diff options
Diffstat (limited to 'libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/jce/cert/CertPathValidator.java')
| -rw-r--r-- | libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/jce/cert/CertPathValidator.java | 276 |
1 files changed, 276 insertions, 0 deletions
diff --git a/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/jce/cert/CertPathValidator.java b/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/jce/cert/CertPathValidator.java new file mode 100644 index 000000000..d2e599312 --- /dev/null +++ b/libraries/spongycastle/prov/src/main/jdk1.3/org/spongycastle/jce/cert/CertPathValidator.java @@ -0,0 +1,276 @@ +package org.spongycastle.jce.cert; + +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Provider; +import java.security.Security; + +/** + * A class for validating certification paths (also known as certificate + * chains).<br /> + * <br /> + * This class uses a provider-based architecture, as described in the Java + * Cryptography Architecture. To create a <code>CertPathValidator</code>, + * call one of the static <code>getInstance</code> methods, passing in the + * algorithm name of the <code>CertPathValidator</code> desired and + * optionally the name of the provider desired. <br /> + * <br /> + * Once a <code>CertPathValidator</code> object has been created, it can + * be used to validate certification paths by calling the {@link #validate + * validate} method and passing it the <code>CertPath</code> to be validated + * and an algorithm-specific set of parameters. If successful, the result is + * returned in an object that implements the + * <code>CertPathValidatorResult</code> interface.<br /> + * <br /> + * <b>Concurrent Access</b><br /> + * <br /> + * The static methods of this class are guaranteed to be thread-safe. + * Multiple threads may concurrently invoke the static methods defined in + * this class with no ill effects.<br /> + * <br /> + * However, this is not true for the non-static methods defined by this class. + * Unless otherwise documented by a specific provider, threads that need to + * access a single <code>CertPathValidator</code> instance concurrently should + * synchronize amongst themselves and provide the necessary locking. Multiple + * threads each manipulating a different <code>CertPathValidator</code> + * instance need not synchronize.<br /> + * <br /> + * @see CertPath + **/ +public class CertPathValidator extends Object +{ + private CertPathValidatorSpi validatorSpi; + + private Provider provider; + + private String algorithm; + + /** + * Creates a <code>CertPathValidator</code> object of the given algorithm, + * and encapsulates the given provider implementation (SPI object) in it. + * + * @param validatorSpi + * the provider implementation + * @param provider + * the provider + * @param algorithm + * the algorithm name + */ + protected CertPathValidator( + CertPathValidatorSpi validatorSpi, + Provider provider, + String algorithm) + { + this.validatorSpi = validatorSpi; + this.provider = provider; + this.algorithm = algorithm; + } + + /** + * Returns a <code>CertPathValidator</code> object that implements the + * specified algorithm.<br /> + * <br /> + * If the default provider package provides an implementation of the + * specified <code>CertPathValidator</code> algorithm, an instance of + * <code>CertPathValidator</code> containing that implementation is + * returned. If the requested algorithm is not available in the default + * package, other packages are searched. + * + * @param algorithm + * the name of the requested <code>CertPathValidator</code> + * algorithm + * + * @return a <code>CertPathValidator</code> object that implements the + * specified algorithm + * + * @exception NoSuchAlgorithmException + * if the requested algorithm is not available in the default + * provider package or any of the other provider packages + * that were searched + */ + public static CertPathValidator getInstance(String algorithm) + throws NoSuchAlgorithmException + { + try + { + CertUtil.Implementation imp = CertUtil.getImplementation( + "CertPathValidator", algorithm, (String)null); + if (imp != null) + { + return new CertPathValidator((CertPathValidatorSpi)imp + .getEngine(), imp.getProvider(), algorithm); + } + } + catch (NoSuchProviderException ex) + { + } + throw new NoSuchAlgorithmException("can't find algorithm " + algorithm); + } + + /** + * Returns a <code>CertPathValidator</code> object that implements the + * specified algorithm, as supplied by the specified provider. + * + * @param algorithm + * the name of the requested <code>CertPathValidator</code> + * algorithm + * @param provider + * the name of the provider + * + * @return a <code>CertPathValidator</code> object that implements the + * specified algorithm, as supplied by the specified provider + * + * @exception NoSuchAlgorithmException + * if the requested algorithm is not available from the + * specified provider + * @exception NoSuchProviderException + * if the provider has not been configured + * @exception IllegalArgumentException + * if the <code>provider</code> is null + */ + public static CertPathValidator getInstance(String algorithm, + String provider) throws NoSuchAlgorithmException, + NoSuchProviderException + { + if (provider == null) + { + throw new IllegalArgumentException("provider must be non-null"); + } + + CertUtil.Implementation imp = CertUtil.getImplementation( + "CertPathValidator", algorithm, provider); + if (imp != null) + { + return new CertPathValidator((CertPathValidatorSpi)imp.getEngine(), + imp.getProvider(), algorithm); + } + throw new NoSuchAlgorithmException("can't find algorithm " + algorithm); + } + + /** + * Returns a <code>CertPathValidator</code> object that implements the + * specified algorithm, as supplied by the specified provider. Note: the + * <code>provider</code> doesn't have to be registered. + * + * @param algorithm + * the name of the requested <code>CertPathValidator</code> + * algorithm + * @param provider + * the provider + * + * @return a <code>CertPathValidator</code> object that implements the + * specified algorithm, as supplied by the specified provider + * + * @exception NoSuchAlgorithmException + * if the requested algorithm is not available from the + * specified provider + * @exception IllegalArgumentException + * if the <code>provider</code> is null + */ + public static CertPathValidator getInstance(String algorithm, + Provider provider) throws NoSuchAlgorithmException + { + if (provider == null) + { + throw new IllegalArgumentException("provider must be non-null"); + } + + CertUtil.Implementation imp = CertUtil.getImplementation( + "CertPathValidator", algorithm, provider); + if (imp != null) + { + return new CertPathValidator((CertPathValidatorSpi)imp.getEngine(), + provider, algorithm); + } + throw new NoSuchAlgorithmException("can't find algorithm " + algorithm); + } + + /** + * Returns the <code>Provider</code> of this + * <code>CertPathValidator</code>. + * + * @return the <code>Provider</code> of this + * <code>CertPathValidator</code> + */ + public final Provider getProvider() + { + return provider; + } + + /** + * Returns the algorithm name of this <code>CertPathValidator</code>. + * + * @return the algorithm name of this <code>CertPathValidator</code> + */ + public final String getAlgorithm() + { + return algorithm; + } + + /** + * Validates the specified certification path using the specified algorithm + * parameter set.<br /> + * <br /> + * The <code>CertPath</code> specified must be of a type that is supported + * by the validation algorithm, otherwise an + * <code>InvalidAlgorithmParameterException</code> will be thrown. For + * example, a <code>CertPathValidator</code> that implements the PKIX + * algorithm validates <code>CertPath</code> objects of type X.509. + * + * @param certPath + * the <code>CertPath</code> to be validated + * @param params + * the algorithm parameters + * + * @return the result of the validation algorithm + * + * @exception CertPathValidatorException + * if the <code>CertPath</code> does not validate + * @exception InvalidAlgorithmParameterException + * if the specified parameters or the type of the specified + * <code>CertPath</code> are inappropriate for this + * <code>CertPathValidator</code> + */ + public final CertPathValidatorResult validate(CertPath certPath, + CertPathParameters params) throws CertPathValidatorException, + InvalidAlgorithmParameterException + { + return validatorSpi.engineValidate(certPath, params); + } + + /** + * Returns the default <code>CertPathValidator</code> type as specified in + * the Java security properties file, or the string "PKIX" if no + * such property exists. The Java security properties file is located in the + * file named <JAVA_HOME>/lib/security/java.security, where + * <JAVA_HOME> refers to the directory where the SDK was installed.<br /> + * <br /> + * The default <code>CertPathValidator</code> type can be used by + * applications that do not want to use a hard-coded type when calling one + * of the <code>getInstance</code> methods, and want to provide a default + * type in case a user does not specify its own.<br /> + * <br /> + * The default <code>CertPathValidator</code> type can be changed by + * setting the value of the "certpathvalidator.type" security property (in + * the Java security properties file) to the desired type. + * + * @return the default <code>CertPathValidator</code> type as specified in + * the Java security properties file, or the string "PKIX" + * if no such property exists. + */ + public static final String getDefaultType() + { + String defaulttype = null; + defaulttype = Security.getProperty("certpathvalidator.type"); + + if (defaulttype == null || defaulttype.length() <= 0) + { + return "PKIX"; + } + else + { + return defaulttype; + } + } +} |