Set userInitialPolicySet = paramsPKIX.getInitialPolicies();
// (d)
TrustAnchor trust;
trust = CertPathValidatorUtilities.findTrustAnchor((X509Certificate) certs.get(certs.size() - 1),
paramsPKIX.getTrustAnchors(), paramsPKIX.getSigProvider());
catch (AnnotatedException e)
throw new CertPathValidatorException(e.getMessage(), e, certPath, certs.size() - 1);
if (trust == null)
throw new CertPathValidatorException("Trust anchor for certification path not found.", null, certPath, -1);
// (e), (f), (g) are part of the paramsPKIX object.
Iterator certIter;
int index = 0;
int i;
// Certificate for each interation of the validation loop
// Signature information for each iteration of the validation loop
// 6.1.2 - setup
// (a)
List[] policyNodes = new ArrayList[n + 1];
for (int j = 0; j < policyNodes.length; j++)
policyNodes[j] = new ArrayList();
Set policySet = new HashSet();
PKIXPolicyNode validPolicyTree = new PKIXPolicyNode(new ArrayList(), 0, policySet, null, new HashSet(),
RFC3280CertPathUtilities.ANY_POLICY, false);
// (b) and (c)
PKIXNameConstraintValidator nameConstraintValidator = new PKIXNameConstraintValidator();
// (d)
int explicitPolicy;
Set acceptablePolicies = new HashSet();
if (paramsPKIX.isExplicitPolicyRequired())
explicitPolicy = 0;
explicitPolicy = n + 1;
// (e)
int inhibitAnyPolicy;
if (paramsPKIX.isAnyPolicyInhibited())
inhibitAnyPolicy = 0;
inhibitAnyPolicy = n + 1;
// (f)
int policyMapping;
if (paramsPKIX.isPolicyMappingInhibited())
policyMapping = 0;
policyMapping = n + 1;
// (g), (h), (i), (j)
PublicKey workingPublicKey;
X500Principal workingIssuerName;
X509Certificate sign = trust.getTrustedCert();
if (sign != null)
workingIssuerName = CertPathValidatorUtilities.getSubjectPrincipal(sign);
workingPublicKey = sign.getPublicKey();
workingIssuerName = new X500Principal(trust.getCAName());
workingPublicKey = trust.getCAPublicKey();
catch (IllegalArgumentException ex)
throw new ExtCertPathValidatorException("Subject of trust anchor could not be (re)encoded.", ex, certPath,