GNU Classpath (0.20) | |
Frames | No Frames |
1: /* PKIXParameters.java -- parameters for the PKIX cert path algorithm 2: Copyright (C) 2003 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: 39: package java.security.cert; 40: 41: import java.security.InvalidAlgorithmParameterException; 42: import java.security.KeyStore; 43: import java.security.KeyStoreException; 44: 45: import java.util.Collections; 46: import java.util.Date; 47: import java.util.Enumeration; 48: import java.util.HashSet; 49: import java.util.Iterator; 50: import java.util.LinkedList; 51: import java.util.List; 52: import java.util.Set; 53: 54: /** 55: * Parameters for verifying certificate paths using the PKIX 56: * (Public-Key Infrastructure (X.509)) algorithm. 57: * 58: * @see CertPathBulider 59: */ 60: public class PKIXParameters implements CertPathParameters 61: { 62: 63: // Fields. 64: // ------------------------------------------------------------------------ 65: 66: /** The trusted certificates. */ 67: private final Set trustAnchors; 68: 69: /** The set of initial policy identifiers. */ 70: private final Set initPolicies; 71: 72: /** The list of certificate stores. */ 73: private final List certStores; 74: 75: /** The list of path checkers. */ 76: private final List pathCheckers; 77: 78: /** The revocation enabled flag. */ 79: private boolean revocationEnabled; 80: 81: /** The explicit policy required flag. */ 82: private boolean exPolicyRequired; 83: 84: /** The policy mapping inhibited flag. */ 85: private boolean policyMappingInhibited; 86: 87: /** The any policy inhibited flag. */ 88: private boolean anyPolicyInhibited; 89: 90: /** The policy qualifiers rejected flag. */ 91: private boolean policyQualRejected; 92: 93: /** The target validation date. */ 94: private Date date; 95: 96: /** The signature algorithm provider. */ 97: private String sigProvider; 98: 99: /** The target constraints. */ 100: private CertSelector targetConstraints; 101: 102: // Constructors. 103: // ------------------------------------------------------------------------ 104: 105: /** 106: * Create a new PKIXParameters object, populating the trusted 107: * certificates set with all certificates found in the given key 108: * store. All certificates found in the key store are assumed to be 109: * trusted by this constructor. 110: * 111: * @param keystore The key store. 112: * @throws KeyStoreException If the certificates cannot be retrieved 113: * from the key store. 114: * @throws InvalidAlgorithmParameterException If there are no 115: * certificates in the key store. 116: * @throws NullPointerException If <i>keystore</i> is null. 117: */ 118: public PKIXParameters(KeyStore keystore) 119: throws KeyStoreException, InvalidAlgorithmParameterException 120: { 121: this(); 122: for (Enumeration e = keystore.aliases(); e.hasMoreElements(); ) 123: { 124: String alias = (String) e.nextElement(); 125: if (!keystore.isCertificateEntry(alias)) 126: continue; 127: Certificate cert = keystore.getCertificate(alias); 128: if (cert instanceof X509Certificate) 129: trustAnchors.add(new TrustAnchor((X509Certificate) cert, null)); 130: } 131: if (trustAnchors.isEmpty()) 132: throw new InvalidAlgorithmParameterException("no certs in the key store"); 133: } 134: 135: /** 136: * Create a new PKIXParameters object, populating the trusted 137: * certificates set with the elements of the given set, each of which 138: * must be a {@link TrustAnchor}. 139: * 140: * @param trustAnchors The set of trust anchors. 141: * @throws InvalidAlgorithmParameterException If there are no 142: * certificates in the set. 143: * @throws NullPointerException If <i>trustAnchors</i> is null. 144: * @throws ClassCastException If every element in <i>trustAnchors</i> 145: * is not a {@link TrustAnchor}. 146: */ 147: public PKIXParameters(Set trustAnchors) 148: throws InvalidAlgorithmParameterException 149: { 150: this(); 151: setTrustAnchors(trustAnchors); 152: } 153: 154: /** 155: * Default constructor. 156: */ 157: private PKIXParameters() 158: { 159: trustAnchors = new HashSet(); 160: initPolicies = new HashSet(); 161: certStores = new LinkedList(); 162: pathCheckers = new LinkedList(); 163: revocationEnabled = true; 164: exPolicyRequired = false; 165: policyMappingInhibited = false; 166: anyPolicyInhibited = false; 167: policyQualRejected = true; 168: } 169: 170: /** 171: * Copying constructor for cloning. 172: * 173: * @param that The instance being cloned. 174: */ 175: private PKIXParameters(PKIXParameters that) 176: { 177: this(); 178: this.trustAnchors.addAll(that.trustAnchors); 179: this.initPolicies.addAll(that.initPolicies); 180: this.certStores.addAll(that.certStores); 181: this.pathCheckers.addAll(that.pathCheckers); 182: this.revocationEnabled = that.revocationEnabled; 183: this.exPolicyRequired = that.exPolicyRequired; 184: this.policyMappingInhibited = that.policyMappingInhibited; 185: this.anyPolicyInhibited = that.anyPolicyInhibited; 186: this.policyQualRejected = that.policyQualRejected; 187: this.date = that.date; 188: this.sigProvider = that.sigProvider; 189: this.targetConstraints = that.targetConstraints != null 190: ? (CertSelector) that.targetConstraints.clone() : null; 191: } 192: 193: // Instance methods. 194: // ------------------------------------------------------------------------ 195: 196: /** 197: * Returns an immutable set of trust anchors. The set returned will 198: * never be null and will never be empty. 199: * 200: * @return A (never null, never empty) immutable set of trust anchors. 201: */ 202: public Set getTrustAnchors() 203: { 204: return Collections.unmodifiableSet(trustAnchors); 205: } 206: 207: /** 208: * Sets the trust anchors of this class, replacing the current trust 209: * anchors with those in the given set. The supplied set is copied to 210: * prevent modification. 211: * 212: * @param trustAnchors The new set of trust anchors. 213: * @throws InvalidAlgorithmParameterException If there are no 214: * certificates in the set. 215: * @throws NullPointerException If <i>trustAnchors</i> is null. 216: * @throws ClassCastException If every element in <i>trustAnchors</i> 217: * is not a {@link TrustAnchor}. 218: */ 219: public void setTrustAnchors(Set trustAnchors) 220: throws InvalidAlgorithmParameterException 221: { 222: if (trustAnchors.isEmpty()) 223: throw new InvalidAlgorithmParameterException("no trust anchors"); 224: this.trustAnchors.clear(); 225: for (Iterator i = trustAnchors.iterator(); i.hasNext(); ) 226: { 227: this.trustAnchors.add((TrustAnchor) i.next()); 228: } 229: } 230: 231: /** 232: * Returns the set of initial policy identifiers (as OID strings). If 233: * any policy is accepted, this method returns the empty set. 234: * 235: * @return An immutable set of initial policy OID strings, or the 236: * empty set if any policy is acceptable. 237: */ 238: public Set getInitialPolicies() 239: { 240: return Collections.unmodifiableSet(initPolicies); 241: } 242: 243: /** 244: * Sets the initial policy identifiers (as OID strings). If the 245: * argument is null or the empty set, then any policy identifier will 246: * be accepted. 247: * 248: * @param initPolicies The new set of policy strings, or null. 249: * @throws ClassCastException If any element in <i>initPolicies</i> is 250: * not a string. 251: */ 252: public void setInitialPolicies(Set initPolicies) 253: { 254: this.initPolicies.clear(); 255: if (initPolicies == null) 256: return; 257: for (Iterator i = initPolicies.iterator(); i.hasNext(); ) 258: { 259: this.initPolicies.add((String) i.next()); 260: } 261: } 262: 263: /** 264: * Add a {@link CertStore} to the list of cert stores. 265: * 266: * @param store The CertStore to add. 267: */ 268: public void addCertStore(CertStore store) 269: { 270: if (store != null) 271: certStores.add(store); 272: } 273: 274: /** 275: * Returns an immutable list of cert stores. This method never returns 276: * null. 277: * 278: * @return The list of cert stores. 279: */ 280: public List getCertStores() 281: { 282: return Collections.unmodifiableList(certStores); 283: } 284: 285: /** 286: * Set the cert stores. If the argument is null the list of cert 287: * stores will be empty. 288: * 289: * @param certStores The cert stores. 290: */ 291: public void setCertStores(List certStores) 292: { 293: this.certStores.clear(); 294: if (certStores == null) 295: return; 296: for (Iterator i = certStores.iterator(); i.hasNext(); ) 297: { 298: this.certStores.add((CertStore) i.next()); 299: } 300: } 301: 302: /** 303: * Returns the value of the <i>revocation enabled</i> flag. The default 304: * value for this flag is <code>true</code>. 305: * 306: * @return The <i>revocation enabled</i> flag. 307: */ 308: public boolean isRevocationEnabled() 309: { 310: return revocationEnabled; 311: } 312: 313: /** 314: * Sets the value of the <i>revocation enabled</i> flag. 315: * 316: * @param value The new value. 317: */ 318: public void setRevocationEnabled(boolean value) 319: { 320: revocationEnabled = value; 321: } 322: 323: /** 324: * Returns the value of the <i>explicit policy required</i> flag. The 325: * default value of this flag is <code>false</code>. 326: * 327: * @return The <i>explicit policy required</i> flag. 328: */ 329: public boolean isExplicitPolicyRequired() 330: { 331: return exPolicyRequired; 332: } 333: 334: /** 335: * Sets the value of the <i>explicit policy required</i> flag. 336: * 337: * @param value The new value. 338: */ 339: public void setExplicitPolicyRequired(boolean value) 340: { 341: exPolicyRequired = value; 342: } 343: 344: /** 345: * Returns the value of the <i>policy mapping inhibited</i> flag. The 346: * default value of this flag is <code>false</code>. 347: * 348: * @return The <i>policy mapping inhibited</i> flag. 349: */ 350: public boolean isPolicyMappingInhibited() 351: { 352: return policyMappingInhibited; 353: } 354: 355: /** 356: * Sets the value of the <i>policy mapping inhibited</i> flag. 357: * 358: * @param value The new value. 359: */ 360: public void setPolicyMappingInhibited(boolean value) 361: { 362: policyMappingInhibited = value; 363: } 364: 365: /** 366: * Returns the value of the <i>any policy inhibited</i> flag. The 367: * default value of this flag is <code>false</code>. 368: * 369: * @return The <i>any policy inhibited</i> flag. 370: */ 371: public boolean isAnyPolicyInhibited() 372: { 373: return anyPolicyInhibited; 374: } 375: 376: /** 377: * Sets the value of the <i>any policy inhibited</i> flag. 378: * 379: * @param value The new value. 380: */ 381: public void setAnyPolicyInhibited(boolean value) 382: { 383: anyPolicyInhibited = value; 384: } 385: 386: /** 387: * Returns the value of the <i>policy qualifiers enabled</i> flag. The 388: * default value of this flag is <code>true</code>. 389: * 390: * @return The <i>policy qualifiers enabled</i> flag. 391: */ 392: public boolean getPolicyQualifiersRejected() 393: { 394: return policyQualRejected; 395: } 396: 397: /** 398: * Sets the value of the <i>policy qualifiers enabled</i> flag. 399: * 400: * @param value The new value. 401: */ 402: public void setPolicyQualifiersRejected(boolean value) 403: { 404: policyQualRejected = value; 405: } 406: 407: /** 408: * Returns the date for which the certificate path should be 409: * validated, or null if the current time should be used. The date 410: * object is copied to prevent subsequent modification. 411: * 412: * @return The date, or null if not set. 413: */ 414: public Date getDate() 415: { 416: return date != null ? (Date) date.clone() : null; 417: } 418: 419: /** 420: * Sets the date for which the certificate path should be validated, 421: * or null if the current time should be used. 422: * 423: * @param date The new date, or null. 424: */ 425: public void setDate(Date date) 426: { 427: if (date != null) 428: this.date = (Date) date.clone(); 429: else 430: this.date = null; 431: } 432: 433: /** 434: * Add a certificate path checker. 435: * 436: * @param checker The certificate path checker to add. 437: */ 438: public void addCertPathChecker(PKIXCertPathChecker checker) 439: { 440: if (checker != null) 441: pathCheckers.add(checker); 442: } 443: 444: /** 445: * Returns an immutable list of all certificate path checkers. 446: * 447: * @return An immutable list of all certificate path checkers. 448: */ 449: public List getCertPathCheckers() 450: { 451: return Collections.unmodifiableList(pathCheckers); 452: } 453: 454: /** 455: * Sets the certificate path checkers. If the argument is null, the 456: * list of checkers will merely be cleared. 457: * 458: * @param pathCheckers The new list of certificate path checkers. 459: * @throws ClassCastException If any element of <i>pathCheckers</i> is 460: * not a {@link PKIXCertPathChecker}. 461: */ 462: public void setCertPathCheckers(List pathCheckers) 463: { 464: this.pathCheckers.clear(); 465: if (pathCheckers == null) 466: return; 467: for (Iterator i = pathCheckers.iterator(); i.hasNext(); ) 468: { 469: this.pathCheckers.add((PKIXCertPathChecker) i.next()); 470: } 471: } 472: 473: /** 474: * Returns the signature algorithm provider, or null if not set. 475: * 476: * @return The signature algorithm provider, or null if not set. 477: */ 478: public String getSigProvider() 479: { 480: return sigProvider; 481: } 482: 483: /** 484: * Sets the signature algorithm provider, or null if there is no 485: * preferred provider. 486: * 487: * @param sigProvider The signature provider name. 488: */ 489: public void setSigProvider(String sigProvider) 490: { 491: this.sigProvider = sigProvider; 492: } 493: 494: /** 495: * Returns the constraints placed on the target certificate, or null 496: * if there are none. The target constraints are copied to prevent 497: * subsequent modification. 498: * 499: * @return The target constraints, or null. 500: */ 501: public CertSelector getTargetCertConstraints() 502: { 503: return targetConstraints != null 504: ? (CertSelector) targetConstraints.clone() : null; 505: } 506: 507: /** 508: * Sets the constraints placed on the target certificate. 509: * 510: * @param targetConstraints The target constraints. 511: */ 512: public void setTargetCertConstraints(CertSelector targetConstraints) 513: { 514: this.targetConstraints = targetConstraints != null 515: ? (CertSelector) targetConstraints.clone() : null; 516: } 517: 518: /** 519: * Returns a copy of these parameters. 520: * 521: * @return The copy. 522: */ 523: public Object clone() 524: { 525: return new PKIXParameters(this); 526: } 527: 528: /** 529: * Returns a printable representation of these parameters. 530: * 531: * @return A printable representation of these parameters. 532: */ 533: public String toString() { 534: return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs=" 535: + (initPolicies != null ? initPolicies.toString() : "any") 536: + "; Validity Date=" + date + "; Signature Provider=" 537: + sigProvider + "; Default Revocation Enabled=" + revocationEnabled 538: + "; Explicit Policy Required=" + exPolicyRequired 539: + "; Policy Mapping Inhibited=" + policyMappingInhibited 540: + "; Any Policy Inhibited=" + anyPolicyInhibited 541: + "; Policy Qualifiers Rejected=" + policyQualRejected 542: + "; Target Cert Contstraints=" + targetConstraints 543: + "; Certification Path Checkers=" + pathCheckers 544: + "; CertStores=" + certStores + " ]"; 545: } 546: }
GNU Classpath (0.20) |