blob: 3369d0d2475d34c720f1209da8bfee0dc21c0662 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
package org.bouncycastle.jcajce;
import java.security.InvalidParameterException;
import java.security.cert.CertPathParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
/**
* This class contains extended parameters for PKIX certification path builders.
*
* @see java.security.cert.PKIXBuilderParameters
*/
public class PKIXExtendedBuilderParameters
implements CertPathParameters
{
public static class Builder
{
private final PKIXExtendedParameters baseParameters;
private int maxPathLength = 5;
private Set<X509Certificate> excludedCerts = new HashSet<X509Certificate>();
public Builder(PKIXBuilderParameters baseParameters)
{
this.baseParameters = new PKIXExtendedParameters.Builder(baseParameters).build();
this.maxPathLength = baseParameters.getMaxPathLength();
}
public Builder(PKIXExtendedParameters baseParameters)
{
this.baseParameters = baseParameters;
}
/**
* Adds excluded certificates which are not used for building a
* certification path.
* <p>
* The given set is cloned to protect it against subsequent modifications.
*
* @param excludedCerts The excluded certificates to set.
*/
public Builder addExcludedCerts(Set<X509Certificate> excludedCerts)
{
this.excludedCerts.addAll(excludedCerts);
return this;
}
/**
* Sets the maximum number of intermediate non-self-issued certificates in a
* certification path. The PKIX <code>CertPathBuilder</code> must not
* build paths longer then this length.
* <p>
* A value of 0 implies that the path can only contain a single certificate.
* A value of -1 does not limit the length. The default length is 5.
*
* <p>
*
* The basic constraints extension of a CA certificate overrides this value
* if smaller.
*
* @param maxPathLength the maximum number of non-self-issued intermediate
* certificates in the certification path
* @throws java.security.InvalidParameterException if <code>maxPathLength</code> is set
* to a value less than -1
*
* @see #getMaxPathLength
*/
public Builder setMaxPathLength(int maxPathLength)
{
if (maxPathLength < -1)
{
throw new InvalidParameterException("The maximum path "
+ "length parameter can not be less than -1.");
}
this.maxPathLength = maxPathLength;
return this;
}
public PKIXExtendedBuilderParameters build()
{
return new PKIXExtendedBuilderParameters(this);
}
}
private final PKIXExtendedParameters baseParameters;
private final Set<X509Certificate> excludedCerts;
private final int maxPathLength;
private PKIXExtendedBuilderParameters(Builder builder)
{
this.baseParameters = builder.baseParameters;
this.excludedCerts = Collections.unmodifiableSet(builder.excludedCerts);
this.maxPathLength = builder.maxPathLength;
}
public PKIXExtendedParameters getBaseParameters()
{
return baseParameters;
}
/**
* Excluded certificates are not used for building a certification path.
* <p>
* The returned set is immutable.
*
* @return Returns the excluded certificates.
*/
public Set getExcludedCerts()
{
return excludedCerts;
}
/**
* Returns the value of the maximum number of intermediate non-self-issued
* certificates in the certification path.
*
* @return the maximum number of non-self-issued intermediate certificates
* in the certification path, or -1 if no limit exists.
*/
public int getMaxPathLength()
{
return maxPathLength;
}
/**
* @return this object
*/
public Object clone()
{
return this;
}
}
|
