package org.bouncycastle.jcajce; import java.security.cert.CertPathParameters; import java.security.cert.CertSelector; import java.security.cert.CertStore; import java.security.cert.PKIXParameters; import java.security.cert.TrustAnchor; import java.util.ArrayList; import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Set; import org.bouncycastle.asn1.x509.GeneralName; /** * This class extends the PKIXParameters with a validity model parameter. */ public class PKIXExtendedParameters implements CertPathParameters { /** * This is the default PKIX validity model. Actually there are two variants * of this: The PKIX model and the modified PKIX model. The PKIX model * verifies that all involved certificates must have been valid at the * current time. The modified PKIX model verifies that all involved * certificates were valid at the signing time. Both are indirectly choosen * with the {@link java.security.cert.PKIXParameters#setDate(java.util.Date)} method, so this * methods sets the Date when all certificates must have been * valid. */ public static final int PKIX_VALIDITY_MODEL = 0; /** * This model uses the following validity model. Each certificate must have * been valid at the moment where is was used. That means the end * certificate must have been valid at the time the signature was done. The * CA certificate which signed the end certificate must have been valid, * when the end certificate was signed. The CA (or Root CA) certificate must * have been valid, when the CA certificate was signed and so on. So the * {@link java.security.cert.PKIXParameters#setDate(java.util.Date)} method sets the time, when * the end certificate must have been valid. *
* It is used e.g. * in the German signature law. *
*/ public static final int CHAIN_VALIDITY_MODEL = 1; public static class Builder { private final PKIXParameters baseParameters; private final Date date; private PKIXCertStoreSelector targetConstraints; private Listtrue
if delta CRLs should be used.
*/
public Builder setUseDeltasEnabled(boolean useDeltas)
{
this.useDeltas = useDeltas;
return this;
}
/**
* @param validityModel The validity model to set.
* @see #CHAIN_VALIDITY_MODEL
* @see #PKIX_VALIDITY_MODEL
*/
public Builder setValidityModel(int validityModel)
{
this.validityModel = validityModel;
return this;
}
/**
* Set the trustAnchor to be used with these parameters.
*
* @param trustAnchor the trust anchor end-entity and CRLs must be based on.
* @return the current builder.
*/
public Builder setTrustAnchor(TrustAnchor trustAnchor)
{
this.trustAnchors = Collections.singleton(trustAnchor);
return this;
}
/**
* Set the set of trustAnchors to be used with these parameters.
*
* @param trustAnchors a set of trustAnchors, one of which a particular end-entity and it's associated CRLs must be based on.
* @return the current builder.
*/
public Builder setTrustAnchors(Setfalse
.
*
* @return Returns if delta CRLs should be used.
*/
public boolean isUseDeltasEnabled()
{
return useDeltas;
}
/**
* @return Returns the validity model.
* @see #CHAIN_VALIDITY_MODEL
* @see #PKIX_VALIDITY_MODEL
*/
public int getValidityModel()
{
return validityModel;
}
public Object clone()
{
return this;
}
/**
* Returns the required constraints on the target certificate.
* The constraints are returned as an instance of
* Selector
. If null
, no constraints are
* defined.
*
* @return a Selector
specifying the constraints on the
* target certificate or attribute certificate (or null
)
* @see PKIXCertStoreSelector
*/
public PKIXCertStoreSelector getTargetConstraints()
{
return targetConstraints;
}
public Set getTrustAnchors()
{
return trustAnchors;
}
public Set getInitialPolicies()
{
return baseParameters.getInitialPolicies();
}
public String getSigProvider()
{
return baseParameters.getSigProvider();
}
public boolean isExplicitPolicyRequired()
{
return baseParameters.isExplicitPolicyRequired();
}
public boolean isAnyPolicyInhibited()
{
return baseParameters.isAnyPolicyInhibited();
}
public boolean isPolicyMappingInhibited()
{
return baseParameters.isPolicyMappingInhibited();
}
public List getCertPathCheckers()
{
return baseParameters.getCertPathCheckers();
}
public List