diff options
Diffstat (limited to 'libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java')
| -rw-r--r-- | libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java | 770 |
1 files changed, 0 insertions, 770 deletions
diff --git a/libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java b/libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java deleted file mode 100644 index 3c55d7e49..000000000 --- a/libraries/spongycastle/core/src/main/jdk1.1/java/security/cert/PKIXParameters.java +++ /dev/null @@ -1,770 +0,0 @@ -package java.security.cert; - -import java.security.InvalidAlgorithmParameterException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Date; -import java.util.Enumeration; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -/** - * Parameters used as input for the PKIX CertPathValidator algorithm.<br /> - * <br /> - * A PKIX <code>CertPathValidator</code> uses these parameters to validate a - * <code>CertPath</code> according to the PKIX certification path validation - * algorithm.<br /> - * <br /> - * To instantiate a <code>PKIXParameters</code> object, an application must specify - * one or more <i>most-trusted CAs</i> as defined by the PKIX certification - * path validation algorithm. The most-trusted CAs can be specified - * using one of two constructors. An application can call - * {@link #PKIXParameters(Set)}, specifying a Set of <code>TrustAnchor</code> objects, each - * of which identify a most-trusted CA. Alternatively, an application - * can call {@link #PKIXParameters(KeyStore)}, specifying a <code>KeyStore</code> instance - * containing trusted certificate entries, each of which will be - * considered as a most-trusted CA.<br /> - * <br /> - * Once a <code>PKIXParameters</code> object has been created, other parameters can - * be specified (by calling {@link #setInitialPolicies} or {@link #setDate}, for - * instance) and then the <code>PKIXParameters</code> is passed along with the - * <code>CertPath</code> to be validated to {@link CertPathValidator#validate}.<br /> - * <br /> - * Any parameter that is not set (or is set to null) will be set to the - * default value for that parameter. The default value for the date - * parameter is null, which indicates the current time when the path is - * validated. The default for the remaining parameters is the least - * constrained.<br /> - * <br /> - * <b>Concurrent Access</b><br /> - * <br /> - * Unless otherwise specified, the methods defined in this class are - * not thread-safe. Multiple threads that need to access a single - * object concurrently should synchronize amongst themselves and - * provide the necessary locking. Multiple threads each manipulating - * separate objects need not synchronize. - * - * @see CertPathValidator - **/ -public class PKIXParameters implements CertPathParameters { - private Set trustAnchors; - private Set initialPolicies = new HashSet(); - private List certStores = new ArrayList(); - private CertSelector certSelector; - private List certPathCheckers = new ArrayList(); - private boolean revocationEnabled = true; - private boolean explicitPolicyRequired = false; - private boolean policyMappingInhibited = false; - private boolean anyPolicyInhibited = false; - private boolean policyQualifiersRejected = true; - private Date date; - private String sigProvider; - - /** - * Creates an instance of PKIXParameters with the specified - * Set of most-trusted CAs. Each element of the set is a - * TrustAnchor.<br /> - * <br /> - * Note that the Set is copied to protect against subsequent - * modifications. - * - * @param trustAnchors a Set of TrustAnchors - * - * @exception InvalidAlgorithmParameterException if the - * specified Set is empty <code>(trustAnchors.isEmpty() == true)</code> - * @exception NullPointerException if the specified Set is <code>null</code> - * @exception ClassCastException if any of the elements in the - * Set are not of type - * <code>java.security.cert.TrustAnchor</code> - **/ - public PKIXParameters(Set trustAnchors) - throws InvalidAlgorithmParameterException - { - setTrustAnchors( trustAnchors ); - } - - /** - * Creates an instance of PKIXParameters that populates the - * set of most-trusted CAs from the trusted certificate - * entries contained in the specified KeyStore. Only keystore - * entries that contain trusted X509Certificates are - * considered; all other certificate types are ignored. - * - * @param keystore a KeyStore from which the set of - * most-trusted CAs will be populated - * - * @exception KeyStoreException if the keystore has not been - * initialized - * @exception InvalidAlgorithmParameterException if the keystore - * does not contain at least one trusted certificate entry - * @exception NullPointerException if the keystore is null - **/ - public PKIXParameters(KeyStore keystore) - throws KeyStoreException, - InvalidAlgorithmParameterException - { - if ( keystore == null ) - throw new NullPointerException( "the keystore parameter must be non-null" ); - - Set trustAnchors = new HashSet(); - String alias; - Certificate cert; - Enumeration enum = keystore.aliases(); - while ( enum.hasMoreElements() ) { - alias = (String)enum.nextElement(); - if ( keystore.isCertificateEntry( alias ) ) { - cert = keystore.getCertificate( alias ); - if ( cert instanceof X509Certificate ) - trustAnchors.add( new TrustAnchor( (X509Certificate)cert, null ) ); - } - } - setTrustAnchors( trustAnchors ); - } - - /** - * Returns an immutable Set of the most-trusted CAs. - * - * @return an immutable <code>Set</code> of - * <code>TrustAnchors</code> (never <code>null</code>) - * - * @see #setTrustAnchors - **/ - public Set getTrustAnchors() - { - return Collections.unmodifiableSet(trustAnchors); - } - - /** - * Sets the Set of most-trusted CAs.<br /> - * <br /> - * Note that the Set is copied to protect against subsequent - * modifications.<br /> - * <br /> - * @param trustAnchors a Set of TrustAnchors - * - * @exception InvalidAlgorithmParameterException if the specified Set is empty <code>(trustAnchors.isEmpty() == true)</code> - * @exception NullPointerException if the specified Set is <code>null</code> - * @exception ClassCastException if any of the elements in - * the set are not of type java.security.cert.TrustAnchor - * - * @see #getTrustAnchors - **/ - public void setTrustAnchors(Set trustAnchors) - throws InvalidAlgorithmParameterException - { - if ( trustAnchors == null ) - throw new NullPointerException("the trustAnchors parameter must be non-null"); - if ( trustAnchors.isEmpty() ) - throw new InvalidAlgorithmParameterException("the trustAnchors parameter must be non-empty"); - - Iterator iter = trustAnchors.iterator(); - TrustAnchor obj; - this.trustAnchors = new HashSet(); - while( iter.hasNext() ) { - obj = (TrustAnchor)iter.next(); - if ( obj != null ) { - this .trustAnchors.add( obj ); - } - } - } - - /** - * Returns an immutable Set of initial policy identifiers (OID - * strings), indicating that any one of these policies would - * be acceptable to the certificate user for the purposes of - * certification path processing. The default return value is - * an empty <code>Set</code>, which is interpreted as meaning that any - * policy would be acceptable. - * - * @return an immutable <code>Set</code> of initial policy - * OIDs in String format, or an empty <code>Set</code> (implying any policy - * is acceptable). Never returns <code>null</code>. - * - * @see #setInitialPolicies(java.util.Set) - **/ - public Set getInitialPolicies() - { - Set returnSet = initialPolicies; - if ( initialPolicies == null ) - returnSet = new HashSet(); - - return Collections.unmodifiableSet( returnSet ); - } - - /** - * Sets the <code>Set</code> of initial policy identifiers (OID strings), - * indicating that any one of these policies would be - * acceptable to the certificate user for the purposes of - * certification path processing. By default, any policy is - * acceptable (i.e. all policies), so a user that wants to - * allow any policy as acceptable does not need to call this - * method, or can call it with an empty <code>Set</code> (or <code>null</code>).<br /> - * <br /> - * Note that the Set is copied to protect against subsequent - * modifications.<br /> - * <br /> - * @param initialPolicies a Set of initial policy OIDs in String format (or <code>null</code>) - * - * @exception ClassCastException if any of the elements in the - * set are not of type String - * - * @see #getInitialPolicies() - **/ - public void setInitialPolicies(Set initialPolicies) - { - if ( initialPolicies == null || initialPolicies.isEmpty() ) - { - this.initialPolicies = null; - } - else - { - Iterator iter = initialPolicies.iterator(); - this.initialPolicies = new HashSet(); - String obj; - while ( iter.hasNext() ) - { - obj = (String)iter.next(); - if ( obj != null ) { - this.initialPolicies.add( obj ); - } - } - } - } - - /** - * Sets the list of CertStores to be used in finding - * certificates and CRLs. May be null, in which case no - * CertStores will be used. The first CertStores in the list - * may be preferred to those that appear later.<br /> - * <br /> - * Note that the List is copied to protect against subsequent - * modifications.<br /> - * <br /> - * @param stores a List of CertStores (or <code>null</code>) - * - * @exception ClassCastException if any of the elements in the - * list are not of type <code>java.security.cert.CertStore</code> - * - * @see #getCertStores() - **/ - public void setCertStores(List stores) - { - certStores = new ArrayList(); - if ( stores != null && ! stores.isEmpty() ) - { - Iterator iter = stores.iterator(); - CertStore obj; - while ( iter.hasNext() ) - { - obj = (CertStore)iter.next(); - if ( obj != null ) - { - certStores.add( obj ); - } - } - } - } - - /** - * Adds a CertStore to the end of the list of CertStores used - * in finding certificates and CRLs. - * - * @param store the <code>CertStore</code> to add. If - * <code>null</code<, the store is ignored (not added to - * list). - **/ - public void addCertStore(CertStore store) - { - if ( store != null ) - certStores.add( store ); - } - - /** - * Returns an immutable List of CertStores that are used to - * find certificates and CRLs. - * - * @return an immutable List of CertStores (may be empty, but never <code>null</code>) - * - * @see #setCertStores(java.util.List) - **/ - public List getCertStores() - { - return Collections.unmodifiableList(certStores); - } - - /** - * Sets the RevocationEnabled flag. If this flag is true, the default - * revocation checking mechanism of the underlying PKIX service provider - * will be used. If this flag is false, the default revocation checking - * mechanism will be disabled (not used).<br /> - * <br /> - * When a <code>PKIXParameters</code> object is created, this flag is set - * to true. This setting reflects the most common strategy for checking - * revocation, since each service provider must support revocation - * checking to be PKIX compliant. Sophisticated applications should set - * this flag to false when it is not practical to use a PKIX service - * provider's default revocation checking mechanism or when an alternative - * revocation checking mechanism is to be substituted (by also calling the - * {@link #addCertPathChecker addCertPathChecker} or {@link - * #setCertPathCheckers setCertPathCheckers} methods). - * - * @param val the new value of the RevocationEnabled flag - **/ - public void setRevocationEnabled(boolean val) - { - revocationEnabled = val; - } - - /** - * Checks the RevocationEnabled flag. If this flag is true, - * the default revocation checking mechanism of the underlying - * PKIX service provider will be used. If this flag is false, - * the default revocation checking mechanism will be disabled - * (not used). See the setRevocationEnabled method for more - * details on setting the value of this flag. - * - * @return the current value of the RevocationEnabled flag - **/ - public boolean isRevocationEnabled() - { - return revocationEnabled; - } - - /** - * Sets the ExplicitPolicyRequired flag. If this flag is true, - * an acceptable policy needs to be explicitly identified in - * every certificate. By default, the ExplicitPolicyRequired - * flag is false. - * - * @param val true if explicit policy is to be required, false - * otherwise - **/ - public void setExplicitPolicyRequired(boolean val) - { - explicitPolicyRequired = val; - } - - /** - * Checks if explicit policy is required. If this flag is - * true, an acceptable policy needs to be explicitly - * identified in every certificate. By default, the - * ExplicitPolicyRequired flag is false. - * - * @return true if explicit policy is required, false otherwise - **/ - public boolean isExplicitPolicyRequired() - { - return explicitPolicyRequired; - } - - /** - * Sets the PolicyMappingInhibited flag. If this flag is true, - * policy mapping is inhibited. By default, policy mapping is - * not inhibited (the flag is false). - * - * @param val true if policy mapping is to be inhibited, false otherwise - **/ - public void setPolicyMappingInhibited(boolean val) - { - policyMappingInhibited = val; - } - - /** - * Checks if policy mapping is inhibited. If this flag is - * true, policy mapping is inhibited. By default, policy - * mapping is not inhibited (the flag is false). - * - * @return true if policy mapping is inhibited, false otherwise - **/ - public boolean isPolicyMappingInhibited() - { - return policyMappingInhibited; - } - - /** - * Sets state to determine if the any policy OID should be - * processed if it is included in a certificate. By default, - * the any policy OID is not inhibited ({@link #isAnyPolicyInhibited()} - * returns false). - * - * @return val - <code>true</code> if the any policy OID is to be inhibited, <code>false</code> otherwise - **/ - public void setAnyPolicyInhibited(boolean val) - { - anyPolicyInhibited = val; - } - - /** - * Checks whether the any policy OID should be processed if it - * is included in a certificate. - * - * @return <code>true</code> if the any policy OID is inhibited, <code>false</code> otherwise - **/ - public boolean isAnyPolicyInhibited() - { - return anyPolicyInhibited; - } - - /** - * Sets the PolicyQualifiersRejected flag. If this flag is - * true, certificates that include policy qualifiers in a - * certificate policies extension that is marked critical are - * rejected. If the flag is false, certificates are not - * rejected on this basis.<br /> - * <br /> - * When a <code>PKIXParameters</code> object is created, this flag is set - * to true. This setting reflects the most common (and - * simplest) strategy for processing policy - * qualifiers. Applications that want to use a more - * sophisticated policy must set this flag to false.<br /> - * <br /> - * Note that the PKIX certification path validation algorithm - * specifies that any policy qualifier in a certificate - * policies extension that is marked critical must be - * processed and validated. Otherwise the certification path - * must be rejected. If the policyQualifiersRejected flag is - * set to false, it is up to the application to validate all - * policy qualifiers in this manner in order to be PKIX - * compliant. - * - * @param qualifiersRejected the new value of the PolicyQualifiersRejected flag - * - * @see #getPolicyQualifiersRejected() - * @see PolicyQualifierInfo - **/ - public void setPolicyQualifiersRejected(boolean qualifiersRejected) - { - policyQualifiersRejected = qualifiersRejected; - } - - /** - * Gets the PolicyQualifiersRejected flag. If this flag is - * true, certificates that include policy qualifiers in a - * certificate policies extension that is marked critical are - * rejected. If the flag is false, certificates are not - * rejected on this basis.<br /> - * <br /> - * When a PKIXParameters object is created, this flag is set to - * true. This setting reflects the most common (and simplest) - * strategy for processing policy qualifiers. Applications that - * want to use a more sophisticated policy must set this flag - * to false. - * - * @return the current value of the PolicyQualifiersRejected flag - * - * @see #setPolicyQualifiersRejected(boolean) - **/ - public boolean getPolicyQualifiersRejected() - { - return policyQualifiersRejected; - } - - /** - * Returns the time for which the validity of the - * certification path should be determined. If null, the - * current time is used.<br /> - * <br /> - * Note that the Date returned is copied to protect against - * subsequent modifications. - * - * @return the Date, or <code>null</code> if not set - * - * @see #setDate(java.util.Date) - **/ - public Date getDate() - { - if ( date == null ) - return null; - - return new Date( date.getTime() ); - } - - /** - * Sets the time for which the validity of the certification - * path should be determined. If null, the current time is - * used.<br /> - * <br /> - * Note that the Date supplied here is copied to protect - * against subsequent modifications. - * - * @param date the Date, or <code>null</code> for the current time - * - * @see #getDate() - **/ - public void setDate(Date date) - { - if ( date == null ) - this.date = null; - else - this.date = new Date( date.getTime() ); - } - - /** - * Sets a <code>List</code> of additional certification path checkers. If - * the specified List contains an object that is not a - * PKIXCertPathChecker, it is ignored.<br /> - * <br /> - * Each <code>PKIXCertPathChecker</code> specified implements additional - * checks on a certificate. Typically, these are checks to - * process and verify private extensions contained in - * certificates. Each <code>PKIXCertPathChecker</code> should be - * instantiated with any initialization parameters needed to - * execute the check.<br /> - * <br /> - * This method allows sophisticated applications to extend a - * PKIX <code>CertPathValidator</code> or <code>CertPathBuilder</code>. Each of the - * specified PKIXCertPathCheckers will be called, in turn, by - * a PKIX <code>CertPathValidator</code> or <code>CertPathBuilder</code> for each - * certificate processed or validated.<br /> - * <br /> - * Regardless of whether these additional PKIXCertPathCheckers - * are set, a PKIX <code>CertPathValidator</code> or <code>CertPathBuilder</code> must - * perform all of the required PKIX checks on each - * certificate. The one exception to this rule is if the - * RevocationEnabled flag is set to false (see the - * {@link #setRevocationEnabled(boolean) setRevocationEnabled} method).<br /> - * <br /> - * Note that the List supplied here is copied and each - * PKIXCertPathChecker in the list is cloned to protect against - * subsequent modifications. - * - * @param checkers a List of PKIXCertPathCheckers. May be - * null, in which case no additional checkers will be used. - * @exception ClassCastException if any of the elements in the - * list are not of type - * <code>java.security.cert.PKIXCertPathChecker</code> - * @see #getCertPathCheckers() - **/ - public void setCertPathCheckers(List checkers) - { - certPathCheckers = new ArrayList(); - if ( checkers == null ) - return; - Iterator iter = checkers.iterator(); - while ( iter.hasNext() ) - certPathCheckers.add( (PKIXCertPathChecker)((PKIXCertPathChecker)iter.next()).clone() ); - } - - /** - * Returns the List of certification path checkers. The - * returned List is immutable, and each PKIXCertPathChecker in - * the List is cloned to protect against subsequent - * modifications. - * - * @return an immutable List of PKIXCertPathCheckers (may be empty, but not <code>null</code>) - * - * @see #setCertPathCheckers(java.util.List) - **/ - public List getCertPathCheckers() - { - List checkers = new ArrayList(); - Iterator iter = certPathCheckers.iterator(); - while ( iter.hasNext() ) - { - checkers.add( (PKIXCertPathChecker)((PKIXCertPathChecker)iter.next()).clone() ); - } - return Collections.unmodifiableList(checkers); - } - - /** - * Adds a PKIXCertPathChecker to the list of certification - * path checkers. See the {@link #setCertPathCheckers} method for more - * details.<br /> - * <br /> - * Note that the <code>PKIXCertPathChecker</code> is cloned to protect - * against subsequent modifications. - * - * @param checker a <code>PKIXCertPathChecker</code> to add - * to the list of checks. If <code>null</code>, the checker is - * ignored (not added to list). - **/ - public void addCertPathChecker( PKIXCertPathChecker checker ) - { - if ( checker != null ) - { - certPathCheckers.add( checker.clone() ); - } - } - - /** - * Returns the signature provider's name, or <code>null</code> if not set. - * - * @return the signature provider's name (or <code>null</code>) - * - * @see #setSigProvider(java.lang.String) - **/ - public String getSigProvider() - { - return sigProvider; - } - - /** - * Sets the signature provider's name. The specified provider - * will be preferred when creating Signature objects. If null - * or not set, the first provider found supporting the - * algorithm will be used. - * - * @param sigProvider the signature provider's name (or <code>null</code>) - * - * @see #getSigProvider() - **/ - public void setSigProvider(String sigProvider) - { - this.sigProvider = sigProvider; - } - - /** - * Returns the required constraints on the target - * certificate. The constraints are returned as an instance of - * CertSelector. If <code>null</code>, no constraints are defined.<br /> - * <br /> - * Note that the CertSelector returned is cloned to protect - * against subsequent modifications. - * - * @return a CertSelector specifying the constraints on the target certificate (or <code>null</code>) - * - * @see #setTargetCertConstraints(java.security.cert.CertSelector) - **/ - public CertSelector getTargetCertConstraints() - { - if ( certSelector == null ) - return null; - - return (CertSelector)certSelector.clone(); - } - - /** - * Sets the required constraints on the target - * certificate. The constraints are specified as an instance - * of CertSelector. If null, no constraints are defined.<br /> - * <br /> - * Note that the CertSelector specified is cloned to protect - * against subsequent modifications. - * - * @param selector a CertSelector specifying the constraints - * on the target certificate (or <code>null</code>) - * - * @see #getTargetCertConstraints() - **/ - public void setTargetCertConstraints(CertSelector selector) - { - if ( selector == null ) - certSelector = null; - else - certSelector = (CertSelector)selector.clone(); - } - - /** - * Makes a copy of this PKIXParameters object. Changes to the - * copy will not affect the original and vice versa. - * - * @return a copy of this <code>PKIXParameters</code> object - **/ - public Object clone() - { - try { - PKIXParameters obj = (PKIXParameters)super.clone(); - obj.certStores = new ArrayList( certStores ); - Iterator iter = certPathCheckers.iterator(); - obj.certPathCheckers = new ArrayList(); - while ( iter.hasNext() ) - { - obj.certPathCheckers.add( ((PKIXCertPathChecker)iter.next()).clone() ); - } - if ( initialPolicies != null ) - { - obj.initialPolicies = new HashSet( initialPolicies ); - } - if ( trustAnchors != null ) - { - obj.trustAnchors = new HashSet( trustAnchors ); - } - if ( certSelector != null ) - { - obj.certSelector = (CertSelector)certSelector.clone(); - } - return obj; - } catch ( CloneNotSupportedException ex ) { - throw new InternalError(); - } - } - - /** - * Returns a formatted string describing the parameters. - * - * @return a formatted string describing the parameters. - **/ - public String toString() - { - StringBuffer s = new StringBuffer(); - s.append("[\n"); - if ( trustAnchors != null ) - { - s.append(" Trust Anchors: ").append(trustAnchors).append('\n'); - } - if ( initialPolicies != null ) - { - if ( initialPolicies.isEmpty() ) - { - s.append(" Initial Policy OIDs: any\n" ); - } - else - { - s.append(" Initial Policy OIDs: [").append(initialPolicies).append("]\n"); - } - } - s.append(" Validity Date: "); - if ( date != null ) - s.append(date); - else - s.append("null"); - s.append('\n'); - - s.append(" Signature Provider: "); - if ( sigProvider != null ) - s.append(sigProvider); - else - s.append("null"); - s.append('\n'); - - s.append(" Default Revocation Enabled: "); - s.append(revocationEnabled); - s.append('\n' ); - - s.append(" Explicit Policy Required: "); - s.append(explicitPolicyRequired); - s.append('\n'); - - s.append(" Policy Mapping Inhibited: "); - s.append(policyMappingInhibited); - s.append('\n'); - - s.append(" Any Policy Inhibited: "); - s.append(anyPolicyInhibited); - s.append('\n'); - - s.append(" Policy Qualifiers Rejected: "); - s.append(policyQualifiersRejected); - s.append('\n'); - - s.append(" Target Cert Constraints: "); - s.append(certSelector); - s.append('\n'); - - s.append(" Certification Path Checkers: ["); - s.append(certPathCheckers); - s.append( "}\n"); - - s.append(" CertStores: ["); - s.append(certStores); - s.append("}\n"); - - s.append("]\n"); - - return s.toString(); - } -} |