org.bouncycastle.x509

Class ExtendedPKIXBuilderParameters


public class ExtendedPKIXBuilderParameters
extends ExtendedPKIXParameters

This class contains extended parameters for PKIX certification path builders.
See Also:
java.security.cert.PKIXBuilderParameters, PKIXCertPathBuilderSpi

Field Summary

Fields inherited from class org.bouncycastle.x509.ExtendedPKIXParameters

CHAIN_VALIDITY_MODEL, PKIX_VALIDITY_MODEL

Constructor Summary

ExtendedPKIXBuilderParameters(Set trustAnchors, Selector targetConstraints)
Creates an instance of PKIXBuilderParameters with the specified Set of most-trusted CAs.

Method Summary

Object
clone()
Makes a copy of this PKIXParameters object.
Set
getExcludedCerts()
Excluded certificates are not used for building a certification path.
static ExtendedPKIXParameters
getInstance(PKIXParameters pkixParams)
Returns an instance of ExtendedPKIXParameters which can be safely casted to ExtendedPKIXBuilderParameters.
int
getMaxPathLength()
Returns the value of the maximum number of intermediate non-self-issued certificates in the certification path.
void
setExcludedCerts(Set excludedCerts)
Sets the excluded certificates which are not used for building a certification path.
void
setMaxPathLength(int maxPathLength)
Sets the maximum number of intermediate non-self-issued certificates in a certification path.
protected void
setParams(PKIXParameters params)
Can alse handle ExtendedPKIXBuilderParameters and PKIXBuilderParameters.

Methods inherited from class org.bouncycastle.x509.ExtendedPKIXParameters

addAddionalStore, addStore, clone, getAdditionalStores, getAttrCertCheckers, getInstance, getNecessaryACAttributes, getProhibitedACAttributes, getStores, getTargetConstraints, getTrustedACIssuers, getValidityModel, isAdditionalLocationsEnabled, isUseDeltasEnabled, setAdditionalLocationsEnabled, setAttrCertCheckers, setCertStores, setNecessaryACAttributes, setParams, setProhibitedACAttributes, setStores, setTargetCertConstraints, setTargetConstraints, setTrustedACIssuers, setUseDeltasEnabled, setValidityModel

Constructor Details

ExtendedPKIXBuilderParameters

public ExtendedPKIXBuilderParameters(Set trustAnchors,
                                     Selector targetConstraints)
            throws InvalidAlgorithmParameterException
Creates an instance of PKIXBuilderParameters with the specified Set of most-trusted CAs. Each element of the set is a TrustAnchor.

Note that the Set is copied to protect against subsequent modifications.

Parameters:
trustAnchors - a Set of TrustAnchors
targetConstraints - a Selector specifying the constraints on the target certificate or attribute certificate.

Method Details

clone

public Object clone()
Makes a copy of this PKIXParameters object. Changes to the copy will not affect the original and vice versa.
Overrides:
clone in interface ExtendedPKIXParameters
Returns:
a copy of this PKIXParameters object

getExcludedCerts

public Set getExcludedCerts()
Excluded certificates are not used for building a certification path.

The returned set is immutable.

Returns:
Returns the excluded certificates.

getInstance

public static ExtendedPKIXParameters getInstance(PKIXParameters pkixParams)
Returns an instance of ExtendedPKIXParameters which can be safely casted to ExtendedPKIXBuilderParameters.

This method can be used to get a copy from other PKIXBuilderParameters, PKIXParameters, and ExtendedPKIXParameters instances.

Overrides:
getInstance in interface ExtendedPKIXParameters
Parameters:
pkixParams - The PKIX parameters to create a copy of.
Returns:
An ExtendedPKIXBuilderParameters instance.

getMaxPathLength

public int getMaxPathLength()
Returns the value of the maximum number of intermediate non-self-issued certificates in the certification path.
Returns:
the maximum number of non-self-issued intermediate certificates in the certification path, or -1 if no limit exists.

setExcludedCerts

public void setExcludedCerts(Set excludedCerts)
Sets the excluded certificates which are not used for building a certification path. If the Set is null an empty set is assumed.

The given set is cloned to protect it against subsequent modifications.

Parameters:
excludedCerts - The excluded certificates to set.

setMaxPathLength

public void setMaxPathLength(int maxPathLength)
Sets the maximum number of intermediate non-self-issued certificates in a certification path. The PKIX CertPathBuilder must not build paths longer then this length.

A value of 0 implies that the path can only contain a single certificate. A value of -1 does not limit the length. The default length is 5.

The basic constraints extension of a CA certificate overrides this value if smaller.

Parameters:
maxPathLength - the maximum number of non-self-issued intermediate certificates in the certification path

setParams

protected void setParams(PKIXParameters params)
Can alse handle ExtendedPKIXBuilderParameters and PKIXBuilderParameters.
Overrides:
setParams in interface ExtendedPKIXParameters
Parameters:
params - Parameters to set.
See Also:
org.bouncycastle.x509.ExtendedPKIXParameters.setParams(java.security.cert.PKIXParameters)