CertPathValidator.java revision 6cdb6b7e6939270ccd21790ec95e42197cefc0c3
1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18package java.security.cert; 19 20import java.security.AccessController; 21import java.security.InvalidAlgorithmParameterException; 22import java.security.NoSuchAlgorithmException; 23import java.security.NoSuchProviderException; 24import java.security.Provider; 25import java.security.Security; 26import org.apache.harmony.security.fortress.Engine; 27 28/** 29 * This class provides the functionality for validating certification paths 30 * (certificate chains) establishing a trust chain from a certificate to a trust 31 * anchor. 32 */ 33public class CertPathValidator { 34 // Store CertPathValidator implementation service name 35 private static final String SERVICE = "CertPathValidator"; 36 37 // Used to access common engine functionality 38 private static final Engine ENGINE = new Engine(SERVICE); 39 40 // Store default property name 41 private static final String PROPERTYNAME = "certpathvalidator.type"; 42 43 // Default value of CertPathBuilder type. It returns if certpathbuild.type 44 // property is not defined in java.security file 45 private static final String DEFAULTPROPERTY = "PKIX"; 46 47 // Store used provider 48 private final Provider provider; 49 50 // Store used spi implementation 51 private final CertPathValidatorSpi spiImpl; 52 53 // Store used algorithm value 54 private final String algorithm; 55 56 /** 57 * Creates a new {@code CertPathValidator} instance. 58 * 59 * @param validatorSpi 60 * the implementation delegate. 61 * @param provider 62 * the security provider. 63 * @param algorithm 64 * the name of the algorithm. 65 */ 66 protected CertPathValidator(CertPathValidatorSpi validatorSpi, 67 Provider provider, String algorithm) { 68 this.provider = provider; 69 this.algorithm = algorithm; 70 this.spiImpl = validatorSpi; 71 } 72 73 /** 74 * Returns the certification path algorithm name. 75 * 76 * @return the certification path algorithm name. 77 */ 78 public final String getAlgorithm() { 79 return algorithm; 80 } 81 82 /** 83 * Returns the security provider. 84 * 85 * @return the provider. 86 */ 87 public final Provider getProvider() { 88 return provider; 89 } 90 91 /** 92 * Returns a new certification path validator for the specified algorithm. 93 * 94 * @param algorithm 95 * the algorithm name. 96 * @return a certification path validator for the requested algorithm. 97 * @throws NoSuchAlgorithmException 98 * if no installed provider provides the specified algorithm. 99 * @throws NullPointerException 100 * if algorithm is {@code null}. 101 */ 102 public static CertPathValidator getInstance(String algorithm) 103 throws NoSuchAlgorithmException { 104 if (algorithm == null) { 105 throw new NullPointerException(); 106 } 107 Engine.SpiAndProvider sap = ENGINE.getInstance(algorithm, null); 108 return new CertPathValidator((CertPathValidatorSpi) sap.spi, sap.provider, algorithm); 109 } 110 111 /** 112 * Returns a new certification path validator for the specified algorithm 113 * from the specified provider. 114 * 115 * @param algorithm 116 * the algorithm name. 117 * @param provider 118 * the security provider name. 119 * @return a certification path validator for the requested algorithm. 120 * @throws NoSuchAlgorithmException 121 * if the specified security provider cannot provide the 122 * requested algorithm. 123 * @throws NoSuchProviderException 124 * if no provider with the specified name can be found. 125 * @throws NullPointerException 126 * if algorithm is {@code null}. 127 * @throws IllegalArgumentException if {@code provider == null || provider.isEmpty()} 128 */ 129 public static CertPathValidator getInstance(String algorithm, 130 String provider) throws NoSuchAlgorithmException, 131 NoSuchProviderException { 132 if (provider == null || provider.isEmpty()) { 133 throw new IllegalArgumentException(); 134 } 135 Provider impProvider = Security.getProvider(provider); 136 if (impProvider == null) { 137 throw new NoSuchProviderException(provider); 138 } 139 return getInstance(algorithm, impProvider); 140 } 141 142 /** 143 * Returns a new certification path validator for the specified algorithm 144 * from the specified provider. 145 * 146 * @param algorithm 147 * the algorithm name. 148 * @param provider 149 * the security provider name. 150 * @return a certification path validator for the requested algorithm. 151 * @throws NoSuchAlgorithmException 152 * if the specified provider cannot provide the requested 153 * algorithm. 154 * @throws IllegalArgumentException if {@code provider == null} 155 * @throws NullPointerException 156 * if algorithm is {@code null}. 157 */ 158 public static CertPathValidator getInstance(String algorithm, 159 Provider provider) throws NoSuchAlgorithmException { 160 if (provider == null) { 161 throw new IllegalArgumentException(); 162 } 163 if (algorithm == null) { 164 throw new NullPointerException(); 165 } 166 Object spi = ENGINE.getInstance(algorithm, provider, null); 167 return new CertPathValidator((CertPathValidatorSpi) spi, provider, algorithm); 168 } 169 170 /** 171 * Validates the {@code CertPath} with the algorithm of this {@code 172 * CertPathValidator} using the specified algorithm parameters. 173 * 174 * @param certPath 175 * the certification path to be validated. 176 * @param params 177 * the certification path validator algorithm parameters. 178 * @return the validation result. 179 * @throws CertPathValidatorException 180 * if the validation fails, or the algorithm of the specified 181 * certification path cannot be validated using the algorithm of 182 * this instance. 183 * @throws InvalidAlgorithmParameterException 184 * if the specified algorithm parameters cannot be used with 185 * this algorithm. 186 * @see CertPathValidatorResult 187 */ 188 public final CertPathValidatorResult validate(CertPath certPath, 189 CertPathParameters params) throws CertPathValidatorException, 190 InvalidAlgorithmParameterException { 191 return spiImpl.engineValidate(certPath, params); 192 } 193 194 /** 195 * Returns the default {@code CertPathValidator} type from the <i>Security 196 * Properties</i>. 197 * 198 * @return the default {@code CertPathValidator} type from the <i>Security 199 * Properties</i>, or the string {@code "PKIX"} if it cannot be 200 * determined. 201 */ 202 public static final String getDefaultType() { 203 String defaultType = AccessController 204 .doPrivileged(new java.security.PrivilegedAction<String>() { 205 public String run() { 206 return Security.getProperty(PROPERTYNAME); 207 } 208 }); 209 return (defaultType != null ? defaultType : DEFAULTPROPERTY); 210 } 211} 212