mirror of
git://gcc.gnu.org/git/gcc.git
synced 2024-12-26 05:09:04 +08:00
43905ff30b
2003-04-30 Michael Koch <konqueror@gmx.de> * gnu/java/security/Engine.java, gnu/java/security/OID.java, gnu/java/security/der/BitString.java, gnu/java/security/der/DER.java, gnu/java/security/der/DERReader.java, gnu/java/security/der/DERValue.java, gnu/java/security/der/DERWriter.java, gnu/java/security/provider/DSAKeyFactory.java, gnu/java/security/provider/X509CertificateFactory.java, gnu/java/security/x509/X500DistinguishedName.java, gnu/java/security/x509/X509CRL.java, gnu/java/security/x509/X509CRLEntry.java, gnu/java/security/x509/X509Certificate.java, java/security/cert/CRLSelector.java, java/security/cert/CertPathBuilder.java, java/security/cert/CertPathBuilderResult.java, java/security/cert/CertPathBuilderSpi.java, java/security/cert/CertPathParameters.java, java/security/cert/CertPathValidator.java, java/security/cert/CertPathValidatorResult.java, java/security/cert/CertPathValidatorSpi.java, java/security/cert/CertSelector.java, java/security/cert/CertStore.java, java/security/cert/CertStoreParameters.java, java/security/cert/CertStoreSpi.java, java/security/cert/CollectionCertStoreParameters.java, java/security/cert/LDAPCertStoreParameters.java, java/security/cert/PKIXBuilderParameters.java, java/security/cert/PKIXCertPathBuilderResult.java, java/security/cert/PKIXCertPathChecker.java, java/security/cert/PKIXCertPathValidatorResult.java, java/security/cert/PKIXParameters.java, java/security/cert/PolicyNode.java, java/security/cert/PolicyQualifierInfo.java, java/security/cert/TrustAnchor.java, javax/security/auth/x500/X500Principal.java: New files from classpath. * gnu/java/io/ASN1ParsingException.java, gnu/java/io/Base64InputStream.java, gnu/java/security/der/DEREncodingException.java, gnu/java/security/provider/DSAParameters.java, gnu/java/security/provider/DSASignature.java, gnu/java/security/provider/Gnu.java, gnu/java/security/provider/GnuDSAPrivateKey.java, gnu/java/security/provider/GnuDSAPublicKey.java, java/security/AlgorithmParameterGenerator.java, java/security/AlgorithmParameters.java, java/security/KeyFactory.java, java/security/KeyPairGenerator.java, java/security/KeyStore.java, java/security/MessageDigest.java, java/security/SecureClassLoader.java, java/security/SecureRandom.java, java/security/Security.java, java/security/Signature.java, java/security/cert/Certificate.java, java/security/cert/CertificateFactory.java, java/security/cert/CertificateFactorySpi.java, java/security/cert/X509CRL.java, java/security/cert/X509Certificate.java, java/security/spec/DSAPublicKeySpec.java: New versions from classpath. * gnu/java/security/provider/DERReader.java, gnu/java/security/provider/DERWriter.java, java/security/Engine.java: Removed. * Makefile.am (java_source_files, javax_source_files): Added new files. * Makefile.in: Regenerated. From-SVN: r66283
547 lines
16 KiB
Java
547 lines
16 KiB
Java
/* PKIXParameters.java -- parameters for the PKIX cert path algorithm
|
|
Copyright (C) 2003 Free Software Foundation, Inc.
|
|
|
|
This file is part of GNU Classpath.
|
|
|
|
GNU Classpath is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2, or (at your option)
|
|
any later version.
|
|
|
|
GNU Classpath is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with GNU Classpath; see the file COPYING. If not, write to the
|
|
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
|
02111-1307 USA.
|
|
|
|
Linking this library statically or dynamically with other modules is
|
|
making a combined work based on this library. Thus, the terms and
|
|
conditions of the GNU General Public License cover the whole
|
|
combination.
|
|
|
|
As a special exception, the copyright holders of this library give you
|
|
permission to link this library with independent modules to produce an
|
|
executable, regardless of the license terms of these independent
|
|
modules, and to copy and distribute the resulting executable under
|
|
terms of your choice, provided that you also meet, for each linked
|
|
independent module, the terms and conditions of the license of that
|
|
module. An independent module is a module which is not derived from
|
|
or based on this library. If you modify this library, you may extend
|
|
this exception to your version of the library, but you are not
|
|
obligated to do so. If you do not wish to do so, delete this
|
|
exception statement from your version. */
|
|
|
|
|
|
package java.security.cert;
|
|
|
|
import java.security.InvalidAlgorithmParameterException;
|
|
import java.security.KeyStore;
|
|
import java.security.KeyStoreException;
|
|
|
|
import java.util.Collections;
|
|
import java.util.Date;
|
|
import java.util.Enumeration;
|
|
import java.util.HashSet;
|
|
import java.util.Iterator;
|
|
import java.util.LinkedList;
|
|
import java.util.List;
|
|
import java.util.Set;
|
|
|
|
/**
|
|
* Parameters for verifying certificate paths using the PKIX
|
|
* (Public-Key Infrastructure (X.509)) algorithm.
|
|
*
|
|
* @see CertPathBulider
|
|
*/
|
|
public class PKIXParameters implements CertPathParameters
|
|
{
|
|
|
|
// Fields.
|
|
// ------------------------------------------------------------------------
|
|
|
|
/** The trusted certificates. */
|
|
private final Set trustAnchors;
|
|
|
|
/** The set of initial policy identifiers. */
|
|
private final Set initPolicies;
|
|
|
|
/** The list of certificate stores. */
|
|
private final List certStores;
|
|
|
|
/** The list of path checkers. */
|
|
private final List pathCheckers;
|
|
|
|
/** The revocation enabled flag. */
|
|
private boolean revocationEnabled;
|
|
|
|
/** The explicit policy required flag. */
|
|
private boolean exPolicyRequired;
|
|
|
|
/** The policy mapping inhibited flag. */
|
|
private boolean policyMappingInhibited;
|
|
|
|
/** The any policy inhibited flag. */
|
|
private boolean anyPolicyInhibited;
|
|
|
|
/** The policy qualifiers rejected flag. */
|
|
private boolean policyQualRejected;
|
|
|
|
/** The target validation date. */
|
|
private Date date;
|
|
|
|
/** The signature algorithm provider. */
|
|
private String sigProvider;
|
|
|
|
/** The target constraints. */
|
|
private CertSelector targetConstraints;
|
|
|
|
// Constructors.
|
|
// ------------------------------------------------------------------------
|
|
|
|
/**
|
|
* Create a new PKIXParameters object, populating the trusted
|
|
* certificates set with all certificates found in the given key
|
|
* store. All certificates found in the key store are assumed to be
|
|
* trusted by this constructor.
|
|
*
|
|
* @param keystore The key store.
|
|
* @throws KeyStoreException If the certificates cannot be retrieved
|
|
* from the key store.
|
|
* @throws InvalidAlgorithmParameterException If there are no
|
|
* certificates in the key store.
|
|
* @throws NullPointerException If <i>keystore</i> is null.
|
|
*/
|
|
public PKIXParameters(KeyStore keystore)
|
|
throws KeyStoreException, InvalidAlgorithmParameterException
|
|
{
|
|
this();
|
|
for (Enumeration e = keystore.aliases(); e.hasMoreElements(); )
|
|
{
|
|
String alias = (String) e.nextElement();
|
|
if (!keystore.isCertificateEntry(alias))
|
|
continue;
|
|
Certificate cert = keystore.getCertificate(alias);
|
|
if (cert instanceof X509Certificate)
|
|
trustAnchors.add(new TrustAnchor((X509Certificate) cert, null));
|
|
}
|
|
if (trustAnchors.isEmpty())
|
|
throw new InvalidAlgorithmParameterException("no certs in the key store");
|
|
}
|
|
|
|
/**
|
|
* Create a new PKIXParameters object, populating the trusted
|
|
* certificates set with the elements of the given set, each of which
|
|
* must be a {@link TrustAnchor}.
|
|
*
|
|
* @param trustAnchors The set of trust anchors.
|
|
* @throws InvalidAlgorithmParameterException If there are no
|
|
* certificates in the set.
|
|
* @throws NullPointerException If <i>trustAnchors</i> is null.
|
|
* @throws ClassCastException If every element in <i>trustAnchors</i>
|
|
* is not a {@link TrustAnchor}.
|
|
*/
|
|
public PKIXParameters(Set trustAnchors)
|
|
throws InvalidAlgorithmParameterException
|
|
{
|
|
this();
|
|
setTrustAnchors(trustAnchors);
|
|
}
|
|
|
|
/**
|
|
* Default constructor.
|
|
*/
|
|
private PKIXParameters()
|
|
{
|
|
trustAnchors = new HashSet();
|
|
initPolicies = new HashSet();
|
|
certStores = new LinkedList();
|
|
pathCheckers = new LinkedList();
|
|
revocationEnabled = true;
|
|
exPolicyRequired = false;
|
|
policyMappingInhibited = false;
|
|
anyPolicyInhibited = false;
|
|
policyQualRejected = true;
|
|
}
|
|
|
|
/**
|
|
* Copying constructor for cloning.
|
|
*
|
|
* @param that The instance being cloned.
|
|
*/
|
|
private PKIXParameters(PKIXParameters that)
|
|
{
|
|
this();
|
|
this.trustAnchors.addAll(that.trustAnchors);
|
|
this.initPolicies.addAll(that.initPolicies);
|
|
this.certStores.addAll(that.certStores);
|
|
this.pathCheckers.addAll(that.pathCheckers);
|
|
this.revocationEnabled = that.revocationEnabled;
|
|
this.exPolicyRequired = that.exPolicyRequired;
|
|
this.policyMappingInhibited = that.policyMappingInhibited;
|
|
this.anyPolicyInhibited = that.anyPolicyInhibited;
|
|
this.policyQualRejected = that.policyQualRejected;
|
|
this.date = that.date;
|
|
this.sigProvider = that.sigProvider;
|
|
this.targetConstraints = that.targetConstraints != null
|
|
? (CertSelector) that.targetConstraints.clone() : null;
|
|
}
|
|
|
|
// Instance methods.
|
|
// ------------------------------------------------------------------------
|
|
|
|
/**
|
|
* Returns an immutable set of trust anchors. The set returned will
|
|
* never be null and will never be empty.
|
|
*
|
|
* @return A (never null, never empty) immutable set of trust anchors.
|
|
*/
|
|
public Set getTrustAnchors()
|
|
{
|
|
return Collections.unmodifiableSet(trustAnchors);
|
|
}
|
|
|
|
/**
|
|
* Sets the trust anchors of this class, replacing the current trust
|
|
* anchors with those in the given set. The supplied set is copied to
|
|
* prevent modification.
|
|
*
|
|
* @param trustAnchors The new set of trust anchors.
|
|
* @throws InvalidAlgorithmParameterException If there are no
|
|
* certificates in the set.
|
|
* @throws NullPointerException If <i>trustAnchors</i> is null.
|
|
* @throws ClassCastException If every element in <i>trustAnchors</i>
|
|
* is not a {@link TrustAnchor}.
|
|
*/
|
|
public void setTrustAnchors(Set trustAnchors)
|
|
throws InvalidAlgorithmParameterException
|
|
{
|
|
if (trustAnchors.isEmpty())
|
|
throw new InvalidAlgorithmParameterException("no trust anchors");
|
|
this.trustAnchors.clear();
|
|
for (Iterator i = trustAnchors.iterator(); i.hasNext(); )
|
|
{
|
|
this.trustAnchors.add((TrustAnchor) i.next());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns the set of initial policy identifiers (as OID strings). If
|
|
* any policy is accepted, this method returns the empty set.
|
|
*
|
|
* @return An immutable set of initial policy OID strings, or the
|
|
* empty set if any policy is acceptable.
|
|
*/
|
|
public Set getInitialPolicies()
|
|
{
|
|
return Collections.unmodifiableSet(initPolicies);
|
|
}
|
|
|
|
/**
|
|
* Sets the initial policy identifiers (as OID strings). If the
|
|
* argument is null or the empty set, then any policy identifier will
|
|
* be accepted.
|
|
*
|
|
* @param initPolicies The new set of policy strings, or null.
|
|
* @throws ClassCastException If any element in <i>initPolicies</i> is
|
|
* not a string.
|
|
*/
|
|
public void setInitialPolicies(Set initPolicies)
|
|
{
|
|
this.initPolicies.clear();
|
|
if (initPolicies == null)
|
|
return;
|
|
for (Iterator i = initPolicies.iterator(); i.hasNext(); )
|
|
{
|
|
this.initPolicies.add((String) i.next());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Add a {@link CertStore} to the list of cert stores.
|
|
*
|
|
* @param store The CertStore to add.
|
|
*/
|
|
public void addCertStore(CertStore store)
|
|
{
|
|
if (store != null)
|
|
certStores.add(store);
|
|
}
|
|
|
|
/**
|
|
* Returns an immutable list of cert stores. This method never returns
|
|
* null.
|
|
*
|
|
* @return The list of cert stores.
|
|
*/
|
|
public List getCertStores()
|
|
{
|
|
return Collections.unmodifiableList(certStores);
|
|
}
|
|
|
|
/**
|
|
* Set the cert stores. If the argument is null the list of cert
|
|
* stores will be empty.
|
|
*
|
|
* @param certStores The cert stores.
|
|
*/
|
|
public void setCertStores(List certStores)
|
|
{
|
|
this.certStores.clear();
|
|
if (certStores == null)
|
|
return;
|
|
for (Iterator i = certStores.iterator(); i.hasNext(); )
|
|
{
|
|
this.certStores.add((CertStore) i.next());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns the value of the <i>revocation enabled</i> flag. The default
|
|
* value for this flag is <code>true</code>.
|
|
*
|
|
* @return The <i>revocation enabled</i> flag.
|
|
*/
|
|
public boolean isRevocationEnabled()
|
|
{
|
|
return revocationEnabled;
|
|
}
|
|
|
|
/**
|
|
* Sets the value of the <i>revocation enabled</i> flag.
|
|
*
|
|
* @param value The new value.
|
|
*/
|
|
public void setRevocationEnabled(boolean value)
|
|
{
|
|
revocationEnabled = value;
|
|
}
|
|
|
|
/**
|
|
* Returns the value of the <i>explicit policy required</i> flag. The
|
|
* default value of this flag is <code>false</code>.
|
|
*
|
|
* @return The <i>explicit policy required</i> flag.
|
|
*/
|
|
public boolean isExplicitPolicyRequired()
|
|
{
|
|
return exPolicyRequired;
|
|
}
|
|
|
|
/**
|
|
* Sets the value of the <i>explicit policy required</i> flag.
|
|
*
|
|
* @param value The new value.
|
|
*/
|
|
public void setExplicitPolicyRequired(boolean value)
|
|
{
|
|
exPolicyRequired = value;
|
|
}
|
|
|
|
/**
|
|
* Returns the value of the <i>policy mapping inhibited</i> flag. The
|
|
* default value of this flag is <code>false</code>.
|
|
*
|
|
* @return The <i>policy mapping inhibited</i> flag.
|
|
*/
|
|
public boolean isPolicyMappingInhibited()
|
|
{
|
|
return policyMappingInhibited;
|
|
}
|
|
|
|
/**
|
|
* Sets the value of the <i>policy mapping inhibited</i> flag.
|
|
*
|
|
* @param value The new value.
|
|
*/
|
|
public void setPolicyMappingInhibited(boolean value)
|
|
{
|
|
policyMappingInhibited = value;
|
|
}
|
|
|
|
/**
|
|
* Returns the value of the <i>any policy inhibited</i> flag. The
|
|
* default value of this flag is <code>false</code>.
|
|
*
|
|
* @return The <i>any policy inhibited</i> flag.
|
|
*/
|
|
public boolean isAnyPolicyInhibited()
|
|
{
|
|
return anyPolicyInhibited;
|
|
}
|
|
|
|
/**
|
|
* Sets the value of the <i>any policy inhibited</i> flag.
|
|
*
|
|
* @param value The new value.
|
|
*/
|
|
public void setAnyPolicyInhibited(boolean value)
|
|
{
|
|
anyPolicyInhibited = value;
|
|
}
|
|
|
|
/**
|
|
* Returns the value of the <i>policy qualifiers enabled</i> flag. The
|
|
* default value of this flag is <code>true</code>.
|
|
*
|
|
* @return The <i>policy qualifiers enabled</i> flag.
|
|
*/
|
|
public boolean getPolicyQualifiersRejected()
|
|
{
|
|
return policyQualRejected;
|
|
}
|
|
|
|
/**
|
|
* Sets the value of the <i>policy qualifiers enabled</i> flag.
|
|
*
|
|
* @param value The new value.
|
|
*/
|
|
public void setPolicyQualifiersRejected(boolean value)
|
|
{
|
|
policyQualRejected = value;
|
|
}
|
|
|
|
/**
|
|
* Returns the date for which the certificate path should be
|
|
* validated, or null if the current time should be used. The date
|
|
* object is copied to prevent subsequent modification.
|
|
*
|
|
* @return The date, or null if not set.
|
|
*/
|
|
public Date getDate()
|
|
{
|
|
return date != null ? (Date) date.clone() : null;
|
|
}
|
|
|
|
/**
|
|
* Sets the date for which the certificate path should be validated,
|
|
* or null if the current time should be used.
|
|
*
|
|
* @param date The new date, or null.
|
|
*/
|
|
public void setDate(Date date)
|
|
{
|
|
if (date != null)
|
|
this.date = (Date) date.clone();
|
|
else
|
|
this.date = null;
|
|
}
|
|
|
|
/**
|
|
* Add a certificate path checker.
|
|
*
|
|
* @param checker The certificate path checker to add.
|
|
*/
|
|
public void addCertPathChecker(PKIXCertPathChecker checker)
|
|
{
|
|
if (checker != null)
|
|
pathCheckers.add(checker);
|
|
}
|
|
|
|
/**
|
|
* Returns an immutable list of all certificate path checkers.
|
|
*
|
|
* @return An immutable list of all certificate path checkers.
|
|
*/
|
|
public List getCertPathCheckers()
|
|
{
|
|
return Collections.unmodifiableList(pathCheckers);
|
|
}
|
|
|
|
/**
|
|
* Sets the certificate path checkers. If the argument is null, the
|
|
* list of checkers will merely be cleared.
|
|
*
|
|
* @param pathCheckers The new list of certificate path checkers.
|
|
* @throws ClassCastException If any element of <i>pathCheckers</i> is
|
|
* not a {@link PKIXCertPathChecker}.
|
|
*/
|
|
public void setCertPathCheckers(List pathCheckers)
|
|
{
|
|
this.pathCheckers.clear();
|
|
if (pathCheckers == null)
|
|
return;
|
|
for (Iterator i = pathCheckers.iterator(); i.hasNext(); )
|
|
{
|
|
this.pathCheckers.add((PKIXCertPathChecker) i.next());
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns the signature algorithm provider, or null if not set.
|
|
*
|
|
* @return The signature algorithm provider, or null if not set.
|
|
*/
|
|
public String getSigProvider()
|
|
{
|
|
return sigProvider;
|
|
}
|
|
|
|
/**
|
|
* Sets the signature algorithm provider, or null if there is no
|
|
* preferred provider.
|
|
*
|
|
* @param sigProvider The signature provider name.
|
|
*/
|
|
public void setSigProvider(String sigProvider)
|
|
{
|
|
this.sigProvider = sigProvider;
|
|
}
|
|
|
|
/**
|
|
* Returns the constraints placed on the target certificate, or null
|
|
* if there are none. The target constraints are copied to prevent
|
|
* subsequent modification.
|
|
*
|
|
* @return The target constraints, or null.
|
|
*/
|
|
public CertSelector getTargetCertConstraints()
|
|
{
|
|
return targetConstraints != null
|
|
? (CertSelector) targetConstraints.clone() : null;
|
|
}
|
|
|
|
/**
|
|
* Sets the constraints placed on the target certificate.
|
|
*
|
|
* @param targetConstraints The target constraints.
|
|
*/
|
|
public void setTargetCertConstraints(CertSelector targetConstraints)
|
|
{
|
|
this.targetConstraints = targetConstraints != null
|
|
? (CertSelector) targetConstraints.clone() : null;
|
|
}
|
|
|
|
/**
|
|
* Returns a copy of these parameters.
|
|
*
|
|
* @return The copy.
|
|
*/
|
|
public Object clone()
|
|
{
|
|
return new PKIXParameters(this);
|
|
}
|
|
|
|
/**
|
|
* Returns a printable representation of these parameters.
|
|
*
|
|
* @return A printable representation of these parameters.
|
|
*/
|
|
public String toString() {
|
|
return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs="
|
|
+ (initPolicies != null ? initPolicies.toString() : "any")
|
|
+ "; Validity Date=" + date + "; Signature Provider="
|
|
+ sigProvider + "; Default Revocation Enabled=" + revocationEnabled
|
|
+ "; Explicit Policy Required=" + exPolicyRequired
|
|
+ "; Policy Mapping Inhibited=" + policyMappingInhibited
|
|
+ "; Any Policy Inhibited=" + anyPolicyInhibited
|
|
+ "; Policy Qualifiers Rejected=" + policyQualRejected
|
|
+ "; Target Cert Contstraints=" + targetConstraints
|
|
+ "; Certification Path Checkers=" + pathCheckers
|
|
+ "; CertStores=" + certStores + " ]";
|
|
}
|
|
}
|