src/main/java/org/bouncycastle/x509/ExtendedPKIXBuilderParameters.java - platform/external/bouncycastle - Git at Google

 package org.bouncycastle.x509;

 import org.bouncycastle.util.Selector;

 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidParameterException;
 import java.security.cert.PKIXBuilderParameters;
 import java.security.cert.PKIXParameters;
 import java.security.cert.TrustAnchor;
 import java.security.cert.X509CertSelector;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;

 /**
  * This class contains extended parameters for PKIX certification path builders.
  *
  * @see java.security.cert.PKIXBuilderParameters
  * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
  */
 public class ExtendedPKIXBuilderParameters extends ExtendedPKIXParameters
 {

     private int maxPathLength = 5;

     private Set excludedCerts = Collections.EMPTY_SET;

     /**
      * Excluded certificates are not used for building a certification path.
      * <p>
      * The returned set is immutable.
      *
      * @return Returns the excluded certificates.
      */
     public Set getExcludedCerts()
     {
         return Collections.unmodifiableSet(excludedCerts);
     }

     /**
      * Sets the excluded certificates which are not used for building a
      * certification path. If the <code>Set</code> is <code>null</code> an
      * empty set is assumed.
      * <p>
      * The given set is cloned to protect it against subsequent modifications.
      *
      * @param excludedCerts The excluded certificates to set.
      */
     public void setExcludedCerts(Set excludedCerts)
     {
         if (excludedCerts == null)
         {
             excludedCerts = Collections.EMPTY_SET;
         }
         else
         {
             this.excludedCerts = new HashSet(excludedCerts);
         }
     }

     /**
      * Creates an instance of <code>PKIXBuilderParameters</code> with the
      * specified <code>Set</code> of most-trusted CAs. Each element of the set
      * is a {@link TrustAnchor TrustAnchor}.
      *
      * <p>
      * Note that the <code>Set</code> is copied to protect against subsequent
      * modifications.
      *
      * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s
      * @param targetConstraints a <code>Selector</code> specifying the
      *            constraints on the target certificate or attribute
      *            certificate.
      * @throws InvalidAlgorithmParameterException if <code>trustAnchors</code>
      *             is empty.
      * @throws NullPointerException if <code>trustAnchors</code> is
      *             <code>null</code>
      * @throws ClassCastException if any of the elements of
      *             <code>trustAnchors</code> is not of type
      *             <code>java.security.cert.TrustAnchor</code>
      */
     public ExtendedPKIXBuilderParameters(Set trustAnchors,
             Selector targetConstraints)
             throws InvalidAlgorithmParameterException
     {
         super(trustAnchors);
         setTargetConstraints(targetConstraints);
     }

     /**
      * Sets the maximum number of intermediate non-self-issued certificates in a
      * certification path. The PKIX <code>CertPathBuilder</code> must not
      * build paths longer then this length.
      * <p>
      * A value of 0 implies that the path can only contain a single certificate.
      * A value of -1 does not limit the length. The default length is 5.
      *
      * <p>
      *
      * The basic constraints extension of a CA certificate overrides this value
      * if smaller.
      *
      * @param maxPathLength the maximum number of non-self-issued intermediate
      *            certificates in the certification path
      * @throws InvalidParameterException if <code>maxPathLength</code> is set
      *             to a value less than -1
      *
      * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
      * @see #getMaxPathLength
      */
     public void setMaxPathLength(int maxPathLength)
     {
         if (maxPathLength < -1)
         {
             throw new InvalidParameterException("The maximum path "
                     + "length parameter can not be less than -1.");
         }
         this.maxPathLength = maxPathLength;
     }

     /**
      * Returns the value of the maximum number of intermediate non-self-issued
      * certificates in the certification path.
      *
      * @return the maximum number of non-self-issued intermediate certificates
      *         in the certification path, or -1 if no limit exists.
      *
      * @see #setMaxPathLength(int)
      */
     public int getMaxPathLength()
     {
         return maxPathLength;
     }

     /**
      * Can alse handle <code>ExtendedPKIXBuilderParameters</code> and
      * <code>PKIXBuilderParameters</code>.
      *
      * @param params Parameters to set.
      * @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters)
      */
     protected void setParams(PKIXParameters params)
     {
         super.setParams(params);
         if (params instanceof ExtendedPKIXBuilderParameters)
         {
             ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params;
             maxPathLength = _params.maxPathLength;
             excludedCerts = new HashSet(_params.excludedCerts);
         }
         if (params instanceof PKIXBuilderParameters)
         {
             PKIXBuilderParameters _params = (PKIXBuilderParameters) params;
             maxPathLength = _params.getMaxPathLength();
         }
     }

     /**
      * Makes a copy of this <code>PKIXParameters</code> object. Changes to the
      * copy will not affect the original and vice versa.
      *
      * @return a copy of this <code>PKIXParameters</code> object
      */
     public Object clone()
     {
         ExtendedPKIXBuilderParameters params = null;
         try
         {
             params = new ExtendedPKIXBuilderParameters(getTrustAnchors(),
                     getTargetConstraints());
         }
         catch (Exception e)
         {
             // cannot happen
             throw new RuntimeException(e.getMessage());
         }
         params.setParams(this);
         return params;
     }

     /**
      * Returns an instance of <code>ExtendedPKIXParameters</code> which can be
      * safely casted to <code>ExtendedPKIXBuilderParameters</code>.
      * <p>
      * This method can be used to get a copy from other
      * <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>,
      * and <code>ExtendedPKIXParameters</code> instances.
      *
      * @param pkixParams The PKIX parameters to create a copy of.
      * @return An <code>ExtendedPKIXBuilderParameters</code> instance.
      */
     public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
     {
         ExtendedPKIXBuilderParameters params;
         try
         {
             params = new ExtendedPKIXBuilderParameters(pkixParams
                     .getTrustAnchors(), X509CertStoreSelector
                     .getInstance((X509CertSelector) pkixParams
                             .getTargetCertConstraints()));
         }
         catch (Exception e)
         {
             // cannot happen
             throw new RuntimeException(e.getMessage());
         }
         params.setParams(pkixParams);
         return params;
     }
 }
	package org.bouncycastle.x509;

	import org.bouncycastle.util.Selector;

	import java.security.InvalidAlgorithmParameterException;
	import java.security.InvalidParameterException;
	import java.security.cert.PKIXBuilderParameters;
	import java.security.cert.PKIXParameters;
	import java.security.cert.TrustAnchor;
	import java.security.cert.X509CertSelector;
	import java.util.Collections;
	import java.util.HashSet;
	import java.util.Set;

	/**
	* This class contains extended parameters for PKIX certification path builders.
	*
	* @see java.security.cert.PKIXBuilderParameters
	* @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
	*/
	public class ExtendedPKIXBuilderParameters extends ExtendedPKIXParameters
	{

	private int maxPathLength = 5;

	private Set excludedCerts = Collections.EMPTY_SET;

	/**
	* Excluded certificates are not used for building a certification path.
	* <p>
	* The returned set is immutable.
	*
	* @return Returns the excluded certificates.
	*/
	public Set getExcludedCerts()
	{
	return Collections.unmodifiableSet(excludedCerts);
	}

	/**
	* Sets the excluded certificates which are not used for building a
	* certification path. If the <code>Set</code> is <code>null</code> an
	* empty set is assumed.
	* <p>
	* The given set is cloned to protect it against subsequent modifications.
	*
	* @param excludedCerts The excluded certificates to set.
	*/
	public void setExcludedCerts(Set excludedCerts)
	{
	if (excludedCerts == null)
	{
	excludedCerts = Collections.EMPTY_SET;
	}
	else
	{
	this.excludedCerts = new HashSet(excludedCerts);
	}
	}

	/**
	* Creates an instance of <code>PKIXBuilderParameters</code> with the
	* specified <code>Set</code> of most-trusted CAs. Each element of the set
	* is a {@link TrustAnchor TrustAnchor}.
	*
	* <p>
	* Note that the <code>Set</code> is copied to protect against subsequent
	* modifications.
	*
	* @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s
	* @param targetConstraints a <code>Selector</code> specifying the
	* constraints on the target certificate or attribute
	* certificate.
	* @throws InvalidAlgorithmParameterException if <code>trustAnchors</code>
	* is empty.
	* @throws NullPointerException if <code>trustAnchors</code> is
	* <code>null</code>
	* @throws ClassCastException if any of the elements of
	* <code>trustAnchors</code> is not of type
	* <code>java.security.cert.TrustAnchor</code>
	*/
	public ExtendedPKIXBuilderParameters(Set trustAnchors,
	Selector targetConstraints)
	throws InvalidAlgorithmParameterException
	{
	super(trustAnchors);
	setTargetConstraints(targetConstraints);
	}

	/**
	* Sets the maximum number of intermediate non-self-issued certificates in a
	* certification path. The PKIX <code>CertPathBuilder</code> must not
	* build paths longer then this length.
	* <p>
	* A value of 0 implies that the path can only contain a single certificate.
	* A value of -1 does not limit the length. The default length is 5.
	*
	* <p>
	*
	* The basic constraints extension of a CA certificate overrides this value
	* if smaller.
	*
	* @param maxPathLength the maximum number of non-self-issued intermediate
	* certificates in the certification path
	* @throws InvalidParameterException if <code>maxPathLength</code> is set
	* to a value less than -1
	*
	* @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi
	* @see #getMaxPathLength
	*/
	public void setMaxPathLength(int maxPathLength)
	{
	if (maxPathLength < -1)
	{
	throw new InvalidParameterException("The maximum path "
	+ "length parameter can not be less than -1.");
	}
	this.maxPathLength = maxPathLength;
	}

	/**
	* Returns the value of the maximum number of intermediate non-self-issued
	* certificates in the certification path.
	*
	* @return the maximum number of non-self-issued intermediate certificates
	* in the certification path, or -1 if no limit exists.
	*
	* @see #setMaxPathLength(int)
	*/
	public int getMaxPathLength()
	{
	return maxPathLength;
	}

	/**
	* Can alse handle <code>ExtendedPKIXBuilderParameters</code> and
	* <code>PKIXBuilderParameters</code>.
	*
	* @param params Parameters to set.
	* @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters)
	*/
	protected void setParams(PKIXParameters params)
	{
	super.setParams(params);
	if (params instanceof ExtendedPKIXBuilderParameters)
	{
	ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params;
	maxPathLength = _params.maxPathLength;
	excludedCerts = new HashSet(_params.excludedCerts);
	}
	if (params instanceof PKIXBuilderParameters)
	{
	PKIXBuilderParameters _params = (PKIXBuilderParameters) params;
	maxPathLength = _params.getMaxPathLength();
	}
	}

	/**
	* Makes a copy of this <code>PKIXParameters</code> object. Changes to the
	* copy will not affect the original and vice versa.
	*
	* @return a copy of this <code>PKIXParameters</code> object
	*/
	public Object clone()
	{
	ExtendedPKIXBuilderParameters params = null;
	try
	{
	params = new ExtendedPKIXBuilderParameters(getTrustAnchors(),
	getTargetConstraints());
	}
	catch (Exception e)
	{
	// cannot happen
	throw new RuntimeException(e.getMessage());
	}
	params.setParams(this);
	return params;
	}

	/**
	* Returns an instance of <code>ExtendedPKIXParameters</code> which can be
	* safely casted to <code>ExtendedPKIXBuilderParameters</code>.
	* <p>
	* This method can be used to get a copy from other
	* <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>,
	* and <code>ExtendedPKIXParameters</code> instances.
	*
	* @param pkixParams The PKIX parameters to create a copy of.
	* @return An <code>ExtendedPKIXBuilderParameters</code> instance.
	*/
	public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
	{
	ExtendedPKIXBuilderParameters params;
	try
	{
	params = new ExtendedPKIXBuilderParameters(pkixParams
	.getTrustAnchors(), X509CertStoreSelector
	.getInstance((X509CertSelector) pkixParams
	.getTargetCertConstraints()));
	}
	catch (Exception e)
	{
	// cannot happen
	throw new RuntimeException(e.getMessage());
	}
	params.setParams(pkixParams);
	return params;
	}
	}