package org.bouncycastle.jcajce;

import java.security.InvalidParameterException;
import java.security.cert.CertPathParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

This class contains extended parameters for PKIX certification path builders.
See Also:
  • PKIXBuilderParameters
/** * This class contains extended parameters for PKIX certification path builders. * * @see PKIXBuilderParameters */
public class PKIXExtendedBuilderParameters implements CertPathParameters {
Builder for a PKIXExtendedBuilderParameters object.
/** * Builder for a PKIXExtendedBuilderParameters object. */
public static class Builder { private final PKIXExtendedParameters baseParameters; private int maxPathLength = 5; private Set<X509Certificate> excludedCerts = new HashSet<X509Certificate>(); public Builder(PKIXBuilderParameters baseParameters) { this.baseParameters = new PKIXExtendedParameters.Builder(baseParameters).build(); this.maxPathLength = baseParameters.getMaxPathLength(); } public Builder(PKIXExtendedParameters baseParameters) { this.baseParameters = baseParameters; }
Adds excluded certificates which are not used for building a certification path.

The given set is cloned to protect it against subsequent modifications.

Params:
  • excludedCerts – The excluded certificates to set.
/** * Adds excluded certificates which are not used for building a * certification path. * <p> * The given set is cloned to protect it against subsequent modifications. * * @param excludedCerts The excluded certificates to set. */
public Builder addExcludedCerts(Set<X509Certificate> excludedCerts) { this.excludedCerts.addAll(excludedCerts); return this; }
Sets the maximum number of intermediate non-self-issued certificates in a certification path. The PKIX CertPathBuilder must not build paths longer then this length.

A value of 0 implies that the path can only contain a single certificate. A value of -1 does not limit the length. The default length is 5.

The basic constraints extension of a CA certificate overrides this value if smaller.

Params:
  • maxPathLength – the maximum number of non-self-issued intermediate certificates in the certification path
Throws:
See Also:
  • getMaxPathLength
/** * Sets the maximum number of intermediate non-self-issued certificates in a * certification path. The PKIX <code>CertPathBuilder</code> must not * build paths longer then this length. * <p> * A value of 0 implies that the path can only contain a single certificate. * A value of -1 does not limit the length. The default length is 5. * * <p> * * The basic constraints extension of a CA certificate overrides this value * if smaller. * * @param maxPathLength the maximum number of non-self-issued intermediate * certificates in the certification path * @throws InvalidParameterException if <code>maxPathLength</code> is set * to a value less than -1 * * @see #getMaxPathLength */
public Builder setMaxPathLength(int maxPathLength) { if (maxPathLength < -1) { throw new InvalidParameterException("The maximum path " + "length parameter can not be less than -1."); } this.maxPathLength = maxPathLength; return this; } public PKIXExtendedBuilderParameters build() { return new PKIXExtendedBuilderParameters(this); } } private final PKIXExtendedParameters baseParameters; private final Set<X509Certificate> excludedCerts; private final int maxPathLength; private PKIXExtendedBuilderParameters(Builder builder) { this.baseParameters = builder.baseParameters; this.excludedCerts = Collections.unmodifiableSet(builder.excludedCerts); this.maxPathLength = builder.maxPathLength; } public PKIXExtendedParameters getBaseParameters() { return baseParameters; }
Excluded certificates are not used for building a certification path.

The returned set is immutable.

Returns:Returns the excluded certificates.
/** * Excluded certificates are not used for building a certification path. * <p> * The returned set is immutable. * * @return Returns the excluded certificates. */
public Set getExcludedCerts() { return excludedCerts; }
Returns the value of the maximum number of intermediate non-self-issued certificates in the certification path.
Returns:the maximum number of non-self-issued intermediate certificates in the certification path, or -1 if no limit exists.
/** * Returns the value of the maximum number of intermediate non-self-issued * certificates in the certification path. * * @return the maximum number of non-self-issued intermediate certificates * in the certification path, or -1 if no limit exists. */
public int getMaxPathLength() { return maxPathLength; }
Returns:this object
/** * @return this object */
public Object clone() { return this; } }