1 package org.bouncycastle.x509; 2 3 import org.bouncycastle.util.Selector; 4 5 import java.security.InvalidAlgorithmParameterException; 6 import java.security.InvalidParameterException; 7 import java.security.cert.PKIXBuilderParameters; 8 import java.security.cert.PKIXParameters; 9 import java.security.cert.TrustAnchor; 10 import java.security.cert.X509CertSelector; 11 import java.util.Collections; 12 import java.util.HashSet; 13 import java.util.Set; 14 15 /** 16 * This class contains extended parameters for PKIX certification path builders. 17 * 18 * @see java.security.cert.PKIXBuilderParameters 19 * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi 20 * @deprecated use PKIXExtendedBuilderParameters 21 */ 22 public class ExtendedPKIXBuilderParameters extends ExtendedPKIXParameters 23 { 24 25 private int maxPathLength = 5; 26 27 private Set excludedCerts = Collections.EMPTY_SET; 28 29 /** 30 * Excluded certificates are not used for building a certification path. 31 * <p> 32 * The returned set is immutable. 33 * 34 * @return Returns the excluded certificates. 35 */ getExcludedCerts()36 public Set getExcludedCerts() 37 { 38 return Collections.unmodifiableSet(excludedCerts); 39 } 40 41 /** 42 * Sets the excluded certificates which are not used for building a 43 * certification path. If the <code>Set</code> is <code>null</code> an 44 * empty set is assumed. 45 * <p> 46 * The given set is cloned to protect it against subsequent modifications. 47 * 48 * @param excludedCerts The excluded certificates to set. 49 */ setExcludedCerts(Set excludedCerts)50 public void setExcludedCerts(Set excludedCerts) 51 { 52 if (excludedCerts == null) 53 { 54 excludedCerts = Collections.EMPTY_SET; 55 } 56 else 57 { 58 this.excludedCerts = new HashSet(excludedCerts); 59 } 60 } 61 62 /** 63 * Creates an instance of <code>PKIXBuilderParameters</code> with the 64 * specified <code>Set</code> of most-trusted CAs. Each element of the set 65 * is a {@link TrustAnchor TrustAnchor}. 66 * 67 * <p> 68 * Note that the <code>Set</code> is copied to protect against subsequent 69 * modifications. 70 * 71 * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s 72 * @param targetConstraints a <code>Selector</code> specifying the 73 * constraints on the target certificate or attribute 74 * certificate. 75 * @throws InvalidAlgorithmParameterException if <code>trustAnchors</code> 76 * is empty. 77 * @throws NullPointerException if <code>trustAnchors</code> is 78 * <code>null</code> 79 * @throws ClassCastException if any of the elements of 80 * <code>trustAnchors</code> is not of type 81 * <code>java.security.cert.TrustAnchor</code> 82 */ ExtendedPKIXBuilderParameters(Set trustAnchors, Selector targetConstraints)83 public ExtendedPKIXBuilderParameters(Set trustAnchors, 84 Selector targetConstraints) 85 throws InvalidAlgorithmParameterException 86 { 87 super(trustAnchors); 88 setTargetConstraints(targetConstraints); 89 } 90 91 /** 92 * Sets the maximum number of intermediate non-self-issued certificates in a 93 * certification path. The PKIX <code>CertPathBuilder</code> must not 94 * build paths longer then this length. 95 * <p> 96 * A value of 0 implies that the path can only contain a single certificate. 97 * A value of -1 does not limit the length. The default length is 5. 98 * 99 * <p> 100 * 101 * The basic constraints extension of a CA certificate overrides this value 102 * if smaller. 103 * 104 * @param maxPathLength the maximum number of non-self-issued intermediate 105 * certificates in the certification path 106 * @throws InvalidParameterException if <code>maxPathLength</code> is set 107 * to a value less than -1 108 * 109 * @see org.bouncycastle.jce.provider.PKIXCertPathBuilderSpi 110 * @see #getMaxPathLength 111 */ setMaxPathLength(int maxPathLength)112 public void setMaxPathLength(int maxPathLength) 113 { 114 if (maxPathLength < -1) 115 { 116 throw new InvalidParameterException("The maximum path " 117 + "length parameter can not be less than -1."); 118 } 119 this.maxPathLength = maxPathLength; 120 } 121 122 /** 123 * Returns the value of the maximum number of intermediate non-self-issued 124 * certificates in the certification path. 125 * 126 * @return the maximum number of non-self-issued intermediate certificates 127 * in the certification path, or -1 if no limit exists. 128 * 129 * @see #setMaxPathLength(int) 130 */ getMaxPathLength()131 public int getMaxPathLength() 132 { 133 return maxPathLength; 134 } 135 136 /** 137 * Can alse handle <code>ExtendedPKIXBuilderParameters</code> and 138 * <code>PKIXBuilderParameters</code>. 139 * 140 * @param params Parameters to set. 141 * @see org.bouncycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters) 142 */ setParams(PKIXParameters params)143 protected void setParams(PKIXParameters params) 144 { 145 super.setParams(params); 146 if (params instanceof ExtendedPKIXBuilderParameters) 147 { 148 ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params; 149 maxPathLength = _params.maxPathLength; 150 excludedCerts = new HashSet(_params.excludedCerts); 151 } 152 if (params instanceof PKIXBuilderParameters) 153 { 154 PKIXBuilderParameters _params = (PKIXBuilderParameters) params; 155 maxPathLength = _params.getMaxPathLength(); 156 } 157 } 158 159 /** 160 * Makes a copy of this <code>PKIXParameters</code> object. Changes to the 161 * copy will not affect the original and vice versa. 162 * 163 * @return a copy of this <code>PKIXParameters</code> object 164 */ clone()165 public Object clone() 166 { 167 ExtendedPKIXBuilderParameters params = null; 168 try 169 { 170 params = new ExtendedPKIXBuilderParameters(getTrustAnchors(), 171 getTargetConstraints()); 172 } 173 catch (Exception e) 174 { 175 // cannot happen 176 throw new RuntimeException(e.getMessage()); 177 } 178 params.setParams(this); 179 return params; 180 } 181 182 /** 183 * Returns an instance of <code>ExtendedPKIXParameters</code> which can be 184 * safely casted to <code>ExtendedPKIXBuilderParameters</code>. 185 * <p> 186 * This method can be used to get a copy from other 187 * <code>PKIXBuilderParameters</code>, <code>PKIXParameters</code>, 188 * and <code>ExtendedPKIXParameters</code> instances. 189 * 190 * @param pkixParams The PKIX parameters to create a copy of. 191 * @return An <code>ExtendedPKIXBuilderParameters</code> instance. 192 */ getInstance(PKIXParameters pkixParams)193 public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams) 194 { 195 ExtendedPKIXBuilderParameters params; 196 try 197 { 198 params = new ExtendedPKIXBuilderParameters(pkixParams 199 .getTrustAnchors(), X509CertStoreSelector 200 .getInstance((X509CertSelector) pkixParams 201 .getTargetCertConstraints())); 202 } 203 catch (Exception e) 204 { 205 // cannot happen 206 throw new RuntimeException(e.getMessage()); 207 } 208 params.setParams(pkixParams); 209 return params; 210 } 211 } 212