Source for java.security.cert.PKIXParameters

   1: /* PKIXParameters.java -- parameters for the PKIX cert path algorithm
   2:    Copyright (C) 2003 Free Software Foundation, Inc.
   3: 
   4: This file is part of GNU Classpath.
   5: 
   6: GNU Classpath is free software; you can redistribute it and/or modify
   7: it under the terms of the GNU General Public License as published by
   8: the Free Software Foundation; either version 2, or (at your option)
   9: any later version.
  10:  
  11: GNU Classpath is distributed in the hope that it will be useful, but
  12: WITHOUT ANY WARRANTY; without even the implied warranty of
  13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14: General Public License for more details.
  15: 
  16: You should have received a copy of the GNU General Public License
  17: along with GNU Classpath; see the file COPYING.  If not, write to the
  18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  19: 02110-1301 USA.
  20: 
  21: Linking this library statically or dynamically with other modules is
  22: making a combined work based on this library.  Thus, the terms and
  23: conditions of the GNU General Public License cover the whole
  24: combination.
  25: 
  26: As a special exception, the copyright holders of this library give you
  27: permission to link this library with independent modules to produce an
  28: executable, regardless of the license terms of these independent
  29: modules, and to copy and distribute the resulting executable under
  30: terms of your choice, provided that you also meet, for each linked
  31: independent module, the terms and conditions of the license of that
  32: module.  An independent module is a module which is not derived from
  33: or based on this library.  If you modify this library, you may extend
  34: this exception to your version of the library, but you are not
  35: obligated to do so.  If you do not wish to do so, delete this
  36: exception statement from your version. */
  37: 
  38: 
  39: package java.security.cert;
  40: 
  41: import java.security.InvalidAlgorithmParameterException;
  42: import java.security.KeyStore;
  43: import java.security.KeyStoreException;
  44: 
  45: import java.util.Collections;
  46: import java.util.Date;
  47: import java.util.Enumeration;
  48: import java.util.HashSet;
  49: import java.util.Iterator;
  50: import java.util.LinkedList;
  51: import java.util.List;
  52: import java.util.Set;
  53: 
  54: /**
  55:  * Parameters for verifying certificate paths using the PKIX
  56:  * (Public-Key Infrastructure (X.509)) algorithm.
  57:  *
  58:  * @see CertPathBuilder
  59:  */
  60: public class PKIXParameters implements CertPathParameters
  61: {
  62: 
  63:   // Fields.
  64:   // ------------------------------------------------------------------------
  65: 
  66:   /** The trusted certificates. */
  67:   private final Set trustAnchors;
  68: 
  69:   /** The set of initial policy identifiers. */
  70:   private final Set initPolicies;
  71: 
  72:   /** The list of certificate stores. */
  73:   private final List certStores;
  74: 
  75:   /** The list of path checkers. */
  76:   private final List pathCheckers;
  77: 
  78:   /** The revocation enabled flag. */
  79:   private boolean revocationEnabled;
  80: 
  81:   /** The explicit policy required flag. */
  82:   private boolean exPolicyRequired;
  83: 
  84:   /** The policy mapping inhibited flag. */
  85:   private boolean policyMappingInhibited;
  86: 
  87:   /** The any policy inhibited flag. */
  88:   private boolean anyPolicyInhibited;
  89: 
  90:   /** The policy qualifiers rejected flag. */
  91:   private boolean policyQualRejected;
  92: 
  93:   /** The target validation date. */
  94:   private Date date;
  95: 
  96:   /** The signature algorithm provider. */
  97:   private String sigProvider;
  98: 
  99:   /** The target constraints. */
 100:   private CertSelector targetConstraints;
 101: 
 102:   // Constructors.
 103:   // ------------------------------------------------------------------------
 104: 
 105:   /**
 106:    * Create a new PKIXParameters object, populating the trusted
 107:    * certificates set with all certificates found in the given key
 108:    * store. All certificates found in the key store are assumed to be
 109:    * trusted by this constructor.
 110:    *
 111:    * @param keystore The key store.
 112:    * @throws KeyStoreException If the certificates cannot be retrieved
 113:    *         from the key store.
 114:    * @throws InvalidAlgorithmParameterException If there are no
 115:    *         certificates in the key store.
 116:    * @throws NullPointerException If <i>keystore</i> is null.
 117:    */
 118:   public PKIXParameters(KeyStore keystore)
 119:     throws KeyStoreException, InvalidAlgorithmParameterException
 120:   {
 121:     this();
 122:     for (Enumeration e = keystore.aliases(); e.hasMoreElements(); )
 123:       {
 124:         String alias = (String) e.nextElement();
 125:         if (!keystore.isCertificateEntry(alias))
 126:           continue;
 127:         Certificate cert = keystore.getCertificate(alias);
 128:         if (cert instanceof X509Certificate)
 129:           trustAnchors.add(new TrustAnchor((X509Certificate) cert, null));
 130:       }
 131:     if (trustAnchors.isEmpty())
 132:       throw new InvalidAlgorithmParameterException("no certs in the key store");
 133:   }
 134: 
 135:   /**
 136:    * Create a new PKIXParameters object, populating the trusted
 137:    * certificates set with the elements of the given set, each of which
 138:    * must be a {@link TrustAnchor}.
 139:    *
 140:    * @param trustAnchors The set of trust anchors.
 141:    * @throws InvalidAlgorithmParameterException If there are no
 142:    *         certificates in the set.
 143:    * @throws NullPointerException If <i>trustAnchors</i> is null.
 144:    * @throws ClassCastException If every element in <i>trustAnchors</i>
 145:    *         is not a {@link TrustAnchor}.
 146:    */
 147:   public PKIXParameters(Set trustAnchors)
 148:     throws InvalidAlgorithmParameterException
 149:   {
 150:     this();
 151:     setTrustAnchors(trustAnchors);
 152:   }
 153: 
 154:   /**
 155:    * Default constructor.
 156:    */
 157:   private PKIXParameters()
 158:   {
 159:     trustAnchors = new HashSet();
 160:     initPolicies = new HashSet();
 161:     certStores = new LinkedList();
 162:     pathCheckers = new LinkedList();
 163:     revocationEnabled = true;
 164:     exPolicyRequired = false;
 165:     policyMappingInhibited = false;
 166:     anyPolicyInhibited = false;
 167:     policyQualRejected = true;
 168:   }
 169: 
 170:   /**
 171:    * Copying constructor for cloning.
 172:    *
 173:    * @param that The instance being cloned.
 174:    */
 175:   private PKIXParameters(PKIXParameters that)
 176:   {
 177:     this();
 178:     this.trustAnchors.addAll(that.trustAnchors);
 179:     this.initPolicies.addAll(that.initPolicies);
 180:     this.certStores.addAll(that.certStores);
 181:     this.pathCheckers.addAll(that.pathCheckers);
 182:     this.revocationEnabled = that.revocationEnabled;
 183:     this.exPolicyRequired = that.exPolicyRequired;
 184:     this.policyMappingInhibited = that.policyMappingInhibited;
 185:     this.anyPolicyInhibited = that.anyPolicyInhibited;
 186:     this.policyQualRejected = that.policyQualRejected;
 187:     this.date = that.date;
 188:     this.sigProvider = that.sigProvider;
 189:     this.targetConstraints = that.targetConstraints != null
 190:       ? (CertSelector) that.targetConstraints.clone() : null;
 191:   }
 192: 
 193:   // Instance methods.
 194:   // ------------------------------------------------------------------------
 195: 
 196:   /**
 197:    * Returns an immutable set of trust anchors. The set returned will
 198:    * never be null and will never be empty.
 199:    *
 200:    * @return A (never null, never empty) immutable set of trust anchors.
 201:    */
 202:   public Set getTrustAnchors()
 203:   {
 204:     return Collections.unmodifiableSet(trustAnchors);
 205:   }
 206: 
 207:   /**
 208:    * Sets the trust anchors of this class, replacing the current trust
 209:    * anchors with those in the given set. The supplied set is copied to
 210:    * prevent modification.
 211:    *
 212:    * @param trustAnchors The new set of trust anchors.
 213:    * @throws InvalidAlgorithmParameterException If there are no
 214:    *         certificates in the set.
 215:    * @throws NullPointerException If <i>trustAnchors</i> is null.
 216:    * @throws ClassCastException If every element in <i>trustAnchors</i>
 217:    *         is not a {@link TrustAnchor}.
 218:    */
 219:   public void setTrustAnchors(Set trustAnchors)
 220:     throws InvalidAlgorithmParameterException
 221:   {
 222:     if (trustAnchors.isEmpty())
 223:       throw new InvalidAlgorithmParameterException("no trust anchors");
 224:     this.trustAnchors.clear();
 225:     for (Iterator i = trustAnchors.iterator(); i.hasNext(); )
 226:       {
 227:         this.trustAnchors.add((TrustAnchor) i.next());
 228:       }
 229:   }
 230: 
 231:   /**
 232:    * Returns the set of initial policy identifiers (as OID strings). If
 233:    * any policy is accepted, this method returns the empty set.
 234:    *
 235:    * @return An immutable set of initial policy OID strings, or the
 236:    *         empty set if any policy is acceptable.
 237:    */
 238:   public Set getInitialPolicies()
 239:   {
 240:     return Collections.unmodifiableSet(initPolicies);
 241:   }
 242: 
 243:   /**
 244:    * Sets the initial policy identifiers (as OID strings). If the
 245:    * argument is null or the empty set, then any policy identifier will
 246:    * be accepted.
 247:    *
 248:    * @param initPolicies The new set of policy strings, or null.
 249:    * @throws ClassCastException If any element in <i>initPolicies</i> is
 250:    *         not a string.
 251:    */
 252:   public void setInitialPolicies(Set initPolicies)
 253:   {
 254:     this.initPolicies.clear();
 255:     if (initPolicies == null)
 256:       return;
 257:     for (Iterator i = initPolicies.iterator(); i.hasNext(); )
 258:       {
 259:         this.initPolicies.add((String) i.next());
 260:       }
 261:   }
 262: 
 263:   /**
 264:    * Add a {@link CertStore} to the list of cert stores.
 265:    *
 266:    * @param store The CertStore to add.
 267:    */
 268:   public void addCertStore(CertStore store)
 269:   {
 270:     if (store != null)
 271:       certStores.add(store);
 272:   }
 273: 
 274:   /**
 275:    * Returns an immutable list of cert stores. This method never returns
 276:    * null.
 277:    *
 278:    * @return The list of cert stores.
 279:    */
 280:   public List getCertStores()
 281:   {
 282:     return Collections.unmodifiableList(certStores);
 283:   }
 284: 
 285:   /**
 286:    * Set the cert stores. If the argument is null the list of cert
 287:    * stores will be empty.
 288:    *
 289:    * @param certStores The cert stores.
 290:    */
 291:   public void setCertStores(List certStores)
 292:   {
 293:     this.certStores.clear();
 294:     if (certStores == null)
 295:       return;
 296:     for (Iterator i = certStores.iterator(); i.hasNext(); )
 297:       {
 298:         this.certStores.add((CertStore) i.next());
 299:       }
 300:   }
 301: 
 302:   /**
 303:    * Returns the value of the <i>revocation enabled</i> flag. The default
 304:    * value for this flag is <code>true</code>.
 305:    *
 306:    * @return The <i>revocation enabled</i> flag.
 307:    */
 308:   public boolean isRevocationEnabled()
 309:   {
 310:     return revocationEnabled;
 311:   }
 312: 
 313:   /**
 314:    * Sets the value of the <i>revocation enabled</i> flag.
 315:    *
 316:    * @param value The new value.
 317:    */
 318:   public void setRevocationEnabled(boolean value)
 319:   {
 320:     revocationEnabled = value;
 321:   }
 322: 
 323:   /**
 324:    * Returns the value of the <i>explicit policy required</i> flag. The
 325:    * default value of this flag is <code>false</code>.
 326:    *
 327:    * @return The <i>explicit policy required</i> flag.
 328:    */
 329:   public boolean isExplicitPolicyRequired()
 330:   {
 331:     return exPolicyRequired;
 332:   }
 333: 
 334:   /**
 335:    * Sets the value of the <i>explicit policy required</i> flag.
 336:    *
 337:    * @param value The new value.
 338:    */
 339:   public void setExplicitPolicyRequired(boolean value)
 340:   {
 341:     exPolicyRequired = value;
 342:   }
 343: 
 344:   /**
 345:    * Returns the value of the <i>policy mapping inhibited</i> flag. The
 346:    * default value of this flag is <code>false</code>.
 347:    *
 348:    * @return The <i>policy mapping inhibited</i> flag.
 349:    */
 350:   public boolean isPolicyMappingInhibited()
 351:   {
 352:     return policyMappingInhibited;
 353:   }
 354: 
 355:   /**
 356:    * Sets the value of the <i>policy mapping inhibited</i> flag.
 357:    *
 358:    * @param value The new value.
 359:    */
 360:   public void setPolicyMappingInhibited(boolean value)
 361:   {
 362:     policyMappingInhibited = value;
 363:   }
 364: 
 365:   /**
 366:    * Returns the value of the <i>any policy inhibited</i> flag. The
 367:    * default value of this flag is <code>false</code>.
 368:    *
 369:    * @return The <i>any policy inhibited</i> flag.
 370:    */
 371:   public boolean isAnyPolicyInhibited()
 372:   {
 373:     return anyPolicyInhibited;
 374:   }
 375: 
 376:   /**
 377:    * Sets the value of the <i>any policy inhibited</i> flag.
 378:    *
 379:    * @param value The new value.
 380:    */
 381:   public void setAnyPolicyInhibited(boolean value)
 382:   {
 383:     anyPolicyInhibited = value;
 384:   }
 385: 
 386:   /**
 387:    * Returns the value of the <i>policy qualifiers enabled</i> flag. The
 388:    * default value of this flag is <code>true</code>.
 389:    *
 390:    * @return The <i>policy qualifiers enabled</i> flag.
 391:    */
 392:   public boolean getPolicyQualifiersRejected()
 393:   {
 394:     return policyQualRejected;
 395:   }
 396: 
 397:   /**
 398:    * Sets the value of the <i>policy qualifiers enabled</i> flag.
 399:    *
 400:    * @param value The new value.
 401:    */
 402:   public void setPolicyQualifiersRejected(boolean value)
 403:   {
 404:     policyQualRejected = value;
 405:   }
 406: 
 407:   /**
 408:    * Returns the date for which the certificate path should be
 409:    * validated, or null if the current time should be used. The date
 410:    * object is copied to prevent subsequent modification.
 411:    *
 412:    * @return The date, or null if not set.
 413:    */
 414:   public Date getDate()
 415:   {
 416:     return date != null ? (Date) date.clone() : null;
 417:   }
 418: 
 419:   /**
 420:    * Sets the date for which the certificate path should be validated,
 421:    * or null if the current time should be used.
 422:    *
 423:    * @param date The new date, or null.
 424:    */
 425:   public void setDate(Date date)
 426:   {
 427:     if (date != null)
 428:       this.date = (Date) date.clone();
 429:     else
 430:       this.date = null;
 431:   }
 432: 
 433:   /**
 434:    * Add a certificate path checker.
 435:    *
 436:    * @param checker The certificate path checker to add.
 437:    */
 438:   public void addCertPathChecker(PKIXCertPathChecker checker)
 439:   {
 440:     if (checker != null)
 441:       pathCheckers.add(checker);
 442:   }
 443: 
 444:   /**
 445:    * Returns an immutable list of all certificate path checkers.
 446:    *
 447:    * @return An immutable list of all certificate path checkers.
 448:    */
 449:   public List getCertPathCheckers()
 450:   {
 451:     return Collections.unmodifiableList(pathCheckers);
 452:   }
 453: 
 454:   /**
 455:    * Sets the certificate path checkers. If the argument is null, the
 456:    * list of checkers will merely be cleared.
 457:    *
 458:    * @param pathCheckers The new list of certificate path checkers.
 459:    * @throws ClassCastException If any element of <i>pathCheckers</i> is
 460:    *         not a {@link PKIXCertPathChecker}.
 461:    */
 462:   public void setCertPathCheckers(List pathCheckers)
 463:   {
 464:     this.pathCheckers.clear();
 465:     if (pathCheckers == null)
 466:       return;
 467:     for (Iterator i = pathCheckers.iterator(); i.hasNext(); )
 468:       {
 469:         this.pathCheckers.add((PKIXCertPathChecker) i.next());
 470:       }
 471:   }
 472: 
 473:   /**
 474:    * Returns the signature algorithm provider, or null if not set.
 475:    *
 476:    * @return The signature algorithm provider, or null if not set.
 477:    */
 478:   public String getSigProvider()
 479:   {
 480:     return sigProvider;
 481:   }
 482: 
 483:   /**
 484:    * Sets the signature algorithm provider, or null if there is no
 485:    * preferred provider.
 486:    *
 487:    * @param sigProvider The signature provider name.
 488:    */
 489:   public void setSigProvider(String sigProvider)
 490:   {
 491:     this.sigProvider = sigProvider;
 492:   }
 493: 
 494:   /**
 495:    * Returns the constraints placed on the target certificate, or null
 496:    * if there are none. The target constraints are copied to prevent
 497:    * subsequent modification.
 498:    *
 499:    * @return The target constraints, or null.
 500:    */
 501:   public CertSelector getTargetCertConstraints()
 502:   {
 503:     return targetConstraints != null
 504:       ? (CertSelector) targetConstraints.clone() : null;
 505:   }
 506: 
 507:   /**
 508:    * Sets the constraints placed on the target certificate.
 509:    *
 510:    * @param targetConstraints The target constraints.
 511:    */
 512:   public void setTargetCertConstraints(CertSelector targetConstraints)
 513:   {
 514:     this.targetConstraints = targetConstraints != null
 515:       ? (CertSelector) targetConstraints.clone() : null;
 516:   }
 517: 
 518:   /**
 519:    * Returns a copy of these parameters.
 520:    *
 521:    * @return The copy.
 522:    */
 523:   public Object clone()
 524:   {
 525:     return new PKIXParameters(this);
 526:   }
 527: 
 528:   /**
 529:    * Returns a printable representation of these parameters.
 530:    *
 531:    * @return A printable representation of these parameters.
 532:    */
 533:   public String toString() {
 534:     return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs="
 535:       + (initPolicies != null ? initPolicies.toString() : "any")
 536:       + "; Validity Date=" + date + "; Signature Provider="
 537:       + sigProvider + "; Default Revocation Enabled=" + revocationEnabled
 538:       + "; Explicit Policy Required=" + exPolicyRequired
 539:       + "; Policy Mapping Inhibited=" + policyMappingInhibited
 540:       + "; Any Policy Inhibited=" + anyPolicyInhibited
 541:       + "; Policy Qualifiers Rejected=" + policyQualRejected
 542:       + "; Target Cert Contstraints=" + targetConstraints
 543:       + "; Certification Path Checkers=" + pathCheckers
 544:       + "; CertStores=" + certStores + " ]";
 545:   }
 546: }