Source for java.security.Security

   1: /* Security.java --- Java base security class implementation
   2:    Copyright (C) 1999, 2001, 2002, 2003, 2004, 2005, 2006
   3:    Free Software Foundation, Inc.
   4: 
   5: This file is part of GNU Classpath.
   6: 
   7: GNU Classpath is free software; you can redistribute it and/or modify
   8: it under the terms of the GNU General Public License as published by
   9: the Free Software Foundation; either version 2, or (at your option)
  10: any later version.
  11: 
  12: GNU Classpath is distributed in the hope that it will be useful, but
  13: WITHOUT ANY WARRANTY; without even the implied warranty of
  14: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  15: General Public License for more details.
  16: 
  17: You should have received a copy of the GNU General Public License
  18: along with GNU Classpath; see the file COPYING.  If not, write to the
  19: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  20: 02110-1301 USA.
  21: 
  22: Linking this library statically or dynamically with other modules is
  23: making a combined work based on this library.  Thus, the terms and
  24: conditions of the GNU General Public License cover the whole
  25: combination.
  26: 
  27: As a special exception, the copyright holders of this library give you
  28: permission to link this library with independent modules to produce an
  29: executable, regardless of the license terms of these independent
  30: modules, and to copy and distribute the resulting executable under
  31: terms of your choice, provided that you also meet, for each linked
  32: independent module, the terms and conditions of the license of that
  33: module.  An independent module is a module which is not derived from
  34: or based on this library.  If you modify this library, you may extend
  35: this exception to your version of the library, but you are not
  36: obligated to do so.  If you do not wish to do so, delete this
  37: exception statement from your version. */
  38: 
  39: 
  40: package java.security;
  41: 
  42: import gnu.classpath.SystemProperties;
  43: 
  44: import gnu.classpath.Configuration;
  45: // GCJ LOCAL - We don't have VMStackWalker yet.
  46: // import gnu.classpath.VMStackWalker;
  47: 
  48: import java.io.IOException;
  49: import java.io.InputStream;
  50: import java.net.URL;
  51: import java.util.Collections;
  52: import java.util.Enumeration;
  53: import java.util.HashMap;
  54: import java.util.HashSet;
  55: import java.util.Iterator;
  56: import java.util.LinkedHashSet;
  57: import java.util.Map;
  58: import java.util.Properties;
  59: import java.util.Set;
  60: import java.util.Vector;
  61: 
  62: /**
  63:  * This class centralizes all security properties and common security methods.
  64:  * One of its primary uses is to manage providers.
  65:  *
  66:  * @author Mark Benvenuto (ivymccough@worldnet.att.net)
  67:  */
  68: public final class Security
  69: {
  70:   private static final String ALG_ALIAS = "Alg.Alias.";
  71: 
  72:   private static Vector providers = new Vector();
  73:   private static Properties secprops = new Properties();
  74:   
  75:   static
  76:     {
  77:       String base = SystemProperties.getProperty("gnu.classpath.home.url");
  78:       String vendor = SystemProperties.getProperty("gnu.classpath.vm.shortname");
  79: 
  80:       // Try VM specific security file
  81:       boolean loaded = loadProviders (base, vendor);
  82:     
  83:       // Append classpath standard provider if possible
  84:       if (!loadProviders (base, "classpath")
  85:       && !loaded
  86:       && providers.size() == 0)
  87:       {
  88:           if (Configuration.DEBUG)
  89:           {
  90:               /* No providers found and both security files failed to
  91:                * load properly. Give a warning in case of DEBUG is
  92:                * enabled. Could be done with java.util.logging later.
  93:                */
  94:               System.err.println
  95:               ("WARNING: could not properly read security provider files:");
  96:               System.err.println
  97:               ("         " + base + "/security/" + vendor
  98:                + ".security");
  99:               System.err.println
 100:               ("         " + base + "/security/" + "classpath"
 101:                + ".security");
 102:               System.err.println
 103:               ("         Falling back to standard GNU security provider");
 104:           }
 105:           providers.addElement (new gnu.java.security.provider.Gnu());
 106:       }
 107:     }
 108:   // This class can't be instantiated.
 109:   private Security()
 110:   {
 111:   }
 112: 
 113:   /**
 114:    * Tries to load the vender specific security providers from the given
 115:    * base URL. Returns true if the resource could be read and completely
 116:    * parsed successfully, false otherwise.
 117:    */
 118:   private static boolean loadProviders(String baseUrl, String vendor)
 119:   {
 120:     if (baseUrl == null || vendor == null)
 121:       return false;
 122: 
 123:     boolean result = true;
 124:     String secfilestr = baseUrl + "/security/" + vendor + ".security";
 125:     try
 126:       {
 127:     InputStream fin = new URL(secfilestr).openStream();
 128:     secprops.load(fin);
 129: 
 130:     int i = 1;
 131:     String name;
 132:     while ((name = secprops.getProperty("security.provider." + i)) != null)
 133:       {
 134:         Exception exception = null;
 135:         try
 136:           {
 137:         providers.addElement(Class.forName(name).newInstance());
 138:           }
 139:         catch (ClassNotFoundException x)
 140:           {
 141:             exception = x;
 142:           }
 143:         catch (InstantiationException x)
 144:           {
 145:             exception = x;
 146:           }
 147:         catch (IllegalAccessException x)
 148:           {
 149:             exception = x;
 150:           }
 151: 
 152:         if (exception != null)
 153:           {
 154:         System.err.println ("WARNING: Error loading security provider "
 155:                     + name + ": " + exception);
 156:         result = false;
 157:           }
 158:         i++;
 159:       }
 160:       }
 161:     catch (IOException ignored)
 162:       {
 163:     result = false;
 164:       }
 165: 
 166:     return result;
 167:   }
 168: 
 169:   /**
 170:    * Gets a specified property for an algorithm. The algorithm name should be a
 171:    * standard name. See Appendix A in the Java Cryptography Architecture API
 172:    * Specification & Reference for information about standard algorithm
 173:    * names. One possible use is by specialized algorithm parsers, which may map
 174:    * classes to algorithms which they understand (much like {@link Key} parsers
 175:    * do).
 176:    *
 177:    * @param algName the algorithm name.
 178:    * @param propName the name of the property to get.
 179:    * @return the value of the specified property.
 180:    * @deprecated This method used to return the value of a proprietary property
 181:    * in the master file of the "SUN" Cryptographic Service Provider in order to
 182:    * determine how to parse algorithm-specific parameters. Use the new
 183:    * provider-based and algorithm-independent {@link AlgorithmParameters} and
 184:    * {@link KeyFactory} engine classes (introduced in the Java 2 platform)
 185:    * instead.
 186:    */
 187:   public static String getAlgorithmProperty(String algName, String propName)
 188:   {
 189:     if (algName == null || propName == null)
 190:       return null;
 191: 
 192:     String property = String.valueOf(propName) + "." + String.valueOf(algName);
 193:     Provider p;
 194:     for (Iterator i = providers.iterator(); i.hasNext(); )
 195:       {
 196:         p = (Provider) i.next();
 197:         for (Iterator j = p.keySet().iterator(); j.hasNext(); )
 198:           {
 199:             String key = (String) j.next();
 200:             if (key.equalsIgnoreCase(property))
 201:               return p.getProperty(key);
 202:           }
 203:       }
 204:     return null;
 205:   }
 206: 
 207:   /**
 208:    * <p>Adds a new provider, at a specified position. The position is the
 209:    * preference order in which providers are searched for requested algorithms.
 210:    * Note that it is not guaranteed that this preference will be respected. The
 211:    * position is 1-based, that is, <code>1</code> is most preferred, followed by
 212:    * <code>2</code>, and so on.</p>
 213:    *
 214:    * <p>If the given provider is installed at the requested position, the
 215:    * provider that used to be at that position, and all providers with a
 216:    * position greater than position, are shifted up one position (towards the
 217:    * end of the list of installed providers).</p>
 218:    *
 219:    * <p>A provider cannot be added if it is already installed.</p>
 220:    *
 221:    * <p>First, if there is a security manager, its <code>checkSecurityAccess()
 222:    * </code> method is called with the string <code>"insertProvider."+provider.
 223:    * getName()</code> to see if it's ok to add a new provider. If the default
 224:    * implementation of <code>checkSecurityAccess()</code> is used (i.e., that
 225:    * method is not overriden), then this will result in a call to the security
 226:    * manager's <code>checkPermission()</code> method with a
 227:    * <code>SecurityPermission("insertProvider."+provider.getName())</code>
 228:    * permission.</p>
 229:    *
 230:    * @param provider the provider to be added.
 231:    * @param position the preference position that the caller would like for
 232:    * this provider.
 233:    * @return the actual preference position in which the provider was added, or
 234:    * <code>-1</code> if the provider was not added because it is already
 235:    * installed.
 236:    * @throws SecurityException if a security manager exists and its
 237:    * {@link SecurityManager#checkSecurityAccess(String)} method denies access
 238:    * to add a new provider.
 239:    * @see #getProvider(String)
 240:    * @see #removeProvider(String)
 241:    * @see SecurityPermission
 242:    */
 243:   public static int insertProviderAt(Provider provider, int position)
 244:   {
 245:     SecurityManager sm = System.getSecurityManager();
 246:     if (sm != null)
 247:       sm.checkSecurityAccess("insertProvider." + provider.getName());
 248: 
 249:     position--;
 250:     int max = providers.size ();
 251:     for (int i = 0; i < max; i++)
 252:       {
 253:     if (((Provider) providers.elementAt(i)).getName().equals(provider.getName()))
 254:       return -1;
 255:       }
 256: 
 257:     if (position < 0)
 258:       position = 0;
 259:     if (position > max)
 260:       position = max;
 261: 
 262:     providers.insertElementAt(provider, position);
 263: 
 264:     return position + 1;
 265:   }
 266: 
 267:   /**
 268:    * <p>Adds a provider to the next position available.</p>
 269:    *
 270:    * <p>First, if there is a security manager, its <code>checkSecurityAccess()
 271:    * </code> method is called with the string <code>"insertProvider."+provider.
 272:    * getName()</code> to see if it's ok to add a new provider. If the default
 273:    * implementation of <code>checkSecurityAccess()</code> is used (i.e., that
 274:    * method is not overriden), then this will result in a call to the security
 275:    * manager's <code>checkPermission()</code> method with a
 276:    * <code>SecurityPermission("insertProvider."+provider.getName())</code>
 277:    * permission.</p>
 278:    *
 279:    * @param provider the provider to be added.
 280:    * @return the preference position in which the provider was added, or
 281:    * <code>-1</code> if the provider was not added because it is already
 282:    * installed.
 283:    * @throws SecurityException if a security manager exists and its
 284:    * {@link SecurityManager#checkSecurityAccess(String)} method denies access
 285:    * to add a new provider.
 286:    * @see #getProvider(String)
 287:    * @see #removeProvider(String)
 288:    * @see SecurityPermission
 289:    */
 290:   public static int addProvider(Provider provider)
 291:   {
 292:     return insertProviderAt (provider, providers.size () + 1);
 293:   }
 294: 
 295:   /**
 296:    * <p>Removes the provider with the specified name.</p>
 297:    *
 298:    * <p>When the specified provider is removed, all providers located at a
 299:    * position greater than where the specified provider was are shifted down
 300:    * one position (towards the head of the list of installed providers).</p>
 301:    *
 302:    * <p>This method returns silently if the provider is not installed.</p>
 303:    *
 304:    * <p>First, if there is a security manager, its <code>checkSecurityAccess()
 305:    * </code> method is called with the string <code>"removeProvider."+name</code>
 306:    * to see if it's ok to remove the provider. If the default implementation of
 307:    * <code>checkSecurityAccess()</code> is used (i.e., that method is not
 308:    * overriden), then this will result in a call to the security manager's
 309:    * <code>checkPermission()</code> method with a <code>SecurityPermission(
 310:    * "removeProvider."+name)</code> permission.</p>
 311:    *
 312:    * @param name the name of the provider to remove.
 313:    * @throws SecurityException if a security manager exists and its
 314:    * {@link SecurityManager#checkSecurityAccess(String)} method denies access
 315:    * to remove the provider.
 316:    * @see #getProvider(String)
 317:    * @see #addProvider(Provider)
 318:    */
 319:   public static void removeProvider(String name)
 320:   {
 321:     SecurityManager sm = System.getSecurityManager();
 322:     if (sm != null)
 323:       sm.checkSecurityAccess("removeProvider." + name);
 324: 
 325:     int max = providers.size ();
 326:     for (int i = 0; i < max; i++)
 327:       {
 328:     if (((Provider) providers.elementAt(i)).getName().equals(name))
 329:       {
 330:         providers.remove(i);
 331:         break;
 332:       }
 333:       }
 334:   }
 335: 
 336:   /**
 337:    * Returns an array containing all the installed providers. The order of the
 338:    * providers in the array is their preference order.
 339:    *
 340:    * @return an array of all the installed providers.
 341:    */
 342:   public static Provider[] getProviders()
 343:   {
 344:     Provider[] array = new Provider[providers.size ()];
 345:     providers.copyInto (array);
 346:     return array;
 347:   }
 348: 
 349:   /**
 350:    * Returns the provider installed with the specified name, if any. Returns
 351:    * <code>null</code> if no provider with the specified name is installed.
 352:    *
 353:    * @param name the name of the provider to get.
 354:    * @return the provider of the specified name.
 355:    * @see #removeProvider(String)
 356:    * @see #addProvider(Provider)
 357:    */
 358:   public static Provider getProvider(String name)
 359:   {
 360:     if (name == null)
 361:       return null;
 362:     else
 363:       {
 364:         name = name.trim();
 365:         if (name.length() == 0)
 366:           return null;
 367:       }
 368:     Provider p;
 369:     int max = providers.size ();
 370:     for (int i = 0; i < max; i++)
 371:       {
 372:     p = (Provider) providers.elementAt(i);
 373:     if (p.getName().equals(name))
 374:       return p;
 375:       }
 376:     return null;
 377:   }
 378: 
 379:   /**
 380:    * <p>Gets a security property value.</p>
 381:    *
 382:    * <p>First, if there is a security manager, its <code>checkPermission()</code>
 383:    * method is called with a <code>SecurityPermission("getProperty."+key)</code>
 384:    * permission to see if it's ok to retrieve the specified security property
 385:    * value.</p>
 386:    *
 387:    * @param key the key of the property being retrieved.
 388:    * @return the value of the security property corresponding to key.
 389:    * @throws SecurityException if a security manager exists and its
 390:    * {@link SecurityManager#checkPermission(Permission)} method denies access
 391:    * to retrieve the specified security property value.
 392:    * @see #setProperty(String, String)
 393:    * @see SecurityPermission
 394:    */
 395:   public static String getProperty(String key)
 396:   {
 397:     // GCJ LOCAL - We don't have VMStackWalker yet.
 398:     // XXX To prevent infinite recursion when the SecurityManager calls us,
 399:     // don't do a security check if the caller is trusted (by virtue of having
 400:     // been loaded by the bootstrap class loader).
 401:     SecurityManager sm = System.getSecurityManager();
 402:     // if (sm != null && VMStackWalker.getCallingClassLoader() != null)
 403:     if (sm != null)
 404:       sm.checkSecurityAccess("getProperty." + key);
 405: 
 406:     return secprops.getProperty(key);
 407:   }
 408: 
 409:   /**
 410:    * <p>Sets a security property value.</p>
 411:    *
 412:    * <p>First, if there is a security manager, its <code>checkPermission()</code>
 413:    * method is called with a <code>SecurityPermission("setProperty."+key)</code>
 414:    * permission to see if it's ok to set the specified security property value.
 415:    * </p>
 416:    *
 417:    * @param key the name of the property to be set.
 418:    * @param datum the value of the property to be set.
 419:    * @throws SecurityException if a security manager exists and its
 420:    * {@link SecurityManager#checkPermission(Permission)} method denies access
 421:    * to set the specified security property value.
 422:    * @see #getProperty(String)
 423:    * @see SecurityPermission
 424:    */
 425:   public static void setProperty(String key, String datum)
 426:   {
 427:     SecurityManager sm = System.getSecurityManager();
 428:     if (sm != null)
 429:       sm.checkSecurityAccess("setProperty." + key);
 430: 
 431:     if (datum == null)
 432:       secprops.remove(key);
 433:     else
 434:       secprops.put(key, datum);
 435:   }
 436: 
 437:   /**
 438:    * Returns a Set of Strings containing the names of all available algorithms
 439:    * or types for the specified Java cryptographic service (e.g., Signature,
 440:    * MessageDigest, Cipher, Mac, KeyStore). Returns an empty Set if there is no
 441:    * provider that supports the specified service. For a complete list of Java
 442:    * cryptographic services, please see the Java Cryptography Architecture API
 443:    * Specification &amp; Reference. Note: the returned set is immutable.
 444:    *
 445:    * @param serviceName the name of the Java cryptographic service (e.g.,
 446:    * Signature, MessageDigest, Cipher, Mac, KeyStore). Note: this parameter is
 447:    * case-insensitive.
 448:    * @return a Set of Strings containing the names of all available algorithms
 449:    * or types for the specified Java cryptographic service or an empty set if
 450:    * no provider supports the specified service.
 451:    * @since 1.4
 452:    */
 453:   public static Set getAlgorithms(String serviceName)
 454:   {
 455:     HashSet result = new HashSet();
 456:     if (serviceName == null || serviceName.length() == 0)
 457:       return result;
 458: 
 459:     serviceName = serviceName.trim();
 460:     if (serviceName.length() == 0)
 461:       return result;
 462: 
 463:     serviceName = serviceName.toUpperCase()+".";
 464:     Provider[] providers = getProviders();
 465:     int ndx;
 466:     for (int i = 0; i < providers.length; i++)
 467:       for (Enumeration e = providers[i].propertyNames(); e.hasMoreElements(); )
 468:         {
 469:           String service = ((String) e.nextElement()).trim();
 470:           if (service.toUpperCase().startsWith(serviceName))
 471:             {
 472:               service = service.substring(serviceName.length()).trim();
 473:               ndx = service.indexOf(' '); // get rid of attributes
 474:               if (ndx != -1)
 475:                 service = service.substring(0, ndx);
 476:               result.add(service);
 477:             }
 478:         }
 479:     return Collections.unmodifiableSet(result);
 480:   }
 481: 
 482:   /**
 483:    * <p>Returns an array containing all installed providers that satisfy the
 484:    * specified selection criterion, or <code>null</code> if no such providers
 485:    * have been installed. The returned providers are ordered according to their
 486:    * preference order.</p>
 487:    *
 488:    * <p>A cryptographic service is always associated with a particular
 489:    * algorithm or type. For example, a digital signature service is always
 490:    * associated with a particular algorithm (e.g., <i>DSA</i>), and a
 491:    * CertificateFactory service is always associated with a particular
 492:    * certificate type (e.g., <i>X.509</i>).</p>
 493:    *
 494:    * <p>The selection criterion must be specified in one of the following two
 495:    * formats:</p>
 496:    *
 497:    * <ul>
 498:    *    <li><p>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt;</p>
 499:    *    <p>The cryptographic service name must not contain any dots.</p>
 500:    *    <p>A provider satisfies the specified selection criterion iff the
 501:    *    provider implements the specified algorithm or type for the specified
 502:    *    cryptographic service.</p>
 503:    *    <p>For example, "CertificateFactory.X.509" would be satisfied by any
 504:    *    provider that supplied a CertificateFactory implementation for X.509
 505:    *    certificates.</p></li>
 506:    *
 507:    *    <li><p>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt; &lt;attribute_name&gt;:&lt;attribute_value&gt;</p>
 508:    *    <p>The cryptographic service name must not contain any dots. There must
 509:    *    be one or more space charaters between the the &lt;algorithm_or_type&gt;
 510:    *    and the &lt;attribute_name&gt;.</p>
 511:    *    <p>A provider satisfies this selection criterion iff the provider
 512:    *    implements the specified algorithm or type for the specified
 513:    *    cryptographic service and its implementation meets the constraint
 514:    *    expressed by the specified attribute name/value pair.</p>
 515:    *    <p>For example, "Signature.SHA1withDSA KeySize:1024" would be satisfied
 516:    *    by any provider that implemented the SHA1withDSA signature algorithm
 517:    *    with a keysize of 1024 (or larger).</p></li>
 518:    * </ul>
 519:    *
 520:    * <p>See Appendix A in the Java Cryptogaphy Architecture API Specification
 521:    * &amp; Reference for information about standard cryptographic service names,
 522:    * standard algorithm names and standard attribute names.</p>
 523:    *
 524:    * @param filter the criterion for selecting providers. The filter is case-
 525:    * insensitive.
 526:    * @return all the installed providers that satisfy the selection criterion,
 527:    * or null if no such providers have been installed.
 528:    * @throws InvalidParameterException if the filter is not in the required
 529:    * format.
 530:    * @see #getProviders(Map)
 531:    */
 532:   public static Provider[] getProviders(String filter)
 533:   {
 534:     if (providers == null || providers.isEmpty())
 535:       return null;
 536: 
 537:     if (filter == null || filter.length() == 0)
 538:       return getProviders();
 539: 
 540:     HashMap map = new HashMap(1);
 541:     int i = filter.indexOf(':');
 542:     if (i == -1) // <service>.<algorithm>
 543:       map.put(filter, "");
 544:     else // <service>.<algorithm> <attribute>:<value>
 545:       map.put(filter.substring(0, i), filter.substring(i+1));
 546: 
 547:     return getProviders(map);
 548:   }
 549: 
 550:  /**
 551:   * <p>Returns an array containing all installed providers that satisfy the
 552:   * specified selection criteria, or <code>null</code> if no such providers
 553:   * have been installed. The returned providers are ordered according to their
 554:   * preference order.</p>
 555:   *
 556:   * <p>The selection criteria are represented by a map. Each map entry
 557:   * represents a selection criterion. A provider is selected iff it satisfies
 558:   * all selection criteria. The key for any entry in such a map must be in one
 559:   * of the following two formats:</p>
 560:   *
 561:   * <ul>
 562:   *    <li><p>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt;</p>
 563:   *    <p>The cryptographic service name must not contain any dots.</p>
 564:   *    <p>The value associated with the key must be an empty string.</p>
 565:   *    <p>A provider satisfies this selection criterion iff the provider
 566:   *    implements the specified algorithm or type for the specified
 567:   *    cryptographic service.</p></li>
 568:   *
 569:   *    <li><p>&lt;crypto_service&gt;.&lt;algorithm_or_type&gt; &lt;attribute_name&gt;</p>
 570:   *    <p>The cryptographic service name must not contain any dots. There must
 571:   *    be one or more space charaters between the &lt;algorithm_or_type&gt; and
 572:   *    the &lt;attribute_name&gt;.</p>
 573:   *    <p>The value associated with the key must be a non-empty string. A
 574:   *    provider satisfies this selection criterion iff the provider implements
 575:   *    the specified algorithm or type for the specified cryptographic service
 576:   *    and its implementation meets the constraint expressed by the specified
 577:   *    attribute name/value pair.</p></li>
 578:   * </ul>
 579:   *
 580:   * <p>See Appendix A in the Java Cryptogaphy Architecture API Specification
 581:   * &amp; Reference for information about standard cryptographic service names,
 582:   * standard algorithm names and standard attribute names.</p>
 583:   *
 584:   * @param filter the criteria for selecting providers. The filter is case-
 585:   * insensitive.
 586:   * @return all the installed providers that satisfy the selection criteria,
 587:   * or <code>null</code> if no such providers have been installed.
 588:   * @throws InvalidParameterException if the filter is not in the required
 589:   * format.
 590:   * @see #getProviders(String)
 591:   */
 592:   public static Provider[] getProviders(Map filter)
 593:   {
 594:     if (providers == null || providers.isEmpty())
 595:       return null;
 596: 
 597:     if (filter == null)
 598:       return getProviders();
 599: 
 600:     Set querries = filter.keySet();
 601:     if (querries == null || querries.isEmpty())
 602:       return getProviders();
 603: 
 604:     LinkedHashSet result = new LinkedHashSet(providers); // assume all
 605:     int dot, ws;
 606:     String querry, service, algorithm, attribute, value;
 607:     LinkedHashSet serviceProviders = new LinkedHashSet(); // preserve insertion order
 608:     for (Iterator i = querries.iterator(); i.hasNext(); )
 609:       {
 610:         querry = (String) i.next();
 611:         if (querry == null) // all providers
 612:           continue;
 613: 
 614:         querry = querry.trim();
 615:         if (querry.length() == 0) // all providers
 616:           continue;
 617: 
 618:         dot = querry.indexOf('.');
 619:         if (dot == -1) // syntax error
 620:           throw new InvalidParameterException(
 621:               "missing dot in '" + String.valueOf(querry)+"'");
 622: 
 623:         value = (String) filter.get(querry);
 624:         // deconstruct querry into [service, algorithm, attribute]
 625:         if (value == null || value.trim().length() == 0) // <service>.<algorithm>
 626:           {
 627:             value = null;
 628:             attribute = null;
 629:             service = querry.substring(0, dot).trim();
 630:             algorithm = querry.substring(dot+1).trim();
 631:           }
 632:         else // <service>.<algorithm> <attribute>
 633:           {
 634:             ws = querry.indexOf(' ');
 635:             if (ws == -1)
 636:               throw new InvalidParameterException(
 637:                   "value (" + String.valueOf(value) +
 638:                   ") is not empty, but querry (" + String.valueOf(querry) +
 639:                   ") is missing at least one space character");
 640:             value = value.trim();
 641:             attribute = querry.substring(ws+1).trim();
 642:             // was the dot in the attribute?
 643:             if (attribute.indexOf('.') != -1)
 644:               throw new InvalidParameterException(
 645:                   "attribute_name (" + String.valueOf(attribute) +
 646:                   ") in querry (" + String.valueOf(querry) + ") contains a dot");
 647: 
 648:             querry = querry.substring(0, ws).trim();
 649:             service = querry.substring(0, dot).trim();
 650:             algorithm = querry.substring(dot+1).trim();
 651:           }
 652: 
 653:         // service and algorithm must not be empty
 654:         if (service.length() == 0)
 655:           throw new InvalidParameterException(
 656:               "<crypto_service> in querry (" + String.valueOf(querry) +
 657:               ") is empty");
 658: 
 659:         if (algorithm.length() == 0)
 660:           throw new InvalidParameterException(
 661:               "<algorithm_or_type> in querry (" + String.valueOf(querry) +
 662:               ") is empty");
 663: 
 664:         selectProviders(service, algorithm, attribute, value, result, serviceProviders);
 665:         result.retainAll(serviceProviders); // eval next retaining found providers
 666:         if (result.isEmpty()) // no point continuing
 667:           break;
 668:       }
 669: 
 670:     if (result.isEmpty())
 671:       return null;
 672: 
 673:     return (Provider[]) result.toArray(new Provider[result.size()]);
 674:   }
 675: 
 676:   private static void selectProviders(String svc, String algo, String attr,
 677:                                       String val, LinkedHashSet providerSet,
 678:                                       LinkedHashSet result)
 679:   {
 680:     result.clear(); // ensure we start with an empty result set
 681:     for (Iterator i = providerSet.iterator(); i.hasNext(); )
 682:       {
 683:         Provider p = (Provider) i.next();
 684:         if (provides(p, svc, algo, attr, val))
 685:           result.add(p);
 686:       }
 687:   }
 688: 
 689:   private static boolean provides(Provider p, String svc, String algo,
 690:                                   String attr, String val)
 691:   {
 692:     Iterator it;
 693:     String serviceDotAlgorithm = null;
 694:     String key = null;
 695:     String realVal;
 696:     boolean found = false;
 697:     // if <svc>.<algo> <attr> is in the set then so is <svc>.<algo>
 698:     // but it may be stored under an alias <algo>. resolve
 699:     outer: for (int r = 0; r < 3; r++) // guard against circularity
 700:       {
 701:         serviceDotAlgorithm = (svc+"."+String.valueOf(algo)).trim();
 702:         for (it = p.keySet().iterator(); it.hasNext(); )
 703:           {
 704:             key = (String) it.next();
 705:             if (key.equalsIgnoreCase(serviceDotAlgorithm)) // eureka
 706:               {
 707:                 found = true;
 708:                 break outer;
 709:               }
 710:             // it may be there but as an alias
 711:             if (key.equalsIgnoreCase(ALG_ALIAS + serviceDotAlgorithm))
 712:               {
 713:                 algo = p.getProperty(key);
 714:                 continue outer;
 715:               }
 716:             // else continue inner
 717:           }
 718:       }
 719: 
 720:     if (!found)
 721:       return false;
 722: 
 723:     // found a candidate for the querry.  do we have an attr to match?
 724:     if (val == null) // <service>.<algorithm> querry
 725:       return true;
 726: 
 727:     // <service>.<algorithm> <attribute>; find the key entry that match
 728:     String realAttr;
 729:     int limit = serviceDotAlgorithm.length() + 1;
 730:     for (it = p.keySet().iterator(); it.hasNext(); )
 731:       {
 732:         key = (String) it.next();
 733:         if (key.length() <= limit)
 734:           continue;
 735: 
 736:         if (key.substring(0, limit).equalsIgnoreCase(serviceDotAlgorithm+" "))
 737:           {
 738:             realAttr = key.substring(limit).trim();
 739:             if (! realAttr.equalsIgnoreCase(attr))
 740:               continue;
 741: 
 742:             // eveything matches so far.  do the value
 743:             realVal = p.getProperty(key);
 744:             if (realVal == null)
 745:               return false;
 746: 
 747:             realVal = realVal.trim();
 748:             // is it a string value?
 749:             if (val.equalsIgnoreCase(realVal))
 750:               return true;
 751: 
 752:             // assume value is a number. cehck for greater-than-or-equal
 753:             return (new Integer(val).intValue() >= new Integer(realVal).intValue());
 754:           }
 755:       }
 756: 
 757:     return false;
 758:   }
 759: }