0N/A * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. 1472N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 0N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 0N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 1472N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 1472N/A * or visit www.oracle.com if you need additional information or have any * A specification of a reverse PKIX validation state * which is initialized by each build and updated each time a * certificate is added to the current path. /* The subject DN of the last cert in the path */ /* The subject public key of the last cert */ /* The subject key identifier extension (if any) of the last cert */ /* The PKIX explicit policy, policy mapping, and inhibit_any-policy /* The number of remaining CA certs which may follow in the path. * -1: previous cert was an EE cert * 0: only EE certs may follow. * >0 and <Integer.MAX_VALUE:no more than this number of CA certs may follow * Integer.MAX_VALUE: unlimited /* The list of user-defined checkers retrieved from the PKIXParameters /* Flag indicating if state is initial (path is just starting) */ private boolean init =
true;
/* the checker used for revocation status */ /* the algorithm checker */ /* the untrusted certificates checker */ /* the trust anchor used to validate the path */ /* Flag indicating if current cert can vouch for the CRL for * Returns a boolean flag indicating if the state is initial * @return boolean flag indicating if the state is initial (just starting) * Display state for debugging purposes debug.
println(
"ReverseState.toString() unexpected exception");
* @param maxPathLen The maximum number of CA certs in a path, where -1 * means unlimited and 0 means only a single EE cert is allowed. * @param explicitPolicyRequired True, if explicit policy is required. * @param policyMappingInhibited True, if policy mapping is inhibited. * @param anyPolicyInhibited True, if any policy is inhibited. * @param certPathCheckers the list of user-defined PKIXCertPathCheckers * Initialize number of remainingCACerts. * Note that -1 maxPathLen implies unlimited. * 0 implies only an EE cert is acceptable. /* Initialize explicit policy state variable */ // unconstrained if maxPathLen is -1, // otherwise, we want to initialize this to the value of the // longest possible path + 1 (i.e. maxpathlen + finalcert + 1) /* Initialize policy mapping state variable */ /* Initialize inhibit any policy state variable */ /* Initialize certIndex */ /* Initialize policy tree */ * Initialize each user-defined checker /* Shallow copy the checkers */ /* initialize each checker (just in case) */ /* Start by trusting the cert to sign CRLs */ * Update the state with the specified trust anchor. * @param anchor the most-trusted CA // The user specified AlgorithmChecker may not be // able to set the trust anchor until now. * Update the state. This method is used when the most-trusted CA is * a trusted public-key and caName, instead of a trusted cert. * @param pubKey the public key of the trusted CA * @param subjectDN the subject distinguished name of the trusted CA /* update subject public key */ * Update the state with the next certificate added to the path. * @param cert the certificate which is used to update the state /* check for key needing to inherit alg parameters */ /* update subject public key */ * if this is a trusted cert (init == true), then we * don't update any of the remaining fields /* update subject key identifier */ /* update current name constraints */ // Make sure we do a clone here, because we're probably // going to modify this object later and we don't want to // be sharing it with a Certificate object! /* update policy state variables */ * Update remaining CA certs * Returns a boolean flag indicating if a key lacking necessary key * algorithm parameters has been encountered. * @return boolean flag indicating if key lacking parameters encountered. /* when building in reverse, we immediately get parameters needed * or else throw an exception * Clone current state. The state is cloned as each cert is * added to the path. This is necessary if backtracking occurs, * and a prior state needs to be restored. * Note that this is a SMART clone. Not all fields are fully copied, * because some of them (e.g., subjKeyId) will * not have their contents modified by subsequent calls to updateState. /* clone checkers, if cloneable */ /* make copy of name constraints */ /* make copy of policy tree */