libjava/java/security/cert/CertPathValidator.java

   1 /* CertPathValidator -- validates certificate paths.
   2    Copyright (C) 2003, 2004  Free Software Foundation, Inc.
   3
   4 This file is part of GNU Classpath.
   5
   6 GNU Classpath is free software; you can redistribute it and/or modify
   7 it under the terms of the GNU General Public License as published by
   8 the Free Software Foundation; either version 2, or (at your option)
   9 any later version.
  10
  11 GNU Classpath is distributed in the hope that it will be useful, but
  12 WITHOUT ANY WARRANTY; without even the implied warranty of
  13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14 General Public License for more details.
  15
  16 You should have received a copy of the GNU General Public License
  17 along with GNU Classpath; see the file COPYING.  If not, write to the
  18 Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
  19 02111-1307 USA.
  20
  21 Linking this library statically or dynamically with other modules is
  22 making a combined work based on this library.  Thus, the terms and
  23 conditions of the GNU General Public License cover the whole
  24 combination.
  25
  26 As a special exception, the copyright holders of this library give you
  27 permission to link this library with independent modules to produce an
  28 executable, regardless of the license terms of these independent
  29 modules, and to copy and distribute the resulting executable under
  30 terms of your choice, provided that you also meet, for each linked
  31 independent module, the terms and conditions of the license of that
  32 module.  An independent module is a module which is not derived from
  33 or based on this library.  If you modify this library, you may extend
  34 this exception to your version of the library, but you are not
  35 obligated to do so.  If you do not wish to do so, delete this
  36 exception statement from your version. */
  37
  38
  39 package java.security.cert;
  40
  41 import gnu.java.security.Engine;
  42
  43 import java.security.AccessController;
  44 import java.security.InvalidAlgorithmParameterException;
  45 import java.security.NoSuchAlgorithmException;
  46 import java.security.NoSuchProviderException;
  47 import java.security.PrivilegedAction;
  48 import java.security.Provider;
  49 import java.security.Security;
  50
  51 /**
  52  * Generic interface to classes that validate certificate paths.
  53  *
  54  * <p>Using this class is similar to all the provider-based security
  55  * classes; the method of interest, {@link
  56  * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)},
  57  * which takes provider-specific implementations of {@link
  58  * CertPathParameters}, and return provider-specific implementations of
  59  * {@link CertPathValidatorResult}.
  60  *
  61  * @since JDK 1.4
  62  * @see CertPath
  63  */
  64 public class CertPathValidator {
  65
  66   // Constants and fields.
  67   // ------------------------------------------------------------------------
  68
  69   /** Service name for CertPathValidator. */
  70   private static final String CERT_PATH_VALIDATOR = "CertPathValidator";
  71
  72   /** The underlying implementation. */
  73   private final CertPathValidatorSpi validatorSpi;
  74
  75   /** The provider of this implementation. */
  76   private final Provider provider;
  77
  78   /** The algorithm's name. */
  79   private final String algorithm;
  80
  81   // Constructor.
  82   // ------------------------------------------------------------------------
  83
  84   /**
  85    * Creates a new CertPathValidator.
  86    *
  87    * @param validatorSpi The underlying implementation.
  88    * @param provider     The provider of the implementation.
  89    * @param algorithm    The algorithm name.
  90    */
  91   protected CertPathValidator(CertPathValidatorSpi validatorSpi,
  92                               Provider provider, String algorithm)
  93   {
  94     this.validatorSpi = validatorSpi;
  95     this.provider = provider;
  96     this.algorithm = algorithm;
  97   }
  98
  99   // Class methods.
 100   // ------------------------------------------------------------------------
 101
 102   /**
 103    * Returns the default validator type.
 104    *
 105    * <p>This value may be set at run-time via the security property
 106    * "certpathvalidator.type", or the value "PKIX" if this property is
 107    * not set.
 108    *
 109    * @return The default validator type.
 110    */
 111   public static synchronized String getDefaultType() {
 112     String type = (String) AccessController.doPrivileged(
 113       new PrivilegedAction()
 114         {
 115           public Object run()
 116           {
 117             return Security.getProperty("certpathvalidator.type");
 118           }
 119         }
 120     );
 121     if (type == null)
 122       type = "PKIX";
 123     return type;
 124   }
 125
 126   /**
 127    * Get an instance of the given validator from the first provider that
 128    * implements it.
 129    *
 130    * @param algorithm The name of the algorithm to get.
 131    * @return The new instance.
 132    * @throws NoSuchAlgorithmException If no installed provider
 133    * implements the requested algorithm.
 134    */
 135   public static CertPathValidator getInstance(String algorithm)
 136     throws NoSuchAlgorithmException
 137   {
 138     Provider[] p = Security.getProviders();
 139     for (int i = 0; i < p.length; i++)
 140       {
 141         try
 142           {
 143             return getInstance(algorithm, p[i]);
 144           }
 145         catch (NoSuchAlgorithmException e)
 146           {
 147             // Ignored.
 148           }
 149       }
 150     throw new NoSuchAlgorithmException(algorithm);
 151   }
 152
 153   /**
 154    * Get an instance of the given validator from the named provider.
 155    *
 156    * @param algorithm The name of the algorithm to get.
 157    * @param provider  The name of the provider from which to get the
 158    * implementation.
 159    * @return The new instance.
 160    * @throws NoSuchAlgorithmException If the named provider does not
 161    * implement the algorithm.
 162    * @throws NoSuchProviderException If no provider named
 163    * <i>provider</i> is installed.
 164    */
 165   public static CertPathValidator getInstance(String algorithm,
 166                                               String provider)
 167     throws NoSuchAlgorithmException, NoSuchProviderException
 168   {
 169     Provider p = Security.getProvider(provider);
 170     if (p == null)
 171       throw new NoSuchProviderException(provider);
 172
 173     return getInstance(algorithm, p);
 174   }
 175
 176   /**
 177    * Get an instance of the given validator from the given provider.
 178    *
 179    * @param algorithm The name of the algorithm to get.
 180    * @param provider  The provider from which to get the implementation.
 181    * @return The new instance.
 182    * @throws NoSuchAlgorithmException If the provider does not implement
 183    * the algorithm.
 184    * @throws IllegalArgumentException If <i>provider</i> is null.
 185    */
 186   public static CertPathValidator getInstance(String algorithm,
 187                                               Provider provider)
 188     throws NoSuchAlgorithmException
 189   {
 190     if (provider == null)
 191       throw new IllegalArgumentException("null provider");
 192
 193     try
 194       {
 195         return new CertPathValidator((CertPathValidatorSpi)
 196           Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider),
 197           provider, algorithm);
 198       }
 199     catch (java.lang.reflect.InvocationTargetException ite)
 200       {
 201         throw new NoSuchAlgorithmException(algorithm);
 202       }
 203     catch (ClassCastException cce)
 204       {
 205         throw new NoSuchAlgorithmException(algorithm);
 206       }
 207   }
 208
 209   // Instance methods.
 210   // ------------------------------------------------------------------------
 211
 212   /**
 213    * Return the name of this validator.
 214    *
 215    * @return This validator's name.
 216    */
 217   public final String getAlgorithm()
 218   {
 219     return algorithm;
 220   }
 221
 222   /**
 223    * Return the provider of this implementation.
 224    *
 225    * @return The provider.
 226    */
 227   public final Provider getProvider()
 228   {
 229     return provider;
 230   }
 231
 232   /**
 233    * Attempt to validate a certificate path.
 234    *
 235    * @param certPath The path to validate.
 236    * @param params   The algorithm-specific parameters.
 237    * @return The result of this validation attempt.
 238    * @throws CertPathValidatorException If the certificate path cannot
 239    * be validated.
 240    * @throws InvalidAlgorithmParameterException If this implementation
 241    * rejects the specified parameters.
 242    */
 243   public final CertPathValidatorResult validate(CertPath certPath,
 244                                                 CertPathParameters params)
 245     throws CertPathValidatorException, InvalidAlgorithmParameterException
 246   {
 247     return validatorSpi.engineValidate(certPath, params);
 248   }
 249 }