Source for java.security.cert.CertPathValidator

   1: /* CertPathValidator -- validates certificate paths.
   2:    Copyright (C) 2003, 2004  Free Software Foundation, Inc.
   3: 
   4: This file is part of GNU Classpath.
   5: 
   6: GNU Classpath is free software; you can redistribute it and/or modify
   7: it under the terms of the GNU General Public License as published by
   8: the Free Software Foundation; either version 2, or (at your option)
   9: any later version.
  10: 
  11: GNU Classpath is distributed in the hope that it will be useful, but
  12: WITHOUT ANY WARRANTY; without even the implied warranty of
  13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14: General Public License for more details.
  15: 
  16: You should have received a copy of the GNU General Public License
  17: along with GNU Classpath; see the file COPYING.  If not, write to the
  18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  19: 02110-1301 USA.
  20: 
  21: Linking this library statically or dynamically with other modules is
  22: making a combined work based on this library.  Thus, the terms and
  23: conditions of the GNU General Public License cover the whole
  24: combination.
  25: 
  26: As a special exception, the copyright holders of this library give you
  27: permission to link this library with independent modules to produce an
  28: executable, regardless of the license terms of these independent
  29: modules, and to copy and distribute the resulting executable under
  30: terms of your choice, provided that you also meet, for each linked
  31: independent module, the terms and conditions of the license of that
  32: module.  An independent module is a module which is not derived from
  33: or based on this library.  If you modify this library, you may extend
  34: this exception to your version of the library, but you are not
  35: obligated to do so.  If you do not wish to do so, delete this
  36: exception statement from your version. */
  37: 
  38: 
  39: package java.security.cert;
  40: 
  41: import gnu.java.lang.CPStringBuilder;
  42: 
  43: import gnu.java.security.Engine;
  44: 
  45: import java.lang.reflect.InvocationTargetException;
  46: import java.security.AccessController;
  47: import java.security.InvalidAlgorithmParameterException;
  48: import java.security.NoSuchAlgorithmException;
  49: import java.security.NoSuchProviderException;
  50: import java.security.PrivilegedAction;
  51: import java.security.Provider;
  52: import java.security.Security;
  53: 
  54: /**
  55:  * Generic interface to classes that validate certificate paths.
  56:  *
  57:  * <p>Using this class is similar to all the provider-based security
  58:  * classes; the method of interest, {@link
  59:  * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)},
  60:  * which takes provider-specific implementations of {@link
  61:  * CertPathParameters}, and return provider-specific implementations of
  62:  * {@link CertPathValidatorResult}.
  63:  *
  64:  * @since JDK 1.4
  65:  * @see CertPath
  66:  */
  67: public class CertPathValidator {
  68: 
  69:   // Constants and fields.
  70:   // ------------------------------------------------------------------------
  71: 
  72:   /** Service name for CertPathValidator. */
  73:   private static final String CERT_PATH_VALIDATOR = "CertPathValidator";
  74: 
  75:   /** The underlying implementation. */
  76:   private final CertPathValidatorSpi validatorSpi;
  77: 
  78:   /** The provider of this implementation. */
  79:   private final Provider provider;
  80: 
  81:   /** The algorithm's name. */
  82:   private final String algorithm;
  83: 
  84:   // Constructor.
  85:   // ------------------------------------------------------------------------
  86: 
  87:   /**
  88:    * Creates a new CertPathValidator.
  89:    *
  90:    * @param validatorSpi The underlying implementation.
  91:    * @param provider     The provider of the implementation.
  92:    * @param algorithm    The algorithm name.
  93:    */
  94:   protected CertPathValidator(CertPathValidatorSpi validatorSpi,
  95:                               Provider provider, String algorithm)
  96:   {
  97:     this.validatorSpi = validatorSpi;
  98:     this.provider = provider;
  99:     this.algorithm = algorithm;
 100:   }
 101: 
 102:   // Class methods.
 103:   // ------------------------------------------------------------------------
 104: 
 105:   /**
 106:    * Returns the default validator type.
 107:    *
 108:    * <p>This value may be set at run-time via the security property
 109:    * "certpathvalidator.type", or the value "PKIX" if this property is
 110:    * not set.
 111:    *
 112:    * @return The default validator type.
 113:    */
 114:   public static synchronized String getDefaultType() {
 115:     String type = (String) AccessController.doPrivileged(
 116:       new PrivilegedAction()
 117:         {
 118:           public Object run()
 119:           {
 120:             return Security.getProperty("certpathvalidator.type");
 121:           }
 122:         }
 123:     );
 124:     if (type == null)
 125:       type = "PKIX";
 126:     return type;
 127:   }
 128: 
 129:   /**
 130:    * Returns an instance of the given validator from the first provider that
 131:    * implements it.
 132:    *
 133:    * @param algorithm The name of the algorithm to get.
 134:    * @return The new instance.
 135:    * @throws NoSuchAlgorithmException If no installed provider implements the
 136:    *           requested algorithm.
 137:    * @throws IllegalArgumentException if <code>algorithm</code> is
 138:    *           <code>null</code> or is an empty string.
 139:    */
 140:   public static CertPathValidator getInstance(String algorithm)
 141:     throws NoSuchAlgorithmException
 142:   {
 143:     Provider[] p = Security.getProviders();
 144:     NoSuchAlgorithmException lastException = null;
 145:     for (int i = 0; i < p.length; i++)
 146:       try
 147:         {
 148:           return getInstance(algorithm, p[i]);
 149:         }
 150:       catch (NoSuchAlgorithmException x)
 151:         {
 152:           lastException = x;
 153:         }
 154:     if (lastException != null)
 155:       throw lastException;
 156:     throw new NoSuchAlgorithmException(algorithm);
 157:   }
 158: 
 159:   /**
 160:    * Returns an instance of the given validator from the named provider.
 161:    *
 162:    * @param algorithm The name of the algorithm to get.
 163:    * @param provider The name of the provider from which to get the
 164:    *          implementation.
 165:    * @return The new instance.
 166:    * @throws NoSuchAlgorithmException If the named provider does not implement
 167:    *           the algorithm.
 168:    * @throws NoSuchProviderException If no provider named <i>provider</i> is
 169:    *           installed.
 170:    * @throws IllegalArgumentException if either <code>algorithm</code> or
 171:    *           <code>provider</code> is <code>null</code>, or if
 172:    *           <code>algorithm</code> is an empty string.
 173:    */
 174:   public static CertPathValidator getInstance(String algorithm, String provider)
 175:       throws NoSuchAlgorithmException, NoSuchProviderException
 176:   {
 177:     if (provider == null)
 178:       throw new IllegalArgumentException("provider MUST NOT be null");
 179:     Provider p = Security.getProvider(provider);
 180:     if (p == null)
 181:       throw new NoSuchProviderException(provider);
 182:     return getInstance(algorithm, p);
 183:   }
 184: 
 185:   /**
 186:    * Returns an instance of the given validator from the given provider.
 187:    *
 188:    * @param algorithm The name of the algorithm to get.
 189:    * @param provider The provider from which to get the implementation.
 190:    * @return The new instance.
 191:    * @throws NoSuchAlgorithmException If the provider does not implement the
 192:    *           algorithm.
 193:    * @throws IllegalArgumentException if either <code>algorithm</code> or
 194:    *           <code>provider</code> is <code>null</code>, or if
 195:    *           <code>algorithm</code> is an empty string.
 196:    */
 197:   public static CertPathValidator getInstance(String algorithm,
 198:                                               Provider provider)
 199:     throws NoSuchAlgorithmException
 200:   {
 201:     CPStringBuilder sb = new CPStringBuilder("CertPathValidator for algorithm [")
 202:         .append(algorithm).append("] from provider[")
 203:         .append(provider).append("] could not be created");
 204:     Throwable cause;
 205:     try
 206:       {
 207:         Object spi = Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider);
 208:         return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm);
 209:       }
 210:     catch (InvocationTargetException x)
 211:       {
 212:         cause = x.getCause();
 213:         if (cause instanceof NoSuchAlgorithmException)
 214:           throw (NoSuchAlgorithmException) cause;
 215:         if (cause == null)
 216:           cause = x;
 217:       }
 218:     catch (ClassCastException x)
 219:       {
 220:         cause = x;
 221:       }
 222:     NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
 223:     x.initCause(cause);
 224:     throw x;
 225:   }
 226: 
 227:   /**
 228:    * Return the name of this validator.
 229:    *
 230:    * @return This validator's name.
 231:    */
 232:   public final String getAlgorithm()
 233:   {
 234:     return algorithm;
 235:   }
 236: 
 237:   /**
 238:    * Return the provider of this implementation.
 239:    *
 240:    * @return The provider.
 241:    */
 242:   public final Provider getProvider()
 243:   {
 244:     return provider;
 245:   }
 246: 
 247:   /**
 248:    * Attempt to validate a certificate path.
 249:    *
 250:    * @param certPath The path to validate.
 251:    * @param params   The algorithm-specific parameters.
 252:    * @return The result of this validation attempt.
 253:    * @throws CertPathValidatorException If the certificate path cannot
 254:    * be validated.
 255:    * @throws InvalidAlgorithmParameterException If this implementation
 256:    * rejects the specified parameters.
 257:    */
 258:   public final CertPathValidatorResult validate(CertPath certPath,
 259:                                                 CertPathParameters params)
 260:     throws CertPathValidatorException, InvalidAlgorithmParameterException
 261:   {
 262:     return validatorSpi.engineValidate(certPath, params);
 263:   }
 264: }