giteadmin/script-astra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4380f00a78
script-astra/Android/Sdk/sources/android-35/java/security/cert/CertStore.java

442 lines
18 KiB
Java
Raw Normal View History

init
2025-01-20 15:15:20 +00:00
/*
* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.cert;
import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import java.util.Collection;
import java.util.Objects;
import sun.security.jca.*;
import sun.security.jca.GetInstance.Instance;
/**
* A class for retrieving {@code Certificate}s and {@code CRL}s
* from a repository.
* <p>
* This class uses a provider-based architecture.
* To create a {@code CertStore}, call one of the static
* {@code getInstance} methods, passing in the type of
* {@code CertStore} desired, any applicable initialization parameters
* and optionally the name of the provider desired.
* <p>
* Once the {@code CertStore} has been created, it can be used to
* retrieve {@code Certificate}s and {@code CRL}s by calling its
* {@link #getCertificates(CertSelector selector) getCertificates} and
* {@link #getCRLs(CRLSelector selector) getCRLs} methods.
* <p>
* Unlike a {@link java.security.KeyStore KeyStore}, which provides access
* to a cache of private keys and trusted certificates, a
* {@code CertStore} is designed to provide access to a potentially
* vast repository of untrusted certificates and CRLs. For example, an LDAP
* implementation of {@code CertStore} provides access to certificates
* and CRLs stored in one or more directories using the LDAP protocol and the
* schema as defined in the RFC service attribute.
*
* <p> Every implementation of the Java platform is required to support the
* following standard {@code CertStore} type:
* <ul>
* <li>{@code Collection}</li>
* </ul>
* This type is described in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#certstore-types">
* CertStore section</a> of the
* Java Security Standard Algorithm Names Specification.
* Consult the release documentation for your implementation to see if any
* other types are supported.
*
* <p>
* <b>Concurrent Access</b>
* <p>
* All public methods of {@code CertStore} objects must be thread-safe.
* That is, multiple threads may concurrently invoke these methods on a
* single {@code CertStore} object (or more than one) with no
* ill effects. This allows a {@code CertPathBuilder} to search for a
* CRL while simultaneously searching for further certificates, for instance.
* <p>
* The static methods of this class are also guaranteed to be thread-safe.
* Multiple threads may concurrently invoke the static methods defined in
* this class with no ill effects.
*
* @since 1.4
* @author Sean Mullan, Steve Hanna
*/
public class CertStore {
/*
* Constant to lookup in the Security properties file to determine
* the default certstore type. In the Security properties file, the
* default certstore type is given as:
* <pre>
* certstore.type=LDAP
* </pre>
*/
private static final String CERTSTORE_TYPE = "certstore.type";
private CertStoreSpi storeSpi;
private Provider provider;
private String type;
private CertStoreParameters params;
/**
* Creates a {@code CertStore} object of the given type, and
* encapsulates the given provider implementation (SPI object) in it.
*
* @param storeSpi the provider implementation
* @param provider the provider
* @param type the type
* @param params the initialization parameters (may be {@code null})
*/
protected CertStore(CertStoreSpi storeSpi, Provider provider,
String type, CertStoreParameters params) {
this.storeSpi = storeSpi;
this.provider = provider;
this.type = type;
if (params != null)
this.params = (CertStoreParameters) params.clone();
}
/**
* Returns a {@code Collection} of {@code Certificate}s that
* match the specified selector. If no {@code Certificate}s
* match the selector, an empty {@code Collection} will be returned.
* <p>
* For some {@code CertStore} types, the resulting
* {@code Collection} may not contain <b>all</b> of the
* {@code Certificate}s that match the selector. For instance,
* an LDAP {@code CertStore} may not search all entries in the
* directory. Instead, it may just search entries that are likely to
* contain the {@code Certificate}s it is looking for.
* <p>
* Some {@code CertStore} implementations (especially LDAP
* {@code CertStore}s) may throw a {@code CertStoreException}
* unless a non-null {@code CertSelector} is provided that
* includes specific criteria that can be used to find the certificates.
* Issuer and/or subject names are especially useful criteria.
*
* @param selector A {@code CertSelector} used to select which
* {@code Certificate}s should be returned. Specify {@code null}
* to return all {@code Certificate}s (if supported).
* @return A {@code Collection} of {@code Certificate}s that
* match the specified selector (never {@code null})
* @throws CertStoreException if an exception occurs
*/
public final Collection<? extends Certificate> getCertificates
(CertSelector selector) throws CertStoreException {
return storeSpi.engineGetCertificates(selector);
}
/**
* Returns a {@code Collection} of {@code CRL}s that
* match the specified selector. If no {@code CRL}s
* match the selector, an empty {@code Collection} will be returned.
* <p>
* For some {@code CertStore} types, the resulting
* {@code Collection} may not contain <b>all</b> of the
* {@code CRL}s that match the selector. For instance,
* an LDAP {@code CertStore} may not search all entries in the
* directory. Instead, it may just search entries that are likely to
* contain the {@code CRL}s it is looking for.
* <p>
* Some {@code CertStore} implementations (especially LDAP
* {@code CertStore}s) may throw a {@code CertStoreException}
* unless a non-null {@code CRLSelector} is provided that
* includes specific criteria that can be used to find the CRLs.
* Issuer names and/or the certificate to be checked are especially useful.
*
* @param selector A {@code CRLSelector} used to select which
* {@code CRL}s should be returned. Specify {@code null}
* to return all {@code CRL}s (if supported).
* @return A {@code Collection} of {@code CRL}s that
* match the specified selector (never {@code null})
* @throws CertStoreException if an exception occurs
*/
public final Collection<? extends CRL> getCRLs(CRLSelector selector)
throws CertStoreException {
return storeSpi.engineGetCRLs(selector);
}
/**
* Returns a {@code CertStore} object that implements the specified
* {@code CertStore} type and is initialized with the specified
* parameters.
*
* <p> This method traverses the list of registered security Providers,
* starting with the most preferred Provider.
* A new CertStore object encapsulating the
* CertStoreSpi implementation from the first
* Provider that supports the specified type is returned.
*
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
* <p>The {@code CertStore} that is returned is initialized with the
* specified {@code CertStoreParameters}. The type of parameters
* needed may vary between different types of {@code CertStore}s.
* Note that the specified {@code CertStoreParameters} object is
* cloned.
*
* @implNote
* The JDK Reference Implementation additionally uses the
* {@code jdk.security.provider.preferred}
* {@link Security#getProperty(String) Security} property to determine
* the preferred provider order for the specified algorithm. This
* may be different than the order of providers returned by
* {@link Security#getProviders() Security.getProviders()}.
*
* @param type the name of the requested {@code CertStore} type.
* See the CertStore section in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#certstore-types">
* Java Security Standard Algorithm Names Specification</a>
* for information about standard types.
*
* @param params the initialization parameters (may be {@code null}).
*
* @return a {@code CertStore} object that implements the specified
* {@code CertStore} type
*
* @throws InvalidAlgorithmParameterException if the specified
* initialization parameters are inappropriate for this
* {@code CertStore}
*
* @throws NoSuchAlgorithmException if no {@code Provider} supports a
* {@code CertStoreSpi} implementation for the specified type
*
* @throws NullPointerException if {@code type} is {@code null}
*
* @see java.security.Provider
*/
public static CertStore getInstance(String type, CertStoreParameters params)
throws InvalidAlgorithmParameterException,
NoSuchAlgorithmException {
Objects.requireNonNull(type, "null type name");
try {
Instance instance = GetInstance.getInstance("CertStore",
CertStoreSpi.class, type, params);
return new CertStore((CertStoreSpi)instance.impl,
instance.provider, type, params);
} catch (NoSuchAlgorithmException e) {
return handleException(e);
}
}
private static CertStore handleException(NoSuchAlgorithmException e)
throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException {
Throwable cause = e.getCause();
if (cause instanceof InvalidAlgorithmParameterException) {
throw (InvalidAlgorithmParameterException)cause;
}
throw e;
}
/**
* Returns a {@code CertStore} object that implements the specified
* {@code CertStore} type.
*
* <p> A new CertStore object encapsulating the
* CertStoreSpi implementation from the specified provider
* is returned. The specified provider must be registered
* in the security provider list.
*
* <p> Note that the list of registered providers may be retrieved via
* the {@link Security#getProviders() Security.getProviders()} method.
*
* <p>The {@code CertStore} that is returned is initialized with the
* specified {@code CertStoreParameters}. The type of parameters
* needed may vary between different types of {@code CertStore}s.
* Note that the specified {@code CertStoreParameters} object is
* cloned.
*
* @param type the requested {@code CertStore} type.
* See the CertStore section in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#certstore-types">
* Java Security Standard Algorithm Names Specification</a>
* for information about standard types.
*
* @param params the initialization parameters (may be {@code null}).
*
* @param provider the name of the provider.
*
* @return a {@code CertStore} object that implements the
* specified type
*
* @throws IllegalArgumentException if the {@code provider} is
* {@code null} or empty
*
* @throws InvalidAlgorithmParameterException if the specified
* initialization parameters are inappropriate for this
* {@code CertStore}
*
* @throws NoSuchAlgorithmException if a {@code CertStoreSpi}
* implementation for the specified type is not
* available from the specified provider
*
* @throws NoSuchProviderException if the specified provider is not
* registered in the security provider list
*
* @throws NullPointerException if {@code type} is {@code null}
*
* @see java.security.Provider
*/
public static CertStore getInstance(String type,
CertStoreParameters params, String provider)
throws InvalidAlgorithmParameterException,
NoSuchAlgorithmException, NoSuchProviderException {
Objects.requireNonNull(type, "null type name");
try {
Instance instance = GetInstance.getInstance("CertStore",
CertStoreSpi.class, type, params, provider);
return new CertStore((CertStoreSpi)instance.impl,
instance.provider, type, params);
} catch (NoSuchAlgorithmException e) {
return handleException(e);
}
}
/**
* Returns a {@code CertStore} object that implements the specified
* {@code CertStore} type.
*
* <p> A new CertStore object encapsulating the
* CertStoreSpi implementation from the specified Provider
* object is returned. Note that the specified Provider object
* does not have to be registered in the provider list.
*
* <p>The {@code CertStore} that is returned is initialized with the
* specified {@code CertStoreParameters}. The type of parameters
* needed may vary between different types of {@code CertStore}s.
* Note that the specified {@code CertStoreParameters} object is
* cloned.
*
* @param type the requested {@code CertStore} type.
* See the CertStore section in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#certstore-types">
* Java Security Standard Algorithm Names Specification</a>
* for information about standard types.
*
* @param params the initialization parameters (may be {@code null}).
*
* @param provider the provider.
*
* @return a {@code CertStore} object that implements the
* specified type
*
* @throws IllegalArgumentException if the {@code provider} is
* null
*
* @throws InvalidAlgorithmParameterException if the specified
* initialization parameters are inappropriate for this
* {@code CertStore}
*
* @throws NoSuchAlgorithmException if a {@code CertStoreSpi}
* implementation for the specified type is not available
* from the specified Provider object
*
* @throws NullPointerException if {@code type} is {@code null}
*
* @see java.security.Provider
*/
public static CertStore getInstance(String type, CertStoreParameters params,
Provider provider) throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException {
Objects.requireNonNull(type, "null type name");
try {
Instance instance = GetInstance.getInstance("CertStore",
CertStoreSpi.class, type, params, provider);
return new CertStore((CertStoreSpi)instance.impl,
instance.provider, type, params);
} catch (NoSuchAlgorithmException e) {
return handleException(e);
}
}
/**
* Returns the parameters used to initialize this {@code CertStore}.
* Note that the {@code CertStoreParameters} object is cloned before
* it is returned.
*
* @return the parameters used to initialize this {@code CertStore}
* (may be {@code null})
*/
public final CertStoreParameters getCertStoreParameters() {
return (params == null ? null : (CertStoreParameters) params.clone());
}
/**
* Returns the type of this {@code CertStore}.
*
* @return the type of this {@code CertStore}
*/
public final String getType() {
return this.type;
}
/**
* Returns the provider of this {@code CertStore}.
*
* @return the provider of this {@code CertStore}
*/
public final Provider getProvider() {
return this.provider;
}
/**
* Returns the default {@code CertStore} type as specified by the
* {@code certstore.type} security property, or the string
* {@literal "LDAP"} if no such property exists.
*
* <p>The default {@code CertStore} type can be used by applications
* that do not want to use a hard-coded type when calling one of the
* {@code getInstance} methods, and want to provide a default
* {@code CertStore} type in case a user does not specify its own.
*
* <p>The default {@code CertStore} type can be changed by setting
* the value of the {@code certstore.type} security property to the
* desired type.
*
* @see java.security.Security security properties
* @return the default {@code CertStore} type as specified by the
* {@code certstore.type} security property, or the string
* {@literal "LDAP"} if no such property exists.
*/
public static final String getDefaultType() {
String cstype;
cstype = AccessController.doPrivileged(new PrivilegedAction<>() {
public String run() {
return Security.getProperty(CERTSTORE_TYPE);
}
});
if (cstype == null) {
cstype = "LDAP";
}
return cstype;
}
}
Reference in New Issue Copy Permalink