001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: /**
019: * @author Vladimir N. Molotkov
020: * @version $Revision$
021: */package java.security.cert;
022:
023: import java.security.InvalidAlgorithmParameterException;
024: import java.security.KeyStore;
025: import java.security.KeyStoreException;
026: import java.util.ArrayList;
027: import java.util.Collections;
028: import java.util.Date;
029: import java.util.Enumeration;
030: import java.util.HashSet;
031: import java.util.Iterator;
032: import java.util.List;
033: import java.util.Set;
034:
035: import org.apache.harmony.security.internal.nls.Messages;
036:
037: /**
038: * @com.intel.drl.spec_ref
039: *
040: */
041: public class PKIXParameters implements CertPathParameters {
042: // Set of trust anchors - most trusted CAs
043: private Set<TrustAnchor> trustAnchors;
044: // Set of acceptable initial policy identifiers (OID strings)
045: private Set<String> initialPolicies;
046: // List of cert stores that used to find certificates and CRLs
047: private List<CertStore> certStores;
048: // Time for which the validity of the certification
049: // patch should be determined
050: private Date date;
051: // List of certification patch checkers (PKIXCertPathChecker)
052: private List<PKIXCertPathChecker> certPathCheckers;
053: // Preferred signature provider name
054: private String sigProvider;
055: // Required constraints on the target certificate
056: private CertSelector targetCertConstraints;
057: // Indicates whether cert revocation is enabled or not
058: private boolean revocationEnabled = true;
059: // Indicates whether explicit policy required or not
060: private boolean explicitPolicyRequired = false;
061: // Indicates whether policy mapping inhibited or not
062: private boolean policyMappingInhibited = false;
063: // Indicates whether any policy inhibited or not
064: private boolean anyPolicyInhibited = false;
065: // Indicates whether certificates that include policy
066: // qualifiers in a certificate policies extension that
067: // is marked critical must be rejected or not
068: private boolean policyQualifiersRejected = true;
069:
070: /**
071: * @com.intel.drl.spec_ref
072: */
073: public PKIXParameters(Set<TrustAnchor> trustAnchors)
074: throws InvalidAlgorithmParameterException {
075: if (trustAnchors == null) {
076: throw new NullPointerException(Messages
077: .getString("security.6F")); //$NON-NLS-1$
078: }
079: checkTrustAnchors(trustAnchors);
080: this .trustAnchors = new HashSet<TrustAnchor>(trustAnchors);
081: }
082:
083: /**
084: * @com.intel.drl.spec_ref
085: */
086: public PKIXParameters(KeyStore keyStore) throws KeyStoreException,
087: InvalidAlgorithmParameterException {
088: if (keyStore == null) {
089: throw new NullPointerException(Messages
090: .getString("security.41")); //$NON-NLS-1$
091: }
092: // Will throw KeyStoreException if
093: // keyStore has not been initialized (loaded)
094: if (keyStore.size() == 0) {
095: throw new InvalidAlgorithmParameterException(Messages
096: .getString("security.6A")); //$NON-NLS-1$
097: }
098: // keyStore is not null and loaded
099: trustAnchors = new HashSet<TrustAnchor>();
100: for (Enumeration i = keyStore.aliases(); i.hasMoreElements();) {
101: String alias = (String) i.nextElement();
102: if (keyStore.isCertificateEntry(alias)) {
103: // this is trusted certificate entry
104: // check if it is X509Cerificate
105: Certificate c = keyStore.getCertificate(alias);
106: // add only X509Cerificate
107: // ignore all other types
108: if (c instanceof X509Certificate) {
109: trustAnchors.add(new TrustAnchor(
110: (X509Certificate) c, null));
111: }
112: }
113: }
114: checkTrustAnchors(trustAnchors);
115: }
116:
117: /**
118: * @com.intel.drl.spec_ref
119: */
120: public Set<TrustAnchor> getTrustAnchors() {
121: return Collections.unmodifiableSet(trustAnchors);
122: }
123:
124: /**
125: * @com.intel.drl.spec_ref
126: */
127: public void setTrustAnchors(Set<TrustAnchor> trustAnchors)
128: throws InvalidAlgorithmParameterException {
129: if (trustAnchors == null) {
130: throw new NullPointerException(Messages
131: .getString("security.6F")); //$NON-NLS-1$
132: }
133: checkTrustAnchors(trustAnchors);
134: // make shallow copy
135: this .trustAnchors = new HashSet<TrustAnchor>(trustAnchors);
136: }
137:
138: /**
139: * @com.intel.drl.spec_ref
140: */
141: public boolean isAnyPolicyInhibited() {
142: return anyPolicyInhibited;
143: }
144:
145: /**
146: * @com.intel.drl.spec_ref
147: */
148: public void setAnyPolicyInhibited(boolean anyPolicyInhibited) {
149: this .anyPolicyInhibited = anyPolicyInhibited;
150: }
151:
152: /**
153: * @com.intel.drl.spec_ref
154: */
155: public List<PKIXCertPathChecker> getCertPathCheckers() {
156: if (certPathCheckers == null) {
157: // set to empty List if has not been set yet
158: certPathCheckers = new ArrayList<PKIXCertPathChecker>();
159: }
160: if (certPathCheckers.isEmpty()) {
161: // no content - no need to copy,
162: // just return immutable view of the same
163: // empty List each time
164: return Collections.unmodifiableList(certPathCheckers);
165: }
166: // List is not empty - do deep copy
167: ArrayList<PKIXCertPathChecker> modifiableList = new ArrayList<PKIXCertPathChecker>();
168: for (Iterator<PKIXCertPathChecker> i = certPathCheckers
169: .iterator(); i.hasNext();) {
170: modifiableList.add((PKIXCertPathChecker) i.next().clone());
171: }
172: return Collections.unmodifiableList(modifiableList);
173: }
174:
175: /**
176: * @com.intel.drl.spec_ref
177: */
178: public void setCertPathCheckers(
179: List<PKIXCertPathChecker> certPathCheckers) {
180: if (certPathCheckers == null || certPathCheckers.isEmpty()) {
181: // empty list or null provided
182: if (this .certPathCheckers != null
183: && !this .certPathCheckers.isEmpty()) {
184: // discard non-empty list
185: this .certPathCheckers = null;
186: }
187: return;
188: }
189: // non-empty list provided - do deep copy
190: this .certPathCheckers = new ArrayList<PKIXCertPathChecker>();
191: for (Iterator<PKIXCertPathChecker> i = certPathCheckers
192: .iterator(); i.hasNext();) {
193: this .certPathCheckers.add((PKIXCertPathChecker) i.next()
194: .clone());
195: }
196: }
197:
198: /**
199: * @com.intel.drl.spec_ref
200: */
201: public void addCertPathChecker(PKIXCertPathChecker checker) {
202: if (checker == null) {
203: // do nothing if null provided
204: return;
205: }
206: if (certPathCheckers == null) {
207: // set to empty List if has not been set yet
208: certPathCheckers = new ArrayList<PKIXCertPathChecker>();
209: }
210: // add a copy to avoid possible modifications
211: certPathCheckers.add((PKIXCertPathChecker) checker.clone());
212: }
213:
214: /**
215: * @com.intel.drl.spec_ref
216: */
217: public List<CertStore> getCertStores() {
218: if (certStores == null) {
219: // set to empty List if has not been set yet
220: certStores = new ArrayList<CertStore>();
221: }
222: if (certStores.isEmpty()) {
223: // no content - no need to copy,
224: // just return immutable view of the same
225: // empty List each time
226: return Collections.unmodifiableList(certStores);
227: }
228: // List is not empty - do shallow copy
229: ArrayList<CertStore> modifiableList = new ArrayList<CertStore>(
230: certStores);
231: return Collections.unmodifiableList(modifiableList);
232: }
233:
234: /**
235: * @com.intel.drl.spec_ref
236: */
237: public void setCertStores(List<CertStore> certStores) {
238: if (certStores == null || certStores.isEmpty()) {
239: // empty list or null provided
240: if (this .certStores != null && !this .certStores.isEmpty()) {
241: // discard non-empty list
242: this .certStores = null;
243: }
244: return;
245: }
246: // non-empty list provided - do shallow copy
247: this .certStores = new ArrayList(certStores);
248: // check that all elements are CertStore
249: for (Iterator i = this .certStores.iterator(); i.hasNext();) {
250: if (!(i.next() instanceof CertStore)) {
251: throw new ClassCastException(Messages
252: .getString("security.6B")); //$NON-NLS-1$
253: }
254: }
255: }
256:
257: /**
258: * @com.intel.drl.spec_ref
259: */
260: public void addCertStore(CertStore store) {
261: if (store == null) {
262: // do nothing if null provided
263: return;
264: }
265: if (certStores == null) {
266: // set to empty List if has not been set yet
267: certStores = new ArrayList();
268: }
269: // add store
270: certStores.add(store);
271: }
272:
273: /**
274: * @com.intel.drl.spec_ref
275: */
276: public Date getDate() {
277: return date == null ? null : (Date) date.clone();
278: }
279:
280: /**
281: * @com.intel.drl.spec_ref
282: */
283: public void setDate(Date date) {
284: this .date = (date == null ? null : new Date(date.getTime()));
285: }
286:
287: /**
288: * @com.intel.drl.spec_ref
289: */
290: public boolean isExplicitPolicyRequired() {
291: return explicitPolicyRequired;
292: }
293:
294: /**
295: * @com.intel.drl.spec_ref
296: */
297: public void setExplicitPolicyRequired(boolean explicitPolicyRequired) {
298: this .explicitPolicyRequired = explicitPolicyRequired;
299: }
300:
301: /**
302: * @com.intel.drl.spec_ref
303: */
304: public Set<String> getInitialPolicies() {
305: if (initialPolicies == null) {
306: // set to empty Set if has not been set yet
307: initialPolicies = new HashSet();
308: }
309: if (initialPolicies.isEmpty()) {
310: // no content - no need to copy,
311: // just return immutable view of the same
312: // empty Set each time
313: return Collections.unmodifiableSet(initialPolicies);
314: }
315: // List is not empty - do shallow copy
316: HashSet modifiableSet = new HashSet(initialPolicies);
317: return Collections.unmodifiableSet(modifiableSet);
318: }
319:
320: /**
321: * @com.intel.drl.spec_ref
322: */
323: public void setInitialPolicies(Set<String> initialPolicies) {
324: if (initialPolicies == null || initialPolicies.isEmpty()) {
325: // empty list or null provided
326: if (this .initialPolicies != null
327: && !this .initialPolicies.isEmpty()) {
328: // discard non-empty list
329: this .initialPolicies = null;
330: }
331: return;
332: }
333: // non-empty list provided - do shallow copy
334: this .initialPolicies = new HashSet(initialPolicies);
335: // check that all elements are String
336: for (Iterator i = this .initialPolicies.iterator(); i.hasNext();) {
337: if (!(i.next() instanceof String)) {
338: throw new ClassCastException(Messages
339: .getString("security.6C")); //$NON-NLS-1$
340: }
341: }
342: }
343:
344: /**
345: * @com.intel.drl.spec_ref
346: */
347: public boolean isPolicyMappingInhibited() {
348: return policyMappingInhibited;
349: }
350:
351: /**
352: * @com.intel.drl.spec_ref
353: */
354: public void setPolicyMappingInhibited(boolean policyMappingInhibited) {
355: this .policyMappingInhibited = policyMappingInhibited;
356: }
357:
358: /**
359: * @com.intel.drl.spec_ref
360: */
361: public boolean getPolicyQualifiersRejected() {
362: return policyQualifiersRejected;
363: }
364:
365: /**
366: * @com.intel.drl.spec_ref
367: */
368: public void setPolicyQualifiersRejected(
369: boolean policyQualifiersRejected) {
370: this .policyQualifiersRejected = policyQualifiersRejected;
371: }
372:
373: /**
374: * @com.intel.drl.spec_ref
375: */
376: public boolean isRevocationEnabled() {
377: return revocationEnabled;
378: }
379:
380: /**
381: * @com.intel.drl.spec_ref
382: */
383: public void setRevocationEnabled(boolean revocationEnabled) {
384: this .revocationEnabled = revocationEnabled;
385: }
386:
387: /**
388: * @com.intel.drl.spec_ref
389: */
390: public String getSigProvider() {
391: return sigProvider;
392: }
393:
394: /**
395: * @com.intel.drl.spec_ref
396: */
397: public void setSigProvider(String sigProvider) {
398: this .sigProvider = sigProvider;
399: }
400:
401: /**
402: * @com.intel.drl.spec_ref
403: */
404: public CertSelector getTargetCertConstraints() {
405: return (targetCertConstraints == null ? null
406: : (CertSelector) targetCertConstraints.clone());
407: }
408:
409: /**
410: * @com.intel.drl.spec_ref
411: */
412: public void setTargetCertConstraints(
413: CertSelector targetCertConstraints) {
414: this .targetCertConstraints = (targetCertConstraints == null ? null
415: : (CertSelector) targetCertConstraints.clone());
416: }
417:
418: /**
419: * @com.intel.drl.spec_ref
420: */
421: public Object clone() {
422: try {
423: // do shallow copy first
424: PKIXParameters ret = (PKIXParameters) super .clone();
425: // copy fields containing references to mutable objects
426: if (this .certStores != null) {
427: ret.certStores = new ArrayList(this .certStores);
428: }
429: if (this .certPathCheckers != null) {
430: ret.certPathCheckers = new ArrayList(
431: this .certPathCheckers);
432: }
433: return ret;
434: } catch (CloneNotSupportedException e) {
435: throw new Error(e);
436: }
437: }
438:
439: /**
440: * @com.intel.drl.spec_ref
441: */
442: public String toString() {
443: StringBuffer sb = new StringBuffer("[\n Trust Anchors: "); //$NON-NLS-1$
444: sb.append(trustAnchors);
445: sb.append("\n Revocation Enabled: "); //$NON-NLS-1$
446: sb.append(revocationEnabled);
447: sb.append("\n Explicit Policy Required: "); //$NON-NLS-1$
448: sb.append(explicitPolicyRequired);
449: sb.append("\n Policy Mapping Inhibited: "); //$NON-NLS-1$
450: sb.append(policyMappingInhibited);
451: sb.append("\n Any Policy Inhibited: "); //$NON-NLS-1$
452: sb.append(anyPolicyInhibited);
453: sb.append("\n Policy Qualifiers Rejected: "); //$NON-NLS-1$
454: sb.append(policyQualifiersRejected);
455: sb.append("\n Initial Policy OIDs: "); //$NON-NLS-1$
456: sb
457: .append((initialPolicies == null || initialPolicies
458: .isEmpty()) ? "any" : initialPolicies.toString()); //$NON-NLS-1$
459: sb.append("\n Cert Stores: "); //$NON-NLS-1$
460: sb
461: .append((certStores == null || certStores.isEmpty()) ? "no" : certStores.toString()); //$NON-NLS-1$
462: sb.append("\n Validity Date: "); //$NON-NLS-1$
463: sb.append(date);
464: sb.append("\n Cert Path Checkers: "); //$NON-NLS-1$
465: sb.append((certPathCheckers == null || certPathCheckers
466: .isEmpty()) ? "no" : certPathCheckers.toString()); //$NON-NLS-1$
467: sb.append("\n Signature Provider: "); //$NON-NLS-1$
468: sb.append(sigProvider);
469: sb.append("\n Target Certificate Constraints: "); //$NON-NLS-1$
470: sb.append(targetCertConstraints);
471: sb.append("\n]"); //$NON-NLS-1$
472: return sb.toString();
473: }
474:
475: //
476: // Private stuff
477: //
478:
479: //
480: // Checks that 'trustAnchors' contains
481: // only TrustAnchor instances.
482: // Throws InvalidAlgorithmParameterException if trustAnchors set is empty.
483: //
484: private void checkTrustAnchors(Set trustAnchors)
485: throws InvalidAlgorithmParameterException {
486: if (trustAnchors.isEmpty()) {
487: throw new InvalidAlgorithmParameterException(Messages
488: .getString("security.6D")); //$NON-NLS-1$
489: }
490: for (Iterator i = trustAnchors.iterator(); i.hasNext();) {
491: if (!(i.next() instanceof TrustAnchor)) {
492: throw new ClassCastException(Messages
493: .getString("security.6E")); //$NON-NLS-1$
494: }
495: }
496: }
497: }
|