1/*
2 *  Licensed to the Apache Software Foundation (ASF) under one or more
3 *  contributor license agreements.  See the NOTICE file distributed with
4 *  this work for additional information regarding copyright ownership.
5 *  The ASF licenses this file to You under the Apache License, Version 2.0
6 *  (the "License"); you may not use this file except in compliance with
7 *  the License.  You may obtain a copy of the License at
8 *
9 *     http://www.apache.org/licenses/LICENSE-2.0
10 *
11 *  Unless required by applicable law or agreed to in writing, software
12 *  distributed under the License is distributed on an "AS IS" BASIS,
13 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 *  See the License for the specific language governing permissions and
15 *  limitations under the License.
16 */
17
18package java.security.cert;
19
20import java.security.InvalidAlgorithmParameterException;
21import java.security.InvalidParameterException;
22import java.security.KeyStore;
23import java.security.KeyStoreException;
24import java.util.Set;
25
26/**
27 * The parameter specification for a PKIX {@code CertPathBuilder}
28 * algorithm used to {@link CertPathBuilder#build(CertPathParameters) build}
29 * certificate chains validated with the PKIX certification path validation.
30 * <p>
31 * The parameters must be created with <i>trusted</i> certificate authorities
32 * and constraints for the target certificates.
33 *
34 * @see CertPathBuilder
35 * @see CertPathParameters
36 */
37public class PKIXBuilderParameters extends PKIXParameters {
38    // Maximum certificate path length (5 by default)
39    private int maxPathLength = 5;
40
41    /**
42     * Creates a new {@code PKIXBuilderParameters} instance with the specified
43     * set of {@code TrustAnchor} and certificate constraints.
44     *
45     * @param trustAnchors
46     *            the set of {@code TrustAnchors}.
47     * @param targetConstraints
48     *            the certificate constraints.
49     * @throws InvalidAlgorithmParameterException
50     *             if {@code trustAnchors} is empty.
51     * @throws ClassCastException
52     *             if one of the items in {@code trustAnchors} is not an
53     *             instance of {@code java.security.cert.TrustAnchor}.
54     */
55    public PKIXBuilderParameters(Set<TrustAnchor> trustAnchors,
56            CertSelector targetConstraints)
57        throws InvalidAlgorithmParameterException {
58        super(trustAnchors);
59        super.setTargetCertConstraints(targetConstraints);
60    }
61
62    /**
63     * Creates a new {@code PKIXBuilderParameters} instance with the trusted
64     * {@code X509Certificate} entries from the specified {@code KeyStore}.
65     *
66     * @param keyStore
67     *            the key store containing trusted certificates.
68     * @param targetConstraints
69     *            the certificate constraints.
70     * @throws KeyStoreException
71     *             if the {@code keyStore} is not initialized.
72     * @throws InvalidAlgorithmParameterException
73     *             if {@code keyStore} does not contained any trusted
74     *             certificate entry.
75     */
76    public PKIXBuilderParameters(KeyStore keyStore,
77            CertSelector targetConstraints)
78        throws KeyStoreException,
79               InvalidAlgorithmParameterException {
80        super(keyStore);
81        super.setTargetCertConstraints(targetConstraints);
82    }
83
84    /**
85     * Returns the maximum length of a certification path.
86     * <p>
87     * This is the maximum number of non-self-signed certificates in a
88     * certification path.
89     *
90     * @return the maximum length of a certification path, or {@code -1} if it
91     *         is unlimited.
92     */
93    public int getMaxPathLength() {
94        return maxPathLength;
95    }
96
97    /**
98     * Set the maximum length of a certification path.
99     * <p>
100     * This is the maximum number of non-self-signed certificates in a
101     * certification path.
102     *
103     * @param maxPathLength
104     *            the maximum length of a certification path.
105     * @throws InvalidParameterException
106     *             if {@code maxPathLength} is less than {@code -1}.
107     */
108    public void setMaxPathLength(int maxPathLength) {
109        if (maxPathLength < -1) {
110            throw new InvalidParameterException("maxPathLength < -1");
111        }
112        this.maxPathLength = maxPathLength;
113    }
114
115    /**
116     * Returns a string representation of this {@code PKIXBuilderParameters}
117     * instance.
118     *
119     * @return a string representation of this {@code PKIXBuilderParameters}
120     *         instance.
121     */
122    public String toString() {
123        StringBuilder sb = new StringBuilder("[\n");
124        sb.append(super.toString());
125        sb.append(" Max Path Length: ");
126        sb.append(maxPathLength);
127        sb.append("\n]");
128        return sb.toString();
129    }
130}
131