1c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrompackage org.bouncycastle.x509; 2c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 3c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.util.Selector; 4c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.util.Store; 5c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 6c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.InvalidAlgorithmParameterException; 7c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.cert.CertSelector; 8c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.cert.CertStore; 9c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.cert.PKIXParameters; 10c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.cert.TrustAnchor; 11c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.cert.X509CertSelector; 12c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.ArrayList; 13c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.Collections; 14c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.HashSet; 15c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.Iterator; 16c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.List; 17c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.Set; 18c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 19c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom/** 20c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * This class extends the PKIXParameters with a validity model parameter. 21c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 22c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrompublic class ExtendedPKIXParameters 23c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom extends PKIXParameters 24c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom{ 25c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 26c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private List stores; 27c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 28c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private Selector selector; 29c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 30c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private boolean additionalLocationsEnabled; 31c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 32c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private List additionalStores; 33c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 34c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private Set trustedACIssuers; 35c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 36c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private Set necessaryACAttributes; 37c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 38c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private Set prohibitedACAttributes; 39c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 40c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private Set attrCertCheckers; 41c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 42c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 43c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Creates an instance of <code>PKIXParameters</code> with the specified 44c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Set</code> of most-trusted CAs. Each element of the set is a 45c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * {@link TrustAnchor TrustAnchor}. <p/> Note that the <code>Set</code> 46c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * is copied to protect against subsequent modifications. 47c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 48c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s 49c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws InvalidAlgorithmParameterException if the specified 50c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Set</code> is empty. 51c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws NullPointerException if the specified <code>Set</code> is 52c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>null</code> 53c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if any of the elements in the <code>Set</code> 54c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * is not of type <code>java.security.cert.TrustAnchor</code> 55c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 56c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public ExtendedPKIXParameters(Set trustAnchors) 57c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throws InvalidAlgorithmParameterException 58c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 59c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom super(trustAnchors); 60c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom stores = new ArrayList(); 61c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom additionalStores = new ArrayList(); 62c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom trustedACIssuers = new HashSet(); 63c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom necessaryACAttributes = new HashSet(); 64c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom prohibitedACAttributes = new HashSet(); 65c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom attrCertCheckers = new HashSet(); 66c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 67c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 68c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 69c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns an instance with the parameters of a given 70c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>PKIXParameters</code> object. 71c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 72c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param pkixParams The given <code>PKIXParameters</code> 73c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return an extended PKIX params object 74c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 75c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) 76c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 77c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom ExtendedPKIXParameters params; 78c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom try 79c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 80c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params = new ExtendedPKIXParameters(pkixParams.getTrustAnchors()); 81c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 82c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom catch (Exception e) 83c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 84c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // cannot happen 85c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new RuntimeException(e.getMessage()); 86c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 87c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params.setParams(pkixParams); 88c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return params; 89c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 90c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 91c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 92c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Method to support <code>clone()</code> under J2ME. 93c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>super.clone()</code> does not exist and fields are not copied. 94c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 95c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param params Parameters to set. If this are 96c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>ExtendedPKIXParameters</code> they are copied to. 97c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 98c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom protected void setParams(PKIXParameters params) 99c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 100c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setDate(params.getDate()); 101c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setCertPathCheckers(params.getCertPathCheckers()); 102c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setCertStores(params.getCertStores()); 103c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setAnyPolicyInhibited(params.isAnyPolicyInhibited()); 104c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setExplicitPolicyRequired(params.isExplicitPolicyRequired()); 105c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setPolicyMappingInhibited(params.isPolicyMappingInhibited()); 106c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setRevocationEnabled(params.isRevocationEnabled()); 107c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setInitialPolicies(params.getInitialPolicies()); 108c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setPolicyQualifiersRejected(params.getPolicyQualifiersRejected()); 109c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setSigProvider(params.getSigProvider()); 110c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setTargetCertConstraints(params.getTargetCertConstraints()); 111c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom try 112c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 113c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setTrustAnchors(params.getTrustAnchors()); 114c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 115c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom catch (Exception e) 116c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 117c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // cannot happen 118c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new RuntimeException(e.getMessage()); 119c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 120c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (params instanceof ExtendedPKIXParameters) 121c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 122c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom ExtendedPKIXParameters _params = (ExtendedPKIXParameters) params; 123c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom validityModel = _params.validityModel; 124c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom useDeltas = _params.useDeltas; 125c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom additionalLocationsEnabled = _params.additionalLocationsEnabled; 126c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom selector = _params.selector == null ? null 127c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom : (Selector) _params.selector.clone(); 128c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom stores = new ArrayList(_params.stores); 129c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom additionalStores = new ArrayList(_params.additionalStores); 130c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom trustedACIssuers = new HashSet(_params.trustedACIssuers); 131c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom prohibitedACAttributes = new HashSet(_params.prohibitedACAttributes); 132c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom necessaryACAttributes = new HashSet(_params.necessaryACAttributes); 133c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom attrCertCheckers = new HashSet(_params.attrCertCheckers); 134c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 135c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 136c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 137c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 138c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * This is the default PKIX validity model. Actually there are two variants 139c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * of this: The PKIX model and the modified PKIX model. The PKIX model 140c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * verifies that all involved certificates must have been valid at the 141c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * current time. The modified PKIX model verifies that all involved 142c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates were valid at the signing time. Both are indirectly choosen 143c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * with the {@link PKIXParameters#setDate(java.util.Date)} method, so this 144c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * methods sets the Date when <em>all</em> certificates must have been 145c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * valid. 146c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 147c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public static final int PKIX_VALIDITY_MODEL = 0; 148c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 149c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 150c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * This model uses the following validity model. Each certificate must have 151c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * been valid at the moment where is was used. That means the end 152c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificate must have been valid at the time the signature was done. The 153c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * CA certificate which signed the end certificate must have been valid, 154c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * when the end certificate was signed. The CA (or Root CA) certificate must 155c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * have been valid, when the CA certificate was signed and so on. So the 156c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * {@link PKIXParameters#setDate(java.util.Date)} method sets the time, when 157c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * the <em>end certificate</em> must have been valid. <p/> It is used e.g. 158c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * in the German signature law. 159c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 160c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public static final int CHAIN_VALIDITY_MODEL = 1; 161c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 162c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private int validityModel = PKIX_VALIDITY_MODEL; 163c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 164c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private boolean useDeltas = false; 165c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 166c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 167c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Defaults to <code>false</code>. 168c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 169c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns if delta CRLs should be used. 170c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 171c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public boolean isUseDeltasEnabled() 172c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 173c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return useDeltas; 174c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 175c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 176c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 177c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets if delta CRLs should be used for checking the revocation status. 178c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 179c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param useDeltas <code>true</code> if delta CRLs should be used. 180c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 181c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setUseDeltasEnabled(boolean useDeltas) 182c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 183c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.useDeltas = useDeltas; 184c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 185c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 186c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 187c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns the validity model. 188c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #CHAIN_VALIDITY_MODEL 189c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #PKIX_VALIDITY_MODEL 190c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 191c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public int getValidityModel() 192c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 193c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return validityModel; 194c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 195c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 196c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 197c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the Java CertStore to this extended PKIX parameters. 198c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 199c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of <code>stores</code> is not 200c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * a <code>CertStore</code>. 201c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 202c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setCertStores(List stores) 203c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 204c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (stores != null) 205c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 206c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom Iterator it = stores.iterator(); 207c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom while (it.hasNext()) 208c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 209c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom addCertStore((CertStore)it.next()); 210c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 211c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 212c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 213c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 214c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 215c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute 216c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates or cross certificates. 217c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 218c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The <code>List</code> is cloned. 219c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 220c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param stores A list of stores to use. 221c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #getStores 222c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of <code>stores</code> is not 223c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * a {@link Store}. 224c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 225c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setStores(List stores) 226c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 227c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (stores == null) 228c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 229c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.stores = new ArrayList(); 230c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 231c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 232c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 233c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom for (Iterator i = stores.iterator(); i.hasNext();) 234c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 235c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (!(i.next() instanceof Store)) 236c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 237c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new ClassCastException( 238c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom "All elements of list must be " 239c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom + "of type org.bouncycastle.util.Store."); 240c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 241c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 242c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.stores = new ArrayList(stores); 243c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 244c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 245c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 246c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 247c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute 248c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates or cross certificates. 249c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 250c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * This method should be used to add local stores, like collection based 251c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * X.509 stores, if available. Local stores should be considered first, 252c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * before trying to use additional (remote) locations, because they do not 253c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * need possible additional network traffic. 254c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 255c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * If <code>store</code> is <code>null</code> it is ignored. 256c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 257c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param store The store to add. 258c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #getStores 259c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 260c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void addStore(Store store) 261c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 262c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (store != null) 263c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 264c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom stores.add(store); 265c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 266c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 267c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 268c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 269c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates, 270c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * attribute certificates or cross certificates. 271c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 272c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * You should not use this method. This method is used for adding additional 273c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * X.509 stores, which are used to add (remote) locations, e.g. LDAP, found 274c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * during X.509 object processing, e.g. in certificates or CRLs. This method 275c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * is used in PKIX certification path processing. 276c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 277c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * If <code>store</code> is <code>null</code> it is ignored. 278c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 279c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param store The store to add. 280c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #getStores() 281c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 282c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void addAdditionalStore(Store store) 283c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 284c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (store != null) 285c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 286c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom additionalStores.add(store); 287c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 288c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 289c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 290c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 291c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @deprecated 292c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 293c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void addAddionalStore(Store store) 294c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 295c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom addAdditionalStore(store); 296c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 297c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 298c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 299c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns an immutable <code>List</code> of additional Bouncy Castle 300c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Store</code>s used for finding CRLs, certificates, attribute 301c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates or cross certificates. 302c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 303c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return an immutable <code>List</code> of additional Bouncy Castle 304c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Store</code>s. Never <code>null</code>. 305c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 306c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #addAdditionalStore(Store) 307c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 308c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public List getAdditionalStores() 309c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 310c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableList(additionalStores); 311c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 312c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 313c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 314c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns an immutable <code>List</code> of Bouncy Castle 315c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Store</code>s used for finding CRLs, certificates, attribute 316c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates or cross certificates. 317c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 318c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return an immutable <code>List</code> of Bouncy Castle 319c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Store</code>s. Never <code>null</code>. 320c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 321c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #setStores(List) 322c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 323c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public List getStores() 324c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 325c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableList(new ArrayList(stores)); 326c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 327c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 328c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 329c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param validityModel The validity model to set. 330c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #CHAIN_VALIDITY_MODEL 331c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #PKIX_VALIDITY_MODEL 332c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 333c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setValidityModel(int validityModel) 334c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 335c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.validityModel = validityModel; 336c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 337c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 338c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Object clone() 339c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 340c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom ExtendedPKIXParameters params; 341c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom try 342c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 343c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params = new ExtendedPKIXParameters(getTrustAnchors()); 344c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 345c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom catch (Exception e) 346c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 347c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // cannot happen 348c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new RuntimeException(e.getMessage()); 349c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 350c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params.setParams(this); 351c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return params; 352c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 353c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 354c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 355c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns if additional {@link X509Store}s for locations like LDAP found 356c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * in certificates or CRLs should be used. 357c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 358c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns <code>true</code> if additional stores are used. 359c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 360c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public boolean isAdditionalLocationsEnabled() 361c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 362c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return additionalLocationsEnabled; 363c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 364c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 365c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 366c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets if additional {@link X509Store}s for locations like LDAP found in 367c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates or CRLs should be used. 368c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 369c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param enabled <code>true</code> if additional stores are used. 370c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 371c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setAdditionalLocationsEnabled(boolean enabled) 372c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 373c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom additionalLocationsEnabled = enabled; 374c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 375c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 376c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 377c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns the required constraints on the target certificate or attribute 378c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificate. The constraints are returned as an instance of 379c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Selector</code>. If <code>null</code>, no constraints are 380c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * defined. 381c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 382c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 383c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The target certificate in a PKIX path may be a certificate or an 384c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * attribute certificate. 385c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 386c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Note that the <code>Selector</code> returned is cloned to protect 387c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * against subsequent modifications. 388c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 389c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return a <code>Selector</code> specifying the constraints on the 390c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * target certificate or attribute certificate (or <code>null</code>) 391c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #setTargetConstraints 392c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see X509CertStoreSelector 393c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see X509AttributeCertStoreSelector 394c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 395c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Selector getTargetConstraints() 396c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 397c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (selector != null) 398c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 399c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return (Selector) selector.clone(); 400c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 401c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 402c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 403c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return null; 404c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 405c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 406c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 407c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 408c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the required constraints on the target certificate or attribute 409c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificate. The constraints are specified as an instance of 410c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Selector</code>. If <code>null</code>, no constraints are 411c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * defined. 412c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 413c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The target certificate in a PKIX path may be a certificate or an 414c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * attribute certificate. 415c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 416c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Note that the <code>Selector</code> specified is cloned to protect 417c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * against subsequent modifications. 418c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 419c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param selector a <code>Selector</code> specifying the constraints on 420c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * the target certificate or attribute certificate (or 421c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>null</code>) 422c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #getTargetConstraints 423c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see X509CertStoreSelector 424c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see X509AttributeCertStoreSelector 425c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 426c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setTargetConstraints(Selector selector) 427c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 428c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (selector != null) 429c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 430c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.selector = (Selector) selector.clone(); 431c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 432c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 433c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 434c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.selector = null; 435c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 436c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 437c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 438c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 439c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the required constraints on the target certificate. The constraints 440c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * are specified as an instance of <code>X509CertSelector</code>. If 441c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>null</code>, no constraints are defined. 442c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 443c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 444c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * This method wraps the given <code>X509CertSelector</code> into a 445c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>X509CertStoreSelector</code>. 446c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 447c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Note that the <code>X509CertSelector</code> specified is cloned to 448c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * protect against subsequent modifications. 449c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 450c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param selector a <code>X509CertSelector</code> specifying the 451c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * constraints on the target certificate (or <code>null</code>) 452c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #getTargetCertConstraints 453c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see X509CertStoreSelector 454c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 455c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setTargetCertConstraints(CertSelector selector) 456c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 457c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom super.setTargetCertConstraints(selector); 458c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (selector != null) 459c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 460c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.selector = X509CertStoreSelector 461c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom .getInstance((X509CertSelector) selector); 462c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 463c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 464c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 465c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.selector = null; 466c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 467c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 468c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 469c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 470c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns the trusted attribute certificate issuers. If attribute 471c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates is verified the trusted AC issuers must be set. 472c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 473c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The returned <code>Set</code> consists of <code>TrustAnchor</code>s. 474c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 475c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The returned <code>Set</code> is immutable. Never <code>null</code> 476c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 477c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns an immutable set of the trusted AC issuers. 478c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 479c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Set getTrustedACIssuers() 480c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 481c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableSet(trustedACIssuers); 482c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 483c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 484c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 485c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the trusted attribute certificate issuers. If attribute certificates 486c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * is verified the trusted AC issuers must be set. 487c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 488c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The <code>trustedACIssuers</code> must be a <code>Set</code> of 489c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>TrustAnchor</code> 490c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 491c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The given set is cloned. 492c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 493c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param trustedACIssuers The trusted AC issuers to set. Is never 494c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>null</code>. 495c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of <code>stores</code> is not 496c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * a <code>TrustAnchor</code>. 497c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 498c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setTrustedACIssuers(Set trustedACIssuers) 499c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 500c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (trustedACIssuers == null) 501c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 502c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.trustedACIssuers.clear(); 503c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return; 504c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 505c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom for (Iterator it = trustedACIssuers.iterator(); it.hasNext();) 506c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 507c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (!(it.next() instanceof TrustAnchor)) 508c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 509c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new ClassCastException("All elements of set must be " 510c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom + "of type " + TrustAnchor.class.getName() + "."); 511c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 512c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 513c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.trustedACIssuers.clear(); 514c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.trustedACIssuers.addAll(trustedACIssuers); 515c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 516c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 517c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 518c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns the neccessary attributes which must be contained in an attribute 519c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificate. 520c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 521c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The returned <code>Set</code> is immutable and contains 522c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>String</code>s with the OIDs. 523c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 524c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns the necessary AC attributes. 525c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 526c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Set getNecessaryACAttributes() 527c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 528c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableSet(necessaryACAttributes); 529c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 530c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 531c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 532c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the neccessary which must be contained in an attribute certificate. 533c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 534c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The <code>Set</code> must contain <code>String</code>s with the 535c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * OIDs. 536c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 537c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The set is cloned. 538c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 539c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param necessaryACAttributes The necessary AC attributes to set. 540c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of 541c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>necessaryACAttributes</code> is not a 542c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>String</code>. 543c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 544c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setNecessaryACAttributes(Set necessaryACAttributes) 545c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 546c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (necessaryACAttributes == null) 547c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 548c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.necessaryACAttributes.clear(); 549c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return; 550c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 551c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom for (Iterator it = necessaryACAttributes.iterator(); it.hasNext();) 552c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 553c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (!(it.next() instanceof String)) 554c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 555c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new ClassCastException("All elements of set must be " 556c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom + "of type String."); 557c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 558c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 559c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.necessaryACAttributes.clear(); 560c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.necessaryACAttributes.addAll(necessaryACAttributes); 561c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 562c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 563c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 564c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns the attribute certificates which are not allowed. 565c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 566c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The returned <code>Set</code> is immutable and contains 567c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>String</code>s with the OIDs. 568c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 569c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns the prohibited AC attributes. Is never <code>null</code>. 570c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 571c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Set getProhibitedACAttributes() 572c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 573c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableSet(prohibitedACAttributes); 574c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 575c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 576c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 577c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the attribute certificates which are not allowed. 578c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 579c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The <code>Set</code> must contain <code>String</code>s with the 580c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * OIDs. 581c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 582c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The set is cloned. 583c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 584c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param prohibitedACAttributes The prohibited AC attributes to set. 585c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of 586c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>prohibitedACAttributes</code> is not a 587c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>String</code>. 588c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 589c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setProhibitedACAttributes(Set prohibitedACAttributes) 590c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 591c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (prohibitedACAttributes == null) 592c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 593c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.prohibitedACAttributes.clear(); 594c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return; 595c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 596c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom for (Iterator it = prohibitedACAttributes.iterator(); it.hasNext();) 597c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 598c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (!(it.next() instanceof String)) 599c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 600c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new ClassCastException("All elements of set must be " 601c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom + "of type String."); 602c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 603c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 604c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.prohibitedACAttributes.clear(); 605c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.prohibitedACAttributes.addAll(prohibitedACAttributes); 606c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 607c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 608c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 609c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns the attribute certificate checker. The returned set contains 610c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * {@link PKIXAttrCertChecker}s and is immutable. 611c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 612c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns the attribute certificate checker. Is never 613c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>null</code>. 614c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 615c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Set getAttrCertCheckers() 616c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 617c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableSet(attrCertCheckers); 618c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 619c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 620c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 621c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the attribute certificate checkers. 622c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 623c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * All elements in the <code>Set</code> must a {@link PKIXAttrCertChecker}. 624c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 625c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The given set is cloned. 626c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 627c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param attrCertCheckers The attribute certificate checkers to set. Is 628c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * never <code>null</code>. 629c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of <code>attrCertCheckers</code> 630c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * is not a <code>PKIXAttrCertChecker</code>. 631c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 632c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setAttrCertCheckers(Set attrCertCheckers) 633c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 634c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (attrCertCheckers == null) 635c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 636c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.attrCertCheckers.clear(); 637c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return; 638c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 639c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom for (Iterator it = attrCertCheckers.iterator(); it.hasNext();) 640c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 641c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (!(it.next() instanceof PKIXAttrCertChecker)) 642c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 643c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new ClassCastException("All elements of set must be " 644c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom + "of type " + PKIXAttrCertChecker.class.getName() + "."); 645c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 646c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 647c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.attrCertCheckers.clear(); 648c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.attrCertCheckers.addAll(attrCertCheckers); 649c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 650c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 651c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom} 652