1 /* PKIXParameters.java -- parameters for the PKIX cert path algorithm
2 Copyright (C) 2003 Free Software Foundation, Inc.
4 This file is part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2, or (at your option)
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; see the file COPYING. If not, write to the
18 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
39 package java.security.cert;
41 import java.security.InvalidAlgorithmParameterException;
42 import java.security.KeyStore;
43 import java.security.KeyStoreException;
45 import java.util.Collections;
46 import java.util.Date;
47 import java.util.Enumeration;
48 import java.util.HashSet;
49 import java.util.Iterator;
50 import java.util.LinkedList;
51 import java.util.List;
55 * Parameters for verifying certificate paths using the PKIX
56 * (Public-Key Infrastructure (X.509)) algorithm.
58 * @see CertPathBuilder
61 public class PKIXParameters implements CertPathParameters
65 // ------------------------------------------------------------------------
67 /** The trusted certificates. */
68 private final Set trustAnchors;
70 /** The set of initial policy identifiers. */
71 private final Set initPolicies;
73 /** The list of certificate stores. */
74 private final List certStores;
76 /** The list of path checkers. */
77 private final List pathCheckers;
79 /** The revocation enabled flag. */
80 private boolean revocationEnabled;
82 /** The explicit policy required flag. */
83 private boolean exPolicyRequired;
85 /** The policy mapping inhibited flag. */
86 private boolean policyMappingInhibited;
88 /** The any policy inhibited flag. */
89 private boolean anyPolicyInhibited;
91 /** The policy qualifiers rejected flag. */
92 private boolean policyQualRejected;
94 /** The target validation date. */
97 /** The signature algorithm provider. */
98 private String sigProvider;
100 /** The target constraints. */
101 private CertSelector targetConstraints;
104 // ------------------------------------------------------------------------
107 * Create a new PKIXParameters object, populating the trusted
108 * certificates set with all certificates found in the given key
109 * store. All certificates found in the key store are assumed to be
110 * trusted by this constructor.
112 * @param keystore The key store.
113 * @throws KeyStoreException If the certificates cannot be retrieved
114 * from the key store.
115 * @throws InvalidAlgorithmParameterException If there are no
116 * certificates in the key store.
117 * @throws NullPointerException If <i>keystore</i> is null.
119 public PKIXParameters(KeyStore keystore)
120 throws KeyStoreException, InvalidAlgorithmParameterException
123 for (Enumeration e = keystore.aliases(); e.hasMoreElements(); )
125 String alias = (String) e.nextElement();
126 if (!keystore.isCertificateEntry(alias))
128 Certificate cert = keystore.getCertificate(alias);
129 if (cert instanceof X509Certificate)
130 trustAnchors.add(new TrustAnchor((X509Certificate) cert, null));
132 if (trustAnchors.isEmpty())
133 throw new InvalidAlgorithmParameterException("no certs in the key store");
137 * Create a new PKIXParameters object, populating the trusted
138 * certificates set with the elements of the given set, each of which
139 * must be a {@link TrustAnchor}.
141 * @param trustAnchors The set of trust anchors.
142 * @throws InvalidAlgorithmParameterException If there are no
143 * certificates in the set.
144 * @throws NullPointerException If <i>trustAnchors</i> is null.
145 * @throws ClassCastException If every element in <i>trustAnchors</i>
146 * is not a {@link TrustAnchor}.
148 public PKIXParameters(Set<TrustAnchor> trustAnchors)
149 throws InvalidAlgorithmParameterException
152 setTrustAnchors(trustAnchors);
156 * Default constructor.
158 private PKIXParameters()
160 trustAnchors = new HashSet();
161 initPolicies = new HashSet();
162 certStores = new LinkedList();
163 pathCheckers = new LinkedList();
164 revocationEnabled = true;
165 exPolicyRequired = false;
166 policyMappingInhibited = false;
167 anyPolicyInhibited = false;
168 policyQualRejected = true;
172 * Copying constructor for cloning.
174 * @param that The instance being cloned.
176 private PKIXParameters(PKIXParameters that)
179 this.trustAnchors.addAll(that.trustAnchors);
180 this.initPolicies.addAll(that.initPolicies);
181 this.certStores.addAll(that.certStores);
182 this.pathCheckers.addAll(that.pathCheckers);
183 this.revocationEnabled = that.revocationEnabled;
184 this.exPolicyRequired = that.exPolicyRequired;
185 this.policyMappingInhibited = that.policyMappingInhibited;
186 this.anyPolicyInhibited = that.anyPolicyInhibited;
187 this.policyQualRejected = that.policyQualRejected;
188 this.date = that.date;
189 this.sigProvider = that.sigProvider;
190 this.targetConstraints = that.targetConstraints != null
191 ? (CertSelector) that.targetConstraints.clone() : null;
195 // ------------------------------------------------------------------------
198 * Returns an immutable set of trust anchors. The set returned will
199 * never be null and will never be empty.
201 * @return A (never null, never empty) immutable set of trust anchors.
203 public Set<TrustAnchor> getTrustAnchors()
205 return Collections.unmodifiableSet(trustAnchors);
209 * Sets the trust anchors of this class, replacing the current trust
210 * anchors with those in the given set. The supplied set is copied to
211 * prevent modification.
213 * @param trustAnchors The new set of trust anchors.
214 * @throws InvalidAlgorithmParameterException If there are no
215 * certificates in the set.
216 * @throws NullPointerException If <i>trustAnchors</i> is null.
217 * @throws ClassCastException If every element in <i>trustAnchors</i>
218 * is not a {@link TrustAnchor}.
220 public void setTrustAnchors(Set<TrustAnchor> trustAnchors)
221 throws InvalidAlgorithmParameterException
223 if (trustAnchors.isEmpty())
224 throw new InvalidAlgorithmParameterException("no trust anchors");
225 this.trustAnchors.clear();
226 for (Iterator i = trustAnchors.iterator(); i.hasNext(); )
228 this.trustAnchors.add((TrustAnchor) i.next());
233 * Returns the set of initial policy identifiers (as OID strings). If
234 * any policy is accepted, this method returns the empty set.
236 * @return An immutable set of initial policy OID strings, or the
237 * empty set if any policy is acceptable.
239 public Set<String> getInitialPolicies()
241 return Collections.unmodifiableSet(initPolicies);
245 * Sets the initial policy identifiers (as OID strings). If the
246 * argument is null or the empty set, then any policy identifier will
249 * @param initPolicies The new set of policy strings, or null.
250 * @throws ClassCastException If any element in <i>initPolicies</i> is
253 public void setInitialPolicies(Set<String> initPolicies)
255 this.initPolicies.clear();
256 if (initPolicies == null)
258 for (Iterator i = initPolicies.iterator(); i.hasNext(); )
260 this.initPolicies.add((String) i.next());
265 * Add a {@link CertStore} to the list of cert stores.
267 * @param store The CertStore to add.
269 public void addCertStore(CertStore store)
272 certStores.add(store);
276 * Returns an immutable list of cert stores. This method never returns
279 * @return The list of cert stores.
281 public List<CertStore> getCertStores()
283 return Collections.unmodifiableList(certStores);
287 * Set the cert stores. If the argument is null the list of cert
288 * stores will be empty.
290 * @param certStores The cert stores.
292 public void setCertStores(List<CertStore> certStores)
294 this.certStores.clear();
295 if (certStores == null)
297 for (Iterator i = certStores.iterator(); i.hasNext(); )
299 this.certStores.add((CertStore) i.next());
304 * Returns the value of the <i>revocation enabled</i> flag. The default
305 * value for this flag is <code>true</code>.
307 * @return The <i>revocation enabled</i> flag.
309 public boolean isRevocationEnabled()
311 return revocationEnabled;
315 * Sets the value of the <i>revocation enabled</i> flag.
317 * @param value The new value.
319 public void setRevocationEnabled(boolean value)
321 revocationEnabled = value;
325 * Returns the value of the <i>explicit policy required</i> flag. The
326 * default value of this flag is <code>false</code>.
328 * @return The <i>explicit policy required</i> flag.
330 public boolean isExplicitPolicyRequired()
332 return exPolicyRequired;
336 * Sets the value of the <i>explicit policy required</i> flag.
338 * @param value The new value.
340 public void setExplicitPolicyRequired(boolean value)
342 exPolicyRequired = value;
346 * Returns the value of the <i>policy mapping inhibited</i> flag. The
347 * default value of this flag is <code>false</code>.
349 * @return The <i>policy mapping inhibited</i> flag.
351 public boolean isPolicyMappingInhibited()
353 return policyMappingInhibited;
357 * Sets the value of the <i>policy mapping inhibited</i> flag.
359 * @param value The new value.
361 public void setPolicyMappingInhibited(boolean value)
363 policyMappingInhibited = value;
367 * Returns the value of the <i>any policy inhibited</i> flag. The
368 * default value of this flag is <code>false</code>.
370 * @return The <i>any policy inhibited</i> flag.
372 public boolean isAnyPolicyInhibited()
374 return anyPolicyInhibited;
378 * Sets the value of the <i>any policy inhibited</i> flag.
380 * @param value The new value.
382 public void setAnyPolicyInhibited(boolean value)
384 anyPolicyInhibited = value;
388 * Returns the value of the <i>policy qualifiers enabled</i> flag. The
389 * default value of this flag is <code>true</code>.
391 * @return The <i>policy qualifiers enabled</i> flag.
393 public boolean getPolicyQualifiersRejected()
395 return policyQualRejected;
399 * Sets the value of the <i>policy qualifiers enabled</i> flag.
401 * @param value The new value.
403 public void setPolicyQualifiersRejected(boolean value)
405 policyQualRejected = value;
409 * Returns the date for which the certificate path should be
410 * validated, or null if the current time should be used. The date
411 * object is copied to prevent subsequent modification.
413 * @return The date, or null if not set.
415 public Date getDate()
417 return date != null ? (Date) date.clone() : null;
421 * Sets the date for which the certificate path should be validated,
422 * or null if the current time should be used.
424 * @param date The new date, or null.
426 public void setDate(Date date)
429 this.date = (Date) date.clone();
435 * Add a certificate path checker.
437 * @param checker The certificate path checker to add.
439 public void addCertPathChecker(PKIXCertPathChecker checker)
442 pathCheckers.add(checker);
446 * Returns an immutable list of all certificate path checkers.
448 * @return An immutable list of all certificate path checkers.
450 public List<PKIXCertPathChecker> getCertPathCheckers()
452 return Collections.unmodifiableList(pathCheckers);
456 * Sets the certificate path checkers. If the argument is null, the
457 * list of checkers will merely be cleared.
459 * @param pathCheckers The new list of certificate path checkers.
460 * @throws ClassCastException If any element of <i>pathCheckers</i> is
461 * not a {@link PKIXCertPathChecker}.
463 public void setCertPathCheckers(List<PKIXCertPathChecker> pathCheckers)
465 this.pathCheckers.clear();
466 if (pathCheckers == null)
468 for (Iterator i = pathCheckers.iterator(); i.hasNext(); )
470 this.pathCheckers.add((PKIXCertPathChecker) i.next());
475 * Returns the signature algorithm provider, or null if not set.
477 * @return The signature algorithm provider, or null if not set.
479 public String getSigProvider()
485 * Sets the signature algorithm provider, or null if there is no
486 * preferred provider.
488 * @param sigProvider The signature provider name.
490 public void setSigProvider(String sigProvider)
492 this.sigProvider = sigProvider;
496 * Returns the constraints placed on the target certificate, or null
497 * if there are none. The target constraints are copied to prevent
498 * subsequent modification.
500 * @return The target constraints, or null.
502 public CertSelector getTargetCertConstraints()
504 return targetConstraints != null
505 ? (CertSelector) targetConstraints.clone() : null;
509 * Sets the constraints placed on the target certificate.
511 * @param targetConstraints The target constraints.
513 public void setTargetCertConstraints(CertSelector targetConstraints)
515 this.targetConstraints = targetConstraints != null
516 ? (CertSelector) targetConstraints.clone() : null;
520 * Returns a copy of these parameters.
524 public Object clone()
526 return new PKIXParameters(this);
530 * Returns a printable representation of these parameters.
532 * @return A printable representation of these parameters.
534 public String toString() {
535 return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs="
536 + (initPolicies != null ? initPolicies.toString() : "any")
537 + "; Validity Date=" + date + "; Signature Provider="
538 + sigProvider + "; Default Revocation Enabled=" + revocationEnabled
539 + "; Explicit Policy Required=" + exPolicyRequired
540 + "; Policy Mapping Inhibited=" + policyMappingInhibited
541 + "; Any Policy Inhibited=" + anyPolicyInhibited
542 + "; Policy Qualifiers Rejected=" + policyQualRejected
543 + "; Target Cert Contstraints=" + targetConstraints
544 + "; Certification Path Checkers=" + pathCheckers
545 + "; CertStores=" + certStores + " ]";