using System;
using System.Collections.Generic;
using Org.BouncyCastle.Utilities.Collections;
using Org.BouncyCastle.X509;
namespace Org.BouncyCastle.Pkix
{
///
(trustAnchors.isEmpty() == true)
* @exception NullPointerException
* if the specified Set is null
* @exception ClassCastException
* if any of the elements in the Set are not of type
* java.security.cert.TrustAnchor
*/
public PkixParameters(ISetPKIXParameters
that
// * populates the set of most-trusted CAs from the trusted
// * certificate entries contained in the specified KeyStore
.
// * Only keystore entries that contain trusted X509Certificates
// * are considered; all other certificate types are ignored.
// *
// * @param keystore a KeyStore
from which the set of
// * most-trusted CAs will be populated
// * @throws KeyStoreException if the keystore has not been initialized
// * @throws InvalidAlgorithmParameterException if the keystore does
// * not contain at least one trusted certificate entry
// * @throws NullPointerException if the keystore is null
// */
// public PkixParameters(
// Pkcs12Store keystore)
//// throws KeyStoreException, InvalidAlgorithmParameterException
// {
// if (keystore == null)
// throw new ArgumentNullException("keystore");
// ISet trustAnchors = new HashSet();
// foreach (string alias in keystore.Aliases)
// {
// if (keystore.IsCertificateEntry(alias))
// {
// X509CertificateEntry x509Entry = keystore.GetCertificate(alias);
// trustAnchors.Add(new TrustAnchor(x509Entry.Certificate, null));
// }
// }
// SetTrustAnchors(trustAnchors);
//
// this.initialPolicies = new HashSet();
// this.certPathCheckers = new ArrayList();
// this.stores = new ArrayList();
// this.additionalStores = new ArrayList();
// this.trustedACIssuers = new HashSet();
// this.necessaryACAttributes = new HashSet();
// this.prohibitedACAttributes = new HashSet();
// this.attrCertCheckers = new HashSet();
// }
public virtual bool IsRevocationEnabled
{
get { return revocationEnabled; }
set { revocationEnabled = value; }
}
public virtual bool IsExplicitPolicyRequired
{
get { return explicitPolicyRequired; }
set { this.explicitPolicyRequired = value; }
}
public virtual bool IsAnyPolicyInhibited
{
get { return anyPolicyInhibited; }
set { this.anyPolicyInhibited = value; }
}
public virtual bool IsPolicyMappingInhibited
{
get { return policyMappingInhibited; }
set { this.policyMappingInhibited = value; }
}
public virtual bool IsPolicyQualifiersRejected
{
get { return policyQualifiersRejected; }
set { this.policyQualifiersRejected = value; }
}
//public bool IsCheckOnlyEECertificateCrl
//{
// get { return this.checkOnlyEECertificateCrl; }
// set { this.checkOnlyEECertificateCrl = value; }
//}
public virtual DateTime? Date
{
get { return this.date; }
set { this.date = value; }
}
// Returns a Set of the most-trusted CAs.
public virtual ISetIX509Selector
. If null
, no constraints are
* defined.
*
* * The target certificate in a PKIX path may be a certificate or an * attribute certificate. *
* Note that the IX509Selector
returned is cloned to protect
* against subsequent modifications.
*
IX509Selector
specifying the constraints on the
* target certificate or attribute certificate (or null
)
* @see #setTargetConstraints
* @see X509CertStoreSelector
* @see X509AttributeCertStoreSelector
*/
public virtual ISelectorIX509Selector
. If null
, no constraints are
* defined.
* * The target certificate in a PKIX path may be a certificate or an * attribute certificate. *
* Note that the IX509Selector
specified is cloned to protect
* against subsequent modifications.
*
IX509Selector
specifying the constraints on
* the target certificate or attribute certificate (or
* null
)
* @see #getTargetConstraints
* @see X509CertStoreSelector
* @see X509AttributeCertStoreSelector
*/
public virtual void SetTargetConstraintsAttrCert(
ISelectornull
, no constraints are defined.null
)
*
* @see #setTargetCertConstraints(CertSelector)
*/
public virtual ISelectornull
)
*
* @see #getTargetCertConstraints()
*/
public virtual void SetTargetConstraintsCert(ISelectorSet
, which is
* interpreted as meaning that any policy would be acceptable.
*
* @return an immutable Set
of initial policy OIDs in String
* format, or an empty Set
(implying any policy is
* acceptable). Never returns null
.
*
* @see #setInitialPolicies(java.util.Set)
*/
public virtual ISetSet
of initial policy identifiers (OID strings),
* indicating that any one of these policies would be acceptable to the
* certificate user for the purposes of certification path processing. By
* default, any policy is acceptable (i.e. all policies), so a user that
* wants to allow any policy as acceptable does not need to call this
* method, or can call it with an empty Set
(or
* null
).null
)
*
* @exception ClassCastException
* if any of the elements in the set are not of type String
*
* @see #getInitialPolicies()
*/
public virtual void SetInitialPolicies(ISetList
of additional certification path checkers. If
* the specified List contains an object that is not a PKIXCertPathChecker,
* it is ignored.PKIXCertPathChecker
specified implements additional
* checks on a certificate. Typically, these are checks to process and
* verify private extensions contained in certificates. Each
* PKIXCertPathChecker
should be instantiated with any
* initialization parameters needed to execute the check.CertPathValidator
or CertPathBuilder
. Each
* of the specified PKIXCertPathCheckers will be called, in turn, by a PKIX
* CertPathValidator
or CertPathBuilder
for
* each certificate processed or validated.CertPathValidator
or CertPathBuilder
* must perform all of the required PKIX checks on each certificate. The one
* exception to this rule is if the RevocationEnabled flag is set to false
* (see the {@link #setRevocationEnabled(boolean) setRevocationEnabled}
* method).java.security.cert.PKIXCertPathChecker
* @see #getCertPathCheckers()
*/
public virtual void SetCertPathCheckers(IListnull
)
*
* @see #setCertPathCheckers(java.util.List)
*/
public virtual IListPKIXCertPathChecker
to the list of certification
* path checkers. See the {@link #setCertPathCheckers setCertPathCheckers}
* method for more details.
*
* Note that the PKIXCertPathChecker
is cloned to protect
* against subsequent modifications.
PKIXCertPathChecker
to add to the list of
* checks. If null
, the checker is ignored (not added to list).
*/
public virtual void AddCertPathChecker(PkixCertPathChecker checker)
{
if (checker != null)
{
m_checkers.Add((PkixCertPathChecker)checker.Clone());
}
}
public virtual object Clone()
{
// FIXME Check this whole method against the Java implementation!
PkixParameters parameters = new PkixParameters(GetTrustAnchors());
parameters.SetParams(this);
return parameters;
// PkixParameters obj = new PkixParameters(new HashSet());
//// (PkixParameters) this.MemberwiseClone();
// obj.x509Stores = new ArrayList(x509Stores);
// obj.certPathCheckers = new ArrayList(certPathCheckers);
//
// //Iterator iter = certPathCheckers.iterator();
// //obj.certPathCheckers = new ArrayList();
// //while (iter.hasNext())
// //{
// // obj.certPathCheckers.add(((PKIXCertPathChecker)iter.next())
// // .clone());
// //}
// //if (initialPolicies != null)
// //{
// // obj.initialPolicies = new HashSet(initialPolicies);
// //}
//// if (trustAnchors != null)
//// {
//// obj.trustAnchors = new HashSet(trustAnchors);
//// }
//// if (certSelector != null)
//// {
//// obj.certSelector = (X509CertStoreSelector) certSelector.Clone();
//// }
// return obj;
}
/**
* Method to support Clone()
under J2ME.
* super.Clone()
does not exist and fields are not copied.
*
* @param params Parameters to set. If this are
* ExtendedPkixParameters
they are copied to.
*/
protected virtual void SetParams(PkixParameters parameters)
{
Date = parameters.Date;
SetCertPathCheckers(parameters.GetCertPathCheckers());
IsAnyPolicyInhibited = parameters.IsAnyPolicyInhibited;
IsExplicitPolicyRequired = parameters.IsExplicitPolicyRequired;
IsPolicyMappingInhibited = parameters.IsPolicyMappingInhibited;
IsRevocationEnabled = parameters.IsRevocationEnabled;
SetInitialPolicies(parameters.GetInitialPolicies());
IsPolicyQualifiersRejected = parameters.IsPolicyQualifiersRejected;
SetTrustAnchors(parameters.GetTrustAnchors());
m_storesAttrCert = new Listfalse
.
*/
public virtual bool IsUseDeltasEnabled
{
get { return useDeltas; }
set { useDeltas = value; }
}
/**
* The validity model.
* @see #CHAIN_VALIDITY_MODEL
* @see #PKIX_VALIDITY_MODEL
*/
public virtual int ValidityModel
{
get { return validityModel; }
set { validityModel = value; }
}
public virtual IListtrue
if additional stores are used.
*/
public virtual bool IsAdditionalLocationsEnabled
{
get { return additionalLocationsEnabled; }
}
/**
* Sets if additional {@link X509Store}s for locations like LDAP found in
* certificates or CRLs should be used.
*
* @param enabled true
if additional stores are used.
*/
public virtual void SetAdditionalLocationsEnabled(bool enabled)
{
additionalLocationsEnabled = enabled;
}
/**
* Returns the trusted attribute certificate issuers. If attribute
* certificates is verified the trusted AC issuers must be set.
*
* The returned ISet
consists of TrustAnchor
s.
*
* The returned ISet
is immutable. Never null
*
* The trustedACIssuers
must be a ISet
of
* TrustAnchor
*
* The given set is cloned. *
* * @param trustedACIssuers The trusted AC issuers to set. Is never *null
.
* @throws ClassCastException if an element of stores
is not
* a TrustAnchor
.
*/
public virtual void SetTrustedACIssuers(ISet
* The returned ISet
is immutable and contains
* String
s with the OIDs.
*
* The ISet
must contain String
s with the
* OIDs.
*
* The set is cloned. *
* * @param necessaryACAttributes The necessary AC attributes to set. * @throws ClassCastException if an element of *necessaryACAttributes
is not a
* String
.
*/
public virtual void SetNecessaryACAttributes(ISet
* The returned ISet
is immutable and contains
* String
s with the OIDs.
*
null
.
*/
public virtual ISet
* The ISet
must contain String
s with the
* OIDs.
*
* The set is cloned. *
* * @param prohibitedACAttributes The prohibited AC attributes to set. * @throws ClassCastException if an element of *prohibitedACAttributes
is not a
* String
.
*/
public virtual void SetProhibitedACAttributes(ISetnull
.
*/
public virtual ISet
* All elements in the ISet
must a {@link PKIXAttrCertChecker}.
*
* The given set is cloned. *
* * @param attrCertCheckers The attribute certificate checkers to set. Is * nevernull
.
* @throws ClassCastException if an element of attrCertCheckers
* is not a PKIXAttrCertChecker
.
*/
public virtual void SetAttrCertCheckers(ISet