Home | History | Annotate | Download | only in cert 
      1 /*
      2  *  Licensed to the Apache Software Foundation (ASF) under one or more
      3  *  contributor license agreements.  See the NOTICE file distributed with
      4  *  this work for additional information regarding copyright ownership.
      5  *  The ASF licenses this file to You under the Apache License, Version 2.0
      6  *  (the "License"); you may not use this file except in compliance with
      7  *  the License.  You may obtain a copy of the License at
      8  *
      9  *     http://www.apache.org/licenses/LICENSE-2.0
     10  *
     11  *  Unless required by applicable law or agreed to in writing, software
     12  *  distributed under the License is distributed on an "AS IS" BASIS,
     13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14  *  See the License for the specific language governing permissions and
     15  *  limitations under the License.
     16  */
     17 
     18 package java.security.cert;
     19 
     20 import java.security.InvalidAlgorithmParameterException;
     21 import java.security.NoSuchAlgorithmException;
     22 import java.security.NoSuchProviderException;
     23 import java.security.Provider;
     24 import java.security.Security;
     25 import org.apache.harmony.security.fortress.Engine;
     26 
     27 /**
     28  * This class provides the functionality for validating certification paths
     29  * (certificate chains) establishing a trust chain from a certificate to a trust
     30  * anchor.
     31  */
     32 public class CertPathValidator {
     33     // Store CertPathValidator implementation service name
     34     private static final String SERVICE = "CertPathValidator";
     35 
     36     // Used to access common engine functionality
     37     private static final Engine ENGINE = new Engine(SERVICE);
     38 
     39     // Store default property name
     40     private static final String PROPERTY_NAME = "certpathvalidator.type";
     41 
     42     // Default value of CertPathBuilder type. It returns if certpathbuild.type
     43     // property is not defined in java.security file
     44     private static final String DEFAULT_PROPERTY = "PKIX";
     45 
     46     // Store used provider
     47     private final Provider provider;
     48 
     49     // Store used spi implementation
     50     private final CertPathValidatorSpi spiImpl;
     51 
     52     // Store used algorithm value
     53     private final String algorithm;
     54 
     55     /**
     56      * Creates a new {@code CertPathValidator} instance.
     57      *
     58      * @param validatorSpi
     59      *            the implementation delegate.
     60      * @param provider
     61      *            the security provider.
     62      * @param algorithm
     63      *            the name of the algorithm.
     64      */
     65     protected CertPathValidator(CertPathValidatorSpi validatorSpi,
     66             Provider provider, String algorithm) {
     67         this.provider = provider;
     68         this.algorithm = algorithm;
     69         this.spiImpl = validatorSpi;
     70     }
     71 
     72     /**
     73      * Returns the certification path algorithm name.
     74      *
     75      * @return the certification path algorithm name.
     76      */
     77     public final String getAlgorithm() {
     78         return algorithm;
     79     }
     80 
     81     /**
     82      * Returns the security provider.
     83      *
     84      * @return the provider.
     85      */
     86     public final Provider getProvider() {
     87         return provider;
     88     }
     89 
     90     /**
     91      * Returns a new certification path validator for the specified algorithm.
     92      *
     93      * @param algorithm
     94      *            the algorithm name.
     95      * @return a certification path validator for the requested algorithm.
     96      * @throws NoSuchAlgorithmException
     97      *             if no installed provider provides the specified algorithm.
     98      * @throws NullPointerException
     99      *             if algorithm is {@code null}.
    100      */
    101     public static CertPathValidator getInstance(String algorithm)
    102             throws NoSuchAlgorithmException {
    103         if (algorithm == null) {
    104             throw new NullPointerException("algorithm == null");
    105         }
    106         Engine.SpiAndProvider sap = ENGINE.getInstance(algorithm, null);
    107         return new CertPathValidator((CertPathValidatorSpi) sap.spi, sap.provider, algorithm);
    108     }
    109 
    110     /**
    111      * Returns a new certification path validator for the specified algorithm
    112      * from the specified provider.
    113      *
    114      * @param algorithm
    115      *            the algorithm name.
    116      * @param provider
    117      *            the security provider name.
    118      * @return a certification path validator for the requested algorithm.
    119      * @throws NoSuchAlgorithmException
    120      *             if the specified security provider cannot provide the
    121      *             requested algorithm.
    122      * @throws NoSuchProviderException
    123      *             if no provider with the specified name can be found.
    124      * @throws NullPointerException
    125      *             if algorithm is {@code null}.
    126      * @throws IllegalArgumentException if {@code provider == null || provider.isEmpty()}
    127      */
    128     public static CertPathValidator getInstance(String algorithm,
    129             String provider) throws NoSuchAlgorithmException,
    130             NoSuchProviderException {
    131         if (provider == null || provider.isEmpty()) {
    132             throw new IllegalArgumentException();
    133         }
    134         Provider impProvider = Security.getProvider(provider);
    135         if (impProvider == null) {
    136             throw new NoSuchProviderException(provider);
    137         }
    138         return getInstance(algorithm, impProvider);
    139     }
    140 
    141     /**
    142      * Returns a new certification path validator for the specified algorithm
    143      * from the specified provider. The {@code provider} supplied does not
    144      * have to be registered.
    145      *
    146      * @param algorithm
    147      *            the algorithm name.
    148      * @param provider
    149      *            the security provider name.
    150      * @return a certification path validator for the requested algorithm.
    151      * @throws NoSuchAlgorithmException
    152      *             if the specified provider cannot provide the requested
    153      *             algorithm.
    154      * @throws IllegalArgumentException if {@code provider == null}
    155      * @throws NullPointerException
    156      *             if algorithm is {@code null}.
    157      */
    158     public static CertPathValidator getInstance(String algorithm,
    159             Provider provider) throws NoSuchAlgorithmException {
    160         if (provider == null) {
    161             throw new IllegalArgumentException("provider == null");
    162         }
    163         if (algorithm == null) {
    164             throw new NullPointerException("algorithm == null");
    165         }
    166         Object spi = ENGINE.getInstance(algorithm, provider, null);
    167         return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm);
    168     }
    169 
    170     /**
    171      * Validates the {@code CertPath} with the algorithm of this {@code
    172      * CertPathValidator} using the specified algorithm parameters.
    173      *
    174      * @param certPath
    175      *            the certification path to be validated.
    176      * @param params
    177      *            the certification path validator algorithm parameters.
    178      * @return the validation result.
    179      * @throws CertPathValidatorException
    180      *             if the validation fails, or the algorithm of the specified
    181      *             certification path cannot be validated using the algorithm of
    182      *             this instance.
    183      * @throws InvalidAlgorithmParameterException
    184      *             if the specified algorithm parameters cannot be used with
    185      *             this algorithm.
    186      * @see CertPathValidatorResult
    187      */
    188     public final CertPathValidatorResult validate(CertPath certPath,
    189             CertPathParameters params) throws CertPathValidatorException,
    190             InvalidAlgorithmParameterException {
    191         return spiImpl.engineValidate(certPath, params);
    192     }
    193 
    194     /**
    195      * Returns the default {@code CertPathValidator} type from the <i>Security
    196      * Properties</i>.
    197      *
    198      * @return the default {@code CertPathValidator} type from the <i>Security
    199      *         Properties</i>, or the string {@code "PKIX"} if it cannot be
    200      *         determined.
    201      */
    202     public static final String getDefaultType() {
    203         String defaultType = Security.getProperty(PROPERTY_NAME);
    204         return (defaultType != null ? defaultType : DEFAULT_PROPERTY);
    205     }
    206 }
    207