1c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrompackage org.bouncycastle.x509; 2c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 3c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.util.Selector; 4c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport org.bouncycastle.util.Store; 5c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 6c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.InvalidAlgorithmParameterException; 7c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.cert.CertSelector; 8c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.cert.CertStore; 9c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.cert.PKIXParameters; 10c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.cert.TrustAnchor; 11c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.security.cert.X509CertSelector; 12c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.ArrayList; 13c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.Collections; 14c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.HashSet; 15c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.Iterator; 16c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.List; 17c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstromimport java.util.Set; 18c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 19c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom/** 20c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * This class extends the PKIXParameters with a validity model parameter. 21028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * 22028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * @deprecated use PKIXExtendedParameters 23c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 24c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrompublic class ExtendedPKIXParameters 25c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom extends PKIXParameters 26c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom{ 27c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 28c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private List stores; 29c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 30c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private Selector selector; 31c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 32c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private boolean additionalLocationsEnabled; 33c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 34c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private List additionalStores; 35c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 36c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private Set trustedACIssuers; 37c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 38c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private Set necessaryACAttributes; 39c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 40c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private Set prohibitedACAttributes; 41c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 42c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private Set attrCertCheckers; 43c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 44c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 45c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Creates an instance of <code>PKIXParameters</code> with the specified 46c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Set</code> of most-trusted CAs. Each element of the set is a 47028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * {@link TrustAnchor TrustAnchor}. 48028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * <p> 49028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * Note that the <code>Set</code> 50c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * is copied to protect against subsequent modifications. 51028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * </p> 52c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 53c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s 54c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws InvalidAlgorithmParameterException if the specified 55c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Set</code> is empty. 56c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws NullPointerException if the specified <code>Set</code> is 57c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>null</code> 58c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if any of the elements in the <code>Set</code> 59c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * is not of type <code>java.security.cert.TrustAnchor</code> 60c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 61c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public ExtendedPKIXParameters(Set trustAnchors) 62c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throws InvalidAlgorithmParameterException 63c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 64c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom super(trustAnchors); 65c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom stores = new ArrayList(); 66c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom additionalStores = new ArrayList(); 67c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom trustedACIssuers = new HashSet(); 68c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom necessaryACAttributes = new HashSet(); 69c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom prohibitedACAttributes = new HashSet(); 70c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom attrCertCheckers = new HashSet(); 71c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 72c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 73c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 74c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns an instance with the parameters of a given 75c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>PKIXParameters</code> object. 76c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 77c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param pkixParams The given <code>PKIXParameters</code> 78c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return an extended PKIX params object 79c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 80c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) 81c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 82c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom ExtendedPKIXParameters params; 83c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom try 84c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 85c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params = new ExtendedPKIXParameters(pkixParams.getTrustAnchors()); 86c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 87c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom catch (Exception e) 88c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 89c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // cannot happen 90c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new RuntimeException(e.getMessage()); 91c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 92c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params.setParams(pkixParams); 93c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return params; 94c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 95c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 96c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 97c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Method to support <code>clone()</code> under J2ME. 98c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>super.clone()</code> does not exist and fields are not copied. 99c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 100c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param params Parameters to set. If this are 101c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>ExtendedPKIXParameters</code> they are copied to. 102c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 103c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom protected void setParams(PKIXParameters params) 104c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 105c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setDate(params.getDate()); 106c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setCertPathCheckers(params.getCertPathCheckers()); 107c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setCertStores(params.getCertStores()); 108c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setAnyPolicyInhibited(params.isAnyPolicyInhibited()); 109c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setExplicitPolicyRequired(params.isExplicitPolicyRequired()); 110c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setPolicyMappingInhibited(params.isPolicyMappingInhibited()); 111c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setRevocationEnabled(params.isRevocationEnabled()); 112c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setInitialPolicies(params.getInitialPolicies()); 113c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setPolicyQualifiersRejected(params.getPolicyQualifiersRejected()); 114c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setSigProvider(params.getSigProvider()); 115c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setTargetCertConstraints(params.getTargetCertConstraints()); 116c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom try 117c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 118c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom setTrustAnchors(params.getTrustAnchors()); 119c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 120c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom catch (Exception e) 121c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 122c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // cannot happen 123c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new RuntimeException(e.getMessage()); 124c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 125c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (params instanceof ExtendedPKIXParameters) 126c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 127c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom ExtendedPKIXParameters _params = (ExtendedPKIXParameters) params; 128c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom validityModel = _params.validityModel; 129c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom useDeltas = _params.useDeltas; 130c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom additionalLocationsEnabled = _params.additionalLocationsEnabled; 131c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom selector = _params.selector == null ? null 132c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom : (Selector) _params.selector.clone(); 133c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom stores = new ArrayList(_params.stores); 134c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom additionalStores = new ArrayList(_params.additionalStores); 135c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom trustedACIssuers = new HashSet(_params.trustedACIssuers); 136c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom prohibitedACAttributes = new HashSet(_params.prohibitedACAttributes); 137c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom necessaryACAttributes = new HashSet(_params.necessaryACAttributes); 138c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom attrCertCheckers = new HashSet(_params.attrCertCheckers); 139c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 140c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 141c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 142c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 143c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * This is the default PKIX validity model. Actually there are two variants 144c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * of this: The PKIX model and the modified PKIX model. The PKIX model 145c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * verifies that all involved certificates must have been valid at the 146c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * current time. The modified PKIX model verifies that all involved 147c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates were valid at the signing time. Both are indirectly choosen 148c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * with the {@link PKIXParameters#setDate(java.util.Date)} method, so this 149c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * methods sets the Date when <em>all</em> certificates must have been 150c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * valid. 151c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 152c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public static final int PKIX_VALIDITY_MODEL = 0; 153c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 154c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 155c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * This model uses the following validity model. Each certificate must have 156c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * been valid at the moment where is was used. That means the end 157c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificate must have been valid at the time the signature was done. The 158c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * CA certificate which signed the end certificate must have been valid, 159c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * when the end certificate was signed. The CA (or Root CA) certificate must 160c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * have been valid, when the CA certificate was signed and so on. So the 161c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * {@link PKIXParameters#setDate(java.util.Date)} method sets the time, when 162028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * the <em>end certificate</em> must have been valid. 163028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * <p> 164028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * It is used e.g. 165c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * in the German signature law. 166028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * </p> 167c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 168c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public static final int CHAIN_VALIDITY_MODEL = 1; 169c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 170c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private int validityModel = PKIX_VALIDITY_MODEL; 171c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 172c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom private boolean useDeltas = false; 173c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 174c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 175c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Defaults to <code>false</code>. 176c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 177c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns if delta CRLs should be used. 178c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 179c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public boolean isUseDeltasEnabled() 180c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 181c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return useDeltas; 182c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 183c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 184c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 185c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets if delta CRLs should be used for checking the revocation status. 186c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 187c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param useDeltas <code>true</code> if delta CRLs should be used. 188c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 189c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setUseDeltasEnabled(boolean useDeltas) 190c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 191c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.useDeltas = useDeltas; 192c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 193c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 194c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 195c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns the validity model. 196c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #CHAIN_VALIDITY_MODEL 197c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #PKIX_VALIDITY_MODEL 198c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 199c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public int getValidityModel() 200c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 201c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return validityModel; 202c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 203c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 204c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 205c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the Java CertStore to this extended PKIX parameters. 206c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 207c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of <code>stores</code> is not 208c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * a <code>CertStore</code>. 209c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 210c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setCertStores(List stores) 211c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 212c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (stores != null) 213c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 214c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom Iterator it = stores.iterator(); 215c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom while (it.hasNext()) 216c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 217c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom addCertStore((CertStore)it.next()); 218c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 219c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 220c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 221c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 222c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 223c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the Bouncy Castle Stores for finding CRLs, certificates, attribute 224c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates or cross certificates. 225c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 226c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The <code>List</code> is cloned. 227c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 228c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param stores A list of stores to use. 229c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #getStores 230c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of <code>stores</code> is not 231c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * a {@link Store}. 232c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 233c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setStores(List stores) 234c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 235c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (stores == null) 236c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 237c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.stores = new ArrayList(); 238c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 239c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 240c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 241c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom for (Iterator i = stores.iterator(); i.hasNext();) 242c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 243c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (!(i.next() instanceof Store)) 244c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 245c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new ClassCastException( 246c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom "All elements of list must be " 247c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom + "of type org.bouncycastle.util.Store."); 248c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 249c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 250c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.stores = new ArrayList(stores); 251c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 252c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 253c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 254c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 255c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Adds a Bouncy Castle {@link Store} to find CRLs, certificates, attribute 256c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates or cross certificates. 257c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 258c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * This method should be used to add local stores, like collection based 259c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * X.509 stores, if available. Local stores should be considered first, 260c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * before trying to use additional (remote) locations, because they do not 261c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * need possible additional network traffic. 262c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 263c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * If <code>store</code> is <code>null</code> it is ignored. 264c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 265c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param store The store to add. 266c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #getStores 267c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 268c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void addStore(Store store) 269c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 270c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (store != null) 271c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 272c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom stores.add(store); 273c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 274c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 275c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 276c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 277c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Adds an additional Bouncy Castle {@link Store} to find CRLs, certificates, 278c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * attribute certificates or cross certificates. 279c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 280c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * You should not use this method. This method is used for adding additional 281c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * X.509 stores, which are used to add (remote) locations, e.g. LDAP, found 282c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * during X.509 object processing, e.g. in certificates or CRLs. This method 283c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * is used in PKIX certification path processing. 284c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 285c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * If <code>store</code> is <code>null</code> it is ignored. 286c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 287c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param store The store to add. 288c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #getStores() 289028ab6e01e3b911024b9b9243e9a0f4ac377c0faSergio Giro * @deprectaed use addStore(). 290c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 291c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void addAdditionalStore(Store store) 292c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 293c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (store != null) 294c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 295c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom additionalStores.add(store); 296c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 297c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 298c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 299c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 300c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @deprecated 301c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 302c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void addAddionalStore(Store store) 303c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 304c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom addAdditionalStore(store); 305c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 306c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 307c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 308c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns an immutable <code>List</code> of additional Bouncy Castle 309c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Store</code>s used for finding CRLs, certificates, attribute 310c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates or cross certificates. 311c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 312c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return an immutable <code>List</code> of additional Bouncy Castle 313c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Store</code>s. Never <code>null</code>. 314c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 315c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #addAdditionalStore(Store) 316c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 317c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public List getAdditionalStores() 318c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 319c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableList(additionalStores); 320c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 321c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 322c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 323c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns an immutable <code>List</code> of Bouncy Castle 324c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Store</code>s used for finding CRLs, certificates, attribute 325c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates or cross certificates. 326c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 327c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return an immutable <code>List</code> of Bouncy Castle 328c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Store</code>s. Never <code>null</code>. 329c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 330c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #setStores(List) 331c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 332c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public List getStores() 333c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 334c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableList(new ArrayList(stores)); 335c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 336c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 337c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 338c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param validityModel The validity model to set. 339c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #CHAIN_VALIDITY_MODEL 340c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #PKIX_VALIDITY_MODEL 341c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 342c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setValidityModel(int validityModel) 343c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 344c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.validityModel = validityModel; 345c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 346c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 347c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Object clone() 348c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 349c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom ExtendedPKIXParameters params; 350c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom try 351c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 352c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params = new ExtendedPKIXParameters(getTrustAnchors()); 353c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 354c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom catch (Exception e) 355c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 356c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom // cannot happen 357c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new RuntimeException(e.getMessage()); 358c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 359c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom params.setParams(this); 360c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return params; 361c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 362c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 363c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 364c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns if additional {@link X509Store}s for locations like LDAP found 365c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * in certificates or CRLs should be used. 366c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 367c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns <code>true</code> if additional stores are used. 368c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 369c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public boolean isAdditionalLocationsEnabled() 370c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 371c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return additionalLocationsEnabled; 372c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 373c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 374c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 375c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets if additional {@link X509Store}s for locations like LDAP found in 376c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates or CRLs should be used. 377c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 378c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param enabled <code>true</code> if additional stores are used. 379c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 380c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setAdditionalLocationsEnabled(boolean enabled) 381c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 382c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom additionalLocationsEnabled = enabled; 383c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 384c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 385c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 386c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns the required constraints on the target certificate or attribute 387c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificate. The constraints are returned as an instance of 388c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Selector</code>. If <code>null</code>, no constraints are 389c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * defined. 390c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 391c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 392c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The target certificate in a PKIX path may be a certificate or an 393c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * attribute certificate. 394c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 395c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Note that the <code>Selector</code> returned is cloned to protect 396c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * against subsequent modifications. 397c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 398c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return a <code>Selector</code> specifying the constraints on the 399c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * target certificate or attribute certificate (or <code>null</code>) 400c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #setTargetConstraints 401c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see X509CertStoreSelector 402c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see X509AttributeCertStoreSelector 403c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 404c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Selector getTargetConstraints() 405c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 406c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (selector != null) 407c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 408c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return (Selector) selector.clone(); 409c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 410c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 411c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 412c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return null; 413c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 414c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 415c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 416c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 417c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the required constraints on the target certificate or attribute 418c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificate. The constraints are specified as an instance of 419c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>Selector</code>. If <code>null</code>, no constraints are 420c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * defined. 421c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 422c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The target certificate in a PKIX path may be a certificate or an 423c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * attribute certificate. 424c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 425c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Note that the <code>Selector</code> specified is cloned to protect 426c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * against subsequent modifications. 427c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 428c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param selector a <code>Selector</code> specifying the constraints on 429c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * the target certificate or attribute certificate (or 430c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>null</code>) 431c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #getTargetConstraints 432c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see X509CertStoreSelector 433c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see X509AttributeCertStoreSelector 434c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 435c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setTargetConstraints(Selector selector) 436c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 437c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (selector != null) 438c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 439c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.selector = (Selector) selector.clone(); 440c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 441c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 442c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 443c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.selector = null; 444c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 445c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 446c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 447c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 448c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the required constraints on the target certificate. The constraints 449c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * are specified as an instance of <code>X509CertSelector</code>. If 450c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>null</code>, no constraints are defined. 451c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 452c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 453c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * This method wraps the given <code>X509CertSelector</code> into a 454c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>X509CertStoreSelector</code>. 455c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 456c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Note that the <code>X509CertSelector</code> specified is cloned to 457c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * protect against subsequent modifications. 458c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 459c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param selector a <code>X509CertSelector</code> specifying the 460c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * constraints on the target certificate (or <code>null</code>) 461c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see #getTargetCertConstraints 462c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @see X509CertStoreSelector 463c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 464c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setTargetCertConstraints(CertSelector selector) 465c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 466c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom super.setTargetCertConstraints(selector); 467c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (selector != null) 468c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 469c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.selector = X509CertStoreSelector 470c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom .getInstance((X509CertSelector) selector); 471c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 472c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom else 473c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 474c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.selector = null; 475c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 476c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 477c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 478c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 479c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns the trusted attribute certificate issuers. If attribute 480c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificates is verified the trusted AC issuers must be set. 481c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 482c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The returned <code>Set</code> consists of <code>TrustAnchor</code>s. 483c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 484c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The returned <code>Set</code> is immutable. Never <code>null</code> 485c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 486c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns an immutable set of the trusted AC issuers. 487c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 488c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Set getTrustedACIssuers() 489c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 490c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableSet(trustedACIssuers); 491c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 492c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 493c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 494c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the trusted attribute certificate issuers. If attribute certificates 495c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * is verified the trusted AC issuers must be set. 496c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 497c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The <code>trustedACIssuers</code> must be a <code>Set</code> of 498c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>TrustAnchor</code> 499c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 500c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The given set is cloned. 501c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 502c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param trustedACIssuers The trusted AC issuers to set. Is never 503c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>null</code>. 504c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of <code>stores</code> is not 505c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * a <code>TrustAnchor</code>. 506c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 507c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setTrustedACIssuers(Set trustedACIssuers) 508c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 509c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (trustedACIssuers == null) 510c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 511c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.trustedACIssuers.clear(); 512c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return; 513c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 514c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom for (Iterator it = trustedACIssuers.iterator(); it.hasNext();) 515c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 516c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (!(it.next() instanceof TrustAnchor)) 517c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 518c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new ClassCastException("All elements of set must be " 519c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom + "of type " + TrustAnchor.class.getName() + "."); 520c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 521c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 522c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.trustedACIssuers.clear(); 523c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.trustedACIssuers.addAll(trustedACIssuers); 524c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 525c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 526c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 527c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns the neccessary attributes which must be contained in an attribute 528c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * certificate. 529c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 530c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The returned <code>Set</code> is immutable and contains 531c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>String</code>s with the OIDs. 532c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 533c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns the necessary AC attributes. 534c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 535c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Set getNecessaryACAttributes() 536c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 537c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableSet(necessaryACAttributes); 538c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 539c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 540c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 541c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the neccessary which must be contained in an attribute certificate. 542c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 543c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The <code>Set</code> must contain <code>String</code>s with the 544c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * OIDs. 545c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 546c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The set is cloned. 547c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 548c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param necessaryACAttributes The necessary AC attributes to set. 549c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of 550c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>necessaryACAttributes</code> is not a 551c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>String</code>. 552c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 553c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setNecessaryACAttributes(Set necessaryACAttributes) 554c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 555c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (necessaryACAttributes == null) 556c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 557c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.necessaryACAttributes.clear(); 558c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return; 559c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 560c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom for (Iterator it = necessaryACAttributes.iterator(); it.hasNext();) 561c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 562c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (!(it.next() instanceof String)) 563c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 564c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new ClassCastException("All elements of set must be " 565c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom + "of type String."); 566c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 567c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 568c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.necessaryACAttributes.clear(); 569c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.necessaryACAttributes.addAll(necessaryACAttributes); 570c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 571c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 572c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 573c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns the attribute certificates which are not allowed. 574c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 575c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The returned <code>Set</code> is immutable and contains 576c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>String</code>s with the OIDs. 577c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 578c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns the prohibited AC attributes. Is never <code>null</code>. 579c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 580c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Set getProhibitedACAttributes() 581c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 582c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableSet(prohibitedACAttributes); 583c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 584c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 585c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 586c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the attribute certificates which are not allowed. 587c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 588c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The <code>Set</code> must contain <code>String</code>s with the 589c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * OIDs. 590c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 591c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The set is cloned. 592c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 593c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param prohibitedACAttributes The prohibited AC attributes to set. 594c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of 595c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>prohibitedACAttributes</code> is not a 596c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>String</code>. 597c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 598c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setProhibitedACAttributes(Set prohibitedACAttributes) 599c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 600c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (prohibitedACAttributes == null) 601c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 602c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.prohibitedACAttributes.clear(); 603c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return; 604c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 605c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom for (Iterator it = prohibitedACAttributes.iterator(); it.hasNext();) 606c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 607c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (!(it.next() instanceof String)) 608c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 609c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new ClassCastException("All elements of set must be " 610c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom + "of type String."); 611c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 612c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 613c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.prohibitedACAttributes.clear(); 614c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.prohibitedACAttributes.addAll(prohibitedACAttributes); 615c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 616c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 617c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 618c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Returns the attribute certificate checker. The returned set contains 619c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * {@link PKIXAttrCertChecker}s and is immutable. 620c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 621c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @return Returns the attribute certificate checker. Is never 622c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <code>null</code>. 623c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 624c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public Set getAttrCertCheckers() 625c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 626c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return Collections.unmodifiableSet(attrCertCheckers); 627c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 628c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 629c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom /** 630c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * Sets the attribute certificate checkers. 631c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 632c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * All elements in the <code>Set</code> must a {@link PKIXAttrCertChecker}. 633c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * <p> 634c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * The given set is cloned. 635c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * 636c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @param attrCertCheckers The attribute certificate checkers to set. Is 637c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * never <code>null</code>. 638c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * @throws ClassCastException if an element of <code>attrCertCheckers</code> 639c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom * is not a <code>PKIXAttrCertChecker</code>. 640c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom */ 641c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom public void setAttrCertCheckers(Set attrCertCheckers) 642c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 643c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (attrCertCheckers == null) 644c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 645c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.attrCertCheckers.clear(); 646c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom return; 647c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 648c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom for (Iterator it = attrCertCheckers.iterator(); it.hasNext();) 649c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 650c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom if (!(it.next() instanceof PKIXAttrCertChecker)) 651c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom { 652c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom throw new ClassCastException("All elements of set must be " 653c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom + "of type " + PKIXAttrCertChecker.class.getName() + "."); 654c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 655c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 656c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.attrCertCheckers.clear(); 657c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom this.attrCertCheckers.addAll(attrCertCheckers); 658c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom } 659c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom 660c37f4a04ef89e73a39a59f3c5a179af8c8ab5974Brian Carlstrom} 661