1 package org.bouncycastle.jcajce; 2 3 import java.security.InvalidParameterException; 4 import java.security.cert.CertPathParameters; 5 import java.security.cert.PKIXBuilderParameters; 6 import java.security.cert.X509Certificate; 7 import java.util.Collections; 8 import java.util.HashSet; 9 import java.util.Set; 10 11 /** 12 * This class contains extended parameters for PKIX certification path builders. 13 * 14 * @see PKIXBuilderParameters 15 */ 16 public class PKIXExtendedBuilderParameters 17 implements CertPathParameters 18 { 19 /** 20 * Builder for a PKIXExtendedBuilderParameters object. 21 */ 22 public static class Builder 23 { 24 private final PKIXExtendedParameters baseParameters; 25 26 private int maxPathLength = 5; 27 private Set<X509Certificate> excludedCerts = new HashSet<X509Certificate>(); 28 29 public Builder(PKIXBuilderParameters baseParameters) 30 { 31 this.baseParameters = new PKIXExtendedParameters.Builder(baseParameters).build(); 32 this.maxPathLength = baseParameters.getMaxPathLength(); 33 } 34 35 public Builder(PKIXExtendedParameters baseParameters) 36 { 37 this.baseParameters = baseParameters; 38 } 39 40 /** 41 * Adds excluded certificates which are not used for building a 42 * certification path. 43 * <p> 44 * The given set is cloned to protect it against subsequent modifications. 45 * 46 * @param excludedCerts The excluded certificates to set. 47 */ 48 public Builder addExcludedCerts(Set<X509Certificate> excludedCerts) 49 { 50 this.excludedCerts.addAll(excludedCerts); 51 52 return this; 53 } 54 55 /** 56 * Sets the maximum number of intermediate non-self-issued certificates in a 57 * certification path. The PKIX <code>CertPathBuilder</code> must not 58 * build paths longer then this length. 59 * <p> 60 * A value of 0 implies that the path can only contain a single certificate. 61 * A value of -1 does not limit the length. The default length is 5. 62 * 63 * <p> 64 * 65 * The basic constraints extension of a CA certificate overrides this value 66 * if smaller. 67 * 68 * @param maxPathLength the maximum number of non-self-issued intermediate 69 * certificates in the certification path 70 * @throws InvalidParameterException if <code>maxPathLength</code> is set 71 * to a value less than -1 72 * 73 * @see #getMaxPathLength 74 */ 75 public Builder setMaxPathLength(int maxPathLength) 76 { 77 if (maxPathLength < -1) 78 { 79 throw new InvalidParameterException("The maximum path " 80 + "length parameter can not be less than -1."); 81 } 82 this.maxPathLength = maxPathLength; 83 84 return this; 85 } 86 87 public PKIXExtendedBuilderParameters build() 88 { 89 return new PKIXExtendedBuilderParameters(this); 90 } 91 } 92 93 private final PKIXExtendedParameters baseParameters; 94 private final Set<X509Certificate> excludedCerts; 95 private final int maxPathLength; 96 97 private PKIXExtendedBuilderParameters(Builder builder) 98 { 99 this.baseParameters = builder.baseParameters; 100 this.excludedCerts = Collections.unmodifiableSet(builder.excludedCerts); 101 this.maxPathLength = builder.maxPathLength; 102 } 103 104 public PKIXExtendedParameters getBaseParameters() 105 { 106 return baseParameters; 107 } 108 109 /** 110 * Excluded certificates are not used for building a certification path. 111 * <p> 112 * The returned set is immutable. 113 * 114 * @return Returns the excluded certificates. 115 */ 116 public Set getExcludedCerts() 117 { 118 return excludedCerts; 119 } 120 121 /** 122 * Returns the value of the maximum number of intermediate non-self-issued 123 * certificates in the certification path. 124 * 125 * @return the maximum number of non-self-issued intermediate certificates 126 * in the certification path, or -1 if no limit exists. 127 */ 128 public int getMaxPathLength() 129 { 130 return maxPathLength; 131 } 132 133 /** 134 * @return this object 135 */ 136 public Object clone() 137 { 138 return this; 139 } 140 } 141 142