1 /* CertPathValidator -- validates certificate paths. 2 Copyright (C) 2003, 2004 Free Software Foundation, Inc. 3 4 This file is part of GNU Classpath. 5 6 GNU Classpath is free software; you can redistribute it and/or modify 7 it under the terms of the GNU General Public License as published by 8 the Free Software Foundation; either version 2, or (at your option) 9 any later version. 10 11 GNU Classpath is distributed in the hope that it will be useful, but 12 WITHOUT ANY WARRANTY; without even the implied warranty of 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 General Public License for more details. 15 16 You should have received a copy of the GNU General Public License 17 along with GNU Classpath; see the file COPYING. If not, write to the 18 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19 02110-1301 USA. 20 21 Linking this library statically or dynamically with other modules is 22 making a combined work based on this library. Thus, the terms and 23 conditions of the GNU General Public License cover the whole 24 combination. 25 26 As a special exception, the copyright holders of this library give you 27 permission to link this library with independent modules to produce an 28 executable, regardless of the license terms of these independent 29 modules, and to copy and distribute the resulting executable under 30 terms of your choice, provided that you also meet, for each linked 31 independent module, the terms and conditions of the license of that 32 module. An independent module is a module which is not derived from 33 or based on this library. If you modify this library, you may extend 34 this exception to your version of the library, but you are not 35 obligated to do so. If you do not wish to do so, delete this 36 exception statement from your version. */ 37 38 39 package java.security.cert; 40 41 import gnu.java.security.Engine; 42 43 import java.security.AccessController; 44 import java.security.InvalidAlgorithmParameterException; 45 import java.security.NoSuchAlgorithmException; 46 import java.security.NoSuchProviderException; 47 import java.security.PrivilegedAction; 48 import java.security.Provider; 49 import java.security.Security; 50 51 /** 52 * Generic interface to classes that validate certificate paths. 53 * 54 * <p>Using this class is similar to all the provider-based security 55 * classes; the method of interest, {@link 56 * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)}, 57 * which takes provider-specific implementations of {@link 58 * CertPathParameters}, and return provider-specific implementations of 59 * {@link CertPathValidatorResult}. 60 * 61 * @since JDK 1.4 62 * @see CertPath 63 */ 64 public class CertPathValidator { 65 66 // Constants and fields. 67 // ------------------------------------------------------------------------ 68 69 /** Service name for CertPathValidator. */ 70 private static final String CERT_PATH_VALIDATOR = "CertPathValidator"; 71 72 /** The underlying implementation. */ 73 private final CertPathValidatorSpi validatorSpi; 74 75 /** The provider of this implementation. */ 76 private final Provider provider; 77 78 /** The algorithm's name. */ 79 private final String algorithm; 80 81 // Constructor. 82 // ------------------------------------------------------------------------ 83 84 /** 85 * Creates a new CertPathValidator. 86 * 87 * @param validatorSpi The underlying implementation. 88 * @param provider The provider of the implementation. 89 * @param algorithm The algorithm name. 90 */ CertPathValidator(CertPathValidatorSpi validatorSpi, Provider provider, String algorithm)91 protected CertPathValidator(CertPathValidatorSpi validatorSpi, 92 Provider provider, String algorithm) 93 { 94 this.validatorSpi = validatorSpi; 95 this.provider = provider; 96 this.algorithm = algorithm; 97 } 98 99 // Class methods. 100 // ------------------------------------------------------------------------ 101 102 /** 103 * Returns the default validator type. 104 * 105 * <p>This value may be set at run-time via the security property 106 * "certpathvalidator.type", or the value "PKIX" if this property is 107 * not set. 108 * 109 * @return The default validator type. 110 */ getDefaultType()111 public static synchronized String getDefaultType() { 112 String type = (String) AccessController.doPrivileged( 113 new PrivilegedAction() 114 { 115 public Object run() 116 { 117 return Security.getProperty("certpathvalidator.type"); 118 } 119 } 120 ); 121 if (type == null) 122 type = "PKIX"; 123 return type; 124 } 125 126 /** 127 * Get an instance of the given validator from the first provider that 128 * implements it. 129 * 130 * @param algorithm The name of the algorithm to get. 131 * @return The new instance. 132 * @throws NoSuchAlgorithmException If no installed provider 133 * implements the requested algorithm. 134 */ getInstance(String algorithm)135 public static CertPathValidator getInstance(String algorithm) 136 throws NoSuchAlgorithmException 137 { 138 Provider[] p = Security.getProviders(); 139 for (int i = 0; i < p.length; i++) 140 { 141 try 142 { 143 return getInstance(algorithm, p[i]); 144 } 145 catch (NoSuchAlgorithmException e) 146 { 147 // Ignored. 148 } 149 } 150 throw new NoSuchAlgorithmException(algorithm); 151 } 152 153 /** 154 * Get an instance of the given validator from the named provider. 155 * 156 * @param algorithm The name of the algorithm to get. 157 * @param provider The name of the provider from which to get the 158 * implementation. 159 * @return The new instance. 160 * @throws NoSuchAlgorithmException If the named provider does not 161 * implement the algorithm. 162 * @throws NoSuchProviderException If no provider named 163 * <i>provider</i> is installed. 164 */ getInstance(String algorithm, String provider)165 public static CertPathValidator getInstance(String algorithm, 166 String provider) 167 throws NoSuchAlgorithmException, NoSuchProviderException 168 { 169 Provider p = Security.getProvider(provider); 170 if (p == null) 171 throw new NoSuchProviderException(provider); 172 173 return getInstance(algorithm, p); 174 } 175 176 /** 177 * Get an instance of the given validator from the given provider. 178 * 179 * @param algorithm The name of the algorithm to get. 180 * @param provider The provider from which to get the implementation. 181 * @return The new instance. 182 * @throws NoSuchAlgorithmException If the provider does not implement 183 * the algorithm. 184 * @throws IllegalArgumentException If <i>provider</i> is null. 185 */ getInstance(String algorithm, Provider provider)186 public static CertPathValidator getInstance(String algorithm, 187 Provider provider) 188 throws NoSuchAlgorithmException 189 { 190 if (provider == null) 191 throw new IllegalArgumentException("null provider"); 192 193 try 194 { 195 return new CertPathValidator((CertPathValidatorSpi) 196 Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider), 197 provider, algorithm); 198 } 199 catch (java.lang.reflect.InvocationTargetException ite) 200 { 201 throw new NoSuchAlgorithmException(algorithm); 202 } 203 catch (ClassCastException cce) 204 { 205 throw new NoSuchAlgorithmException(algorithm); 206 } 207 } 208 209 // Instance methods. 210 // ------------------------------------------------------------------------ 211 212 /** 213 * Return the name of this validator. 214 * 215 * @return This validator's name. 216 */ getAlgorithm()217 public final String getAlgorithm() 218 { 219 return algorithm; 220 } 221 222 /** 223 * Return the provider of this implementation. 224 * 225 * @return The provider. 226 */ getProvider()227 public final Provider getProvider() 228 { 229 return provider; 230 } 231 232 /** 233 * Attempt to validate a certificate path. 234 * 235 * @param certPath The path to validate. 236 * @param params The algorithm-specific parameters. 237 * @return The result of this validation attempt. 238 * @throws CertPathValidatorException If the certificate path cannot 239 * be validated. 240 * @throws InvalidAlgorithmParameterException If this implementation 241 * rejects the specified parameters. 242 */ validate(CertPath certPath, CertPathParameters params)243 public final CertPathValidatorResult validate(CertPath certPath, 244 CertPathParameters params) 245 throws CertPathValidatorException, InvalidAlgorithmParameterException 246 { 247 return validatorSpi.engineValidate(certPath, params); 248 } 249 } 250