1 /* CertPathValidator -- validates certificate paths.
2 Copyright (C) 2003, 2004 Free Software Foundation, Inc.
4 This file is part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2, or (at your option)
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; see the file COPYING. If not, write to the
18 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
39 package java
.security
.cert
;
41 import gnu
.java
.security
.Engine
;
43 import java
.security
.AccessController
;
44 import java
.security
.InvalidAlgorithmParameterException
;
45 import java
.security
.NoSuchAlgorithmException
;
46 import java
.security
.NoSuchProviderException
;
47 import java
.security
.PrivilegedAction
;
48 import java
.security
.Provider
;
49 import java
.security
.Security
;
52 * Generic interface to classes that validate certificate paths.
54 * <p>Using this class is similar to all the provider-based security
55 * classes; the method of interest, {@link
56 * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)},
57 * which takes provider-specific implementations of {@link
58 * CertPathParameters}, and return provider-specific implementations of
59 * {@link CertPathValidatorResult}.
64 public class CertPathValidator
{
66 // Constants and fields.
67 // ------------------------------------------------------------------------
69 /** Service name for CertPathValidator. */
70 private static final String CERT_PATH_VALIDATOR
= "CertPathValidator";
72 /** The underlying implementation. */
73 private final CertPathValidatorSpi validatorSpi
;
75 /** The provider of this implementation. */
76 private final Provider provider
;
78 /** The algorithm's name. */
79 private final String algorithm
;
82 // ------------------------------------------------------------------------
85 * Creates a new CertPathValidator.
87 * @param validatorSpi The underlying implementation.
88 * @param provider The provider of the implementation.
89 * @param algorithm The algorithm name.
91 protected CertPathValidator(CertPathValidatorSpi validatorSpi
,
92 Provider provider
, String algorithm
)
94 this.validatorSpi
= validatorSpi
;
95 this.provider
= provider
;
96 this.algorithm
= algorithm
;
100 // ------------------------------------------------------------------------
103 * Returns the default validator type.
105 * <p>This value may be set at run-time via the security property
106 * "certpathvalidator.type", or the value "PKIX" if this property is
109 * @return The default validator type.
111 public static synchronized String
getDefaultType() {
112 String type
= (String
) AccessController
.doPrivileged(
113 new PrivilegedAction()
117 return Security
.getProperty("certpathvalidator.type");
127 * Get an instance of the given validator from the first provider that
130 * @param algorithm The name of the algorithm to get.
131 * @return The new instance.
132 * @throws NoSuchAlgorithmException If no installed provider
133 * implements the requested algorithm.
135 public static CertPathValidator
getInstance(String algorithm
)
136 throws NoSuchAlgorithmException
138 Provider
[] p
= Security
.getProviders();
139 for (int i
= 0; i
< p
.length
; i
++)
143 return getInstance(algorithm
, p
[i
]);
145 catch (NoSuchAlgorithmException e
)
150 throw new NoSuchAlgorithmException(algorithm
);
154 * Get an instance of the given validator from the named provider.
156 * @param algorithm The name of the algorithm to get.
157 * @param provider The name of the provider from which to get the
159 * @return The new instance.
160 * @throws NoSuchAlgorithmException If the named provider does not
161 * implement the algorithm.
162 * @throws NoSuchProviderException If no provider named
163 * <i>provider</i> is installed.
165 public static CertPathValidator
getInstance(String algorithm
,
167 throws NoSuchAlgorithmException
, NoSuchProviderException
169 Provider p
= Security
.getProvider(provider
);
171 throw new NoSuchProviderException(provider
);
173 return getInstance(algorithm
, p
);
177 * Get an instance of the given validator from the given provider.
179 * @param algorithm The name of the algorithm to get.
180 * @param provider The provider from which to get the implementation.
181 * @return The new instance.
182 * @throws NoSuchAlgorithmException If the provider does not implement
184 * @throws IllegalArgumentException If <i>provider</i> is null.
186 public static CertPathValidator
getInstance(String algorithm
,
188 throws NoSuchAlgorithmException
190 if (provider
== null)
191 throw new IllegalArgumentException("null provider");
195 return new CertPathValidator((CertPathValidatorSpi
)
196 Engine
.getInstance(CERT_PATH_VALIDATOR
, algorithm
, provider
),
197 provider
, algorithm
);
199 catch (java
.lang
.reflect
.InvocationTargetException ite
)
201 throw new NoSuchAlgorithmException(algorithm
);
203 catch (ClassCastException cce
)
205 throw new NoSuchAlgorithmException(algorithm
);
210 // ------------------------------------------------------------------------
213 * Return the name of this validator.
215 * @return This validator's name.
217 public final String
getAlgorithm()
223 * Return the provider of this implementation.
225 * @return The provider.
227 public final Provider
getProvider()
233 * Attempt to validate a certificate path.
235 * @param certPath The path to validate.
236 * @param params The algorithm-specific parameters.
237 * @return The result of this validation attempt.
238 * @throws CertPathValidatorException If the certificate path cannot
240 * @throws InvalidAlgorithmParameterException If this implementation
241 * rejects the specified parameters.
243 public final CertPathValidatorResult
validate(CertPath certPath
,
244 CertPathParameters params
)
245 throws CertPathValidatorException
, InvalidAlgorithmParameterException
247 return validatorSpi
.engineValidate(certPath
, params
);