CertPathBuilder

/*
 * @(#)CertPathBuilder.java	1.6 03/01/23
 *
 * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
 * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 */

package java.security.cert;

import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import sun.security.util.Debug;
import java.lang.reflect.Method;
import java.lang.reflect.InvocationTargetException;

/**
 * A class for building certification paths (also known as certificate chains).
 * <p>
 * This class uses a provider-based architecture, as described in the Java 
 * Cryptography Architecture. To create a <code>CertPathBuilder</code>, call 
 * one of the static <code>getInstance</code> methods, passing in the 
 * algorithm name of the <code>CertPathBuilder</code> desired and optionally 
 * the name of the provider desired.
 * <p>
 * Once a <code>CertPathBuilder</code> object has been created, certification 
 * paths can be constructed by calling the {@link #build build} method and 
 * passing it an algorithm-specific set of parameters. If successful, the 
 * result (including the <code>CertPath</code> that was built) is returned 
 * in an object that implements the <code>CertPathBuilderResult</code> 
 * interface.
 * <p>
 * <b>Concurrent Access</b>
 * <p>
 * The static methods of this class are guaranteed to be thread-safe.
 * Multiple threads may concurrently invoke the static methods defined in
 * this class with no ill effects.
 * <p>
 * However, this is not true for the non-static methods defined by this class.
 * Unless otherwise documented by a specific provider, threads that need to
 * access a single <code>CertPathBuilder</code> instance concurrently should
 * synchronize amongst themselves and provide the necessary locking. Multiple
 * threads each manipulating a different <code>CertPathBuilder</code> instance
 * need not synchronize.
 * 
 * @see CertPath
 *
 * @version 	1.6 01/23/03
 * @since	1.4
 * @author	Sean Mullan
 * @author	Yassir Elley
 */
public class CertPathBuilder {

    /*
     * Constant to lookup in the Security properties file to determine
     * the default certpathbuilder type. In the Security properties file,
     * the default certpathbuilder type is given as:
     * <pre>
     * certpathbuilder.type=PKIX
     * </pre>
     */
    private static final String CPB_TYPE = "certpathbuilder.type";
    private static final Debug debug = Debug.getInstance("certpath");
    private CertPathBuilderSpi builderSpi;
    private Provider provider;
    private String algorithm;

    // for use with the reflection API
    private static final Class cl = java.security.Security.class;
    private static final Class[] GET_IMPL_PARAMS = { String.class,
						     String.class,
						     String.class };
    private static final Class[] GET_IMPL_PARAMS2 = { String.class,
						      String.class,
						      Provider.class };
    // Get the implMethod via the name of a provider. Note: the name could
    // be null. 
    private static Method implMethod;
    // Get the implMethod2 via a Provider object. 
    private static Method implMethod2;
    private static Boolean implMethod2Set = new Boolean(false);

    static {
	implMethod = (Method)
	    AccessController.doPrivileged(new PrivilegedAction() {
	    public Object run() {
		Method m = null;
		try {
		    m = cl.getDeclaredMethod("getImpl", GET_IMPL_PARAMS);
		    if (m != null)
			m.setAccessible(true);
		} catch (NoSuchMethodException nsme) {
		}
		return m;
	    }
	});
    }
    
    /**
     * Creates a <code>CertPathBuilder</code> object of the given algorithm, 
     * and encapsulates the given provider implementation (SPI object) in it.
     *
     * @param builderSpi the provider implementation
     * @param provider the provider
     * @param algorithm the algorithm name
     */
    protected CertPathBuilder(CertPathBuilderSpi builderSpi, Provider provider, 
	String algorithm) 
    {
	this.builderSpi = builderSpi;
	this.provider = provider;
	this.algorithm = algorithm;
    }

    /**
     * Returns a <code>CertPathBuilder</code> object that implements the
     * specified algorithm.
     * <p>
     * If the default provider package provides an implementation of the
     * specified <code>CertPathBuilder</code> algorithm, an instance of 
     * <code>CertPathBuilder</code> containing that implementation is returned.
     * If the requested algorithm is not available in the default package, 
     * other packages are searched.
     * 
     * @param algorithm the name of the requested <code>CertPathBuilder</code> 
     * algorithm
     * @return a <code>CertPathBuilder</code> object that implements the
     * specified algorithm
     * @throws NoSuchAlgorithmException if the requested algorithm is
     * not available in the default provider package or any of the other
     * provider packages that were searched
     */
    public static CertPathBuilder getInstance(String algorithm)
	throws NoSuchAlgorithmException 
    {
	try {
	    if (implMethod == null) {
		throw new NoSuchAlgorithmException(algorithm + " not found");
	    }

	    // The underlying method is static, so we set the object
	    // argument to null.
	    Object[] objs = (Object[])implMethod.invoke(null,
					       new Object[]
					       { algorithm,
						 "CertPathBuilder",
						 (String)null
					       } );
	    return new CertPathBuilder((CertPathBuilderSpi)objs[0],
				       (Provider)objs[1], algorithm);
	} catch (IllegalAccessException iae) {
            NoSuchAlgorithmException nsae = new
                NoSuchAlgorithmException(algorithm + " not found");
            nsae.initCause(iae);
            throw nsae;
	} catch (InvocationTargetException ite) {
            Throwable t = ite.getCause();
            if (t != null && t instanceof NoSuchAlgorithmException)
                throw (NoSuchAlgorithmException)t;
            NoSuchAlgorithmException nsae = new
                NoSuchAlgorithmException(algorithm + " not found");
            nsae.initCause(ite);
            throw nsae;
	}
    }

    /**
     * Returns a <code>CertPathBuilder</code> object that implements the
     * specified algorithm, as supplied by the specified provider.
     *
     * @param algorithm the name of the requested <code>CertPathBuilder</code> 
     * algorithm
     * @param provider the name of the provider
     * @return a <code>CertPathBuilder</code> object that implements the 
     * specified algorithm, as supplied by the specified provider
     * @throws NoSuchAlgorithmException if the requested algorithm is
     * not available from the specified provider
     * @throws NoSuchProviderException if the provider has not been configured
     * @exception IllegalArgumentException if the <code>provider</code> is
     * null
     */
    public static CertPathBuilder getInstance(String algorithm, String provider)
	throws NoSuchAlgorithmException, NoSuchProviderException 
    {
	if (provider == null || provider.length() == 0)
	    throw new IllegalArgumentException("missing provider");
	try {
	    if (implMethod == null) {
		throw new NoSuchAlgorithmException(algorithm + " not found");
	    }

	    // The underlying method is static, so we set the object
	    // argument to null.
	    Object[] objs = (Object[])implMethod.invoke(null,
					       new Object[]
					       { algorithm,
						 "CertPathBuilder",
						 provider
					       } );
	    return new CertPathBuilder((CertPathBuilderSpi)objs[0],
				       (Provider)objs[1], algorithm);
	} catch (IllegalAccessException iae) {
	    NoSuchAlgorithmException nsae = new
	                   NoSuchAlgorithmException(algorithm + " not found");
	    nsae.initCause(iae);
	    throw nsae;
	} catch (InvocationTargetException ite) {
	    Throwable t = ite.getTargetException();
	    if (t != null) {
		if (t instanceof NoSuchProviderException)
		    throw (NoSuchProviderException)t;
                if (t instanceof NoSuchAlgorithmException)
                    throw (NoSuchAlgorithmException)t;
	    }
	    NoSuchAlgorithmException nsae = new
	        NoSuchAlgorithmException(algorithm + " not found");
	    nsae.initCause(ite);
	    throw nsae;
        }
    }

    /**
     * Returns a <code>CertPathBuilder</code> object that implements the
     * specified algorithm, as supplied by the specified provider.
     * Note: the <code>provider</code> doesn't have to be registered.
     *
     * @param algorithm the name of the requested <code>CertPathBuilder</code> 
     * algorithm
     * @param provider the provider
     * @return a <code>CertPathBuilder</code> object that implements the 
     * specified algorithm, as supplied by the specified provider
     * @exception NoSuchAlgorithmException if the requested algorithm is
     * not available from the specified provider
     * @exception IllegalArgumentException if the <code>provider</code> is
     * null.
     */
    public static CertPathBuilder getInstance(String algorithm,
					      Provider provider)
	throws NoSuchAlgorithmException
    {
	if (provider == null)
	    throw new IllegalArgumentException("missing provider");
 
	if (implMethod2Set.booleanValue() == false) {
	    synchronized (implMethod2Set) {
		if (implMethod2Set.booleanValue() == false) {
		    implMethod2 = (Method)
			AccessController.doPrivileged(
					   new PrivilegedAction() {
			    public Object run() {
				Method m = null;
				try {
				    m = cl.getDeclaredMethod("getImpl",
							     GET_IMPL_PARAMS2);
				    if (m != null)
					m.setAccessible(true);
				} catch (NoSuchMethodException nsme) {
				    if (debug != null)
					debug.println("CertPathBuilder." +
					      "getInstance(): Cannot find " +
					      "Security.getImpl(String, " +
					      "String, Provider)");
				}
				return m;
			    }
			});
		    implMethod2Set = new Boolean(true);
		}		
	    }
	}

	if (implMethod2 == null) {
	    throw new NoSuchAlgorithmException(algorithm +
					       " not found");
	}

	try {
	    // The underlying method is static, so we set the object
	    // argument to null.
	    Object[] objs = (Object[])implMethod2.invoke(null,
					       new Object[]
					       { algorithm,
						 "CertPathBuilder",
						 provider
					       } );
	    return new CertPathBuilder((CertPathBuilderSpi)objs[0],
				       (Provider)objs[1], algorithm);
	} catch (IllegalAccessException iae) {
	    NoSuchAlgorithmException nsae = new 
                           NoSuchAlgorithmException(algorithm + " not found");
	    nsae.initCause(iae);
	    throw nsae;
	} catch (InvocationTargetException ite) {
            Throwable t = ite.getCause();
            if (t != null && t instanceof NoSuchAlgorithmException)
                throw (NoSuchAlgorithmException)t;
	    NoSuchAlgorithmException nsae = new
                NoSuchAlgorithmException(algorithm + " not found");
	    nsae.initCause(ite);
	    throw nsae;
	}
    }

    /**
     * Returns the provider of this <code>CertPathBuilder</code>.
     *
     * @return the provider of this <code>CertPathBuilder</code>
     */
    public final Provider getProvider() {
	return this.provider;
    }

    /**
     * Returns the name of the algorithm of this <code>CertPathBuilder</code>.
     *
     * @return the name of the algorithm of this <code>CertPathBuilder</code>
     */
    public final String getAlgorithm() {
	return this.algorithm;
    }

    /**
     * Attempts to build a certification path using the specified algorithm
     * parameter set.
     *
     * @param params the algorithm parameters
     * @return the result of the build algorithm
     * @throws CertPathBuilderException if the builder is unable to construct 
     *  a certification path that satisfies the specified parameters
     * @throws InvalidAlgorithmParameterException if the specified parameters 
     * are inappropriate for this <code>CertPathBuilder</code>
     */
    public final CertPathBuilderResult build(CertPathParameters params)
	throws CertPathBuilderException, InvalidAlgorithmParameterException
    {
	return builderSpi.engineBuild(params);
    }

    /**
     * Returns the default <code>CertPathBuilder</code> type as specified in
     * the Java security properties file, or the string "PKIX"
     * if no such property exists. The Java security properties file is
     * located in the file named <JAVA_HOME>/lib/security/java.security,
     * where <JAVA_HOME> refers to the directory where the SDK was
     * installed.
     *
     * <p>The default <code>CertPathBuilder</code> type can be used by
     * applications that do not want to use a hard-coded type when calling one
     * of the <code>getInstance</code> methods, and want to provide a default
     * type in case a user does not specify its own.
     *
     * <p>The default <code>CertPathBuilder</code> type can be changed by
     * setting the value of the "certpathbuilder.type" security property
     * (in the Java security properties file) to the desired type.
     *
     * @return the default <code>CertPathBuilder</code> type as specified
     * in the Java security properties file, or the string "PKIX"
     * if no such property exists.
     */
    public final static String getDefaultType() {
        String cpbtype;
        cpbtype = (String)AccessController.doPrivileged(new PrivilegedAction() {
            public Object run() {
                return Security.getProperty(CPB_TYPE);
            }
        });
        if (cpbtype == null) {
            cpbtype = "PKIX";
        }
        return cpbtype;
    }
}