sun.security.provider.certpath.PKIX.BuilderParams Java Examples

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    comparator = new PKIXCertComparator(trustedSubjectDNs);
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ForwardBuilder(BuilderParams buildParams, boolean searchAllCertStores) {
    super(buildParams);

    // populate sets of trusted certificates and subject DNs
    trustAnchors = buildParams.trustAnchors();
    trustedCerts = new HashSet<X509Certificate>(trustAnchors.size());
    trustedSubjectDNs = new HashSet<X500Principal>(trustAnchors.size());
    for (TrustAnchor anchor : trustAnchors) {
        X509Certificate trustedCert = anchor.getTrustedCert();
        if (trustedCert != null) {
            trustedCerts.add(trustedCert);
            trustedSubjectDNs.add(trustedCert.getSubjectX500Principal());
        } else {
            trustedSubjectDNs.add(anchor.getCA());
        }
    }
    this.searchAllCertStores = searchAllCertStores;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ReverseBuilder(BuilderParams buildParams) {
    super(buildParams);

    Set<String> initialPolicies = buildParams.initialPolicies();
    initPolicies = new HashSet<String>();
    if (initialPolicies.isEmpty()) {
        // if no initialPolicies are specified by user, set
        // initPolicies to be anyPolicy by default
        initPolicies.add(PolicyChecker.ANY_POLICY);
    } else {
        initPolicies.addAll(initialPolicies);
    }
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ReverseBuilder(BuilderParams buildParams) {
    super(buildParams);

    Set<String> initialPolicies = buildParams.initialPolicies();
    initPolicies = new HashSet<String>();
    if (initialPolicies.isEmpty()) {
        // if no initialPolicies are specified by user, set
        // initPolicies to be anyPolicy by default
        initPolicies.add(PolicyChecker.ANY_POLICY);
    } else {
        initPolicies.addAll(initialPolicies);
    }
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ReverseBuilder(BuilderParams buildParams) {
    super(buildParams);

    Set<String> initialPolicies = buildParams.initialPolicies();
    initPolicies = new HashSet<String>();
    if (initialPolicies.isEmpty()) {
        // if no initialPolicies are specified by user, set
        // initPolicies to be anyPolicy by default
        initPolicies.add(PolicyChecker.ANY_POLICY);
    } else {
        initPolicies.addAll(initialPolicies);
    }
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ReverseBuilder(BuilderParams buildParams) {
    super(buildParams);

    Set<String> initialPolicies = buildParams.initialPolicies();
    initPolicies = new HashSet<String>();
    if (initialPolicies.isEmpty()) {
        // if no initialPolicies are specified by user, set
        // initPolicies to be anyPolicy by default
        initPolicies.add(PolicyChecker.ANY_POLICY);
    } else {
        initPolicies.addAll(initialPolicies);
    }
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ReverseBuilder(BuilderParams buildParams) {
    super(buildParams);

    Set<String> initialPolicies = buildParams.initialPolicies();
    initPolicies = new HashSet<String>();
    if (initialPolicies.isEmpty()) {
        // if no initialPolicies are specified by user, set
        // initPolicies to be anyPolicy by default
        initPolicies.add(PolicyChecker.ANY_POLICY);
    } else {
        initPolicies.addAll(initialPolicies);
    }
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
ReverseBuilder(BuilderParams buildParams) {
    super(buildParams);

    Set<String> initialPolicies = buildParams.initialPolicies();
    initPolicies = new HashSet<String>();
    if (initialPolicies.isEmpty()) {
        // if no initialPolicies are specified by user, set
        // initPolicies to be anyPolicy by default
        initPolicies.add(PolicyChecker.ANY_POLICY);
    } else {
        initPolicies.addAll(initialPolicies);
    }
}
 

/**
 * Initialize the state.
 *
 * @param buildParams builder parameters
 */
public void initState(BuilderParams buildParams)
    throws CertPathValidatorException
{
    /*
     * Initialize number of remainingCACerts.
     * Note that -1 maxPathLen implies unlimited.
     * 0 implies only an EE cert is acceptable.
     */
    int maxPathLen = buildParams.maxPathLength();
    remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE
                                          : maxPathLen;

    /* Initialize explicit policy state variable */
    if (buildParams.explicitPolicyRequired()) {
        explicitPolicy = 0;
    } else {
        // unconstrained if maxPathLen is -1,
        // otherwise, we want to initialize this to the value of the
        // longest possible path + 1 (i.e. maxpathlen + finalcert + 1)
        explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize policy mapping state variable */
    if (buildParams.policyMappingInhibited()) {
        policyMapping = 0;
    } else {
        policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize inhibit any policy state variable */
    if (buildParams.anyPolicyInhibited()) {
        inhibitAnyPolicy = 0;
    } else {
        inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize certIndex */
    certIndex = 1;

    /* Initialize policy tree */
    Set<String> initExpPolSet = new HashSet<>(1);
    initExpPolSet.add(PolicyChecker.ANY_POLICY);

    rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null,
                                  false, initExpPolSet, false);

    /*
     * Initialize each user-defined checker
     * Shallow copy the checkers
     */
    userCheckers = new ArrayList<>(buildParams.certPathCheckers());
    /* initialize each checker (just in case) */
    for (PKIXCertPathChecker checker : userCheckers) {
        checker.init(false);
    }

    /* Start by trusting the cert to sign CRLs */
    crlSign = true;

    init = true;
}
 

/**
 * Update the state with the specified trust anchor.
 *
 * @param anchor the most-trusted CA
 * @param buildParams builder parameters
 */
public void updateState(TrustAnchor anchor, BuilderParams buildParams)
    throws CertificateException, IOException, CertPathValidatorException
{
    trustAnchor = anchor;
    X509Certificate trustedCert = anchor.getTrustedCert();
    if (trustedCert != null) {
        updateState(trustedCert);
    } else {
        X500Principal caName = anchor.getCA();
        updateState(anchor.getCAPublicKey(), caName);
    }

    // The user specified AlgorithmChecker and RevocationChecker may not be
    // able to set the trust anchor until now.
    boolean revCheckerAdded = false;
    for (PKIXCertPathChecker checker : userCheckers) {
        if (checker instanceof AlgorithmChecker) {
            ((AlgorithmChecker)checker).trySetTrustAnchor(anchor);
        } else if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, buildParams);
            }
            ((PKIXRevocationChecker)checker).init(false);
            revCheckerAdded = true;
        }
    }

    // only create a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (buildParams.revocationEnabled() && !revCheckerAdded) {
        revChecker = new RevocationChecker(anchor, buildParams);
        revChecker.init(false);
    }

    init = false;
}
 

/**
 * Update the state with the specified trust anchor.
 *
 * @param anchor the most-trusted CA
 * @param buildParams builder parameters
 */
public void updateState(TrustAnchor anchor, BuilderParams buildParams)
    throws CertificateException, IOException, CertPathValidatorException
{
    trustAnchor = anchor;
    X509Certificate trustedCert = anchor.getTrustedCert();
    if (trustedCert != null) {
        updateState(trustedCert);
    } else {
        X500Principal caName = anchor.getCA();
        updateState(anchor.getCAPublicKey(), caName);
    }

    // The user specified AlgorithmChecker and RevocationChecker may not be
    // able to set the trust anchor until now.
    boolean revCheckerAdded = false;
    for (PKIXCertPathChecker checker : userCheckers) {
        if (checker instanceof AlgorithmChecker) {
            ((AlgorithmChecker)checker).trySetTrustAnchor(anchor);
        } else if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, buildParams);
            }
            ((PKIXRevocationChecker)checker).init(false);
            revCheckerAdded = true;
        }
    }

    // only create a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (buildParams.revocationEnabled() && !revCheckerAdded) {
        revChecker = new RevocationChecker(anchor, buildParams);
        revChecker.init(false);
    }

    init = false;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
Builder(BuilderParams buildParams) {
    this.buildParams = buildParams;
    this.targetCertConstraints =
        (X509CertSelector)buildParams.targetCertConstraints();
}
 

/**
 * Initialize the state.
 *
 * @param buildParams builder parameters
 */
public void initState(BuilderParams buildParams)
    throws CertPathValidatorException
{
    /*
     * Initialize number of remainingCACerts.
     * Note that -1 maxPathLen implies unlimited.
     * 0 implies only an EE cert is acceptable.
     */
    int maxPathLen = buildParams.maxPathLength();
    remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE
                                          : maxPathLen;

    /* Initialize explicit policy state variable */
    if (buildParams.explicitPolicyRequired()) {
        explicitPolicy = 0;
    } else {
        // unconstrained if maxPathLen is -1,
        // otherwise, we want to initialize this to the value of the
        // longest possible path + 1 (i.e. maxpathlen + finalcert + 1)
        explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize policy mapping state variable */
    if (buildParams.policyMappingInhibited()) {
        policyMapping = 0;
    } else {
        policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize inhibit any policy state variable */
    if (buildParams.anyPolicyInhibited()) {
        inhibitAnyPolicy = 0;
    } else {
        inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize certIndex */
    certIndex = 1;

    /* Initialize policy tree */
    Set<String> initExpPolSet = new HashSet<>(1);
    initExpPolSet.add(PolicyChecker.ANY_POLICY);

    rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null,
                                  false, initExpPolSet, false);

    /*
     * Initialize each user-defined checker
     * Shallow copy the checkers
     */
    userCheckers = new ArrayList<>(buildParams.certPathCheckers());
    /* initialize each checker (just in case) */
    for (PKIXCertPathChecker checker : userCheckers) {
        checker.init(false);
    }

    /* Start by trusting the cert to sign CRLs */
    crlSign = true;

    init = true;
}
 

/**
 * Update the state with the specified trust anchor.
 *
 * @param anchor the most-trusted CA
 * @param buildParams builder parameters
 */
public void updateState(TrustAnchor anchor, BuilderParams buildParams)
    throws CertificateException, IOException, CertPathValidatorException
{
    trustAnchor = anchor;
    X509Certificate trustedCert = anchor.getTrustedCert();
    if (trustedCert != null) {
        updateState(trustedCert);
    } else {
        X500Principal caName = anchor.getCA();
        updateState(anchor.getCAPublicKey(), caName);
    }

    // The user specified AlgorithmChecker and RevocationChecker may not be
    // able to set the trust anchor until now.
    boolean revCheckerAdded = false;
    for (PKIXCertPathChecker checker : userCheckers) {
        if (checker instanceof AlgorithmChecker) {
            ((AlgorithmChecker)checker).trySetTrustAnchor(anchor);
        } else if (checker instanceof PKIXRevocationChecker) {
            if (revCheckerAdded) {
                throw new CertPathValidatorException(
                    "Only one PKIXRevocationChecker can be specified");
            }
            // if it's our own, initialize it
            if (checker instanceof RevocationChecker) {
                ((RevocationChecker)checker).init(anchor, buildParams);
            }
            ((PKIXRevocationChecker)checker).init(false);
            revCheckerAdded = true;
        }
    }

    // only create a RevocationChecker if revocation is enabled and
    // a PKIXRevocationChecker has not already been added
    if (buildParams.revocationEnabled() && !revCheckerAdded) {
        revChecker = new RevocationChecker(anchor, buildParams);
        revChecker.init(false);
    }

    init = false;
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
Builder(BuilderParams buildParams) {
    this.buildParams = buildParams;
    this.targetCertConstraints =
        (X509CertSelector)buildParams.targetCertConstraints();
}
 

/**
 * Initialize the builder with the input parameters.
 *
 * @param params the parameter set used to build a certification path
 */
Builder(BuilderParams buildParams) {
    this.buildParams = buildParams;
    this.targetCertConstraints =
        (X509CertSelector)buildParams.targetCertConstraints();
}
 

/**
 * Initialize the state.
 *
 * @param buildParams builder parameters
 */
public void initState(BuilderParams buildParams)
    throws CertPathValidatorException
{
    /*
     * Initialize number of remainingCACerts.
     * Note that -1 maxPathLen implies unlimited.
     * 0 implies only an EE cert is acceptable.
     */
    int maxPathLen = buildParams.maxPathLength();
    remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE
                                          : maxPathLen;

    /* Initialize explicit policy state variable */
    if (buildParams.explicitPolicyRequired()) {
        explicitPolicy = 0;
    } else {
        // unconstrained if maxPathLen is -1,
        // otherwise, we want to initialize this to the value of the
        // longest possible path + 1 (i.e. maxpathlen + finalcert + 1)
        explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize policy mapping state variable */
    if (buildParams.policyMappingInhibited()) {
        policyMapping = 0;
    } else {
        policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize inhibit any policy state variable */
    if (buildParams.anyPolicyInhibited()) {
        inhibitAnyPolicy = 0;
    } else {
        inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize certIndex */
    certIndex = 1;

    /* Initialize policy tree */
    Set<String> initExpPolSet = new HashSet<>(1);
    initExpPolSet.add(PolicyChecker.ANY_POLICY);

    rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null,
                                  false, initExpPolSet, false);

    /*
     * Initialize each user-defined checker
     * Shallow copy the checkers
     */
    userCheckers = new ArrayList<>(buildParams.certPathCheckers());
    /* initialize each checker (just in case) */
    for (PKIXCertPathChecker checker : userCheckers) {
        checker.init(false);
    }

    /* Start by trusting the cert to sign CRLs */
    crlSign = true;

    init = true;
}