Source for java.security.cert.PKIXCertPathChecker

   1: /* PKIXCertPathChecker.java -- checks X.509 certificate paths.
   2:    Copyright (C) 2003 Free Software Foundation, Inc.
   3: 
   4: This file is part of GNU Classpath.
   5: 
   6: GNU Classpath is free software; you can redistribute it and/or modify
   7: it under the terms of the GNU General Public License as published by
   8: the Free Software Foundation; either version 2, or (at your option)
   9: any later version.
  10: 
  11: GNU Classpath is distributed in the hope that it will be useful, but
  12: WITHOUT ANY WARRANTY; without even the implied warranty of
  13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14: General Public License for more details.
  15: 
  16: You should have received a copy of the GNU General Public License
  17: along with GNU Classpath; see the file COPYING.  If not, write to the
  18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  19: 02110-1301 USA.
  20: 
  21: Linking this library statically or dynamically with other modules is
  22: making a combined work based on this library.  Thus, the terms and
  23: conditions of the GNU General Public License cover the whole
  24: combination.
  25: 
  26: As a special exception, the copyright holders of this library give you
  27: permission to link this library with independent modules to produce an
  28: executable, regardless of the license terms of these independent
  29: modules, and to copy and distribute the resulting executable under
  30: terms of your choice, provided that you also meet, for each linked
  31: independent module, the terms and conditions of the license of that
  32: module.  An independent module is a module which is not derived from
  33: or based on this library.  If you modify this library, you may extend
  34: this exception to your version of the library, but you are not
  35: obligated to do so.  If you do not wish to do so, delete this
  36: exception statement from your version. */
  37: 
  38: 
  39: package java.security.cert;
  40: 
  41: import java.util.Collection;
  42: import java.util.Set;
  43: 
  44: /**
  45:  * A validator for X.509 certificates when approving certificate chains.
  46:  *
  47:  * <p>Concrete subclasses can be passed to the {@link
  48:  * PKIXParameters#setCertPathCheckers(java.util.List)} and {@link
  49:  * PKIXParameters#addCertPathChecker(java.security.cert.PKIXCertPathChecker)}
  50:  * methods, which are then used to set up PKIX certificate chain
  51:  * builders or validators. These classes then call the {@link
  52:  * #check(java.security.cert.Certificate,java.util.Collection)} method
  53:  * of this class, performing whatever checks on the certificate,
  54:  * throwing an exception if any check fails.
  55:  *
  56:  * <p>Subclasses of this must be able to perform their checks in the
  57:  * backward direction -- from the most-trusted certificate to the target
  58:  * -- and may optionally support forward checking -- from the target to
  59:  * the most-trusted certificate.
  60:  *
  61:  * @see PKIXParameters
  62:  * @since 1.4
  63:  */
  64: public abstract class PKIXCertPathChecker implements Cloneable
  65: {
  66: 
  67:   // Constructor.
  68:   // ------------------------------------------------------------------------
  69: 
  70:   /** Default constructor. */
  71:   protected PKIXCertPathChecker()
  72:   {
  73:     super();
  74:   }
  75: 
  76:   // Cloneable interface.
  77:   // ------------------------------------------------------------------------
  78: 
  79:   public Object clone()
  80:   {
  81:     try
  82:       {
  83:         return super.clone();
  84:       }
  85:     catch (CloneNotSupportedException cnse)
  86:       {
  87:         throw new InternalError(cnse.getMessage());
  88:       }
  89:   }
  90: 
  91:   // Abstract methods.
  92:   // ------------------------------------------------------------------------
  93: 
  94:   /**
  95:    * Initialize this PKIXCertPathChecker. If subclasses support forward
  96:    * checking, a value of true can be passed to this method, and
  97:    * certificates can be validated from the target certificate to the
  98:    * most-trusted certifcate.
  99:    *
 100:    * @param forward The direction of this PKIXCertPathChecker.
 101:    * @throws CertPathValidatorException If <i>forward</i> is true and
 102:    *         this class does not support forward checking.
 103:    */
 104:   public abstract void init(boolean forward) throws CertPathValidatorException;
 105: 
 106:   /**
 107:    * Returns whether or not this class supports forward checking.
 108:    *
 109:    * @return Whether or not this class supports forward checking.
 110:    */
 111:   public abstract boolean isForwardCheckingSupported();
 112: 
 113:   /**
 114:    * Returns an immutable set of X.509 extension object identifiers (OIDs)
 115:    * supported by this PKIXCertPathChecker.
 116:    *
 117:    * @return An immutable set of Strings of the supported X.509 OIDs, or
 118:    *         null if no extensions are supported.
 119:    */
 120:   public abstract Set<String> getSupportedExtensions();
 121: 
 122:   /**
 123:    * Checks a certificate, removing any critical extensions that are
 124:    * resolved in this check.
 125:    *
 126:    * @param cert               The certificate to check.
 127:    * @param unresolvedCritExts The (mutable) collection of as-of-yet
 128:    *        unresolved critical extensions, as OID strings.
 129:    * @throws CertPathValidatorException If this certificate fails this
 130:    *         check.
 131:    */
 132:   public abstract void check(Certificate cert, Collection<String> unresolvedCritExts)
 133:   throws CertPathValidatorException;
 134: }