class X500Provider extends BaseProvider
Modifier and Type | Class and Description |
---|---|
(package private) class |
X500Provider.SigningBufferFactory
Buffer factory which signs data written into the buffers it dispenses.
|
Modifier and Type | Field and Description |
---|---|
private static AuthPermission |
authPermission |
private CertStore[] |
certStores |
private static Pattern |
hostPortPattern |
private static int |
INT_LEN |
private static String |
JSSE |
protected String |
keyAlgorithm
The key algorithm name (for example, "DSA").
|
protected String |
keyAlgorithmOID
The key algorithm OID.
|
(package private) static Logger |
logger |
protected int |
maxSignatureLength
The maximum length of generated signatures, in bytes.
|
private static String |
NAME |
protected String |
signatureAlgorithm
The signature algorithm (for example, "SHA1withDSA").
|
private Object |
storeLock |
private KeyStore |
trustStore |
formatName
Constructor and Description |
---|
X500Provider(String formatName,
String signatureAlgorithm,
int maxSignatureLength,
String keyAlgorithm,
String keyAlgorithmOID)
Creates an instance with the given attributes.
|
Modifier and Type | Method and Description |
---|---|
private static boolean |
canGetSubject()
Test whether the caller has AuthPermission("getSubject").
|
(package private) void |
checkAuthenticationPermission(X500Principal principal,
String action)
If a security manager is installed, checks that the calling context has
AuthenticationPermission for the given principal and action (with no
peer principal specified).
|
private static void |
checkCertificate(X509Certificate cert)
Throws a CertificateException if the given certificate is not currently
valid, or specifies a KeyUsage extension which prohibits use in digital
signatures.
|
private static ByteBuffer |
ensureArrayBacking(ByteBuffer buf)
Returns given buffer if it is backed by an array; otherwise, returns a
newly created array-backed buffer into which the remaining contents of
the given buffer have been transferred.
|
protected Certificate |
getCertificate(X500Principal principal)
Returns certificate corresponding to the given principal, or null if no
matching certificate can be found.
|
private Certificate |
getCertificate0(X500Principal principal)
Main body of getCertificate(), called from within a doPrivileged block.
|
(package private) X500PrivateCredential[] |
getPrivateCredentials()
Returns non-null array containing the usable X.500 private credentials
of the current subject (if any).
|
private Signature |
getSignature()
Returns newly obtained Signature implementing the signature algorithm
for this instance.
|
private void |
initStores()
Initializes trust store and cert stores based on system property values.
|
(package private) static void |
secureThrow(SecurityException detailedException,
UnsupportedConstraintException genericException)
Only throw non-generic exception if caller has getSubject
permission.
|
private static Collection |
syncGetInstances(Collection coll,
Class cl)
Returns a new collection containing all instances of the specified class
contained in the given collection.
|
(package private) boolean |
verify(ByteBuffer data,
ByteBuffer sig,
PublicKey key)
Returns true if the sig buffer contains the signature of the contents of
the data buffer; returns false otherwise.
|
getFormatName
private static final String NAME
private static final String JSSE
private static final int INT_LEN
private static final Pattern hostPortPattern
private static final AuthPermission authPermission
static final Logger logger
protected final String signatureAlgorithm
protected final int maxSignatureLength
protected final String keyAlgorithm
protected final String keyAlgorithmOID
private KeyStore trustStore
private CertStore[] certStores
private final Object storeLock
protected Certificate getCertificate(X500Principal principal) throws IOException, GeneralSecurityException
The default implementation of this method does the following: the first time this method is called on this instance, a keystore containing trust anchors for the certificate to return is loaded. The location of the file to load the keystore from can be specified (in order of precedence) by the com.sun.jini.discovery.x500.trustStore and javax.net.ssl.trustStore system properties; if no location is specified, then the cacerts file in the lib/security subdirectory of the JDK installation directory is used. If specified, the location is treated as a URL. If no protocol is specified in the URL or it is an unknown protocol, then, the location is treated as a file name. Depending on which system property is used to specify the keystore location, the com.sun.jini.discovery.x500.trustStoreType and com.sun.jini.discovery.x500.trustStorePassword or javax.net.ssl.trustStoreType and javax.net.ssl.trustStorePassword system properties can be used to specify the type of the keystore and the password to use when loading it. If no keystore type is specified, then the type returned by KeyStore.getDefaultType() is used; if no password is specified, then no password is used when loading the keystore. Additionally, if the com.sun.jini.discovery.x500.ldapCertStores system property is set, its value is interpreted as a comma-separated list of "host[:port]" elements which are used to obtain references to LDAP-based CertStore instances.
For each call, the default implementation of this method creates a PKIX CertPathBuilder and calls its build method, passing as the argument a PKIXBuilderParameters instance initialized with the aforementioned keystore, CertStores (if any), and a CertSelector based on the provided X.500 principal and the key algorithm OID for this instance. If the build operation succeeds, the resulting certificate is returned.
IOException
GeneralSecurityException
X500PrivateCredential[] getPrivateCredentials()
private static boolean canGetSubject()
static void secureThrow(SecurityException detailedException, UnsupportedConstraintException genericException) throws UnsupportedConstraintException
detailedException
- the real
SecurityException
to be thrown if caller
has the "getSubject" AuthPermission
genericException
- the generic
UnsupportedConstraintException
to be thrown
if caller does not have the "getSubject"
AuthPermission
UnsupportedConstraintException
void checkAuthenticationPermission(X500Principal principal, String action)
boolean verify(ByteBuffer data, ByteBuffer sig, PublicKey key) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException
private Certificate getCertificate0(X500Principal principal) throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
private void initStores() throws IOException, GeneralSecurityException
IOException
GeneralSecurityException
private Signature getSignature() throws NoSuchAlgorithmException
NoSuchAlgorithmException
private static Collection syncGetInstances(Collection coll, Class cl)
private static void checkCertificate(X509Certificate cert) throws CertificateException
CertificateException
private static ByteBuffer ensureArrayBacking(ByteBuffer buf)
Copyright 2007-2013, multiple authors.
Licensed under the Apache License, Version 2.0, see the NOTICE file for attributions.