1package org.bouncycastle.jcajce; 2 3import java.security.InvalidParameterException; 4import java.security.cert.CertPathParameters; 5import java.security.cert.PKIXBuilderParameters; 6import java.security.cert.X509Certificate; 7import java.util.Collections; 8import java.util.HashSet; 9import java.util.Set; 10 11/** 12 * This class contains extended parameters for PKIX certification path builders. 13 * 14 * @see java.security.cert.PKIXBuilderParameters 15 */ 16public class PKIXExtendedBuilderParameters 17 implements CertPathParameters 18{ 19 public static class Builder 20 { 21 private final PKIXExtendedParameters baseParameters; 22 23 private int maxPathLength = 5; 24 private Set<X509Certificate> excludedCerts = new HashSet<X509Certificate>(); 25 26 public Builder(PKIXBuilderParameters baseParameters) 27 { 28 this.baseParameters = new PKIXExtendedParameters.Builder(baseParameters).build(); 29 this.maxPathLength = baseParameters.getMaxPathLength(); 30 } 31 32 public Builder(PKIXExtendedParameters baseParameters) 33 { 34 this.baseParameters = baseParameters; 35 } 36 37 /** 38 * Adds excluded certificates which are not used for building a 39 * certification path. 40 * <p> 41 * The given set is cloned to protect it against subsequent modifications. 42 * 43 * @param excludedCerts The excluded certificates to set. 44 */ 45 public Builder addExcludedCerts(Set<X509Certificate> excludedCerts) 46 { 47 this.excludedCerts.addAll(excludedCerts); 48 49 return this; 50 } 51 52 /** 53 * Sets the maximum number of intermediate non-self-issued certificates in a 54 * certification path. The PKIX <code>CertPathBuilder</code> must not 55 * build paths longer then this length. 56 * <p> 57 * A value of 0 implies that the path can only contain a single certificate. 58 * A value of -1 does not limit the length. The default length is 5. 59 * 60 * <p> 61 * 62 * The basic constraints extension of a CA certificate overrides this value 63 * if smaller. 64 * 65 * @param maxPathLength the maximum number of non-self-issued intermediate 66 * certificates in the certification path 67 * @throws java.security.InvalidParameterException if <code>maxPathLength</code> is set 68 * to a value less than -1 69 * 70 * @see #getMaxPathLength 71 */ 72 public Builder setMaxPathLength(int maxPathLength) 73 { 74 if (maxPathLength < -1) 75 { 76 throw new InvalidParameterException("The maximum path " 77 + "length parameter can not be less than -1."); 78 } 79 this.maxPathLength = maxPathLength; 80 81 return this; 82 } 83 84 public PKIXExtendedBuilderParameters build() 85 { 86 return new PKIXExtendedBuilderParameters(this); 87 } 88 } 89 90 private final PKIXExtendedParameters baseParameters; 91 private final Set<X509Certificate> excludedCerts; 92 private final int maxPathLength; 93 94 private PKIXExtendedBuilderParameters(Builder builder) 95 { 96 this.baseParameters = builder.baseParameters; 97 this.excludedCerts = Collections.unmodifiableSet(builder.excludedCerts); 98 this.maxPathLength = builder.maxPathLength; 99 } 100 101 public PKIXExtendedParameters getBaseParameters() 102 { 103 return baseParameters; 104 } 105 106 /** 107 * Excluded certificates are not used for building a certification path. 108 * <p> 109 * The returned set is immutable. 110 * 111 * @return Returns the excluded certificates. 112 */ 113 public Set getExcludedCerts() 114 { 115 return excludedCerts; 116 } 117 118 /** 119 * Returns the value of the maximum number of intermediate non-self-issued 120 * certificates in the certification path. 121 * 122 * @return the maximum number of non-self-issued intermediate certificates 123 * in the certification path, or -1 if no limit exists. 124 */ 125 public int getMaxPathLength() 126 { 127 return maxPathLength; 128 } 129 130 /** 131 * @return this object 132 */ 133 public Object clone() 134 { 135 return this; 136 } 137} 138 139