Java Code Examples for java.security.cert.PKIXCertPathChecker#init()

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param certPathCheckers the list of user-defined PKIXCertPathCheckers
 */
public void initState(List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    subjectNamesTraversed = new HashSet<GeneralNameInterface>();
    traversedCACerts = 0;

    /*
     * Populate forwardCheckers with every user-defined checker
     * that supports forward checking and initialize the forwardCheckers
     */
    forwardCheckers = new ArrayList<PKIXCertPathChecker>();
    for (PKIXCertPathChecker checker : certPathCheckers) {
        if (checker.isForwardCheckingSupported()) {
            checker.init(true);
            forwardCheckers.add(checker);
        }
    }

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param buildParams builder parameters
 */
public void initState(BuilderParams buildParams)
    throws CertPathValidatorException
{
    /*
     * Initialize number of remainingCACerts.
     * Note that -1 maxPathLen implies unlimited.
     * 0 implies only an EE cert is acceptable.
     */
    int maxPathLen = buildParams.maxPathLength();
    remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE
                                          : maxPathLen;

    /* Initialize explicit policy state variable */
    if (buildParams.explicitPolicyRequired()) {
        explicitPolicy = 0;
    } else {
        // unconstrained if maxPathLen is -1,
        // otherwise, we want to initialize this to the value of the
        // longest possible path + 1 (i.e. maxpathlen + finalcert + 1)
        explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize policy mapping state variable */
    if (buildParams.policyMappingInhibited()) {
        policyMapping = 0;
    } else {
        policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize inhibit any policy state variable */
    if (buildParams.anyPolicyInhibited()) {
        inhibitAnyPolicy = 0;
    } else {
        inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize certIndex */
    certIndex = 1;

    /* Initialize policy tree */
    Set<String> initExpPolSet = new HashSet<>(1);
    initExpPolSet.add(PolicyChecker.ANY_POLICY);

    rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null,
                                  false, initExpPolSet, false);

    /*
     * Initialize each user-defined checker
     * Shallow copy the checkers
     */
    userCheckers = new ArrayList<>(buildParams.certPathCheckers());
    /* initialize each checker (just in case) */
    for (PKIXCertPathChecker checker : userCheckers) {
        checker.init(false);
    }

    /* Start by trusting the cert to sign CRLs */
    crlSign = true;

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param buildParams builder parameters
 */
public void initState(BuilderParams buildParams)
    throws CertPathValidatorException
{
    /*
     * Initialize number of remainingCACerts.
     * Note that -1 maxPathLen implies unlimited.
     * 0 implies only an EE cert is acceptable.
     */
    int maxPathLen = buildParams.maxPathLength();
    remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE
                                          : maxPathLen;

    /* Initialize explicit policy state variable */
    if (buildParams.explicitPolicyRequired()) {
        explicitPolicy = 0;
    } else {
        // unconstrained if maxPathLen is -1,
        // otherwise, we want to initialize this to the value of the
        // longest possible path + 1 (i.e. maxpathlen + finalcert + 1)
        explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize policy mapping state variable */
    if (buildParams.policyMappingInhibited()) {
        policyMapping = 0;
    } else {
        policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize inhibit any policy state variable */
    if (buildParams.anyPolicyInhibited()) {
        inhibitAnyPolicy = 0;
    } else {
        inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize certIndex */
    certIndex = 1;

    /* Initialize policy tree */
    Set<String> initExpPolSet = new HashSet<>(1);
    initExpPolSet.add(PolicyChecker.ANY_POLICY);

    rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null,
                                  false, initExpPolSet, false);

    /*
     * Initialize each user-defined checker
     * Shallow copy the checkers
     */
    userCheckers = new ArrayList<>(buildParams.certPathCheckers());
    /* initialize each checker (just in case) */
    for (PKIXCertPathChecker checker : userCheckers) {
        checker.init(false);
    }

    /* Start by trusting the cert to sign CRLs */
    crlSign = true;

    init = true;
}
 

/**
 * Validates a certification path consisting exclusively of
 * <code>X509Certificate</code>s using the specified
 * <code>PKIXCertPathChecker</code>s. It is assumed that the
 * <code>PKIXCertPathChecker</code>s
 * have been initialized with any input parameters they may need.
 *
 * @param cpOriginal the original X509 CertPath passed in by the user
 * @param reversedCertList the reversed X509 CertPath (as a List)
 * @param certPathCheckers the PKIXCertPathCheckers
 * @throws CertPathValidatorException if cert path does not validate
 */
static void validate(CertPath cpOriginal,
                     List<X509Certificate> reversedCertList,
                     List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    // we actually process reversedCertList, but we keep cpOriginal because
    // we need to return the original certPath when we throw an exception.
    // we will also need to modify the index appropriately when we
    // throw an exception.

    int cpSize = reversedCertList.size();

    if (debug != null) {
        debug.println("--------------------------------------------------"
              + "------------");
        debug.println("Executing PKIX certification path validation "
              + "algorithm.");
    }

    for (int i = 0; i < cpSize; i++) {

        /* The basic loop algorithm is that we get the
         * current certificate, we verify the current certificate using
         * information from the previous certificate and from the state,
         * and we modify the state for the next loop by setting the
         * current certificate of this loop to be the previous certificate
         * of the next loop. The state is initialized during first loop.
         */
        if (debug != null)
            debug.println("Checking cert" + (i+1) + " ...");

        X509Certificate currCert = reversedCertList.get(i);
        Set<String> unresCritExts = currCert.getCriticalExtensionOIDs();
        if (unresCritExts == null) {
            unresCritExts = Collections.<String>emptySet();
        }

        if (debug != null && !unresCritExts.isEmpty()) {
            debug.println("Set of critical extensions:");
            for (String oid : unresCritExts) {
                debug.println(oid);
            }
        }

        for (int j = 0; j < certPathCheckers.size(); j++) {

            PKIXCertPathChecker currChecker = certPathCheckers.get(j);
            if (debug != null) {
                debug.println("-Using checker" + (j + 1) + " ... [" +
                    currChecker.getClass().getName() + "]");
            }

            if (i == 0)
                currChecker.init(false);

            try {
                currChecker.check(currCert, unresCritExts);

                if (debug != null) {
                    debug.println("-checker" + (j + 1) +
                        " validation succeeded");
                }

            } catch (CertPathValidatorException cpve) {
                throw new CertPathValidatorException(cpve.getMessage(),
                    cpve.getCause(), cpOriginal, cpSize - (i + 1),
                    cpve.getReason());
            }
        }

        if (!unresCritExts.isEmpty()) {
            throw new CertPathValidatorException("unrecognized " +
                "critical extension(s)", null, cpOriginal, cpSize-(i+1),
                PKIXReason.UNRECOGNIZED_CRIT_EXT);
        }

        if (debug != null)
            debug.println("\ncert" + (i+1) + " validation succeeded.\n");
    }

    if (debug != null) {
        debug.println("Cert path validation succeeded. (PKIX validation "
                      + "algorithm)");
        debug.println("-------------------------------------------------"
                      + "-------------");
    }
}
 

/**
 * Initialize the state.
 *
 * @param buildParams builder parameters
 */
public void initState(BuilderParams buildParams)
    throws CertPathValidatorException
{
    /*
     * Initialize number of remainingCACerts.
     * Note that -1 maxPathLen implies unlimited.
     * 0 implies only an EE cert is acceptable.
     */
    int maxPathLen = buildParams.maxPathLength();
    remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE
                                          : maxPathLen;

    /* Initialize explicit policy state variable */
    if (buildParams.explicitPolicyRequired()) {
        explicitPolicy = 0;
    } else {
        // unconstrained if maxPathLen is -1,
        // otherwise, we want to initialize this to the value of the
        // longest possible path + 1 (i.e. maxpathlen + finalcert + 1)
        explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize policy mapping state variable */
    if (buildParams.policyMappingInhibited()) {
        policyMapping = 0;
    } else {
        policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize inhibit any policy state variable */
    if (buildParams.anyPolicyInhibited()) {
        inhibitAnyPolicy = 0;
    } else {
        inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize certIndex */
    certIndex = 1;

    /* Initialize policy tree */
    Set<String> initExpPolSet = new HashSet<>(1);
    initExpPolSet.add(PolicyChecker.ANY_POLICY);

    rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null,
                                  false, initExpPolSet, false);

    /*
     * Initialize each user-defined checker
     * Shallow copy the checkers
     */
    userCheckers = new ArrayList<>(buildParams.certPathCheckers());
    /* initialize each checker (just in case) */
    for (PKIXCertPathChecker checker : userCheckers) {
        checker.init(false);
    }

    /* Start by trusting the cert to sign CRLs */
    crlSign = true;

    init = true;
}
 

/**
 * Validates a certification path consisting exclusively of
 * <code>X509Certificate</code>s using the specified
 * <code>PKIXCertPathChecker</code>s. It is assumed that the
 * <code>PKIXCertPathChecker</code>s
 * have been initialized with any input parameters they may need.
 *
 * @param cpOriginal the original X509 CertPath passed in by the user
 * @param reversedCertList the reversed X509 CertPath (as a List)
 * @param certPathCheckers the PKIXCertPathCheckers
 * @throws CertPathValidatorException if cert path does not validate
 */
static void validate(CertPath cpOriginal,
                     List<X509Certificate> reversedCertList,
                     List<PKIXCertPathChecker> certPathCheckers)
    throws CertPathValidatorException
{
    // we actually process reversedCertList, but we keep cpOriginal because
    // we need to return the original certPath when we throw an exception.
    // we will also need to modify the index appropriately when we
    // throw an exception.

    int cpSize = reversedCertList.size();

    if (debug != null) {
        debug.println("--------------------------------------------------"
              + "------------");
        debug.println("Executing PKIX certification path validation "
              + "algorithm.");
    }

    for (int i = 0; i < cpSize; i++) {

        /* The basic loop algorithm is that we get the
         * current certificate, we verify the current certificate using
         * information from the previous certificate and from the state,
         * and we modify the state for the next loop by setting the
         * current certificate of this loop to be the previous certificate
         * of the next loop. The state is initialized during first loop.
         */
        if (debug != null)
            debug.println("Checking cert" + (i+1) + " ...");

        X509Certificate currCert = reversedCertList.get(i);
        Set<String> unresCritExts = currCert.getCriticalExtensionOIDs();
        if (unresCritExts == null) {
            unresCritExts = Collections.<String>emptySet();
        }

        if (debug != null && !unresCritExts.isEmpty()) {
            debug.println("Set of critical extensions:");
            for (String oid : unresCritExts) {
                debug.println(oid);
            }
        }

        for (int j = 0; j < certPathCheckers.size(); j++) {

            PKIXCertPathChecker currChecker = certPathCheckers.get(j);
            if (debug != null) {
                debug.println("-Using checker" + (j + 1) + " ... [" +
                    currChecker.getClass().getName() + "]");
            }

            if (i == 0)
                currChecker.init(false);

            try {
                currChecker.check(currCert, unresCritExts);

                if (debug != null) {
                    debug.println("-checker" + (j + 1) +
                        " validation succeeded");
                }

            } catch (CertPathValidatorException cpve) {
                throw new CertPathValidatorException(cpve.getMessage(),
                    cpve.getCause(), cpOriginal, cpSize - (i + 1),
                    cpve.getReason());
            }
        }

        if (!unresCritExts.isEmpty()) {
            throw new CertPathValidatorException("unrecognized " +
                "critical extension(s)", null, cpOriginal, cpSize-(i+1),
                PKIXReason.UNRECOGNIZED_CRIT_EXT);
        }

        if (debug != null)
            debug.println("\ncert" + (i+1) + " validation succeeded.\n");
    }

    if (debug != null) {
        debug.println("Cert path validation succeeded. (PKIX validation "
                      + "algorithm)");
        debug.println("-------------------------------------------------"
                      + "-------------");
    }
}
 

/**
 * Initialize the state.
 *
 * @param buildParams builder parameters
 */
public void initState(BuilderParams buildParams)
    throws CertPathValidatorException
{
    /*
     * Initialize number of remainingCACerts.
     * Note that -1 maxPathLen implies unlimited.
     * 0 implies only an EE cert is acceptable.
     */
    int maxPathLen = buildParams.maxPathLength();
    remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE
                                          : maxPathLen;

    /* Initialize explicit policy state variable */
    if (buildParams.explicitPolicyRequired()) {
        explicitPolicy = 0;
    } else {
        // unconstrained if maxPathLen is -1,
        // otherwise, we want to initialize this to the value of the
        // longest possible path + 1 (i.e. maxpathlen + finalcert + 1)
        explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize policy mapping state variable */
    if (buildParams.policyMappingInhibited()) {
        policyMapping = 0;
    } else {
        policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize inhibit any policy state variable */
    if (buildParams.anyPolicyInhibited()) {
        inhibitAnyPolicy = 0;
    } else {
        inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize certIndex */
    certIndex = 1;

    /* Initialize policy tree */
    Set<String> initExpPolSet = new HashSet<>(1);
    initExpPolSet.add(PolicyChecker.ANY_POLICY);

    rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null,
                                  false, initExpPolSet, false);

    /*
     * Initialize each user-defined checker
     * Shallow copy the checkers
     */
    userCheckers = new ArrayList<>(buildParams.certPathCheckers());
    /* initialize each checker (just in case) */
    for (PKIXCertPathChecker checker : userCheckers) {
        checker.init(false);
    }

    /* Start by trusting the cert to sign CRLs */
    crlSign = true;

    init = true;
}
 

/**
 * Initialize the state.
 *
 * @param buildParams builder parameters
 */
public void initState(BuilderParams buildParams)
    throws CertPathValidatorException
{
    /*
     * Initialize number of remainingCACerts.
     * Note that -1 maxPathLen implies unlimited.
     * 0 implies only an EE cert is acceptable.
     */
    int maxPathLen = buildParams.maxPathLength();
    remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE
                                          : maxPathLen;

    /* Initialize explicit policy state variable */
    if (buildParams.explicitPolicyRequired()) {
        explicitPolicy = 0;
    } else {
        // unconstrained if maxPathLen is -1,
        // otherwise, we want to initialize this to the value of the
        // longest possible path + 1 (i.e. maxpathlen + finalcert + 1)
        explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize policy mapping state variable */
    if (buildParams.policyMappingInhibited()) {
        policyMapping = 0;
    } else {
        policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize inhibit any policy state variable */
    if (buildParams.anyPolicyInhibited()) {
        inhibitAnyPolicy = 0;
    } else {
        inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
    }

    /* Initialize certIndex */
    certIndex = 1;

    /* Initialize policy tree */
    Set<String> initExpPolSet = new HashSet<>(1);
    initExpPolSet.add(PolicyChecker.ANY_POLICY);

    rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null,
                                  false, initExpPolSet, false);

    /*
     * Initialize each user-defined checker
     * Shallow copy the checkers
     */
    userCheckers = new ArrayList<>(buildParams.certPathCheckers());
    /* initialize each checker (just in case) */
    for (PKIXCertPathChecker checker : userCheckers) {
        checker.init(false);
    }

    /* Start by trusting the cert to sign CRLs */
    crlSign = true;

    init = true;
}
 

public final void testInit()
    throws CertPathValidatorException {
    PKIXCertPathChecker pc = TestUtils.getTestCertPathChecker();
    pc.init(true);
}