCerts);
139:                }
140:                if (params instanceof  PKIXBuilderParameters) {
141:                    PKIXBuilderParameters _params = (PKIXBuilderParameters) params;
142:                    maxPathLength = _params.getMaxPathLength();
143:                }
144:            }
145:
146:            /**
147:             * Makes a copy of this <code>PKIXParameters</code> object. Changes to the
148:             * copy will not affect the original and vice versa.
149:             * 
150:             * @return a copy of this <code>PKIXParameters</code> object
151:             */
152:            public Object clone() {
153:                ExtendedPKIXBuilderParameters params = null;
154:                try {
155:                    params = new ExtendedPKIXBuilderParameters(
156:                            getTrustAnchors(), getTargetConstraints());
157:                } catch (Exception e) {
158:                    // cannot happen
159:                    throw new RuntimeException(e.getMessage());
160:                }
161:                params.setParams(this );
162:                return params;
163:            }
164:
165:            /**
166:             * Returns an instance of <code>ExtendedPKIXParameters</code> which can be
167:             * safely casted to <code>ExtendedPKIXBuilderParameters</code>.
168:             * <p>
169:             * This method can be used to get a copy from other
170:             * <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>,
171:             * and <code>ExtendedPKIXParameters</code> instances.
172:             * 
173:             * @param pkixParams The PKIX parameters to create a copy of.
174:             * @return An <code>ExtendedPKIXBuilderParameters</code> instance.
175:             */
176:            public static ExtendedPKIXParameters getInstance(
177:                    PKIXParameters pkixParams) {
178:                ExtendedPKIXBuilderParameters params;
179:                try {
180:                    params = new ExtendedPKIXBuilderParameters(pkixParams
181:                            .getTrustAnchors(), X509CertStoreSelector
182:                            .getInstance((X509CertSelector) pkixParams
183:                                    .getTargetCertConstraints()));
184:                } catch (Exception e) {
185:                    // cannot happen
186:                    throw new RuntimeException(e.getMessage());
187:                }
188:                params.setParams(pkixParams);
189:                return params;
190:            }
191:        }