From 554fd8c5195424bdbcabf5de30fdc183aba391bd Mon Sep 17 00:00:00 2001 From: upstream source tree Date: Sun, 15 Mar 2015 20:14:05 -0400 Subject: obtained gcc-4.6.4.tar.bz2 from upstream website; verified gcc-4.6.4.tar.bz2.sig; imported gcc-4.6.4 source tree from verified upstream tarball. downloading a git-generated archive based on the 'upstream' tag should provide you with a source tree that is binary identical to the one extracted from the above tarball. if you have obtained the source via the command 'git clone', however, do note that line-endings of files in your working directory might differ from line-endings of the respective files in the upstream repository. --- .../java/security/cert/PKIXParameters.java | 547 +++++++++++++++++++++ 1 file changed, 547 insertions(+) create mode 100644 libjava/classpath/java/security/cert/PKIXParameters.java (limited to 'libjava/classpath/java/security/cert/PKIXParameters.java') diff --git a/libjava/classpath/java/security/cert/PKIXParameters.java b/libjava/classpath/java/security/cert/PKIXParameters.java new file mode 100644 index 000000000..bbb75571f --- /dev/null +++ b/libjava/classpath/java/security/cert/PKIXParameters.java @@ -0,0 +1,547 @@ +/* PKIXParameters.java -- parameters for the PKIX cert path algorithm + Copyright (C) 2003 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package java.security.cert; + +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyStore; +import java.security.KeyStoreException; + +import java.util.Collections; +import java.util.Date; +import java.util.Enumeration; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; + +/** + * Parameters for verifying certificate paths using the PKIX + * (Public-Key Infrastructure (X.509)) algorithm. + * + * @see CertPathBuilder + * @since 1.4 + */ +public class PKIXParameters implements CertPathParameters +{ + + // Fields. + // ------------------------------------------------------------------------ + + /** The trusted certificates. */ + private final Set trustAnchors; + + /** The set of initial policy identifiers. */ + private final Set initPolicies; + + /** The list of certificate stores. */ + private final List certStores; + + /** The list of path checkers. */ + private final List pathCheckers; + + /** The revocation enabled flag. */ + private boolean revocationEnabled; + + /** The explicit policy required flag. */ + private boolean exPolicyRequired; + + /** The policy mapping inhibited flag. */ + private boolean policyMappingInhibited; + + /** The any policy inhibited flag. */ + private boolean anyPolicyInhibited; + + /** The policy qualifiers rejected flag. */ + private boolean policyQualRejected; + + /** The target validation date. */ + private Date date; + + /** The signature algorithm provider. */ + private String sigProvider; + + /** The target constraints. */ + private CertSelector targetConstraints; + + // Constructors. + // ------------------------------------------------------------------------ + + /** + * Create a new PKIXParameters object, populating the trusted + * certificates set with all certificates found in the given key + * store. All certificates found in the key store are assumed to be + * trusted by this constructor. + * + * @param keystore The key store. + * @throws KeyStoreException If the certificates cannot be retrieved + * from the key store. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the key store. + * @throws NullPointerException If keystore is null. + */ + public PKIXParameters(KeyStore keystore) + throws KeyStoreException, InvalidAlgorithmParameterException + { + this(); + for (Enumeration e = keystore.aliases(); e.hasMoreElements(); ) + { + String alias = (String) e.nextElement(); + if (!keystore.isCertificateEntry(alias)) + continue; + Certificate cert = keystore.getCertificate(alias); + if (cert instanceof X509Certificate) + trustAnchors.add(new TrustAnchor((X509Certificate) cert, null)); + } + if (trustAnchors.isEmpty()) + throw new InvalidAlgorithmParameterException("no certs in the key store"); + } + + /** + * Create a new PKIXParameters object, populating the trusted + * certificates set with the elements of the given set, each of which + * must be a {@link TrustAnchor}. + * + * @param trustAnchors The set of trust anchors. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If trustAnchors is null. + * @throws ClassCastException If every element in trustAnchors + * is not a {@link TrustAnchor}. + */ + public PKIXParameters(Set trustAnchors) + throws InvalidAlgorithmParameterException + { + this(); + setTrustAnchors(trustAnchors); + } + + /** + * Default constructor. + */ + private PKIXParameters() + { + trustAnchors = new HashSet(); + initPolicies = new HashSet(); + certStores = new LinkedList(); + pathCheckers = new LinkedList(); + revocationEnabled = true; + exPolicyRequired = false; + policyMappingInhibited = false; + anyPolicyInhibited = false; + policyQualRejected = true; + } + + /** + * Copying constructor for cloning. + * + * @param that The instance being cloned. + */ + private PKIXParameters(PKIXParameters that) + { + this(); + this.trustAnchors.addAll(that.trustAnchors); + this.initPolicies.addAll(that.initPolicies); + this.certStores.addAll(that.certStores); + this.pathCheckers.addAll(that.pathCheckers); + this.revocationEnabled = that.revocationEnabled; + this.exPolicyRequired = that.exPolicyRequired; + this.policyMappingInhibited = that.policyMappingInhibited; + this.anyPolicyInhibited = that.anyPolicyInhibited; + this.policyQualRejected = that.policyQualRejected; + this.date = that.date; + this.sigProvider = that.sigProvider; + this.targetConstraints = that.targetConstraints != null + ? (CertSelector) that.targetConstraints.clone() : null; + } + + // Instance methods. + // ------------------------------------------------------------------------ + + /** + * Returns an immutable set of trust anchors. The set returned will + * never be null and will never be empty. + * + * @return A (never null, never empty) immutable set of trust anchors. + */ + public Set getTrustAnchors() + { + return Collections.unmodifiableSet(trustAnchors); + } + + /** + * Sets the trust anchors of this class, replacing the current trust + * anchors with those in the given set. The supplied set is copied to + * prevent modification. + * + * @param trustAnchors The new set of trust anchors. + * @throws InvalidAlgorithmParameterException If there are no + * certificates in the set. + * @throws NullPointerException If trustAnchors is null. + * @throws ClassCastException If every element in trustAnchors + * is not a {@link TrustAnchor}. + */ + public void setTrustAnchors(Set trustAnchors) + throws InvalidAlgorithmParameterException + { + if (trustAnchors.isEmpty()) + throw new InvalidAlgorithmParameterException("no trust anchors"); + this.trustAnchors.clear(); + for (Iterator i = trustAnchors.iterator(); i.hasNext(); ) + { + this.trustAnchors.add((TrustAnchor) i.next()); + } + } + + /** + * Returns the set of initial policy identifiers (as OID strings). If + * any policy is accepted, this method returns the empty set. + * + * @return An immutable set of initial policy OID strings, or the + * empty set if any policy is acceptable. + */ + public Set getInitialPolicies() + { + return Collections.unmodifiableSet(initPolicies); + } + + /** + * Sets the initial policy identifiers (as OID strings). If the + * argument is null or the empty set, then any policy identifier will + * be accepted. + * + * @param initPolicies The new set of policy strings, or null. + * @throws ClassCastException If any element in initPolicies is + * not a string. + */ + public void setInitialPolicies(Set initPolicies) + { + this.initPolicies.clear(); + if (initPolicies == null) + return; + for (Iterator i = initPolicies.iterator(); i.hasNext(); ) + { + this.initPolicies.add((String) i.next()); + } + } + + /** + * Add a {@link CertStore} to the list of cert stores. + * + * @param store The CertStore to add. + */ + public void addCertStore(CertStore store) + { + if (store != null) + certStores.add(store); + } + + /** + * Returns an immutable list of cert stores. This method never returns + * null. + * + * @return The list of cert stores. + */ + public List getCertStores() + { + return Collections.unmodifiableList(certStores); + } + + /** + * Set the cert stores. If the argument is null the list of cert + * stores will be empty. + * + * @param certStores The cert stores. + */ + public void setCertStores(List certStores) + { + this.certStores.clear(); + if (certStores == null) + return; + for (Iterator i = certStores.iterator(); i.hasNext(); ) + { + this.certStores.add((CertStore) i.next()); + } + } + + /** + * Returns the value of the revocation enabled flag. The default + * value for this flag is true. + * + * @return The revocation enabled flag. + */ + public boolean isRevocationEnabled() + { + return revocationEnabled; + } + + /** + * Sets the value of the revocation enabled flag. + * + * @param value The new value. + */ + public void setRevocationEnabled(boolean value) + { + revocationEnabled = value; + } + + /** + * Returns the value of the explicit policy required flag. The + * default value of this flag is false. + * + * @return The explicit policy required flag. + */ + public boolean isExplicitPolicyRequired() + { + return exPolicyRequired; + } + + /** + * Sets the value of the explicit policy required flag. + * + * @param value The new value. + */ + public void setExplicitPolicyRequired(boolean value) + { + exPolicyRequired = value; + } + + /** + * Returns the value of the policy mapping inhibited flag. The + * default value of this flag is false. + * + * @return The policy mapping inhibited flag. + */ + public boolean isPolicyMappingInhibited() + { + return policyMappingInhibited; + } + + /** + * Sets the value of the policy mapping inhibited flag. + * + * @param value The new value. + */ + public void setPolicyMappingInhibited(boolean value) + { + policyMappingInhibited = value; + } + + /** + * Returns the value of the any policy inhibited flag. The + * default value of this flag is false. + * + * @return The any policy inhibited flag. + */ + public boolean isAnyPolicyInhibited() + { + return anyPolicyInhibited; + } + + /** + * Sets the value of the any policy inhibited flag. + * + * @param value The new value. + */ + public void setAnyPolicyInhibited(boolean value) + { + anyPolicyInhibited = value; + } + + /** + * Returns the value of the policy qualifiers enabled flag. The + * default value of this flag is true. + * + * @return The policy qualifiers enabled flag. + */ + public boolean getPolicyQualifiersRejected() + { + return policyQualRejected; + } + + /** + * Sets the value of the policy qualifiers enabled flag. + * + * @param value The new value. + */ + public void setPolicyQualifiersRejected(boolean value) + { + policyQualRejected = value; + } + + /** + * Returns the date for which the certificate path should be + * validated, or null if the current time should be used. The date + * object is copied to prevent subsequent modification. + * + * @return The date, or null if not set. + */ + public Date getDate() + { + return date != null ? (Date) date.clone() : null; + } + + /** + * Sets the date for which the certificate path should be validated, + * or null if the current time should be used. + * + * @param date The new date, or null. + */ + public void setDate(Date date) + { + if (date != null) + this.date = (Date) date.clone(); + else + this.date = null; + } + + /** + * Add a certificate path checker. + * + * @param checker The certificate path checker to add. + */ + public void addCertPathChecker(PKIXCertPathChecker checker) + { + if (checker != null) + pathCheckers.add(checker); + } + + /** + * Returns an immutable list of all certificate path checkers. + * + * @return An immutable list of all certificate path checkers. + */ + public List getCertPathCheckers() + { + return Collections.unmodifiableList(pathCheckers); + } + + /** + * Sets the certificate path checkers. If the argument is null, the + * list of checkers will merely be cleared. + * + * @param pathCheckers The new list of certificate path checkers. + * @throws ClassCastException If any element of pathCheckers is + * not a {@link PKIXCertPathChecker}. + */ + public void setCertPathCheckers(List pathCheckers) + { + this.pathCheckers.clear(); + if (pathCheckers == null) + return; + for (Iterator i = pathCheckers.iterator(); i.hasNext(); ) + { + this.pathCheckers.add((PKIXCertPathChecker) i.next()); + } + } + + /** + * Returns the signature algorithm provider, or null if not set. + * + * @return The signature algorithm provider, or null if not set. + */ + public String getSigProvider() + { + return sigProvider; + } + + /** + * Sets the signature algorithm provider, or null if there is no + * preferred provider. + * + * @param sigProvider The signature provider name. + */ + public void setSigProvider(String sigProvider) + { + this.sigProvider = sigProvider; + } + + /** + * Returns the constraints placed on the target certificate, or null + * if there are none. The target constraints are copied to prevent + * subsequent modification. + * + * @return The target constraints, or null. + */ + public CertSelector getTargetCertConstraints() + { + return targetConstraints != null + ? (CertSelector) targetConstraints.clone() : null; + } + + /** + * Sets the constraints placed on the target certificate. + * + * @param targetConstraints The target constraints. + */ + public void setTargetCertConstraints(CertSelector targetConstraints) + { + this.targetConstraints = targetConstraints != null + ? (CertSelector) targetConstraints.clone() : null; + } + + /** + * Returns a copy of these parameters. + * + * @return The copy. + */ + public Object clone() + { + return new PKIXParameters(this); + } + + /** + * Returns a printable representation of these parameters. + * + * @return A printable representation of these parameters. + */ + public String toString() { + return "[ Trust Anchors: " + trustAnchors + "; Initial Policy OIDs=" + + (initPolicies != null ? initPolicies.toString() : "any") + + "; Validity Date=" + date + "; Signature Provider=" + + sigProvider + "; Default Revocation Enabled=" + revocationEnabled + + "; Explicit Policy Required=" + exPolicyRequired + + "; Policy Mapping Inhibited=" + policyMappingInhibited + + "; Any Policy Inhibited=" + anyPolicyInhibited + + "; Policy Qualifiers Rejected=" + policyQualRejected + + "; Target Cert Contstraints=" + targetConstraints + + "; Certification Path Checkers=" + pathCheckers + + "; CertStores=" + certStores + " ]"; + } +} -- cgit v1.2.3