1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package java.security.cert; 19 20 import java.security.InvalidAlgorithmParameterException; 21 import java.security.NoSuchAlgorithmException; 22 import java.security.NoSuchProviderException; 23 import java.security.Provider; 24 import java.security.Security; 25 import org.apache.harmony.security.fortress.Engine; 26 27 /** 28 * This class provides the functionality for validating certification paths 29 * (certificate chains) establishing a trust chain from a certificate to a trust 30 * anchor. 31 */ 32 public class CertPathValidator { 33 // Store CertPathValidator implementation service name 34 private static final String SERVICE = "CertPathValidator"; 35 36 // Used to access common engine functionality 37 private static final Engine ENGINE = new Engine(SERVICE); 38 39 // Store default property name 40 private static final String PROPERTY_NAME = "certpathvalidator.type"; 41 42 // Default value of CertPathBuilder type. It returns if certpathbuild.type 43 // property is not defined in java.security file 44 private static final String DEFAULT_PROPERTY = "PKIX"; 45 46 // Store used provider 47 private final Provider provider; 48 49 // Store used spi implementation 50 private final CertPathValidatorSpi spiImpl; 51 52 // Store used algorithm value 53 private final String algorithm; 54 55 /** 56 * Creates a new {@code CertPathValidator} instance. 57 * 58 * @param validatorSpi 59 * the implementation delegate. 60 * @param provider 61 * the security provider. 62 * @param algorithm 63 * the name of the algorithm. 64 */ 65 protected CertPathValidator(CertPathValidatorSpi validatorSpi, 66 Provider provider, String algorithm) { 67 this.provider = provider; 68 this.algorithm = algorithm; 69 this.spiImpl = validatorSpi; 70 } 71 72 /** 73 * Returns the certification path algorithm name. 74 * 75 * @return the certification path algorithm name. 76 */ 77 public final String getAlgorithm() { 78 return algorithm; 79 } 80 81 /** 82 * Returns the security provider. 83 * 84 * @return the provider. 85 */ 86 public final Provider getProvider() { 87 return provider; 88 } 89 90 /** 91 * Returns a new certification path validator for the specified algorithm. 92 * 93 * @param algorithm 94 * the algorithm name. 95 * @return a certification path validator for the requested algorithm. 96 * @throws NoSuchAlgorithmException 97 * if no installed provider provides the specified algorithm. 98 * @throws NullPointerException 99 * if algorithm is {@code null}. 100 */ 101 public static CertPathValidator getInstance(String algorithm) 102 throws NoSuchAlgorithmException { 103 if (algorithm == null) { 104 throw new NullPointerException("algorithm == null"); 105 } 106 Engine.SpiAndProvider sap = ENGINE.getInstance(algorithm, null); 107 return new CertPathValidator((CertPathValidatorSpi) sap.spi, sap.provider, algorithm); 108 } 109 110 /** 111 * Returns a new certification path validator for the specified algorithm 112 * from the specified provider. 113 * 114 * @param algorithm 115 * the algorithm name. 116 * @param provider 117 * the security provider name. 118 * @return a certification path validator for the requested algorithm. 119 * @throws NoSuchAlgorithmException 120 * if the specified security provider cannot provide the 121 * requested algorithm. 122 * @throws NoSuchProviderException 123 * if no provider with the specified name can be found. 124 * @throws NullPointerException 125 * if algorithm is {@code null}. 126 * @throws IllegalArgumentException if {@code provider == null || provider.isEmpty()} 127 */ 128 public static CertPathValidator getInstance(String algorithm, 129 String provider) throws NoSuchAlgorithmException, 130 NoSuchProviderException { 131 if (provider == null || provider.isEmpty()) { 132 throw new IllegalArgumentException(); 133 } 134 Provider impProvider = Security.getProvider(provider); 135 if (impProvider == null) { 136 throw new NoSuchProviderException(provider); 137 } 138 return getInstance(algorithm, impProvider); 139 } 140 141 /** 142 * Returns a new certification path validator for the specified algorithm 143 * from the specified provider. The {@code provider} supplied does not 144 * have to be registered. 145 * 146 * @param algorithm 147 * the algorithm name. 148 * @param provider 149 * the security provider name. 150 * @return a certification path validator for the requested algorithm. 151 * @throws NoSuchAlgorithmException 152 * if the specified provider cannot provide the requested 153 * algorithm. 154 * @throws IllegalArgumentException if {@code provider == null} 155 * @throws NullPointerException 156 * if algorithm is {@code null}. 157 */ 158 public static CertPathValidator getInstance(String algorithm, 159 Provider provider) throws NoSuchAlgorithmException { 160 if (provider == null) { 161 throw new IllegalArgumentException("provider == null"); 162 } 163 if (algorithm == null) { 164 throw new NullPointerException("algorithm == null"); 165 } 166 Object spi = ENGINE.getInstance(algorithm, provider, null); 167 return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm); 168 } 169 170 /** 171 * Validates the {@code CertPath} with the algorithm of this {@code 172 * CertPathValidator} using the specified algorithm parameters. 173 * 174 * @param certPath 175 * the certification path to be validated. 176 * @param params 177 * the certification path validator algorithm parameters. 178 * @return the validation result. 179 * @throws CertPathValidatorException 180 * if the validation fails, or the algorithm of the specified 181 * certification path cannot be validated using the algorithm of 182 * this instance. 183 * @throws InvalidAlgorithmParameterException 184 * if the specified algorithm parameters cannot be used with 185 * this algorithm. 186 * @see CertPathValidatorResult 187 */ 188 public final CertPathValidatorResult validate(CertPath certPath, 189 CertPathParameters params) throws CertPathValidatorException, 190 InvalidAlgorithmParameterException { 191 return spiImpl.engineValidate(certPath, params); 192 } 193 194 /** 195 * Returns the default {@code CertPathValidator} type from the <i>Security 196 * Properties</i>. 197 * 198 * @return the default {@code CertPathValidator} type from the <i>Security 199 * Properties</i>, or the string {@code "PKIX"} if it cannot be 200 * determined. 201 */ 202 public static final String getDefaultType() { 203 String defaultType = Security.getProperty(PROPERTY_NAME); 204 return (defaultType != null ? defaultType : DEFAULT_PROPERTY); 205 } 206 } 207