Home | History | Annotate | Download | only in certpath 
      1 /*
      2  * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
      3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
      4  *
      5  * This code is free software; you can redistribute it and/or modify it
      6  * under the terms of the GNU General Public License version 2 only, as
      7  * published by the Free Software Foundation.  Oracle designates this
      8  * particular file as subject to the "Classpath" exception as provided
      9  * by Oracle in the LICENSE file that accompanied this code.
     10  *
     11  * This code is distributed in the hope that it will be useful, but WITHOUT
     12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
     13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
     14  * version 2 for more details (a copy is included in the LICENSE file that
     15  * accompanied this code).
     16  *
     17  * You should have received a copy of the GNU General Public License version
     18  * 2 along with this work; if not, write to the Free Software Foundation,
     19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
     20  *
     21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
     22  * or visit www.oracle.com if you need additional information or have any
     23  * questions.
     24  */
     25 
     26 package sun.security.provider.certpath;
     27 
     28 import java.security.cert.Certificate;
     29 import java.security.cert.X509Certificate;
     30 import java.security.cert.CertPathValidatorException;
     31 import java.security.cert.PKIXCertPathChecker;
     32 import java.util.Set;
     33 import java.util.Collection;
     34 import sun.security.util.Debug;
     35 import sun.security.util.UntrustedCertificates;
     36 
     37 /**
     38  * A <code>PKIXCertPathChecker</code> implementation to check whether a
     39  * specified certificate is distrusted.
     40  *
     41  * @see PKIXCertPathChecker
     42  * @see PKIXParameters
     43  */
     44 final public class UntrustedChecker extends PKIXCertPathChecker {
     45 
     46     private static final Debug debug = Debug.getInstance("certpath");
     47 
     48     /**
     49      * Default Constructor
     50      */
     51     public UntrustedChecker() {
     52         // blank
     53     }
     54 
     55     @Override
     56     public void init(boolean forward) throws CertPathValidatorException {
     57         // Note that this class supports both forward and reverse modes.
     58     }
     59 
     60     @Override
     61     public boolean isForwardCheckingSupported() {
     62         // Note that this class supports both forward and reverse modes.
     63         return true;
     64     }
     65 
     66     @Override
     67     public Set<String> getSupportedExtensions() {
     68         return null;
     69     }
     70 
     71     @Override
     72     public void check(Certificate cert,
     73             Collection<String> unresolvedCritExts)
     74             throws CertPathValidatorException {
     75 
     76         X509Certificate currCert = (X509Certificate)cert;
     77 
     78         if (UntrustedCertificates.isUntrusted(currCert)) {
     79             if (debug != null) {
     80                 debug.println("UntrustedChecker: untrusted certificate " +
     81                         currCert.getSubjectX500Principal());
     82             }
     83 
     84             throw new CertPathValidatorException(
     85                 "Untrusted certificate: " + currCert.getSubjectX500Principal());
     86         }
     87     }
     88 }
     89 
     90