diff options
Diffstat (limited to 'bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java')
-rw-r--r-- | bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java | 138 |
1 files changed, 138 insertions, 0 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java new file mode 100644 index 0000000..3369d0d --- /dev/null +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java @@ -0,0 +1,138 @@ +package org.bouncycastle.jcajce; + +import java.security.InvalidParameterException; +import java.security.cert.CertPathParameters; +import java.security.cert.PKIXBuilderParameters; +import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +/** + * This class contains extended parameters for PKIX certification path builders. + * + * @see java.security.cert.PKIXBuilderParameters + */ +public class PKIXExtendedBuilderParameters + implements CertPathParameters +{ + public static class Builder + { + private final PKIXExtendedParameters baseParameters; + + private int maxPathLength = 5; + private Set<X509Certificate> excludedCerts = new HashSet<X509Certificate>(); + + public Builder(PKIXBuilderParameters baseParameters) + { + this.baseParameters = new PKIXExtendedParameters.Builder(baseParameters).build(); + this.maxPathLength = baseParameters.getMaxPathLength(); + } + + public Builder(PKIXExtendedParameters baseParameters) + { + this.baseParameters = baseParameters; + } + + /** + * Adds excluded certificates which are not used for building a + * certification path. + * <p> + * The given set is cloned to protect it against subsequent modifications. + * + * @param excludedCerts The excluded certificates to set. + */ + public Builder addExcludedCerts(Set<X509Certificate> excludedCerts) + { + this.excludedCerts.addAll(excludedCerts); + + return this; + } + + /** + * Sets the maximum number of intermediate non-self-issued certificates in a + * certification path. The PKIX <code>CertPathBuilder</code> must not + * build paths longer then this length. + * <p> + * A value of 0 implies that the path can only contain a single certificate. + * A value of -1 does not limit the length. The default length is 5. + * + * <p> + * + * The basic constraints extension of a CA certificate overrides this value + * if smaller. + * + * @param maxPathLength the maximum number of non-self-issued intermediate + * certificates in the certification path + * @throws java.security.InvalidParameterException if <code>maxPathLength</code> is set + * to a value less than -1 + * + * @see #getMaxPathLength + */ + public Builder setMaxPathLength(int maxPathLength) + { + if (maxPathLength < -1) + { + throw new InvalidParameterException("The maximum path " + + "length parameter can not be less than -1."); + } + this.maxPathLength = maxPathLength; + + return this; + } + + public PKIXExtendedBuilderParameters build() + { + return new PKIXExtendedBuilderParameters(this); + } + } + + private final PKIXExtendedParameters baseParameters; + private final Set<X509Certificate> excludedCerts; + private final int maxPathLength; + + private PKIXExtendedBuilderParameters(Builder builder) + { + this.baseParameters = builder.baseParameters; + this.excludedCerts = Collections.unmodifiableSet(builder.excludedCerts); + this.maxPathLength = builder.maxPathLength; + } + + public PKIXExtendedParameters getBaseParameters() + { + return baseParameters; + } + + /** + * Excluded certificates are not used for building a certification path. + * <p> + * The returned set is immutable. + * + * @return Returns the excluded certificates. + */ + public Set getExcludedCerts() + { + return excludedCerts; + } + + /** + * Returns the value of the maximum number of intermediate non-self-issued + * certificates in the certification path. + * + * @return the maximum number of non-self-issued intermediate certificates + * in the certification path, or -1 if no limit exists. + */ + public int getMaxPathLength() + { + return maxPathLength; + } + + /** + * @return this object + */ + public Object clone() + { + return this; + } +} + |