1 /* CertPathValidator -- validates certificate paths.
2    Copyright (C) 2003, 2004  Free Software Foundation, Inc.
3 
4 This file is part of GNU Classpath.
5 
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2, or (at your option)
9 any later version.
10 
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 General Public License for more details.
15 
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; see the file COPYING.  If not, write to the
18 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
19 02110-1301 USA.
20 
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library.  Thus, the terms and
23 conditions of the GNU General Public License cover the whole
24 combination.
25 
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module.  An independent module is a module which is not derived from
33 or based on this library.  If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so.  If you do not wish to do so, delete this
36 exception statement from your version. */
37 
38 
39 package java.security.cert;
40 
41 import gnu.java.security.Engine;
42 
43 import java.security.AccessController;
44 import java.security.InvalidAlgorithmParameterException;
45 import java.security.NoSuchAlgorithmException;
46 import java.security.NoSuchProviderException;
47 import java.security.PrivilegedAction;
48 import java.security.Provider;
49 import java.security.Security;
50 
51 /**
52  * Generic interface to classes that validate certificate paths.
53  *
54  * <p>Using this class is similar to all the provider-based security
55  * classes; the method of interest, {@link
56  * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)},
57  * which takes provider-specific implementations of {@link
58  * CertPathParameters}, and return provider-specific implementations of
59  * {@link CertPathValidatorResult}.
60  *
61  * @since JDK 1.4
62  * @see CertPath
63  */
64 public class CertPathValidator {
65 
66   // Constants and fields.
67   // ------------------------------------------------------------------------
68 
69   /** Service name for CertPathValidator. */
70   private static final String CERT_PATH_VALIDATOR = "CertPathValidator";
71 
72   /** The underlying implementation. */
73   private final CertPathValidatorSpi validatorSpi;
74 
75   /** The provider of this implementation. */
76   private final Provider provider;
77 
78   /** The algorithm's name. */
79   private final String algorithm;
80 
81   // Constructor.
82   // ------------------------------------------------------------------------
83 
84   /**
85    * Creates a new CertPathValidator.
86    *
87    * @param validatorSpi The underlying implementation.
88    * @param provider     The provider of the implementation.
89    * @param algorithm    The algorithm name.
90    */
CertPathValidator(CertPathValidatorSpi validatorSpi, Provider provider, String algorithm)91   protected CertPathValidator(CertPathValidatorSpi validatorSpi,
92                               Provider provider, String algorithm)
93   {
94     this.validatorSpi = validatorSpi;
95     this.provider = provider;
96     this.algorithm = algorithm;
97   }
98 
99   // Class methods.
100   // ------------------------------------------------------------------------
101 
102   /**
103    * Returns the default validator type.
104    *
105    * <p>This value may be set at run-time via the security property
106    * "certpathvalidator.type", or the value "PKIX" if this property is
107    * not set.
108    *
109    * @return The default validator type.
110    */
getDefaultType()111   public static synchronized String getDefaultType() {
112     String type = (String) AccessController.doPrivileged(
113       new PrivilegedAction()
114         {
115           public Object run()
116           {
117             return Security.getProperty("certpathvalidator.type");
118           }
119         }
120     );
121     if (type == null)
122       type = "PKIX";
123     return type;
124   }
125 
126   /**
127    * Get an instance of the given validator from the first provider that
128    * implements it.
129    *
130    * @param algorithm The name of the algorithm to get.
131    * @return The new instance.
132    * @throws NoSuchAlgorithmException If no installed provider
133    * implements the requested algorithm.
134    */
getInstance(String algorithm)135   public static CertPathValidator getInstance(String algorithm)
136     throws NoSuchAlgorithmException
137   {
138     Provider[] p = Security.getProviders();
139     for (int i = 0; i < p.length; i++)
140       {
141         try
142           {
143             return getInstance(algorithm, p[i]);
144           }
145         catch (NoSuchAlgorithmException e)
146           {
147 	    // Ignored.
148           }
149       }
150     throw new NoSuchAlgorithmException(algorithm);
151   }
152 
153   /**
154    * Get an instance of the given validator from the named provider.
155    *
156    * @param algorithm The name of the algorithm to get.
157    * @param provider  The name of the provider from which to get the
158    * implementation.
159    * @return The new instance.
160    * @throws NoSuchAlgorithmException If the named provider does not
161    * implement the algorithm.
162    * @throws NoSuchProviderException If no provider named
163    * <i>provider</i> is installed.
164    */
getInstance(String algorithm, String provider)165   public static CertPathValidator getInstance(String algorithm,
166                                               String provider)
167     throws NoSuchAlgorithmException, NoSuchProviderException
168   {
169     Provider p = Security.getProvider(provider);
170     if (p == null)
171       throw new NoSuchProviderException(provider);
172 
173     return getInstance(algorithm, p);
174   }
175 
176   /**
177    * Get an instance of the given validator from the given provider.
178    *
179    * @param algorithm The name of the algorithm to get.
180    * @param provider  The provider from which to get the implementation.
181    * @return The new instance.
182    * @throws NoSuchAlgorithmException If the provider does not implement
183    * the algorithm.
184    * @throws IllegalArgumentException If <i>provider</i> is null.
185    */
getInstance(String algorithm, Provider provider)186   public static CertPathValidator getInstance(String algorithm,
187                                               Provider provider)
188     throws NoSuchAlgorithmException
189   {
190     if (provider == null)
191       throw new IllegalArgumentException("null provider");
192 
193     try
194       {
195         return new CertPathValidator((CertPathValidatorSpi)
196           Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider),
197           provider, algorithm);
198       }
199     catch (java.lang.reflect.InvocationTargetException ite)
200       {
201         throw new NoSuchAlgorithmException(algorithm);
202       }
203     catch (ClassCastException cce)
204       {
205         throw new NoSuchAlgorithmException(algorithm);
206       }
207   }
208 
209   // Instance methods.
210   // ------------------------------------------------------------------------
211 
212   /**
213    * Return the name of this validator.
214    *
215    * @return This validator's name.
216    */
getAlgorithm()217   public final String getAlgorithm()
218   {
219     return algorithm;
220   }
221 
222   /**
223    * Return the provider of this implementation.
224    *
225    * @return The provider.
226    */
getProvider()227   public final Provider getProvider()
228   {
229     return provider;
230   }
231 
232   /**
233    * Attempt to validate a certificate path.
234    *
235    * @param certPath The path to validate.
236    * @param params   The algorithm-specific parameters.
237    * @return The result of this validation attempt.
238    * @throws CertPathValidatorException If the certificate path cannot
239    * be validated.
240    * @throws InvalidAlgorithmParameterException If this implementation
241    * rejects the specified parameters.
242    */
validate(CertPath certPath, CertPathParameters params)243   public final CertPathValidatorResult validate(CertPath certPath,
244                                                 CertPathParameters params)
245     throws CertPathValidatorException, InvalidAlgorithmParameterException
246   {
247     return validatorSpi.engineValidate(certPath, params);
248   }
249 }
250