| GNU Classpath (0.95) | |
| Frames | No Frames |
1: /* PKIXCertPathChecker.java -- checks X.509 certificate paths. 2: Copyright (C) 2003 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: 39: package java.security.cert; 40: 41: import java.util.Collection; 42: import java.util.Set; 43: 44: /** 45: * A validator for X.509 certificates when approving certificate chains. 46: * 47: * <p>Concrete subclasses can be passed to the {@link 48: * PKIXParameters#setCertPathCheckers(java.util.List)} and {@link 49: * PKIXParameters#addCertPathChecker(java.security.cert.PKIXCertPathChecker)} 50: * methods, which are then used to set up PKIX certificate chain 51: * builders or validators. These classes then call the {@link 52: * #check(java.security.cert.Certificate,java.util.Collection)} method 53: * of this class, performing whatever checks on the certificate, 54: * throwing an exception if any check fails. 55: * 56: * <p>Subclasses of this must be able to perform their checks in the 57: * backward direction -- from the most-trusted certificate to the target 58: * -- and may optionally support forward checking -- from the target to 59: * the most-trusted certificate. 60: * 61: * @see PKIXParameters 62: * @since 1.4 63: */ 64: public abstract class PKIXCertPathChecker implements Cloneable 65: { 66: 67: // Constructor. 68: // ------------------------------------------------------------------------ 69: 70: /** Default constructor. */ 71: protected PKIXCertPathChecker() 72: { 73: super(); 74: } 75: 76: // Cloneable interface. 77: // ------------------------------------------------------------------------ 78: 79: public Object clone() 80: { 81: try 82: { 83: return super.clone(); 84: } 85: catch (CloneNotSupportedException cnse) 86: { 87: throw new InternalError(cnse.getMessage()); 88: } 89: } 90: 91: // Abstract methods. 92: // ------------------------------------------------------------------------ 93: 94: /** 95: * Initialize this PKIXCertPathChecker. If subclasses support forward 96: * checking, a value of true can be passed to this method, and 97: * certificates can be validated from the target certificate to the 98: * most-trusted certifcate. 99: * 100: * @param forward The direction of this PKIXCertPathChecker. 101: * @throws CertPathValidatorException If <i>forward</i> is true and 102: * this class does not support forward checking. 103: */ 104: public abstract void init(boolean forward) throws CertPathValidatorException; 105: 106: /** 107: * Returns whether or not this class supports forward checking. 108: * 109: * @return Whether or not this class supports forward checking. 110: */ 111: public abstract boolean isForwardCheckingSupported(); 112: 113: /** 114: * Returns an immutable set of X.509 extension object identifiers (OIDs) 115: * supported by this PKIXCertPathChecker. 116: * 117: * @return An immutable set of Strings of the supported X.509 OIDs, or 118: * null if no extensions are supported. 119: */ 120: public abstract Set<String> getSupportedExtensions(); 121: 122: /** 123: * Checks a certificate, removing any critical extensions that are 124: * resolved in this check. 125: * 126: * @param cert The certificate to check. 127: * @param unresolvedCritExts The (mutable) collection of as-of-yet 128: * unresolved critical extensions, as OID strings. 129: * @throws CertPathValidatorException If this certificate fails this 130: * check. 131: */ 132: public abstract void check(Certificate cert, Collection<String> unresolvedCritExts) 133: throws CertPathValidatorException; 134: }
| GNU Classpath (0.95) |