View Javadoc
1   /*
2    * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4    *
5    * This code is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU General Public License version 2 only, as
7    * published by the Free Software Foundation.  Oracle designates this
8    * particular file as subject to the "Classpath" exception as provided
9    * by Oracle in the LICENSE file that accompanied this code.
10   *
11   * This code is distributed in the hope that it will be useful, but WITHOUT
12   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13   * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14   * version 2 for more details (a copy is included in the LICENSE file that
15   * accompanied this code).
16   *
17   * You should have received a copy of the GNU General Public License version
18   * 2 along with this work; if not, write to the Free Software Foundation,
19   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20   *
21   * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22   * or visit www.oracle.com if you need additional information or have any
23   * questions.
24   */
25  
26  package sun.security.provider.certpath;
27  
28  import java.security.cert.Certificate;
29  import java.security.cert.X509Certificate;
30  import java.security.cert.CertPathValidatorException;
31  import java.security.cert.PKIXCertPathChecker;
32  import java.util.Set;
33  import java.util.Collection;
34  import sun.security.util.Debug;
35  import sun.security.util.UntrustedCertificates;
36  
37  /**
38   * A <code>PKIXCertPathChecker</code> implementation to check whether a
39   * specified certificate is distrusted.
40   *
41   * @see PKIXCertPathChecker
42   * @see PKIXParameters
43   */
44  final public class UntrustedChecker extends PKIXCertPathChecker {
45  
46      private static final Debug debug = Debug.getInstance("certpath");
47  
48      /**
49       * Default Constructor
50       */
51      public UntrustedChecker() {
52          // blank
53      }
54  
55      @Override
56      public void init(boolean forward) throws CertPathValidatorException {
57          // Note that this class supports both forward and reverse modes.
58      }
59  
60      @Override
61      public boolean isForwardCheckingSupported() {
62          // Note that this class supports both forward and reverse modes.
63          return true;
64      }
65  
66      @Override
67      public Set<String> getSupportedExtensions() {
68          return null;
69      }
70  
71      @Override
72      public void check(Certificate cert,
73              Collection<String> unresolvedCritExts)
74              throws CertPathValidatorException {
75  
76          X509Certificate currCert = (X509Certificate)cert;
77  
78          if (UntrustedCertificates.isUntrusted(currCert)) {
79              if (debug != null) {
80                  debug.println("UntrustedChecker: untrusted certificate " +
81                          currCert.getSubjectX500Principal());
82              }
83  
84              throw new CertPathValidatorException(
85                  "Untrusted certificate: " + currCert.getSubjectX500Principal());
86          }
87      }
88  }
89