1 files changed, 138 insertions, 0 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java
new file mode 100644
index 0000000..3369d0d
--- /dev/null
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/PKIXExtendedBuilderParameters.java
@@ -0,0 +1,138 @@
+package org.bouncycastle.jcajce;
+
+import java.security.InvalidParameterException;
+import java.security.cert.CertPathParameters;
+import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * This class contains extended parameters for PKIX certification path builders.
+ * 
+ * @see java.security.cert.PKIXBuilderParameters
+ */
+public class PKIXExtendedBuilderParameters
+    implements CertPathParameters
+{
+    public static class Builder
+    {
+        private final PKIXExtendedParameters baseParameters;
+
+        private int maxPathLength = 5;
+        private Set<X509Certificate> excludedCerts = new HashSet<X509Certificate>();
+
+        public Builder(PKIXBuilderParameters baseParameters)
+        {
+            this.baseParameters = new PKIXExtendedParameters.Builder(baseParameters).build();
+            this.maxPathLength = baseParameters.getMaxPathLength();
+        }
+
+        public Builder(PKIXExtendedParameters baseParameters)
+        {
+            this.baseParameters = baseParameters;
+        }
+
+        /**
+         * Adds excluded certificates which are not used for building a
+         * certification path.
+         * <p>
+         * The given set is cloned to protect it against subsequent modifications.
+         *
+         * @param excludedCerts The excluded certificates to set.
+         */
+        public Builder addExcludedCerts(Set<X509Certificate> excludedCerts)
+        {
+            this.excludedCerts.addAll(excludedCerts);
+
+            return this;
+        }
+
+        /**
+         * Sets the maximum number of intermediate non-self-issued certificates in a
+         * certification path. The PKIX <code>CertPathBuilder</code> must not
+         * build paths longer then this length.
+         * <p>
+         * A value of 0 implies that the path can only contain a single certificate.
+         * A value of -1 does not limit the length. The default length is 5.
+         *
+         * <p>
+         *
+         * The basic constraints extension of a CA certificate overrides this value
+         * if smaller.
+         *
+         * @param maxPathLength the maximum number of non-self-issued intermediate
+         *            certificates in the certification path
+         * @throws java.security.InvalidParameterException if <code>maxPathLength</code> is set
+         *             to a value less than -1
+         *
+         * @see #getMaxPathLength
+         */
+        public Builder setMaxPathLength(int maxPathLength)
+        {
+            if (maxPathLength < -1)
+            {
+                throw new InvalidParameterException("The maximum path "
+                        + "length parameter can not be less than -1.");
+            }
+            this.maxPathLength = maxPathLength;
+
+            return this;
+        }
+
+        public PKIXExtendedBuilderParameters build()
+        {
+            return new PKIXExtendedBuilderParameters(this);
+        }
+    }
+
+    private final PKIXExtendedParameters baseParameters;
+    private final Set<X509Certificate> excludedCerts;
+    private final int maxPathLength;
+
+    private PKIXExtendedBuilderParameters(Builder builder)
+    {
+        this.baseParameters = builder.baseParameters;
+        this.excludedCerts = Collections.unmodifiableSet(builder.excludedCerts);
+        this.maxPathLength = builder.maxPathLength;
+    }
+
+    public PKIXExtendedParameters getBaseParameters()
+    {
+        return baseParameters;
+    }
+
+    /**
+     * Excluded certificates are not used for building a certification path.
+     * <p>
+     * The returned set is immutable.
+     * 
+     * @return Returns the excluded certificates.
+     */
+    public Set getExcludedCerts()
+    {
+        return excludedCerts;
+    }
+
+    /**
+     * Returns the value of the maximum number of intermediate non-self-issued
+     * certificates in the certification path.
+     * 
+     * @return the maximum number of non-self-issued intermediate certificates
+     *         in the certification path, or -1 if no limit exists.
+     */
+    public int getMaxPathLength()
+    {
+        return maxPathLength;
+    }
+
+    /**
+     * @return this object
+     */
+    public Object clone()
+    {
+        return this;
+    }
+}
+