1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18package java.security.cert; 19 20import java.security.InvalidAlgorithmParameterException; 21import java.security.InvalidParameterException; 22import java.security.KeyStore; 23import java.security.KeyStoreException; 24import java.util.Set; 25 26/** 27 * The parameter specification for a PKIX {@code CertPathBuilder} 28 * algorithm used to {@link CertPathBuilder#build(CertPathParameters) build} 29 * certificate chains validated with the PKIX certification path validation. 30 * <p> 31 * The parameters must be created with <i>trusted</i> certificate authorities 32 * and constraints for the target certificates. 33 * 34 * @see CertPathBuilder 35 * @see CertPathParameters 36 */ 37public class PKIXBuilderParameters extends PKIXParameters { 38 // Maximum certificate path length (5 by default) 39 private int maxPathLength = 5; 40 41 /** 42 * Creates a new {@code PKIXBuilderParameters} instance with the specified 43 * set of {@code TrustAnchor} and certificate constraints. 44 * 45 * @param trustAnchors 46 * the set of {@code TrustAnchors}. 47 * @param targetConstraints 48 * the certificate constraints. 49 * @throws InvalidAlgorithmParameterException 50 * if {@code trustAnchors} is empty. 51 * @throws ClassCastException 52 * if one of the items in {@code trustAnchors} is not an 53 * instance of {@code java.security.cert.TrustAnchor}. 54 */ 55 public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors, 56 CertSelector targetConstraints) 57 throws InvalidAlgorithmParameterException { 58 super(trustAnchors); 59 super.setTargetCertConstraints(targetConstraints); 60 } 61 62 /** 63 * Creates a new {@code PKIXBuilderParameters} instance with the trusted 64 * {@code X509Certificate} entries from the specified {@code KeyStore}. 65 * 66 * @param keyStore 67 * the key store containing trusted certificates. 68 * @param targetConstraints 69 * the certificate constraints. 70 * @throws KeyStoreException 71 * if the {@code keyStore} is not initialized. 72 * @throws InvalidAlgorithmParameterException 73 * if {@code keyStore} does not contained any trusted 74 * certificate entry. 75 */ 76 public PKIXBuilderParameters(KeyStore keyStore, 77 CertSelector targetConstraints) 78 throws KeyStoreException, 79 InvalidAlgorithmParameterException { 80 super(keyStore); 81 super.setTargetCertConstraints(targetConstraints); 82 } 83 84 /** 85 * Returns the maximum length of a certification path. 86 * <p> 87 * This is the maximum number of non-self-signed certificates in a 88 * certification path. 89 * 90 * @return the maximum length of a certification path, or {@code -1} if it 91 * is unlimited. 92 */ 93 public int getMaxPathLength() { 94 return maxPathLength; 95 } 96 97 /** 98 * Set the maximum length of a certification path. 99 * <p> 100 * This is the maximum number of non-self-signed certificates in a 101 * certification path. 102 * 103 * @param maxPathLength 104 * the maximum length of a certification path. 105 * @throws InvalidParameterException 106 * if {@code maxPathLength} is less than {@code -1}. 107 */ 108 public void setMaxPathLength(int maxPathLength) { 109 if (maxPathLength < -1) { 110 throw new InvalidParameterException("maxPathLength < -1"); 111 } 112 this.maxPathLength = maxPathLength; 113 } 114 115 /** 116 * Returns a string representation of this {@code PKIXBuilderParameters} 117 * instance. 118 * 119 * @return a string representation of this {@code PKIXBuilderParameters} 120 * instance. 121 */ 122 public String toString() { 123 StringBuilder sb = new StringBuilder("[\n"); 124 sb.append(super.toString()); 125 sb.append(" Max Path Length: "); 126 sb.append(maxPathLength); 127 sb.append("\n]"); 128 return sb.toString(); 129 } 130} 131