001 /* CertPathBuilder.java -- bulids CertPath objects from Certificates. 002 Copyright (C) 2003, 2004 Free Software Foundation, Inc. 003 004 This file is part of GNU Classpath. 005 006 GNU Classpath is free software; you can redistribute it and/or modify 007 it under the terms of the GNU General Public License as published by 008 the Free Software Foundation; either version 2, or (at your option) 009 any later version. 010 011 GNU Classpath is distributed in the hope that it will be useful, but 012 WITHOUT ANY WARRANTY; without even the implied warranty of 013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 014 General Public License for more details. 015 016 You should have received a copy of the GNU General Public License 017 along with GNU Classpath; see the file COPYING. If not, write to the 018 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 019 02110-1301 USA. 020 021 Linking this library statically or dynamically with other modules is 022 making a combined work based on this library. Thus, the terms and 023 conditions of the GNU General Public License cover the whole 024 combination. 025 026 As a special exception, the copyright holders of this library give you 027 permission to link this library with independent modules to produce an 028 executable, regardless of the license terms of these independent 029 modules, and to copy and distribute the resulting executable under 030 terms of your choice, provided that you also meet, for each linked 031 independent module, the terms and conditions of the license of that 032 module. An independent module is a module which is not derived from 033 or based on this library. If you modify this library, you may extend 034 this exception to your version of the library, but you are not 035 obligated to do so. If you do not wish to do so, delete this 036 exception statement from your version. */ 037 038 039 package java.security.cert; 040 041 import gnu.java.security.Engine; 042 043 import java.lang.reflect.InvocationTargetException; 044 import java.security.InvalidAlgorithmParameterException; 045 import java.security.NoSuchAlgorithmException; 046 import java.security.NoSuchProviderException; 047 import java.security.Provider; 048 import java.security.Security; 049 050 /** 051 * This class builds certificate paths (also called certificate chains), 052 * which can be used to establish trust for a particular certificate by 053 * building a path from a trusted certificate (a trust anchor) to the 054 * untrusted certificate. 055 * 056 * @see CertPath 057 */ 058 public class CertPathBuilder 059 { 060 061 // Constants and fields. 062 // ------------------------------------------------------------------------ 063 064 /** Service name for CertPathBuilder. */ 065 private static final String CERT_PATH_BUILDER = "CertPathBuilder"; 066 067 /** The underlying implementation. */ 068 private CertPathBuilderSpi cpbSpi; 069 070 /** The provider of this implementation. */ 071 private Provider provider; 072 073 /** The name of this implementation. */ 074 private String algorithm; 075 076 // Constructor. 077 // ------------------------------------------------------------------------ 078 079 /** 080 * Creates a new CertPathBuilder. 081 * 082 * @param cpbSpi The underlying implementation. 083 * @param provider The provider of the implementation. 084 * @param algorithm This implementation's name. 085 */ 086 protected CertPathBuilder(CertPathBuilderSpi cpbSpi, Provider provider, 087 String algorithm) 088 { 089 this.cpbSpi = cpbSpi; 090 this.provider = provider; 091 this.algorithm = algorithm; 092 } 093 094 // Class methods. 095 // ------------------------------------------------------------------------ 096 097 /** 098 * Get the default cert path builder type. 099 * 100 * <p>This value can be set at run-time by the security property 101 * <code>"certpathbuilder.type"</code>. If this property is not set, 102 * then the value returned is <code>"PKIX"</code>. 103 * 104 * @return The default CertPathBuilder algorithm. 105 */ 106 public static final String getDefaultType() 107 { 108 String type = Security.getProperty("certpathbuilder.type"); 109 if (type == null) 110 type = "PKIX"; 111 return type; 112 } 113 114 /** 115 * Returns an instance of a named <code>CertPathBuilder</code> from the 116 * first provider that implements it. 117 * 118 * @param algorithm The name of the <code>CertPathBuilder</code> to create. 119 * @return The new instance. 120 * @throws NoSuchAlgorithmException If no installed provider implements the 121 * named algorithm. 122 * @throws IllegalArgumentException if <code>algorithm</code> is 123 * <code>null</code> or is an empty string. 124 */ 125 public static CertPathBuilder getInstance(String algorithm) 126 throws NoSuchAlgorithmException 127 { 128 Provider[] p = Security.getProviders(); 129 NoSuchAlgorithmException lastException = null; 130 for (int i = 0; i < p.length; i++) 131 try 132 { 133 return getInstance(algorithm, p[i]); 134 } 135 catch (NoSuchAlgorithmException x) 136 { 137 lastException = x; 138 } 139 if (lastException != null) 140 throw lastException; 141 throw new NoSuchAlgorithmException(algorithm); 142 } 143 144 /** 145 * Returns an instance of a named <code>CertPathBuilder</code> from a named 146 * provider. 147 * 148 * @param algorithm The name of the <code>CertPathBuilder</code> to create. 149 * @param provider The name of the provider to use. 150 * @return The new instance. 151 * @throws NoSuchAlgorithmException If no installed provider implements the 152 * named algorithm. 153 * @throws NoSuchProviderException If the named provider does not exist. 154 * @throws IllegalArgumentException if either <code>algorithm</code> or 155 * <code>provider</code> is <code>null</code>, or if 156 * <code>algorithm</code> is an empty string. 157 */ 158 public static CertPathBuilder getInstance(String algorithm, String provider) 159 throws NoSuchAlgorithmException, NoSuchProviderException 160 { 161 if (provider == null) 162 throw new IllegalArgumentException("provider MUST NOT be null"); 163 Provider p = Security.getProvider(provider); 164 if (p == null) 165 throw new NoSuchProviderException(provider); 166 return getInstance(algorithm, p); 167 } 168 169 /** 170 * Returns an instance of a named <code>CertPathBuilder</code> from the 171 * specified provider. 172 * 173 * @param algorithm The name of the <code>CertPathBuilder</code> to create. 174 * @param provider The provider to use. 175 * @return The new instance. 176 * @throws NoSuchAlgorithmException If no installed provider implements the 177 * named algorithm. 178 * @throws IllegalArgumentException if either <code>algorithm</code> or 179 * <code>provider</code> is <code>null</code>, or if 180 * <code>algorithm</code> is an empty string. 181 */ 182 public static CertPathBuilder getInstance(String algorithm, Provider provider) 183 throws NoSuchAlgorithmException 184 { 185 StringBuilder sb = new StringBuilder("CertPathBuilder for algorithm [") 186 .append(algorithm).append("] from provider[") 187 .append(provider).append("] could not be created"); 188 Throwable cause; 189 try 190 { 191 Object spi = Engine.getInstance(CERT_PATH_BUILDER, algorithm, provider); 192 return new CertPathBuilder((CertPathBuilderSpi) spi, provider, algorithm); 193 } 194 catch (InvocationTargetException x) 195 { 196 cause = x.getCause(); 197 if (cause instanceof NoSuchAlgorithmException) 198 throw (NoSuchAlgorithmException) cause; 199 if (cause == null) 200 cause = x; 201 } 202 catch (ClassCastException x) 203 { 204 cause = x; 205 } 206 NoSuchAlgorithmException x = new NoSuchAlgorithmException(sb.toString()); 207 x.initCause(cause); 208 throw x; 209 } 210 211 /** 212 * Return the name of this CertPathBuilder algorithm. 213 * 214 * @return The algorithm name. 215 */ 216 public final String getAlgorithm() 217 { 218 return algorithm; 219 } 220 221 /** 222 * Return the provider of this instance's implementation. 223 * 224 * @return The provider. 225 */ 226 public final Provider getProvider() 227 { 228 return provider; 229 } 230 231 /** 232 * Builds a certificate path. The {@link CertPathParameters} parameter 233 * passed to this method is implementation-specific, but in general 234 * should contain some number of certificates and some number of 235 * trusted certificates (or "trust anchors"). 236 * 237 * @param params The parameters. 238 * @retrun The certificate path result. 239 * @throws CertPathBuilderException If the certificate path cannot be 240 * built. 241 * @throws InvalidAlgorithmParameterException If the implementation 242 * rejects the specified parameters. 243 */ 244 public final CertPathBuilderResult build(CertPathParameters params) 245 throws CertPathBuilderException, InvalidAlgorithmParameterException 246 { 247 return cpbSpi.engineBuild(params); 248 } 249 }