Source Code Cross Referenced for TrustAnchor.java in  » Apache-Harmony-Java-SE » java-package » java » security » cert » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /*
002:         *  Licensed to the Apache Software Foundation (ASF) under one or more
003:         *  contributor license agreements.  See the NOTICE file distributed with
004:         *  this work for additional information regarding copyright ownership.
005:         *  The ASF licenses this file to You under the Apache License, Version 2.0
006:         *  (the "License"); you may not use this file except in compliance with
007:         *  the License.  You may obtain a copy of the License at
008:         *
009:         *     http://www.apache.org/licenses/LICENSE-2.0
010:         *
011:         *  Unless required by applicable law or agreed to in writing, software
012:         *  distributed under the License is distributed on an "AS IS" BASIS,
013:         *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014:         *  See the License for the specific language governing permissions and
015:         *  limitations under the License.
016:         */
017:
018:        /**
019:         * @author Vladimir N. Molotkov
020:         * @version $Revision$
021:         */package java.security.cert;
022:
023:        import java.io.IOException;
024:        import java.security.PublicKey;
025:
026:        import javax.security.auth.x500.X500Principal;
027:
028:        import org.apache.harmony.security.internal.nls.Messages;
029:        import org.apache.harmony.security.utils.Array;
030:        import org.apache.harmony.security.x509.NameConstraints;
031:
032:        /**
033:         * @com.intel.drl.spec_ref
034:         * 
035:         */
036:        public class TrustAnchor {
037:            // Most trusted CA as a X500Principal
038:            private final X500Principal caPrincipal;
039:            // Most trusted CA name
040:            private final String caName;
041:            // Most trusted CA public key
042:            private final PublicKey caPublicKey;
043:            // Most trusted CA certificate
044:            private final X509Certificate trustedCert;
045:            // Name constraints extension
046:            private final byte[] nameConstraints;
047:
048:            /**
049:             * @com.intel.drl.spec_ref
050:             */
051:            public TrustAnchor(X509Certificate trustedCert,
052:                    byte[] nameConstraints) {
053:                if (trustedCert == null) {
054:                    throw new NullPointerException(Messages
055:                            .getString("security.5C")); //$NON-NLS-1$
056:                }
057:                this .trustedCert = trustedCert;
058:                // copy nameConstraints if not null
059:                if (nameConstraints != null) {
060:                    this .nameConstraints = new byte[nameConstraints.length];
061:                    System.arraycopy(nameConstraints, 0, this .nameConstraints,
062:                            0, this .nameConstraints.length);
063:                    processNameConstraints();
064:                } else {
065:                    this .nameConstraints = null;
066:                }
067:                this .caName = null;
068:                this .caPrincipal = null;
069:                this .caPublicKey = null;
070:            }
071:
072:            /**
073:             * @com.intel.drl.spec_ref
074:             */
075:            public TrustAnchor(String caName, PublicKey caPublicKey,
076:                    byte[] nameConstraints) {
077:                if (caName == null) {
078:                    throw new NullPointerException(Messages
079:                            .getString("security.5D")); //$NON-NLS-1$
080:                }
081:                this .caName = caName;
082:                if (caPublicKey == null) {
083:                    throw new NullPointerException(Messages
084:                            .getString("security.5E")); //$NON-NLS-1$
085:                }
086:                this .caPublicKey = caPublicKey;
087:                // copy nameConstraints if not null
088:                if (nameConstraints != null) {
089:                    this .nameConstraints = new byte[nameConstraints.length];
090:                    System.arraycopy(nameConstraints, 0, this .nameConstraints,
091:                            0, this .nameConstraints.length);
092:                    processNameConstraints();
093:                } else {
094:                    this .nameConstraints = null;
095:                }
096:
097:                this .trustedCert = null;
098:
099:                // X500Principal checks caName validity
100:                if (caName.length() == 0) {
101:                    throw new IllegalArgumentException(Messages
102:                            .getString("security.5F")); //$NON-NLS-1$
103:                }
104:                this .caPrincipal = new X500Principal(this .caName);
105:            }
106:
107:            /**
108:             * @com.intel.drl.spec_ref
109:             */
110:            public TrustAnchor(X500Principal caPrincipal,
111:                    PublicKey caPublicKey, byte[] nameConstraints) {
112:                if (caPrincipal == null) {
113:                    throw new NullPointerException(Messages
114:                            .getString("security.60")); //$NON-NLS-1$
115:                }
116:                this .caPrincipal = caPrincipal;
117:                if (caPublicKey == null) {
118:                    throw new NullPointerException(Messages
119:                            .getString("security.5E")); //$NON-NLS-1$
120:                }
121:                this .caPublicKey = caPublicKey;
122:                // copy nameConstraints if not null
123:                if (nameConstraints != null) {
124:                    this .nameConstraints = new byte[nameConstraints.length];
125:                    System.arraycopy(nameConstraints, 0, this .nameConstraints,
126:                            0, this .nameConstraints.length);
127:                    processNameConstraints();
128:                } else {
129:                    this .nameConstraints = null;
130:                }
131:
132:                this .trustedCert = null;
133:                this .caName = caPrincipal.getName();
134:            }
135:
136:            /**
137:             * @com.intel.drl.spec_ref
138:             */
139:            public final byte[] getNameConstraints() {
140:                if (nameConstraints == null) {
141:                    return null;
142:                }
143:                byte[] ret = new byte[nameConstraints.length];
144:                System.arraycopy(nameConstraints, 0, ret, 0,
145:                        nameConstraints.length);
146:                return ret;
147:            }
148:
149:            /**
150:             * @com.intel.drl.spec_ref
151:             */
152:            public final X509Certificate getTrustedCert() {
153:                return trustedCert;
154:            }
155:
156:            /**
157:             * @com.intel.drl.spec_ref
158:             */
159:            public final X500Principal getCA() {
160:                return caPrincipal;
161:            }
162:
163:            /**
164:             * @com.intel.drl.spec_ref
165:             */
166:            public final String getCAName() {
167:                return caName;
168:            }
169:
170:            /**
171:             * @com.intel.drl.spec_ref
172:             */
173:            public final PublicKey getCAPublicKey() {
174:                return caPublicKey;
175:            }
176:
177:            /**
178:             * @com.intel.drl.spec_ref
179:             */
180:            public String toString() {
181:                StringBuffer sb = new StringBuffer("TrustAnchor: [\n"); //$NON-NLS-1$
182:                if (trustedCert != null) {
183:                    sb.append("Trusted CA certificate: "); //$NON-NLS-1$
184:                    sb.append(trustedCert);
185:                    sb.append("\n"); //$NON-NLS-1$
186:                }
187:                if (caPrincipal != null) {
188:                    sb.append("Trusted CA Name: "); //$NON-NLS-1$
189:                    sb.append(caPrincipal);
190:                    sb.append("\n"); //$NON-NLS-1$
191:                }
192:                if (caPublicKey != null) {
193:                    sb.append("Trusted CA Public Key: "); //$NON-NLS-1$
194:                    sb.append(caPublicKey);
195:                    sb.append("\n"); //$NON-NLS-1$
196:                }
197:                // FIXME if needed:
198:                if (nameConstraints != null) {
199:                    sb.append("Name Constraints:\n"); //$NON-NLS-1$
200:                    sb.append(Array.toString(nameConstraints, "    ")); //$NON-NLS-1$
201:                }
202:                sb.append("\n]"); //$NON-NLS-1$
203:                return sb.toString();
204:            }
205:
206:            //
207:            // Private stuff
208:            //
209:
210:            // Decodes and checks NameConstraints structure.
211:            // Throws IllegalArgumentException if NameConstraints
212:            // encoding is invalid.
213:            private void processNameConstraints() {
214:                try {
215:                    // decode and check nameConstraints
216:                    NameConstraints.ASN1.decode(nameConstraints);
217:                } catch (IOException e) {
218:                    throw new IllegalArgumentException(e.getMessage());
219:                }
220:            }
221:        }