| Frames | No Frames |
1: /* CertPathValidator -- validates certificate paths. 2: Copyright (C) 2003, 2004 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: 39: package java.security.cert; 40: 41: import gnu.java.lang.CPStringBuilder; 42: 43: import gnu.java.security.Engine; 44: 45: import java.lang.reflect.InvocationTargetException; 46: import java.security.AccessController; 47: import java.security.InvalidAlgorithmParameterException; 48: import java.security.NoSuchAlgorithmException; 49: import java.security.NoSuchProviderException; 50: import java.security.PrivilegedAction; 51: import java.security.Provider; 52: import java.security.Security; 53: 54: /** 55: * Generic interface to classes that validate certificate paths. 56: * 57: * <p>Using this class is similar to all the provider-based security 58: * classes; the method of interest, {@link 59: * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}, 60: * which takes provider-specific implementations of {@link 61: * CertPathParameters}, and return provider-specific implementations of 62: * {@link CertPathValidatorResult}. 63: * 64: * @since JDK 1.4 65: * @see CertPath 66: */ 67: public class CertPathValidator { 68: 69: // Constants and fields. 70: // ------------------------------------------------------------------------ 71: 72: /** Service name for CertPathValidator. */ 73: private static final String CERT_PATH_VALIDATOR = "CertPathValidator"; 74: 75: /** The underlying implementation. */ 76: private final CertPathValidatorSpi validatorSpi; 77: 78: /** The provider of this implementation. */ 79: private final Provider provider; 80: 81: /** The algorithm's name. */ 82: private final String algorithm; 83: 84: // Constructor. 85: // ------------------------------------------------------------------------ 86: 87: /** 88: * Creates a new CertPathValidator. 89: * 90: * @param validatorSpi The underlying implementation. 91: * @param provider The provider of the implementation. 92: * @param algorithm The algorithm name. 93: */ 94: protected CertPathValidator(CertPathValidatorSpi validatorSpi, 95: Provider provider, String algorithm) 96: { 97: this.validatorSpi = validatorSpi; 98: this.provider = provider; 99: this.algorithm = algorithm; 100: } 101: 102: // Class methods. 103: // ------------------------------------------------------------------------ 104: 105: /** 106: * Returns the default validator type. 107: * 108: * <p>This value may be set at run-time via the security property 109: * "certpathvalidator.type", or the value "PKIX" if this property is 110: * not set. 111: * 112: * @return The default validator type. 113: */ 114: public static synchronized String getDefaultType() { 115: String type = (String) AccessController.doPrivileged( 116: new PrivilegedAction() 117: { 118: public Object run() 119: { 120: return Security.getProperty("certpathvalidator.type"); 121: } 122: } 123: ); 124: if (type == null) 125: type = "PKIX"; 126: return type; 127: } 128: 129: /** 130: * Returns an instance of the given validator from the first provider that 131: * implements it. 132: * 133: * @param algorithm The name of the algorithm to get. 134: * @return The new instance. 135: * @throws NoSuchAlgorithmException If no installed provider implements the 136: * requested algorithm. 137: * @throws IllegalArgumentException if <code>algorithm</code> is 138: * <code>null</code> or is an empty string. 139: */ 140: public static CertPathValidator getInstance(String algorithm) 141: throws NoSuchAlgorithmException 142: { 143: Provider[] p = Security.getProviders(); 144: NoSuchAlgorithmException lastException = null; 145: for (int i = 0; i < p.length; i++) 146: try 147: { 148: return getInstance(algorithm, p[i]); 149: } 150: catch (NoSuchAlgorithmException x) 151: { 152: lastException = x; 153: } 154: if (lastException != null) 155: throw lastException; 156: throw new NoSuchAlgorithmException(algorithm); 157: } 158: 159: /** 160: * Returns an instance of the given validator from the named provider. 161: * 162: * @param algorithm The name of the algorithm to get. 163: * @param provider The name of the provider from which to get the 164: * implementation. 165: * @return The new instance. 166: * @throws NoSuchAlgorithmException If the named provider does not implement 167: * the algorithm. 168: * @throws NoSuchProviderException If no provider named <i>provider</i> is 169: * installed. 170: * @throws IllegalArgumentException if either <code>algorithm</code> or 171: * <code>provider</code> is <code>null</code>, or if 172: * <code>algorithm</code> is an empty string. 173: */ 174: public static CertPathValidator getInstance(String algorithm, String provider) 175: throws NoSuchAlgorithmException, NoSuchProviderException 176: { 177: if (provider == null) 178: throw new IllegalArgumentException("provider MUST NOT be null"); 179: Provider p = Security.getProvider(provider); 180: if (p == null) 181: throw new NoSuchProviderException(provider); 182: return getInstance(algorithm, p); 183: } 184: 185: /** 186: * Returns an instance of the given validator from the given provider. 187: * 188: * @param algorithm The name of the algorithm to get. 189: * @param provider The provider from which to get the implementation. 190: * @return The new instance. 191: * @throws NoSuchAlgorithmException If the provider does not implement the 192: * algorithm. 193: * @throws IllegalArgumentException if either <code>algorithm</code> or 194: * <code>provider</code> is <code>null</code>, or if 195: * <code>algorithm</code> is an empty string. 196: */ 197: public static CertPathValidator getInstance(String algorithm, 198: Provider provider) 199: throws NoSuchAlgorithmException 200: { 201: CPStringBuilder sb = new CPStringBuilder("CertPathValidator for algorithm [") 202: .append(algorithm).append("] from provider[") 203: .append(provider).append("] could not be created"); 204: Throwable cause; 205: try 206: { 207: Object spi = Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider); 208: return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm); 209: } 210: catch (InvocationTargetException x) 211: { 212: cause = x.getCause(); 213: if (cause instanceof NoSuchAlgorithmException) 214: throw (NoSuchAlgorithmException) cause; 215: if (cause == null) 216: cause = x; 217: } 218: catch (ClassCastException x) 219: { 220: cause = x; 221: } 222: NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); 223: x.initCause(cause); 224: throw x; 225: } 226: 227: /** 228: * Return the name of this validator. 229: * 230: * @return This validator's name. 231: */ 232: public final String getAlgorithm() 233: { 234: return algorithm; 235: } 236: 237: /** 238: * Return the provider of this implementation. 239: * 240: * @return The provider. 241: */ 242: public final Provider getProvider() 243: { 244: return provider; 245: } 246: 247: /** 248: * Attempt to validate a certificate path. 249: * 250: * @param certPath The path to validate. 251: * @param params The algorithm-specific parameters. 252: * @return The result of this validation attempt. 253: * @throws CertPathValidatorException If the certificate path cannot 254: * be validated. 255: * @throws InvalidAlgorithmParameterException If this implementation 256: * rejects the specified parameters. 257: */ 258: public final CertPathValidatorResult validate(CertPath certPath, 259: CertPathParameters params) 260: throws CertPathValidatorException, InvalidAlgorithmParameterException 261: { 262: return validatorSpi.engineValidate(certPath, params); 263: } 264: }