1 /*
2 * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
33 import java.security.cert.CertPathValidatorException.BasicReason;
34 import java.security.cert.PKIXReason;
35 import java.util.ArrayList;
36 import java.util.Collection;
37 import java.util.Collections;
38 import java.util.List;
39 import java.util.LinkedList;
40 import java.util.Set;
41 import javax.security.auth.x500.X500Principal;
42
43 import sun.security.provider.certpath.PKIX.BuilderParams;
44 import static sun.security.x509.PKIXExtensions.*;
45 import sun.security.util.Debug;
46
47 /**
48 * This class builds certification paths in the forward direction.
49 *
50 * <p> If successful, it returns a certification path which has successfully
51 * satisfied all the constraints and requirements specified in the
52 * PKIXBuilderParameters object and has been validated according to the PKIX
53 * path validation algorithm defined in RFC 3280.
54 *
55 * <p> This implementation uses a depth-first search approach to finding
56 * certification paths. If it comes to a point in which it cannot find
57 * any more certificates leading to the target OR the path length is too long
58 * it backtracks to previous paths until the target has been found or
59 * all possible paths have been exhausted.
60 *
61 * <p> This implementation is not thread-safe.
62 *
63 * @since 1.4
64 * @author Sean Mullan
65 * @author Yassir Elley
66 */
67 public final class SunCertPathBuilder extends CertPathBuilderSpi {
68
69 private static final Debug debug = Debug.getInstance("certpath");
70
71 /*
72 * private objects shared by methods
73 */
326 }
327
328 Set<String> initExpPolSet =
329 Collections.singleton(PolicyChecker.ANY_POLICY);
330
331 PolicyNodeImpl rootNode = new PolicyNodeImpl(null,
332 PolicyChecker.ANY_POLICY, null, false, initExpPolSet, false);
333
334 List<PKIXCertPathChecker> checkers = new ArrayList<>();
335 PolicyChecker policyChecker
336 = new PolicyChecker(buildParams.initialPolicies(),
337 appendedCerts.size(),
338 buildParams.explicitPolicyRequired(),
339 buildParams.policyMappingInhibited(),
340 buildParams.anyPolicyInhibited(),
341 buildParams.policyQualifiersRejected(),
342 rootNode);
343 checkers.add(policyChecker);
344
345 // add the algorithm checker
346 checkers.add(new AlgorithmChecker(builder.trustAnchor));
347
348 BasicChecker basicChecker = null;
349 if (nextState.keyParamsNeeded()) {
350 PublicKey rootKey = cert.getPublicKey();
351 if (builder.trustAnchor.getTrustedCert() == null) {
352 rootKey = builder.trustAnchor.getCAPublicKey();
353 if (debug != null)
354 debug.println(
355 "SunCertPathBuilder.depthFirstSearchForward " +
356 "using buildParams public key: " +
357 rootKey.toString());
358 }
359 TrustAnchor anchor = new TrustAnchor
360 (cert.getSubjectX500Principal(), rootKey, null);
361
362 // add the basic checker
363 basicChecker = new BasicChecker(anchor, buildParams.date(),
364 buildParams.sigProvider(),
365 true);
366 checkers.add(basicChecker);
|
1 /*
2 * Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
33 import java.security.cert.CertPathValidatorException.BasicReason;
34 import java.security.cert.PKIXReason;
35 import java.util.ArrayList;
36 import java.util.Collection;
37 import java.util.Collections;
38 import java.util.List;
39 import java.util.LinkedList;
40 import java.util.Set;
41 import javax.security.auth.x500.X500Principal;
42
43 import sun.security.provider.certpath.PKIX.BuilderParams;
44 import static sun.security.x509.PKIXExtensions.*;
45 import sun.security.util.Debug;
46
47 /**
48 * This class builds certification paths in the forward direction.
49 *
50 * <p> If successful, it returns a certification path which has successfully
51 * satisfied all the constraints and requirements specified in the
52 * PKIXBuilderParameters object and has been validated according to the PKIX
53 * path validation algorithm defined in RFC 5280.
54 *
55 * <p> This implementation uses a depth-first search approach to finding
56 * certification paths. If it comes to a point in which it cannot find
57 * any more certificates leading to the target OR the path length is too long
58 * it backtracks to previous paths until the target has been found or
59 * all possible paths have been exhausted.
60 *
61 * <p> This implementation is not thread-safe.
62 *
63 * @since 1.4
64 * @author Sean Mullan
65 * @author Yassir Elley
66 */
67 public final class SunCertPathBuilder extends CertPathBuilderSpi {
68
69 private static final Debug debug = Debug.getInstance("certpath");
70
71 /*
72 * private objects shared by methods
73 */
326 }
327
328 Set<String> initExpPolSet =
329 Collections.singleton(PolicyChecker.ANY_POLICY);
330
331 PolicyNodeImpl rootNode = new PolicyNodeImpl(null,
332 PolicyChecker.ANY_POLICY, null, false, initExpPolSet, false);
333
334 List<PKIXCertPathChecker> checkers = new ArrayList<>();
335 PolicyChecker policyChecker
336 = new PolicyChecker(buildParams.initialPolicies(),
337 appendedCerts.size(),
338 buildParams.explicitPolicyRequired(),
339 buildParams.policyMappingInhibited(),
340 buildParams.anyPolicyInhibited(),
341 buildParams.policyQualifiersRejected(),
342 rootNode);
343 checkers.add(policyChecker);
344
345 // add the algorithm checker
346 checkers.add(new AlgorithmChecker(builder.trustAnchor,
347 buildParams.date(), null));
348
349 BasicChecker basicChecker = null;
350 if (nextState.keyParamsNeeded()) {
351 PublicKey rootKey = cert.getPublicKey();
352 if (builder.trustAnchor.getTrustedCert() == null) {
353 rootKey = builder.trustAnchor.getCAPublicKey();
354 if (debug != null)
355 debug.println(
356 "SunCertPathBuilder.depthFirstSearchForward " +
357 "using buildParams public key: " +
358 rootKey.toString());
359 }
360 TrustAnchor anchor = new TrustAnchor
361 (cert.getSubjectX500Principal(), rootKey, null);
362
363 // add the basic checker
364 basicChecker = new BasicChecker(anchor, buildParams.date(),
365 buildParams.sigProvider(),
366 true);
367 checkers.add(basicChecker);
|