001 /* CertPathValidator -- validates certificate paths.
002 Copyright (C) 2003, 2004 Free Software Foundation, Inc.
003
004 This file is part of GNU Classpath.
005
006 GNU Classpath is free software; you can redistribute it and/or modify
007 it under the terms of the GNU General Public License as published by
008 the Free Software Foundation; either version 2, or (at your option)
009 any later version.
010
011 GNU Classpath is distributed in the hope that it will be useful, but
012 WITHOUT ANY WARRANTY; without even the implied warranty of
013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014 General Public License for more details.
015
016 You should have received a copy of the GNU General Public License
017 along with GNU Classpath; see the file COPYING. If not, write to the
018 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
019 02110-1301 USA.
020
021 Linking this library statically or dynamically with other modules is
022 making a combined work based on this library. Thus, the terms and
023 conditions of the GNU General Public License cover the whole
024 combination.
025
026 As a special exception, the copyright holders of this library give you
027 permission to link this library with independent modules to produce an
028 executable, regardless of the license terms of these independent
029 modules, and to copy and distribute the resulting executable under
030 terms of your choice, provided that you also meet, for each linked
031 independent module, the terms and conditions of the license of that
032 module. An independent module is a module which is not derived from
033 or based on this library. If you modify this library, you may extend
034 this exception to your version of the library, but you are not
035 obligated to do so. If you do not wish to do so, delete this
036 exception statement from your version. */
037
038
039 package java.security.cert;
040
041 import gnu.java.lang.CPStringBuilder;
042
043 import gnu.java.security.Engine;
044
045 import java.lang.reflect.InvocationTargetException;
046 import java.security.AccessController;
047 import java.security.InvalidAlgorithmParameterException;
048 import java.security.NoSuchAlgorithmException;
049 import java.security.NoSuchProviderException;
050 import java.security.PrivilegedAction;
051 import java.security.Provider;
052 import java.security.Security;
053
054 /**
055 * Generic interface to classes that validate certificate paths.
056 *
057 * <p>Using this class is similar to all the provider-based security
058 * classes; the method of interest, {@link
059 * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)},
060 * which takes provider-specific implementations of {@link
061 * CertPathParameters}, and return provider-specific implementations of
062 * {@link CertPathValidatorResult}.
063 *
064 * @since JDK 1.4
065 * @see CertPath
066 */
067 public class CertPathValidator {
068
069 // Constants and fields.
070 // ------------------------------------------------------------------------
071
072 /** Service name for CertPathValidator. */
073 private static final String CERT_PATH_VALIDATOR = "CertPathValidator";
074
075 /** The underlying implementation. */
076 private final CertPathValidatorSpi validatorSpi;
077
078 /** The provider of this implementation. */
079 private final Provider provider;
080
081 /** The algorithm's name. */
082 private final String algorithm;
083
084 // Constructor.
085 // ------------------------------------------------------------------------
086
087 /**
088 * Creates a new CertPathValidator.
089 *
090 * @param validatorSpi The underlying implementation.
091 * @param provider The provider of the implementation.
092 * @param algorithm The algorithm name.
093 */
094 protected CertPathValidator(CertPathValidatorSpi validatorSpi,
095 Provider provider, String algorithm)
096 {
097 this.validatorSpi = validatorSpi;
098 this.provider = provider;
099 this.algorithm = algorithm;
100 }
101
102 // Class methods.
103 // ------------------------------------------------------------------------
104
105 /**
106 * Returns the default validator type.
107 *
108 * <p>This value may be set at run-time via the security property
109 * "certpathvalidator.type", or the value "PKIX" if this property is
110 * not set.
111 *
112 * @return The default validator type.
113 */
114 public static synchronized String getDefaultType() {
115 String type = (String) AccessController.doPrivileged(
116 new PrivilegedAction()
117 {
118 public Object run()
119 {
120 return Security.getProperty("certpathvalidator.type");
121 }
122 }
123 );
124 if (type == null)
125 type = "PKIX";
126 return type;
127 }
128
129 /**
130 * Returns an instance of the given validator from the first provider that
131 * implements it.
132 *
133 * @param algorithm The name of the algorithm to get.
134 * @return The new instance.
135 * @throws NoSuchAlgorithmException If no installed provider implements the
136 * requested algorithm.
137 * @throws IllegalArgumentException if <code>algorithm</code> is
138 * <code>null</code> or is an empty string.
139 */
140 public static CertPathValidator getInstance(String algorithm)
141 throws NoSuchAlgorithmException
142 {
143 Provider[] p = Security.getProviders();
144 NoSuchAlgorithmException lastException = null;
145 for (int i = 0; i < p.length; i++)
146 try
147 {
148 return getInstance(algorithm, p[i]);
149 }
150 catch (NoSuchAlgorithmException x)
151 {
152 lastException = x;
153 }
154 if (lastException != null)
155 throw lastException;
156 throw new NoSuchAlgorithmException(algorithm);
157 }
158
159 /**
160 * Returns an instance of the given validator from the named provider.
161 *
162 * @param algorithm The name of the algorithm to get.
163 * @param provider The name of the provider from which to get the
164 * implementation.
165 * @return The new instance.
166 * @throws NoSuchAlgorithmException If the named provider does not implement
167 * the algorithm.
168 * @throws NoSuchProviderException If no provider named <i>provider</i> is
169 * installed.
170 * @throws IllegalArgumentException if either <code>algorithm</code> or
171 * <code>provider</code> is <code>null</code>, or if
172 * <code>algorithm</code> is an empty string.
173 */
174 public static CertPathValidator getInstance(String algorithm, String provider)
175 throws NoSuchAlgorithmException, NoSuchProviderException
176 {
177 if (provider == null)
178 throw new IllegalArgumentException("provider MUST NOT be null");
179 Provider p = Security.getProvider(provider);
180 if (p == null)
181 throw new NoSuchProviderException(provider);
182 return getInstance(algorithm, p);
183 }
184
185 /**
186 * Returns an instance of the given validator from the given provider.
187 *
188 * @param algorithm The name of the algorithm to get.
189 * @param provider The provider from which to get the implementation.
190 * @return The new instance.
191 * @throws NoSuchAlgorithmException If the provider does not implement the
192 * algorithm.
193 * @throws IllegalArgumentException if either <code>algorithm</code> or
194 * <code>provider</code> is <code>null</code>, or if
195 * <code>algorithm</code> is an empty string.
196 */
197 public static CertPathValidator getInstance(String algorithm,
198 Provider provider)
199 throws NoSuchAlgorithmException
200 {
201 CPStringBuilder sb = new CPStringBuilder("CertPathValidator for algorithm [")
202 .append(algorithm).append("] from provider[")
203 .append(provider).append("] could not be created");
204 Throwable cause;
205 try
206 {
207 Object spi = Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider);
208 return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm);
209 }
210 catch (InvocationTargetException x)
211 {
212 cause = x.getCause();
213 if (cause instanceof NoSuchAlgorithmException)
214 throw (NoSuchAlgorithmException) cause;
215 if (cause == null)
216 cause = x;
217 }
218 catch (ClassCastException x)
219 {
220 cause = x;
221 }
222 NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
223 x.initCause(cause);
224 throw x;
225 }
226
227 /**
228 * Return the name of this validator.
229 *
230 * @return This validator's name.
231 */
232 public final String getAlgorithm()
233 {
234 return algorithm;
235 }
236
237 /**
238 * Return the provider of this implementation.
239 *
240 * @return The provider.
241 */
242 public final Provider getProvider()
243 {
244 return provider;
245 }
246
247 /**
248 * Attempt to validate a certificate path.
249 *
250 * @param certPath The path to validate.
251 * @param params The algorithm-specific parameters.
252 * @return The result of this validation attempt.
253 * @throws CertPathValidatorException If the certificate path cannot
254 * be validated.
255 * @throws InvalidAlgorithmParameterException If this implementation
256 * rejects the specified parameters.
257 */
258 public final CertPathValidatorResult validate(CertPath certPath,
259 CertPathParameters params)
260 throws CertPathValidatorException, InvalidAlgorithmParameterException
261 {
262 return validatorSpi.engineValidate(certPath, params);
263 }
264 }