001: /*
002: * @(#)Identity.java 1.63 06/10/10
003: *
004: * Copyright 1990-2006 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: *
026: */
027:
028: package java.security;
029:
030: import java.io.Serializable;
031: import java.util.*;
032:
033: /**
034: * <p>This class represents identities: real-world objects such as people,
035: * companies or organizations whose identities can be authenticated using
036: * their public keys. Identities may also be more abstract (or concrete)
037: * constructs, such as daemon threads or smart cards.
038: *
039: * <p>All Identity objects have a name and a public key. Names are
040: * immutable. Identities may also be scoped. That is, if an Identity is
041: * specified to have a particular scope, then the name and public
042: * key of the Identity are unique within that scope.
043: *
044: * <p>An Identity also has a set of certificates (all certifying its own
045: * public key). The Principal names specified in these certificates need
046: * not be the same, only the key.
047: *
048: * <p>An Identity can be subclassed, to include postal and email addresses,
049: * telephone numbers, images of faces and logos, and so on.
050: *
051: * @see IdentityScope
052: * @see Signer
053: * @see Principal
054: *
055: * @version 1.56
056: * @author Benjamin Renaud
057: * @deprecated This class is no longer used. Its functionality has been
058: * replaced by <code>java.security.KeyStore</code>, the
059: * <code>java.security.cert</code> package, and
060: * <code>java.security.Principal</code>.
061: */
062:
063: public abstract class Identity implements Principal, Serializable {
064:
065: /** use serialVersionUID from JDK 1.1.x for interoperability */
066: private static final long serialVersionUID = 3609922007826600659L;
067:
068: /**
069: * The name for this identity.
070: *
071: * @serial
072: */
073: private String name;
074:
075: /**
076: * The public key for this identity.
077: *
078: * @serial
079: */
080: private PublicKey publicKey;
081:
082: /**
083: * Generic, descriptive information about the identity.
084: *
085: * @serial
086: */
087: String info = "No further information available.";
088:
089: /**
090: * The scope of the identity.
091: *
092: * @serial
093: */
094: IdentityScope scope;
095:
096: /**
097: * The certificates for this identity.
098: *
099: * @serial
100: */
101: Vector certificates;
102:
103: /**
104: * Constructor for serialization only.
105: */
106: protected Identity() {
107: this ("restoring...");
108: }
109:
110: /**
111: * Constructs an identity with the specified name and scope.
112: *
113: * @param name the identity name.
114: * @param scope the scope of the identity.
115: *
116: * @exception KeyManagementException if there is already an identity
117: * with the same name in the scope.
118: */
119: public Identity(String name, IdentityScope scope)
120: throws KeyManagementException {
121: this (name);
122: if (scope != null) {
123: scope.addIdentity(this );
124: }
125: this .scope = scope;
126: }
127:
128: /**
129: * Constructs an identity with the specified name and no scope.
130: *
131: * @param name the identity name.
132: */
133: public Identity(String name) {
134: this .name = name;
135: }
136:
137: /**
138: * Returns this identity's name.
139: *
140: * @return the name of this identity.
141: */
142: public final String getName() {
143: return name;
144: }
145:
146: /**
147: * Returns this identity's scope.
148: *
149: * @return the scope of this identity.
150: */
151: public final IdentityScope getScope() {
152: return scope;
153: }
154:
155: /**
156: * Returns this identity's public key.
157: *
158: * @return the public key for this identity.
159: *
160: * @see #setPublicKey
161: */
162: public PublicKey getPublicKey() {
163: return publicKey;
164: }
165:
166: /**
167: * Sets this identity's public key. The old key and all of this
168: * identity's certificates are removed by this operation.
169: *
170: * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
171: * method is called with <code>"setIdentityPublicKey"</code>
172: * as its argument to see if it's ok to set the public key.
173: *
174: * @param key the public key for this identity.
175: *
176: * @exception KeyManagementException if another identity in the
177: * identity's scope has the same public key, or if another exception occurs.
178: *
179: * @exception SecurityException if a security manager exists and its
180: * <code>checkSecurityAccess</code> method doesn't allow
181: * setting the public key.
182: *
183: * @see #getPublicKey
184: * @see SecurityManager#checkSecurityAccess
185: */
186: /* Should we throw an exception if this is already set? */
187: public void setPublicKey(PublicKey key)
188: throws KeyManagementException {
189:
190: check("setIdentityPublicKey");
191: this .publicKey = key;
192: certificates = new Vector();
193: }
194:
195: /**
196: * Specifies a general information string for this identity.
197: *
198: * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
199: * method is called with <code>"setIdentityInfo"</code>
200: * as its argument to see if it's ok to specify the information string.
201: *
202: * @param info the information string.
203: *
204: * @exception SecurityException if a security manager exists and its
205: * <code>checkSecurityAccess</code> method doesn't allow
206: * setting the information string.
207: *
208: * @see #getInfo
209: * @see SecurityManager#checkSecurityAccess
210: */
211: public void setInfo(String info) {
212: check("setIdentityInfo");
213: this .info = info;
214: }
215:
216: /**
217: * Returns general information previously specified for this identity.
218: *
219: * @return general information about this identity.
220: *
221: * @see #setInfo
222: */
223: public String getInfo() {
224: return info;
225: }
226:
227: /**
228: * Adds a certificate for this identity. If the identity has a public
229: * key, the public key in the certificate must be the same, and if
230: * the identity does not have a public key, the identity's
231: * public key is set to be that specified in the certificate.
232: *
233: * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
234: * method is called with <code>"addIdentityCertificate"</code>
235: * as its argument to see if it's ok to add a certificate.
236: *
237: * @param certificate the certificate to be added.
238: *
239: * @exception KeyManagementException if the certificate is not valid,
240: * if the public key in the certificate being added conflicts with
241: * this identity's public key, or if another exception occurs.
242: *
243: * @exception SecurityException if a security manager exists and its
244: * <code>checkSecurityAccess</code> method doesn't allow
245: * adding a certificate.
246: *
247: * @see SecurityManager#checkSecurityAccess
248: */
249: public void addCertificate(Certificate certificate)
250: throws KeyManagementException {
251:
252: check("addIdentityCertificate");
253:
254: if (certificates == null) {
255: certificates = new Vector();
256: }
257: if (publicKey != null) {
258: if (!keyEquals(publicKey, certificate.getPublicKey())) {
259: throw new KeyManagementException(
260: "public key different from cert public key");
261: }
262: } else {
263: publicKey = certificate.getPublicKey();
264: }
265: certificates.addElement(certificate);
266: }
267:
268: private boolean keyEquals(Key aKey, Key anotherKey) {
269: String aKeyFormat = aKey.getFormat();
270: String anotherKeyFormat = anotherKey.getFormat();
271: if ((aKeyFormat == null) ^ (anotherKeyFormat == null))
272: return false;
273: if (aKeyFormat != null && anotherKeyFormat != null)
274: if (!aKeyFormat.equalsIgnoreCase(anotherKeyFormat))
275: return false;
276: return java.util.Arrays.equals(aKey.getEncoded(), anotherKey
277: .getEncoded());
278: }
279:
280: /**
281: * Removes a certificate from this identity.
282: *
283: * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
284: * method is called with <code>"removeIdentityCertificate"</code>
285: * as its argument to see if it's ok to remove a certificate.
286: *
287: * @param certificate the certificate to be removed.
288: *
289: * @exception KeyManagementException if the certificate is
290: * missing, or if another exception occurs.
291: *
292: * @exception SecurityException if a security manager exists and its
293: * <code>checkSecurityAccess</code> method doesn't allow
294: * removing a certificate.
295: *
296: * @see SecurityManager#checkSecurityAccess
297: */
298: public void removeCertificate(Certificate certificate)
299: throws KeyManagementException {
300: check("removeIdentityCertificate");
301: if (certificates != null) {
302: certificates.removeElement(certificate);
303: }
304: }
305:
306: /**
307: * Returns a copy of all the certificates for this identity.
308: *
309: * @return a copy of all the certificates for this identity.
310: */
311: public Certificate[] certificates() {
312: if (certificates == null) {
313: return new Certificate[0];
314: }
315: int len = certificates.size();
316: Certificate[] certs = new Certificate[len];
317: certificates.copyInto(certs);
318: return certs;
319: }
320:
321: /**
322: * Tests for equality between the specified object and this identity.
323: * This first tests to see if the entities actually refer to the same
324: * object, in which case it returns true. Next, it checks to see if
325: * the entities have the same name and the same scope. If they do,
326: * the method returns true. Otherwise, it calls
327: * {@link #identityEquals(Identity) identityEquals}, which subclasses should
328: * override.
329: *
330: * @param identity the object to test for equality with this identity.
331: *
332: * @return true if the objects are considered equal, false otherwise.
333: *
334: * @see #identityEquals
335: */
336: public final boolean equals(Object identity) {
337:
338: if (identity == this ) {
339: return true;
340: }
341:
342: if (identity instanceof Identity) {
343: Identity i = (Identity) identity;
344: if (this .fullName().equals(i.fullName())) {
345: return true;
346: } else {
347: return identityEquals(i);
348: }
349: }
350: return false;
351: }
352:
353: /**
354: * Tests for equality between the specified identity and this identity.
355: * This method should be overriden by subclasses to test for equality.
356: * The default behavior is to return true if the names and public keys
357: * are equal.
358: *
359: * @param identity the identity to test for equality with this identity.
360: *
361: * @return true if the identities are considered equal, false
362: * otherwise.
363: *
364: * @see #equals
365: */
366: protected boolean identityEquals(Identity identity) {
367: if (!name.equalsIgnoreCase(identity.name))
368: return false;
369:
370: if ((publicKey == null) ^ (identity.publicKey == null))
371: return false;
372:
373: if (publicKey != null && identity.publicKey != null)
374: if (!publicKey.equals(identity.publicKey))
375: return false;
376:
377: return true;
378:
379: }
380:
381: /**
382: * Returns a parsable name for identity: identityName.scopeName
383: */
384: String fullName() {
385: String parsable = name;
386: if (scope != null) {
387: parsable += "." + scope.getName();
388: }
389: return parsable;
390: }
391:
392: /**
393: * Returns a short string describing this identity, telling its
394: * name and its scope (if any).
395: *
396: * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
397: * method is called with <code>"printIdentity"</code>
398: * as its argument to see if it's ok to return the string.
399: *
400: * @return information about this identity, such as its name and the
401: * name of its scope (if any).
402: *
403: * @exception SecurityException if a security manager exists and its
404: * <code>checkSecurityAccess</code> method doesn't allow
405: * returning a string describing this identity.
406: *
407: * @see SecurityManager#checkSecurityAccess
408: */
409: public String toString() {
410: check("printIdentity");
411: String printable = name;
412: if (scope != null) {
413: printable += "[" + scope.getName() + "]";
414: }
415: return printable;
416: }
417:
418: /**
419: * Returns a string representation of this identity, with
420: * optionally more details than that provided by the
421: * <code>toString</code> method without any arguments.
422: *
423: * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
424: * method is called with <code>"printIdentity"</code>
425: * as its argument to see if it's ok to return the string.
426: *
427: * @param detailed whether or not to provide detailed information.
428: *
429: * @return information about this identity. If <code>detailed</code>
430: * is true, then this method returns more information than that
431: * provided by the <code>toString</code> method without any arguments.
432: *
433: * @exception SecurityException if a security manager exists and its
434: * <code>checkSecurityAccess</code> method doesn't allow
435: * returning a string describing this identity.
436: *
437: * @see #toString
438: * @see SecurityManager#checkSecurityAccess
439: */
440: public String toString(boolean detailed) {
441: String out = toString();
442: if (detailed) {
443: out += "\n";
444: out += printKeys();
445: out += "\n" + printCertificates();
446: if (info != null) {
447: out += "\n\t" + info;
448: } else {
449: out += "\n\tno additional information available.";
450: }
451: }
452: return out;
453: }
454:
455: String printKeys() {
456: String key = "";
457: if (publicKey != null) {
458: key = "\tpublic key initialized";
459: } else {
460: key = "\tno public key";
461: }
462: return key;
463: }
464:
465: String printCertificates() {
466: String out = "";
467: if (certificates == null) {
468: return "\tno certificates";
469: } else {
470: out += "\tcertificates: \n";
471: Enumeration e = certificates.elements();
472: int i = 1;
473: while (e.hasMoreElements()) {
474: Certificate cert = (Certificate) e.nextElement();
475: out += "\tcertificate " + i++ + "\tfor : "
476: + cert.getPrincipal() + "\n";
477: out += "\t\t\tfrom : " + cert.getGuarantor() + "\n";
478: }
479: }
480: return out;
481: }
482:
483: /**
484: * Returns a hashcode for this identity.
485: *
486: * @return a hashcode for this identity.
487: */
488: public int hashCode() {
489: return name.hashCode();
490: }
491:
492: private static void check(String directive) {
493: SecurityManager security = System.getSecurityManager();
494: if (security != null) {
495: security.checkSecurityAccess(directive);
496: }
497: }
498: }
|