KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > java > security > cert > PKIXParameters


1 /*
2  * @(#)PKIXParameters.java 1.17 03/12/19
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7
8 package java.security.cert;
9
10 import java.security.InvalidAlgorithmParameterException JavaDoc;
11 import java.security.KeyStore JavaDoc;
12 import java.security.KeyStoreException JavaDoc;
13 import java.util.ArrayList JavaDoc;
14 import java.util.Collections JavaDoc;
15 import java.util.Date JavaDoc;
16 import java.util.Enumeration JavaDoc;
17 import java.util.HashSet JavaDoc;
18 import java.util.Iterator JavaDoc;
19 import java.util.List JavaDoc;
20 import java.util.Set JavaDoc;
21
22 /**
23  * Parameters used as input for the PKIX <code>CertPathValidator</code>
24  * algorithm.
25  * <p>
26  * A PKIX <code>CertPathValidator</code> uses these parameters to
27  * validate a <code>CertPath</code> according to the PKIX certification path
28  * validation algorithm.
29  *
30  * <p>To instantiate a <code>PKIXParameters</code> object, an
31  * application must specify one or more <i>most-trusted CAs</i> as defined by
32  * the PKIX certification path validation algorithm. The most-trusted CAs
33  * can be specified using one of two constructors. An application
34  * can call {@link #PKIXParameters(Set) PKIXParameters(Set)},
35  * specifying a <code>Set</code> of <code>TrustAnchor</code> objects, each
36  * of which identify a most-trusted CA. Alternatively, an application can call
37  * {@link #PKIXParameters(KeyStore) PKIXParameters(KeyStore)}, specifying a
38  * <code>KeyStore</code> instance containing trusted certificate entries, each
39  * of which will be considered as a most-trusted CA.
40  * <p>
41  * Once a <code>PKIXParameters</code> object has been created, other parameters
42  * can be specified (by calling {@link #setInitialPolicies setInitialPolicies}
43  * or {@link #setDate setDate}, for instance) and then the
44  * <code>PKIXParameters</code> is passed along with the <code>CertPath</code>
45  * to be validated to {@link CertPathValidator#validate
46  * CertPathValidator.validate}.
47  * <p>
48  * Any parameter that is not set (or is set to <code>null</code>) will
49  * be set to the default value for that parameter. The default value for the
50  * <code>date</code> parameter is <code>null</code>, which indicates
51  * the current time when the path is validated. The default for the
52  * remaining parameters is the least constrained.
53  * <p>
54  * <b>Concurrent Access</b>
55  * <p>
56  * Unless otherwise specified, the methods defined in this class are not
57  * thread-safe. Multiple threads that need to access a single
58  * object concurrently should synchronize amongst themselves and
59  * provide the necessary locking. Multiple threads each manipulating
60  * separate objects need not synchronize.
61  *
62  * @see CertPathValidator
63  *
64  * @version 1.17 12/19/03
65  * @since 1.4
66  * @author Sean Mullan
67  * @author Yassir Elley
68  */
69 public class PKIXParameters implements CertPathParameters JavaDoc {
70
71     private Set JavaDoc<TrustAnchor JavaDoc> unmodTrustAnchors;
72     private Date JavaDoc date;
73     private List JavaDoc<PKIXCertPathChecker JavaDoc> certPathCheckers;
74     private String JavaDoc sigProvider;
75     private boolean revocationEnabled = true;
76     private Set JavaDoc<String JavaDoc> unmodInitialPolicies;
77     private boolean explicitPolicyRequired = false;
78     private boolean policyMappingInhibited = false;
79     private boolean anyPolicyInhibited = false;
80     private boolean policyQualifiersRejected = true;
81     private List JavaDoc<CertStore JavaDoc> certStores;
82     private CertSelector JavaDoc certSelector;
83     
84     /**
85      * Creates an instance of <code>PKIXParameters</code> with the specified
86      * <code>Set</code> of most-trusted CAs. Each element of the
87      * set is a {@link TrustAnchor TrustAnchor}.
88      * <p>
89      * Note that the <code>Set</code> is copied to protect against
90      * subsequent modifications.
91      *
92      * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s
93      * @throws InvalidAlgorithmParameterException if the specified
94      * <code>Set</code> is empty <code>(trustAnchors.isEmpty() == true)</code>
95      * @throws NullPointerException if the specified <code>Set</code> is
96      * <code>null</code>
97      * @throws ClassCastException if any of the elements in the <code>Set</code>
98      * are not of type <code>java.security.cert.TrustAnchor</code>
99      */
100     public PKIXParameters(Set JavaDoc<TrustAnchor JavaDoc> trustAnchors)
101         throws InvalidAlgorithmParameterException JavaDoc
102     {
103     setTrustAnchors(trustAnchors);
104     
105     this.unmodInitialPolicies = Collections.<String JavaDoc>emptySet();
106     this.certPathCheckers = new ArrayList JavaDoc<PKIXCertPathChecker JavaDoc>();
107     this.certStores = new ArrayList JavaDoc<CertStore JavaDoc>();
108     }
109
110     /**
111      * Creates an instance of <code>PKIXParameters</code> that
112      * populates the set of most-trusted CAs from the trusted
113      * certificate entries contained in the specified <code>KeyStore</code>.
114      * Only keystore entries that contain trusted <code>X509Certificates</code>
115      * are considered; all other certificate types are ignored.
116      *
117      * @param keystore a <code>KeyStore</code> from which the set of
118      * most-trusted CAs will be populated
119      * @throws KeyStoreException if the keystore has not been initialized
120      * @throws InvalidAlgorithmParameterException if the keystore does
121      * not contain at least one trusted certificate entry
122      * @throws NullPointerException if the keystore is <code>null</code>
123      */
124     public PKIXParameters(KeyStore JavaDoc keystore)
125         throws KeyStoreException JavaDoc, InvalidAlgorithmParameterException JavaDoc
126     {
127     if (keystore == null)
128         throw new NullPointerException JavaDoc("the keystore parameter must be " +
129         "non-null");
130         Set JavaDoc<TrustAnchor JavaDoc> hashSet = new HashSet JavaDoc<TrustAnchor JavaDoc>();
131         Enumeration JavaDoc aliases = keystore.aliases();
132         while (aliases.hasMoreElements()) {
133             String JavaDoc alias = (String JavaDoc) aliases.nextElement();
134             if (keystore.isCertificateEntry(alias)) {
135         Certificate JavaDoc cert = keystore.getCertificate(alias);
136         if (cert instanceof X509Certificate JavaDoc)
137                     hashSet.add(new TrustAnchor JavaDoc((X509Certificate JavaDoc)cert, null));
138         }
139         }
140     setTrustAnchors(hashSet);
141     this.unmodInitialPolicies = Collections.<String JavaDoc>emptySet();
142     this.certPathCheckers = new ArrayList JavaDoc<PKIXCertPathChecker JavaDoc>();
143     this.certStores = new ArrayList JavaDoc<CertStore JavaDoc>();
144     }
145
146     /**
147      * Returns an immutable <code>Set</code> of the most-trusted
148      * CAs.
149      *
150      * @return an immutable <code>Set</code> of <code>TrustAnchor</code>s
151      * (never <code>null</code>)
152      *
153      * @see #setTrustAnchors
154      */
155     public Set JavaDoc<TrustAnchor JavaDoc> getTrustAnchors() {
156     return this.unmodTrustAnchors;
157     }
158
159     /**
160      * Sets the <code>Set</code> of most-trusted CAs.
161      * <p>
162      * Note that the <code>Set</code> is copied to protect against
163      * subsequent modifications.
164      *
165      * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s
166      * @throws InvalidAlgorithmParameterException if the specified
167      * <code>Set</code> is empty <code>(trustAnchors.isEmpty() == true)</code>
168      * @throws NullPointerException if the specified <code>Set</code> is
169      * <code>null</code>
170      * @throws ClassCastException if any of the elements in the set
171      * are not of type <code>java.security.cert.TrustAnchor</code>
172      *
173      * @see #getTrustAnchors
174      */
175     public void setTrustAnchors(Set JavaDoc<TrustAnchor JavaDoc> trustAnchors)
176         throws InvalidAlgorithmParameterException JavaDoc
177     {
178     if (trustAnchors == null) {
179         throw new NullPointerException JavaDoc("the trustAnchors parameters must" +
180         " be non-null");
181     }
182     if (trustAnchors.isEmpty()) {
183         throw new InvalidAlgorithmParameterException JavaDoc("the trustAnchors " +
184         "parameter must be non-empty");
185     }
186         for (Iterator JavaDoc i = trustAnchors.iterator(); i.hasNext(); ) {
187             if (!(i.next() instanceof TrustAnchor JavaDoc)) {
188             throw new ClassCastException JavaDoc("all elements of set must be "
189                 + "of type java.security.cert.TrustAnchor");
190         }
191         }
192         this.unmodTrustAnchors = Collections.unmodifiableSet
193         (new HashSet JavaDoc<TrustAnchor JavaDoc>(trustAnchors));
194     }
195
196     /**
197      * Returns an immutable <code>Set</code> of initial
198      * policy identifiers (OID strings), indicating that any one of these
199      * policies would be acceptable to the certificate user for the purposes of
200      * certification path processing. The default return value is an empty
201      * <code>Set</code>, which is interpreted as meaning that any policy would
202      * be acceptable.
203      *
204      * @return an immutable <code>Set</code> of initial policy OIDs in
205      * <code>String</code> format, or an empty <code>Set</code> (implying any
206      * policy is acceptable). Never returns <code>null</code>.
207      *
208      * @see #setInitialPolicies
209      */
210     public Set JavaDoc<String JavaDoc> getInitialPolicies() {
211     return this.unmodInitialPolicies;
212     }
213
214     /**
215      * Sets the <code>Set</code> of initial policy identifiers
216      * (OID strings), indicating that any one of these
217      * policies would be acceptable to the certificate user for the purposes of
218      * certification path processing. By default, any policy is acceptable
219      * (i.e. all policies), so a user that wants to allow any policy as
220      * acceptable does not need to call this method, or can call it
221      * with an empty <code>Set</code> (or <code>null</code>).
222      * <p>
223      * Note that the <code>Set</code> is copied to protect against
224      * subsequent modifications.
225      *
226      * @param initialPolicies a <code>Set</code> of initial policy
227      * OIDs in <code>String</code> format (or <code>null</code>)
228      * @throws ClassCastException if any of the elements in the set are
229      * not of type <code>String</code>
230      *
231      * @see #getInitialPolicies
232      */
233     public void setInitialPolicies(Set JavaDoc<String JavaDoc> initialPolicies) {
234     if (initialPolicies != null) {
235         for (Iterator JavaDoc i = initialPolicies.iterator(); i.hasNext();) {
236             if (!(i.next() instanceof String JavaDoc))
237             throw new ClassCastException JavaDoc("all elements of set must be "
238                 + "of type java.lang.String");
239         }
240         this.unmodInitialPolicies =
241         Collections.unmodifiableSet(new HashSet JavaDoc<String JavaDoc>(initialPolicies));
242     } else
243         this.unmodInitialPolicies = Collections.<String JavaDoc>emptySet();
244     }
245     
246     /**
247      * Sets the list of <code>CertStore</code>s to be used in finding
248      * certificates and CRLs. May be <code>null</code>, in which case
249      * no <code>CertStore</code>s will be used. The first
250      * <code>CertStore</code>s in the list may be preferred to those that
251      * appear later.
252      * <p>
253      * Note that the <code>List</code> is copied to protect against
254      * subsequent modifications.
255      *
256      * @param stores a <code>List</code> of <code>CertStore</code>s (or
257      * <code>null</code>)
258      * @throws ClassCastException if any of the elements in the list are
259      * not of type <code>java.security.cert.CertStore</code>
260      *
261      * @see #getCertStores
262      */
263     public void setCertStores(List JavaDoc<CertStore JavaDoc> stores) {
264         if (stores == null) {
265         this.certStores = new ArrayList JavaDoc<CertStore JavaDoc>();
266         } else {
267         for (Iterator JavaDoc i = stores.iterator(); i.hasNext();) {
268             if (!(i.next() instanceof CertStore JavaDoc)) {
269             throw new ClassCastException JavaDoc("all elements of list must be "
270                 + "of type java.security.cert.CertStore");
271         }
272         }
273         this.certStores = new ArrayList JavaDoc<CertStore JavaDoc>(stores);
274     }
275     }
276
277     /**
278      * Adds a <code>CertStore</code> to the end of the list of
279      * <code>CertStore</code>s used in finding certificates and CRLs.
280      *
281      * @param store the <code>CertStore</code> to add. If <code>null</code>,
282      * the store is ignored (not added to list).
283      */
284     public void addCertStore(CertStore JavaDoc store) {
285     if (store != null) {
286             this.certStores.add(store);
287     }
288     }
289
290     /**
291      * Returns an immutable <code>List</code> of <code>CertStore</code>s that
292      * are used to find certificates and CRLs.
293      *
294      * @return an immutable <code>List</code> of <code>CertStore</code>s
295      * (may be empty, but never <code>null</code>)
296      *
297      * @see #setCertStores
298      */
299     public List JavaDoc<CertStore JavaDoc> getCertStores() {
300         return Collections.unmodifiableList
301         (new ArrayList JavaDoc<CertStore JavaDoc>(this.certStores));
302     }
303
304     /**
305      * Sets the RevocationEnabled flag. If this flag is true, the default
306      * revocation checking mechanism of the underlying PKIX service provider
307      * will be used. If this flag is false, the default revocation checking
308      * mechanism will be disabled (not used).
309      * <p>
310      * When a <code>PKIXParameters</code> object is created, this flag is set
311      * to true. This setting reflects the most common strategy for checking
312      * revocation, since each service provider must support revocation
313      * checking to be PKIX compliant. Sophisticated applications should set
314      * this flag to false when it is not practical to use a PKIX service
315      * provider's default revocation checking mechanism or when an alternative
316      * revocation checking mechanism is to be substituted (by also calling the
317      * {@link #addCertPathChecker addCertPathChecker} or {@link
318      * #setCertPathCheckers setCertPathCheckers} methods).
319      *
320      * @param val the new value of the RevocationEnabled flag
321      */
322     public void setRevocationEnabled(boolean val) {
323     revocationEnabled = val;
324     }
325
326     /**
327      * Checks the RevocationEnabled flag. If this flag is true, the default
328      * revocation checking mechanism of the underlying PKIX service provider
329      * will be used. If this flag is false, the default revocation checking
330      * mechanism will be disabled (not used). See the {@link
331      * #setRevocationEnabled setRevocationEnabled} method for more details on
332      * setting the value of this flag.
333      *
334      * @return the current value of the RevocationEnabled flag
335      */
336     public boolean isRevocationEnabled() {
337     return revocationEnabled;
338     }
339
340     /**
341      * Sets the ExplicitPolicyRequired flag. If this flag is true, an
342      * acceptable policy needs to be explicitly identified in every certificate.
343      * By default, the ExplicitPolicyRequired flag is false.
344      *
345      * @param val <code>true</code> if explicit policy is to be required,
346      * <code>false</code> otherwise
347      */
348     public void setExplicitPolicyRequired(boolean val) {
349     explicitPolicyRequired = val;
350     }
351
352     /**
353      * Checks if explicit policy is required. If this flag is true, an
354      * acceptable policy needs to be explicitly identified in every certificate.
355      * By default, the ExplicitPolicyRequired flag is false.
356      *
357      * @return <code>true</code> if explicit policy is required,
358      * <code>false</code> otherwise
359      */
360     public boolean isExplicitPolicyRequired() {
361     return explicitPolicyRequired;
362     }
363
364     /**
365      * Sets the PolicyMappingInhibited flag. If this flag is true, policy
366      * mapping is inhibited. By default, policy mapping is not inhibited (the
367      * flag is false).
368      *
369      * @param val <code>true</code> if policy mapping is to be inhibited,
370      * <code>false</code> otherwise
371      */
372     public void setPolicyMappingInhibited(boolean val) {
373     policyMappingInhibited = val;
374     }
375
376     /**
377      * Checks if policy mapping is inhibited. If this flag is true, policy
378      * mapping is inhibited. By default, policy mapping is not inhibited (the
379      * flag is false).
380      *
381      * @return true if policy mapping is inhibited, false otherwise
382      */
383     public boolean isPolicyMappingInhibited() {
384     return policyMappingInhibited;
385     }
386
387     /**
388      * Sets state to determine if the any policy OID should be processed
389      * if it is included in a certificate. By default, the any policy OID
390      * is not inhibited ({@link #isAnyPolicyInhibited isAnyPolicyInhibited()}
391      * returns <code>false</code>).
392      *
393      * @param val <code>true</code> if the any policy OID is to be
394      * inhibited, <code>false</code> otherwise
395      */
396     public void setAnyPolicyInhibited(boolean val) {
397     anyPolicyInhibited = val;
398     }
399
400     /**
401      * Checks whether the any policy OID should be processed if it
402      * is included in a certificate.
403      *
404      * @return <code>true</code> if the any policy OID is inhibited,
405      * <code>false</code> otherwise
406      */
407     public boolean isAnyPolicyInhibited() {
408     return anyPolicyInhibited;
409     }
410
411     /**
412      * Sets the PolicyQualifiersRejected flag. If this flag is true,
413      * certificates that include policy qualifiers in a certificate
414      * policies extension that is marked critical are rejected.
415      * If the flag is false, certificates are not rejected on this basis.
416      *
417      * <p> When a <code>PKIXParameters</code> object is created, this flag is
418      * set to true. This setting reflects the most common (and simplest)
419      * strategy for processing policy qualifiers. Applications that want to use
420      * a more sophisticated policy must set this flag to false.
421      * <p>
422      * Note that the PKIX certification path validation algorithm specifies
423      * that any policy qualifier in a certificate policies extension that is
424      * marked critical must be processed and validated. Otherwise the
425      * certification path must be rejected. If the policyQualifiersRejected flag
426      * is set to false, it is up to the application to validate all policy
427      * qualifiers in this manner in order to be PKIX compliant.
428      *
429      * @param qualifiersRejected the new value of the PolicyQualifiersRejected
430      * flag
431      * @see #getPolicyQualifiersRejected
432      * @see PolicyQualifierInfo
433      */
434     public void setPolicyQualifiersRejected(boolean qualifiersRejected) {
435     policyQualifiersRejected = qualifiersRejected;
436     }
437
438     /**
439      * Gets the PolicyQualifiersRejected flag. If this flag is true,
440      * certificates that include policy qualifiers in a certificate policies
441      * extension that is marked critical are rejected.
442      * If the flag is false, certificates are not rejected on this basis.
443      *
444      * <p> When a <code>PKIXParameters</code> object is created, this flag is
445      * set to true. This setting reflects the most common (and simplest)
446      * strategy for processing policy qualifiers. Applications that want to use
447      * a more sophisticated policy must set this flag to false.
448      *
449      * @return the current value of the PolicyQualifiersRejected flag
450      * @see #setPolicyQualifiersRejected
451      */
452     public boolean getPolicyQualifiersRejected() {
453     return policyQualifiersRejected;
454     }
455
456     /**
457      * Returns the time for which the validity of the certification path
458      * should be determined. If <code>null</code>, the current time is used.
459      * <p>
460      * Note that the <code>Date</code> returned is copied to protect against
461      * subsequent modifications.
462      *
463      * @return the <code>Date</code>, or <code>null</code> if not set
464      * @see #setDate
465      */
466     public Date JavaDoc getDate() {
467     if (date == null)
468         return null;
469     else
470         return (Date JavaDoc) this.date.clone();
471     }
472
473     /**
474      * Sets the time for which the validity of the certification path
475      * should be determined. If <code>null</code>, the current time is used.
476      * <p>
477      * Note that the <code>Date</code> supplied here is copied to protect
478      * against subsequent modifications.
479      *
480      * @param date the <code>Date</code>, or <code>null</code> for the
481      * current time
482      * @see #getDate
483      */
484     public void setDate(Date JavaDoc date) {
485     if (date != null)
486         this.date = (Date JavaDoc) date.clone();
487     else
488         date = null;
489     }
490
491     /**
492      * Sets a <code>List</code> of additional certification path checkers. If
493      * the specified <code>List</code> contains an object that is not a
494      * <code>PKIXCertPathChecker</code>, it is ignored.
495      * <p>
496      * Each <code>PKIXCertPathChecker</code> specified implements
497      * additional checks on a certificate. Typically, these are checks to
498      * process and verify private extensions contained in certificates.
499      * Each <code>PKIXCertPathChecker</code> should be instantiated with any
500      * initialization parameters needed to execute the check.
501      * <p>
502      * This method allows sophisticated applications to extend a PKIX
503      * <code>CertPathValidator</code> or <code>CertPathBuilder</code>.
504      * Each of the specified <code>PKIXCertPathChecker</code>s will be called,
505      * in turn, by a PKIX <code>CertPathValidator</code> or
506      * <code>CertPathBuilder</code> for each certificate processed or
507      * validated.
508      * <p>
509      * Regardless of whether these additional <code>PKIXCertPathChecker</code>s
510      * are set, a PKIX <code>CertPathValidator</code> or
511      * <code>CertPathBuilder</code> must perform all of the required PKIX
512      * checks on each certificate. The one exception to this rule is if the
513      * RevocationEnabled flag is set to false (see the {@link
514      * #setRevocationEnabled setRevocationEnabled} method).
515      * <p>
516      * Note that the <code>List</code> supplied here is copied and each
517      * <code>PKIXCertPathChecker</code> in the list is cloned to protect
518      * against subsequent modifications.
519      *
520      * @param checkers a <code>List</code> of <code>PKIXCertPathChecker</code>s.
521      * May be <code>null</code>, in which case no additional checkers will be
522      * used.
523      * @throws ClassCastException if any of the elements in the list
524      * are not of type <code>java.security.cert.PKIXCertPathChecker</code>
525      * @see #getCertPathCheckers
526      */
527     public void setCertPathCheckers(List JavaDoc<PKIXCertPathChecker JavaDoc> checkers) {
528     if (checkers != null) {
529         List JavaDoc<PKIXCertPathChecker JavaDoc> tmpList =
530                 new ArrayList JavaDoc<PKIXCertPathChecker JavaDoc>();
531         for (PKIXCertPathChecker JavaDoc checker : checkers) {
532         tmpList.add((PKIXCertPathChecker JavaDoc)checker.clone());
533         }
534         this.certPathCheckers = tmpList;
535     } else {
536         this.certPathCheckers = new ArrayList JavaDoc<PKIXCertPathChecker JavaDoc>();
537     }
538     }
539
540     /**
541      * Returns the <code>List</code> of certification path checkers.
542      * The returned <code>List</code> is immutable, and each
543      * <code>PKIXCertPathChecker</code> in the <code>List</code> is cloned
544      * to protect against subsequent modifications.
545      *
546      * @return an immutable <code>List</code> of
547      * <code>PKIXCertPathChecker</code>s (may be empty, but not
548      * <code>null</code>)
549      * @see #setCertPathCheckers
550      */
551     public List JavaDoc<PKIXCertPathChecker JavaDoc> getCertPathCheckers() {
552     List JavaDoc<PKIXCertPathChecker JavaDoc> tmpList = new ArrayList JavaDoc<PKIXCertPathChecker JavaDoc>();
553     for (PKIXCertPathChecker JavaDoc ck : certPathCheckers) {
554         tmpList.add((PKIXCertPathChecker JavaDoc)ck.clone());
555     }
556     return Collections.unmodifiableList(tmpList);
557     }
558
559     /**
560      * Adds a <code>PKIXCertPathChecker</code> to the list of certification
561      * path checkers. See the {@link #setCertPathCheckers setCertPathCheckers}
562      * method for more details.
563      * <p>
564      * Note that the <code>PKIXCertPathChecker</code> is cloned to protect
565      * against subsequent modifications.
566      *
567      * @param checker a <code>PKIXCertPathChecker</code> to add to the list of
568      * checks. If <code>null</code>, the checker is ignored (not added to list).
569      */
570     public void addCertPathChecker(PKIXCertPathChecker JavaDoc checker) {
571     if (checker != null) {
572         certPathCheckers.add((PKIXCertPathChecker JavaDoc)checker.clone());
573     }
574     }
575
576     /**
577      * Returns the signature provider's name, or <code>null</code>
578      * if not set.
579      *
580      * @return the signature provider's name (or <code>null</code>)
581      * @see #setSigProvider
582      */
583     public String JavaDoc getSigProvider() {
584     return this.sigProvider;
585     }
586
587     /**
588      * Sets the signature provider's name. The specified provider will be
589      * preferred when creating {@link java.security.Signature Signature}
590      * objects. If <code>null</code> or not set, the first provider found
591      * supporting the algorithm will be used.
592      *
593      * @param sigProvider the signature provider's name (or <code>null</code>)
594      * @see #getSigProvider
595     */
596     public void setSigProvider(String JavaDoc sigProvider) {
597     this.sigProvider = sigProvider;
598     }
599
600     /**
601      * Returns the required constraints on the target certificate.
602      * The constraints are returned as an instance of <code>CertSelector</code>.
603      * If <code>null</code>, no constraints are defined.
604      *
605      * <p>Note that the <code>CertSelector</code> returned is cloned
606      * to protect against subsequent modifications.
607      *
608      * @return a <code>CertSelector</code> specifying the constraints
609      * on the target certificate (or <code>null</code>)
610      * @see #setTargetCertConstraints
611      */
612     public CertSelector JavaDoc getTargetCertConstraints() {
613     if (certSelector != null) {
614         return (CertSelector JavaDoc) certSelector.clone();
615     } else {
616         return null;
617     }
618     }
619
620     /**
621      * Sets the required constraints on the target certificate.
622      * The constraints are specified as an instance of
623      * <code>CertSelector</code>. If <code>null</code>, no constraints are
624      * defined.
625      *
626      * <p>Note that the <code>CertSelector</code> specified is cloned
627      * to protect against subsequent modifications.
628      *
629      * @param selector a <code>CertSelector</code> specifying the constraints
630      * on the target certificate (or <code>null</code>)
631      * @see #getTargetCertConstraints
632      */
633     public void setTargetCertConstraints(CertSelector JavaDoc selector) {
634     if (selector != null)
635         certSelector = (CertSelector JavaDoc) selector.clone();
636     else
637         certSelector = null;
638     }
639
640     /**
641      * Makes a copy of this <code>PKIXParameters</code> object. Changes
642      * to the copy will not affect the original and vice versa.
643      *
644      * @return a copy of this <code>PKIXParameters</code> object
645      */
646     public Object JavaDoc clone() {
647         try {
648             Object JavaDoc copy = super.clone();
649         // Must clone these because addCertStore, et al. modify them
650 if (certStores != null) {
651         certStores = new ArrayList JavaDoc<CertStore JavaDoc>(certStores);
652         }
653         if (certPathCheckers != null) {
654             certPathCheckers =
655             new ArrayList JavaDoc<PKIXCertPathChecker JavaDoc>(certPathCheckers);
656         }
657         return copy;
658         } catch (CloneNotSupportedException JavaDoc e) {
659             /* Cannot happen */
660             throw new InternalError JavaDoc(e.toString());
661         }
662     }
663
664     /**
665      * Returns a formatted string describing the parameters.
666      *
667      * @return a formatted string describing the parameters.
668      */
669     public String JavaDoc toString() {
670     StringBuffer JavaDoc sb = new StringBuffer JavaDoc();
671     sb.append("[\n");
672
673     /* start with trusted anchor info */
674     if (unmodTrustAnchors != null) {
675         sb.append(" Trust Anchors: " + unmodTrustAnchors.toString()
676         + "\n");
677     }
678
679     /* now, append initial state information */
680         if (unmodInitialPolicies != null) {
681         if (unmodInitialPolicies.isEmpty()) {
682             sb.append(" Initial Policy OIDs: any\n");
683         } else {
684             sb.append(" Initial Policy OIDs: ["
685             + unmodInitialPolicies.toString() + "]\n");
686         }
687         }
688
689     /* now, append constraints on all certificates in the path */
690         sb.append(" Validity Date: " + String.valueOf(date) + "\n");
691         sb.append(" Signature Provider: " + String.valueOf(sigProvider) + "\n");
692     sb.append(" Default Revocation Enabled: " + revocationEnabled + "\n");
693     sb.append(" Explicit Policy Required: " + explicitPolicyRequired + "\n");
694     sb.append(" Policy Mapping Inhibited: " + policyMappingInhibited + "\n");
695     sb.append(" Any Policy Inhibited: " + anyPolicyInhibited + "\n");
696     sb.append(" Policy Qualifiers Rejected: " + policyQualifiersRejected + "\n");
697     
698     /* now, append target cert requirements */
699         sb.append(" Target Cert Constraints: " + String.valueOf(certSelector) + "\n");
700
701     /* finally, append miscellaneous parameters */
702     if (certPathCheckers != null)
703         sb.append(" Certification Path Checkers: ["
704         + certPathCheckers.toString() + "]\n");
705     if (certStores != null)
706         sb.append(" CertStores: [" + certStores.toString() + "]\n");
707     sb.append("]");
708     return sb.toString();
709     }
710 }
711
Popular Tags