Java > Open Source Codes > java > security > cert > CertPathValidator


1 /*
2  * @(#)CertPathValidator.java 1.9 04/06/28
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7
8 package java.security.cert;
9
10 import java.security.AccessController ;
11 import java.security.InvalidAlgorithmParameterException ;
12 import java.security.NoSuchAlgorithmException ;
13 import java.security.NoSuchProviderException ;
14 import java.security.PrivilegedAction ;
15 import java.security.Provider ;
16 import java.security.Security ;
17 import sun.security.util.Debug;
18
19 import sun.security.jca.*;
20 import sun.security.jca.GetInstance.Instance;
21
22 /**
23  * A class for validating certification paths (also known as certificate
24  * chains).
25  * <p>
26  * This class uses a provider-based architecture, as described in the Java
27  * Cryptography Architecture. To create a <code>CertPathValidator</code>,
28  * call one of the static <code>getInstance</code> methods, passing in the
29  * algorithm name of the <code>CertPathValidator</code> desired and
30  * optionally the name of the provider desired.
31  * <p>
32  * Once a <code>CertPathValidator</code> object has been created, it can
33  * be used to validate certification paths by calling the {@link #validate
34  * validate} method and passing it the <code>CertPath</code> to be validated
35  * and an algorithm-specific set of parameters. If successful, the result is
36  * returned in an object that implements the
37  * <code>CertPathValidatorResult</code> interface.
38  * <p>
39  * <b>Concurrent Access</b>
40  * <p>
41  * The static methods of this class are guaranteed to be thread-safe.
42  * Multiple threads may concurrently invoke the static methods defined in
43  * this class with no ill effects.
44  * <p>
45  * However, this is not true for the non-static methods defined by this class.
46  * Unless otherwise documented by a specific provider, threads that need to
47  * access a single <code>CertPathValidator</code> instance concurrently should
48  * synchronize amongst themselves and provide the necessary locking. Multiple
49  * threads each manipulating a different <code>CertPathValidator</code>
50  * instance need not synchronize.
51  *
52  * @see CertPath
53  *
54  * @version 1.9 06/28/04
55  * @since 1.4
56  * @author Yassir Elley
57  */
58 public class CertPathValidator {
59
60     /*
61      * Constant to lookup in the Security properties file to determine
62      * the default certpathvalidator type. In the Security properties file,
63      * the default certpathvalidator type is given as:
64      * <pre>
65      * certpathvalidator.type=PKIX
66      * </pre>
67      */
68     private static final String CPV_TYPE = "certpathvalidator.type";
69     private static final Debug debug = Debug.getInstance("certpath");
70     private CertPathValidatorSpi validatorSpi;
71     private Provider provider;
72     private String algorithm;
73
74     /**
75      * Creates a <code>CertPathValidator</code> object of the given algorithm,
76      * and encapsulates the given provider implementation (SPI object) in it.
77      *
78      * @param validatorSpi the provider implementation
79      * @param provider the provider
80      * @param algorithm the algorithm name
81      */
82     protected CertPathValidator(CertPathValidatorSpi validatorSpi,
83     Provider provider, String algorithm)
84     {
85     this.validatorSpi = validatorSpi;
86     this.provider = provider;
87     this.algorithm = algorithm;
88     }
89     
90     /**
91      * Returns a <code>CertPathValidator</code> object that implements the
92      * specified algorithm.
93      *
94      * <p> If the default provider package provides an implementation of the
95      * specified <code>CertPathValidator</code> algorithm, an instance of
96      * <code>CertPathValidator</code> containing that implementation is
97      * returned. If the requested algorithm is not available in the default
98      * package, other packages are searched.
99      *
100      * @param algorithm the name of the requested <code>CertPathValidator</code>
101      * algorithm
102      * @return a <code>CertPathValidator</code> object that implements the
103      * specified algorithm
104      * @exception NoSuchAlgorithmException if the requested algorithm
105      * is not available in the default provider package or any of the other
106      * provider packages that were searched
107      */
108     public static CertPathValidator getInstance(String algorithm)
109         throws NoSuchAlgorithmException {
110     Instance instance = GetInstance.getInstance("CertPathValidator",
111         CertPathValidatorSpi .class, algorithm);
112     return new CertPathValidator ((CertPathValidatorSpi )instance.impl,
113         instance.provider, algorithm);
114     }
115
116     /**
117      * Returns a <code>CertPathValidator</code> object that implements the
118      * specified algorithm, as supplied by the specified provider.
119      *
120      * @param algorithm the name of the requested <code>CertPathValidator</code>
121      * algorithm
122      * @param provider the name of the provider
123      * @return a <code>CertPathValidator</code> object that implements the
124      * specified algorithm, as supplied by the specified provider
125      * @exception NoSuchAlgorithmException if the requested algorithm
126      * is not available from the specified provider
127      * @exception NoSuchProviderException if the provider has not been
128      * configured
129      * @exception IllegalArgumentException if the <code>provider</code> is
130      * null
131      */
132     public static CertPathValidator getInstance(String algorithm,
133         String provider) throws NoSuchAlgorithmException ,
134         NoSuchProviderException {
135     Instance instance = GetInstance.getInstance("CertPathValidator",
136         CertPathValidatorSpi .class, algorithm, provider);
137     return new CertPathValidator ((CertPathValidatorSpi )instance.impl,
138         instance.provider, algorithm);
139     }
140       
141     /**
142      * Returns a <code>CertPathValidator</code> object that implements the
143      * specified algorithm, as supplied by the specified provider.
144      * Note: the <code>provider</code> doesn't have to be registered.
145      *
146      * @param algorithm the name of the requested
147      * <code>CertPathValidator</code> algorithm
148      * @param provider the provider
149      * @return a <code>CertPathValidator</code> object that implements the
150      * specified algorithm, as supplied by the specified provider
151      * @exception NoSuchAlgorithmException if the requested algorithm
152      * is not available from the specified provider
153      * @exception IllegalArgumentException if the <code>provider</code> is
154      * null
155      */
156     public static CertPathValidator getInstance(String algorithm,
157         Provider provider) throws NoSuchAlgorithmException {
158     Instance instance = GetInstance.getInstance("CertPathValidator",
159         CertPathValidatorSpi .class, algorithm, provider);
160     return new CertPathValidator ((CertPathValidatorSpi )instance.impl,
161         instance.provider, algorithm);
162     }
163
164     /**
165      * Returns the <code>Provider</code> of this
166      * <code>CertPathValidator</code>.
167      *
168      * @return the <code>Provider</code> of this <code>CertPathValidator</code>
169      */
170     public final Provider getProvider() {
171     return this.provider;
172     }
173
174     /**
175      * Returns the algorithm name of this <code>CertPathValidator</code>.
176      *
177      * @return the algorithm name of this <code>CertPathValidator</code>
178      */
179     public final String getAlgorithm() {
180     return this.algorithm;
181     }
182
183     /**
184      * Validates the specified certification path using the specified
185      * algorithm parameter set.
186      * <p>
187      * The <code>CertPath</code> specified must be of a type that is
188      * supported by the validation algorithm, otherwise an
189      * <code>InvalidAlgorithmParameterException</code> will be thrown. For
190      * example, a <code>CertPathValidator</code> that implements the PKIX
191      * algorithm validates <code>CertPath</code> objects of type X.509.
192      *
193      * @param certPath the <code>CertPath</code> to be validated
194      * @param params the algorithm parameters
195      * @return the result of the validation algorithm
196      * @exception CertPathValidatorException if the <code>CertPath</code>
197      * does not validate
198      * @exception InvalidAlgorithmParameterException if the specified
199      * parameters or the type of the specified <code>CertPath</code> are
200      * inappropriate for this <code>CertPathValidator</code>
201      */
202     public final CertPathValidatorResult validate(CertPath certPath,
203     CertPathParameters params)
204     throws CertPathValidatorException , InvalidAlgorithmParameterException
205     {
206     return validatorSpi.engineValidate(certPath, params);
207     }
208
209     /**
210      * Returns the default <code>CertPathValidator</code> type as specified in
211      * the Java security properties file, or the string &quot;PKIX&quot;
212      * if no such property exists. The Java security properties file is
213      * located in the file named &lt;JAVA_HOME&gt;/lib/security/java.security,
214      * where &lt;JAVA_HOME&gt; refers to the directory where the JDK was
215      * installed.
216      *
217      * <p>The default <code>CertPathValidator</code> type can be used by
218      * applications that do not want to use a hard-coded type when calling one
219      * of the <code>getInstance</code> methods, and want to provide a default
220      * type in case a user does not specify its own.
221      *
222      * <p>The default <code>CertPathValidator</code> type can be changed by
223      * setting the value of the "certpathvalidator.type" security property
224      * (in the Java security properties file) to the desired type.
225      *
226      * @return the default <code>CertPathValidator</code> type as specified
227      * in the Java security properties file, or the string &quot;PKIX&quot;
228      * if no such property exists.
229      */
230     public final static String getDefaultType() {
231         String cpvtype;
232         cpvtype = (String )AccessController.doPrivileged(new PrivilegedAction () {
233             public Object run() {
234                 return Security.getProperty(CPV_TYPE);
235             }
236         });
237         if (cpvtype == null) {
238             cpvtype = "PKIX";
239         }
240         return cpvtype;
241     }
242 }
243

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags