001    /* CertPathValidator -- validates certificate paths.
002       Copyright (C) 2003, 2004  Free Software Foundation, Inc.
003    
004    This file is part of GNU Classpath.
005    
006    GNU Classpath is free software; you can redistribute it and/or modify
007    it under the terms of the GNU General Public License as published by
008    the Free Software Foundation; either version 2, or (at your option)
009    any later version.
010     
011    GNU Classpath is distributed in the hope that it will be useful, but
012    WITHOUT ANY WARRANTY; without even the implied warranty of
013    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014    General Public License for more details.
015    
016    You should have received a copy of the GNU General Public License
017    along with GNU Classpath; see the file COPYING.  If not, write to the
018    Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
019    02110-1301 USA.
020    
021    Linking this library statically or dynamically with other modules is
022    making a combined work based on this library.  Thus, the terms and
023    conditions of the GNU General Public License cover the whole
024    combination.
025    
026    As a special exception, the copyright holders of this library give you
027    permission to link this library with independent modules to produce an
028    executable, regardless of the license terms of these independent
029    modules, and to copy and distribute the resulting executable under
030    terms of your choice, provided that you also meet, for each linked
031    independent module, the terms and conditions of the license of that
032    module.  An independent module is a module which is not derived from
033    or based on this library.  If you modify this library, you may extend
034    this exception to your version of the library, but you are not
035    obligated to do so.  If you do not wish to do so, delete this
036    exception statement from your version. */
037    
038    
039    package java.security.cert;
040    
041    import gnu.java.lang.CPStringBuilder;
042    
043    import gnu.java.security.Engine;
044    
045    import java.lang.reflect.InvocationTargetException;
046    import java.security.AccessController;
047    import java.security.InvalidAlgorithmParameterException;
048    import java.security.NoSuchAlgorithmException;
049    import java.security.NoSuchProviderException;
050    import java.security.PrivilegedAction;
051    import java.security.Provider;
052    import java.security.Security;
053    
054    /**
055     * Generic interface to classes that validate certificate paths.
056     *
057     * <p>Using this class is similar to all the provider-based security
058     * classes; the method of interest, {@link
059     * #validate(java.security.cert.CertPath,java.security.cert.CertPathParameters)},
060     * which takes provider-specific implementations of {@link
061     * CertPathParameters}, and return provider-specific implementations of
062     * {@link CertPathValidatorResult}.
063     *
064     * @since JDK 1.4
065     * @see CertPath
066     */
067    public class CertPathValidator {
068    
069      // Constants and fields.
070      // ------------------------------------------------------------------------
071    
072      /** Service name for CertPathValidator. */
073      private static final String CERT_PATH_VALIDATOR = "CertPathValidator";
074    
075      /** The underlying implementation. */
076      private final CertPathValidatorSpi validatorSpi;
077    
078      /** The provider of this implementation. */
079      private final Provider provider;
080    
081      /** The algorithm's name. */
082      private final String algorithm;
083    
084      // Constructor.
085      // ------------------------------------------------------------------------
086    
087      /**
088       * Creates a new CertPathValidator.
089       *
090       * @param validatorSpi The underlying implementation.
091       * @param provider     The provider of the implementation.
092       * @param algorithm    The algorithm name.
093       */
094      protected CertPathValidator(CertPathValidatorSpi validatorSpi,
095                                  Provider provider, String algorithm)
096      {
097        this.validatorSpi = validatorSpi;
098        this.provider = provider;
099        this.algorithm = algorithm;
100      }
101    
102      // Class methods.
103      // ------------------------------------------------------------------------
104    
105      /**
106       * Returns the default validator type.
107       *
108       * <p>This value may be set at run-time via the security property
109       * "certpathvalidator.type", or the value "PKIX" if this property is
110       * not set.
111       *
112       * @return The default validator type.
113       */
114      public static synchronized String getDefaultType() {
115        String type = (String) AccessController.doPrivileged(
116          new PrivilegedAction()
117            {
118              public Object run()
119              {
120                return Security.getProperty("certpathvalidator.type");
121              }
122            }
123        );
124        if (type == null)
125          type = "PKIX";
126        return type;
127      }
128    
129      /**
130       * Returns an instance of the given validator from the first provider that
131       * implements it.
132       * 
133       * @param algorithm The name of the algorithm to get.
134       * @return The new instance.
135       * @throws NoSuchAlgorithmException If no installed provider implements the
136       *           requested algorithm.
137       * @throws IllegalArgumentException if <code>algorithm</code> is
138       *           <code>null</code> or is an empty string.
139       */
140      public static CertPathValidator getInstance(String algorithm)
141        throws NoSuchAlgorithmException
142      {
143        Provider[] p = Security.getProviders();
144        NoSuchAlgorithmException lastException = null;
145        for (int i = 0; i < p.length; i++)
146          try
147            {
148              return getInstance(algorithm, p[i]);
149            }
150          catch (NoSuchAlgorithmException x)
151            {
152              lastException = x;
153            }
154        if (lastException != null)
155          throw lastException;
156        throw new NoSuchAlgorithmException(algorithm);
157      }
158    
159      /**
160       * Returns an instance of the given validator from the named provider.
161       * 
162       * @param algorithm The name of the algorithm to get.
163       * @param provider The name of the provider from which to get the
164       *          implementation.
165       * @return The new instance.
166       * @throws NoSuchAlgorithmException If the named provider does not implement
167       *           the algorithm.
168       * @throws NoSuchProviderException If no provider named <i>provider</i> is
169       *           installed.
170       * @throws IllegalArgumentException if either <code>algorithm</code> or
171       *           <code>provider</code> is <code>null</code>, or if
172       *           <code>algorithm</code> is an empty string.
173       */
174      public static CertPathValidator getInstance(String algorithm, String provider)
175          throws NoSuchAlgorithmException, NoSuchProviderException
176      {
177        if (provider == null)
178          throw new IllegalArgumentException("provider MUST NOT be null");
179        Provider p = Security.getProvider(provider);
180        if (p == null)
181          throw new NoSuchProviderException(provider);
182        return getInstance(algorithm, p);
183      }
184    
185      /**
186       * Returns an instance of the given validator from the given provider.
187       * 
188       * @param algorithm The name of the algorithm to get.
189       * @param provider The provider from which to get the implementation.
190       * @return The new instance.
191       * @throws NoSuchAlgorithmException If the provider does not implement the
192       *           algorithm.
193       * @throws IllegalArgumentException if either <code>algorithm</code> or
194       *           <code>provider</code> is <code>null</code>, or if
195       *           <code>algorithm</code> is an empty string.
196       */
197      public static CertPathValidator getInstance(String algorithm,
198                                                  Provider provider)
199        throws NoSuchAlgorithmException
200      {
201        CPStringBuilder sb = new CPStringBuilder("CertPathValidator for algorithm [")
202            .append(algorithm).append("] from provider[")
203            .append(provider).append("] could not be created");
204        Throwable cause;
205        try
206          {
207            Object spi = Engine.getInstance(CERT_PATH_VALIDATOR, algorithm, provider);
208            return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm);
209          }
210        catch (InvocationTargetException x)
211          {
212            cause = x.getCause();
213            if (cause instanceof NoSuchAlgorithmException)
214              throw (NoSuchAlgorithmException) cause;
215            if (cause == null)
216              cause = x;
217          }
218        catch (ClassCastException x)
219          {
220            cause = x;
221          }
222        NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString());
223        x.initCause(cause);
224        throw x;
225      }
226    
227      /**
228       * Return the name of this validator.
229       *
230       * @return This validator's name.
231       */
232      public final String getAlgorithm()
233      {
234        return algorithm;
235      }
236    
237      /**
238       * Return the provider of this implementation.
239       *
240       * @return The provider.
241       */
242      public final Provider getProvider()
243      {
244        return provider;
245      }
246    
247      /**
248       * Attempt to validate a certificate path.
249       *
250       * @param certPath The path to validate.
251       * @param params   The algorithm-specific parameters.
252       * @return The result of this validation attempt.
253       * @throws CertPathValidatorException If the certificate path cannot
254       * be validated.
255       * @throws InvalidAlgorithmParameterException If this implementation
256       * rejects the specified parameters.
257       */
258      public final CertPathValidatorResult validate(CertPath certPath,
259                                                    CertPathParameters params)
260        throws CertPathValidatorException, InvalidAlgorithmParameterException
261      {
262        return validatorSpi.engineValidate(certPath, params);
263      }
264    }