|
2
|
1 |
/*
|
|
|
2 |
* Copyright 2000-2006 Sun Microsystems, Inc. All Rights Reserved.
|
|
|
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
|
4 |
*
|
|
|
5 |
* This code is free software; you can redistribute it and/or modify it
|
|
|
6 |
* under the terms of the GNU General Public License version 2 only, as
|
|
|
7 |
* published by the Free Software Foundation. Sun designates this
|
|
|
8 |
* particular file as subject to the "Classpath" exception as provided
|
|
|
9 |
* by Sun in the LICENSE file that accompanied this code.
|
|
|
10 |
*
|
|
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that
|
|
|
15 |
* accompanied this code).
|
|
|
16 |
*
|
|
|
17 |
* You should have received a copy of the GNU General Public License version
|
|
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
20 |
*
|
|
|
21 |
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
|
|
22 |
* CA 95054 USA or visit www.sun.com if you need additional information or
|
|
|
23 |
* have any questions.
|
|
|
24 |
*/
|
|
|
25 |
package sun.security.provider.certpath;
|
|
|
26 |
|
|
|
27 |
|
|
|
28 |
import java.util.ArrayList;
|
|
|
29 |
import java.util.Collections;
|
|
|
30 |
import java.util.Iterator;
|
|
|
31 |
import java.util.List;
|
|
|
32 |
|
|
|
33 |
|
|
|
34 |
/**
|
|
|
35 |
* An AdjacencyList is used to store the history of certification paths
|
|
|
36 |
* attempted in constructing a path from an initiator to a target. The
|
|
|
37 |
* AdjacencyList is initialized with a <code>List</code> of
|
|
|
38 |
* <code>List</code>s, where each sub-<code>List</code> contains objects of
|
|
|
39 |
* type <code>Vertex</code>. A <code>Vertex</code> describes one possible or
|
|
|
40 |
* actual step in the chain building process, and the associated
|
|
|
41 |
* <code>Certificate</code>. Specifically, a <code>Vertex</code> object
|
|
|
42 |
* contains a <code>Certificate</code> and an index value referencing the
|
|
|
43 |
* next sub-list in the process. If the index value is -1 then this
|
|
|
44 |
* <code>Vertex</code> doesn't continue the attempted build path.
|
|
|
45 |
* <p>
|
|
|
46 |
* Example:
|
|
|
47 |
* <p>
|
|
|
48 |
* Attempted Paths:<ul>
|
|
|
49 |
* <li>C1->C2->C3
|
|
|
50 |
* <li>C1->C4->C5
|
|
|
51 |
* <li>C1->C4->C6
|
|
|
52 |
* <li>C1->C4->C7
|
|
|
53 |
* <li>C1->C8->C9
|
|
|
54 |
* <li>C1->C10->C11
|
|
|
55 |
* </ul>
|
|
|
56 |
* <p>
|
|
|
57 |
* AdjacencyList structure:<ul>
|
|
|
58 |
* <li>AL[0] = C1,1
|
|
|
59 |
* <li>AL[1] = C2,2 =>C4,3 =>C8,4 =>C10,5
|
|
|
60 |
* <li>AL[2] = C3,-1
|
|
|
61 |
* <li>AL[3] = C5,-1 =>C6,-1 =>C7,-1
|
|
|
62 |
* <li>AL[4] = C9,-1
|
|
|
63 |
* <li>AL[5] = C11,-1
|
|
|
64 |
* </ul>
|
|
|
65 |
* <p>
|
|
|
66 |
* The iterator method returns objects of type <code>BuildStep</code>, not
|
|
|
67 |
* objects of type <code>Vertex</code>.
|
|
|
68 |
* A <code>BuildStep</code> contains a <code>Vertex</code> and a result code,
|
|
|
69 |
* accessable via getResult method. There are five result values.
|
|
|
70 |
* <code>POSSIBLE</code> denotes that the current step represents a
|
|
|
71 |
* <code>Certificate</code> that the builder is considering at this point in
|
|
|
72 |
* the build. <code>FOLLOW</code> denotes a <code>Certificate</code> (one of
|
|
|
73 |
* those noted as <code>POSSIBLE</code>) that the builder is using to try
|
|
|
74 |
* extending the chain. <code>BACK</code> represents that a
|
|
|
75 |
* <code>FOLLOW</code> was incorrect, and is being removed from the chain.
|
|
|
76 |
* There is exactly one <code>FOLLOW</code> for each <code>BACK</code>. The
|
|
|
77 |
* values <code>SUCCEED</code> and <code>FAIL</code> mean that we've come to
|
|
|
78 |
* the end of the build process, and there will not be any more entries in
|
|
|
79 |
* the list.
|
|
|
80 |
* <p>
|
|
|
81 |
* @see sun.security.provider.certpath.BuildStep
|
|
|
82 |
* @see sun.security.provider.certpath.Vertex
|
|
|
83 |
* <p>
|
|
|
84 |
* @author seth proctor
|
|
|
85 |
* @since 1.4
|
|
|
86 |
*/
|
|
|
87 |
public class AdjacencyList {
|
|
|
88 |
|
|
|
89 |
// the actual set of steps the AdjacencyList represents
|
|
|
90 |
private ArrayList<BuildStep> mStepList;
|
|
|
91 |
|
|
|
92 |
// the original list, just for the toString method
|
|
|
93 |
private List<List<Vertex>> mOrigList;
|
|
|
94 |
|
|
|
95 |
/**
|
|
|
96 |
* Constructs a new <code>AdjacencyList</code> based on the specified
|
|
|
97 |
* <code>List</code>. See the example above.
|
|
|
98 |
*
|
|
|
99 |
* @param list a <code>List</code> of <code>List</code>s of
|
|
|
100 |
* <code>Vertex</code> objects
|
|
|
101 |
*/
|
|
|
102 |
public AdjacencyList(List<List<Vertex>> list) {
|
|
|
103 |
mStepList = new ArrayList<BuildStep>();
|
|
|
104 |
mOrigList = list;
|
|
|
105 |
buildList(list, 0, null);
|
|
|
106 |
}
|
|
|
107 |
|
|
|
108 |
/**
|
|
|
109 |
* Gets an <code>Iterator</code> to iterate over the set of
|
|
|
110 |
* <code>BuildStep</code>s in build-order. Any attempts to change
|
|
|
111 |
* the list through the remove method will fail.
|
|
|
112 |
*
|
|
|
113 |
* @return an <code>Iterator</code> over the <code>BuildStep</code>s
|
|
|
114 |
*/
|
|
|
115 |
public Iterator<BuildStep> iterator() {
|
|
|
116 |
return Collections.unmodifiableList(mStepList).iterator();
|
|
|
117 |
}
|
|
|
118 |
|
|
|
119 |
/**
|
|
|
120 |
* Recursive, private method which actually builds the step list from
|
|
|
121 |
* the given adjacency list. <code>Follow</code> is the parent BuildStep
|
|
|
122 |
* that we followed to get here, and if it's null, it means that we're
|
|
|
123 |
* at the start.
|
|
|
124 |
*/
|
|
|
125 |
private boolean buildList(List<List<Vertex>> theList, int index,
|
|
|
126 |
BuildStep follow) {
|
|
|
127 |
|
|
|
128 |
// Each time this method is called, we're examining a new list
|
|
|
129 |
// from the global list. So, we have to start by getting the list
|
|
|
130 |
// that contains the set of Vertexes we're considering.
|
|
|
131 |
List<Vertex> l = theList.get(index);
|
|
|
132 |
|
|
|
133 |
try {
|
|
|
134 |
// we're interested in the case where all indexes are -1...
|
|
|
135 |
boolean allNegOne = true;
|
|
|
136 |
// ...and in the case where every entry has a Throwable
|
|
|
137 |
boolean allXcps = true;
|
|
|
138 |
|
|
|
139 |
for (Vertex v : l) {
|
|
|
140 |
if (v.getIndex() != -1) {
|
|
|
141 |
// count an empty list the same as an index of -1...this
|
|
|
142 |
// is to patch a bug somewhere in the builder
|
|
|
143 |
if (theList.get(v.getIndex()).size() != 0)
|
|
|
144 |
allNegOne = false;
|
|
|
145 |
}
|
|
|
146 |
else
|
|
|
147 |
if (v.getThrowable() == null)
|
|
|
148 |
allXcps = false;
|
|
|
149 |
|
|
|
150 |
// every entry, regardless of the final use for it, is always
|
|
|
151 |
// entered as a possible step before we take any actions
|
|
|
152 |
mStepList.add(new BuildStep(v, BuildStep.POSSIBLE));
|
|
|
153 |
}
|
|
|
154 |
|
|
|
155 |
if (allNegOne) {
|
|
|
156 |
// There are two cases that we could be looking at here. We
|
|
|
157 |
// may need to back up, or the build may have succeeded at
|
|
|
158 |
// this point. This is based on whether or not any
|
|
|
159 |
// exceptions were found in the list.
|
|
|
160 |
if (allXcps) {
|
|
|
161 |
// we need to go back...see if this is the last one
|
|
|
162 |
if (follow == null)
|
|
|
163 |
mStepList.add(new BuildStep(null, BuildStep.FAIL));
|
|
|
164 |
else
|
|
|
165 |
mStepList.add(new BuildStep(follow.getVertex(),
|
|
|
166 |
BuildStep.BACK));
|
|
|
167 |
|
|
|
168 |
return false;
|
|
|
169 |
} else {
|
|
|
170 |
// we succeeded...now the only question is which is the
|
|
|
171 |
// successful step? If there's only one entry without
|
|
|
172 |
// a throwable, then that's the successful step. Otherwise,
|
|
|
173 |
// we'll have to make some guesses...
|
|
|
174 |
List<Vertex> possibles = new ArrayList<Vertex>();
|
|
|
175 |
for (Vertex v : l) {
|
|
|
176 |
if (v.getThrowable() == null)
|
|
|
177 |
possibles.add(v);
|
|
|
178 |
}
|
|
|
179 |
|
|
|
180 |
if (possibles.size() == 1) {
|
|
|
181 |
// real easy...we've found the final Vertex
|
|
|
182 |
mStepList.add(new BuildStep(possibles.get(0),
|
|
|
183 |
BuildStep.SUCCEED));
|
|
|
184 |
} else {
|
|
|
185 |
// ok...at this point, there is more than one Cert
|
|
|
186 |
// which might be the succeed step...how do we know
|
|
|
187 |
// which it is? I'm going to assume that our builder
|
|
|
188 |
// algorithm is good enough to know which is the
|
|
|
189 |
// correct one, and put it first...but a FIXME goes
|
|
|
190 |
// here anyway, and we should be comparing to the
|
|
|
191 |
// target/initiator Cert...
|
|
|
192 |
mStepList.add(new BuildStep(possibles.get(0),
|
|
|
193 |
BuildStep.SUCCEED));
|
|
|
194 |
}
|
|
|
195 |
|
|
|
196 |
return true;
|
|
|
197 |
}
|
|
|
198 |
} else {
|
|
|
199 |
// There's at least one thing that we can try before we give
|
|
|
200 |
// up and go back. Run through the list now, and enter a new
|
|
|
201 |
// BuildStep for each path that we try to follow. If none of
|
|
|
202 |
// the paths we try produce a successful end, we're going to
|
|
|
203 |
// have to back out ourselves.
|
|
|
204 |
boolean success = false;
|
|
|
205 |
|
|
|
206 |
for (Vertex v : l) {
|
|
|
207 |
|
|
|
208 |
// Note that we'll only find a SUCCEED case when we're
|
|
|
209 |
// looking at the last possible path, so we don't need to
|
|
|
210 |
// consider success in the while loop
|
|
|
211 |
|
|
|
212 |
if (v.getIndex() != -1) {
|
|
|
213 |
if (theList.get(v.getIndex()).size() != 0) {
|
|
|
214 |
// If the entry we're looking at doesn't have an
|
|
|
215 |
// index of -1, and doesn't lead to an empty list,
|
|
|
216 |
// then it's something we follow!
|
|
|
217 |
BuildStep bs = new BuildStep(v, BuildStep.FOLLOW);
|
|
|
218 |
mStepList.add(bs);
|
|
|
219 |
success = buildList(theList, v.getIndex(), bs);
|
|
|
220 |
}
|
|
|
221 |
}
|
|
|
222 |
}
|
|
|
223 |
|
|
|
224 |
if (success) {
|
|
|
225 |
// We're already finished!
|
|
|
226 |
return true;
|
|
|
227 |
} else {
|
|
|
228 |
// We failed, and we've exhausted all the paths that we
|
|
|
229 |
// could take. The only choice is to back ourselves out.
|
|
|
230 |
if (follow == null)
|
|
|
231 |
mStepList.add(new BuildStep(null, BuildStep.FAIL));
|
|
|
232 |
else
|
|
|
233 |
mStepList.add(new BuildStep(follow.getVertex(),
|
|
|
234 |
BuildStep.BACK));
|
|
|
235 |
|
|
|
236 |
return false;
|
|
|
237 |
}
|
|
|
238 |
}
|
|
|
239 |
}
|
|
|
240 |
catch (Exception e) {}
|
|
|
241 |
|
|
|
242 |
// we'll never get here, but you know java...
|
|
|
243 |
return false;
|
|
|
244 |
}
|
|
|
245 |
|
|
|
246 |
/**
|
|
|
247 |
* Prints out a string representation of this AdjacencyList.
|
|
|
248 |
*
|
|
|
249 |
* @return String representation
|
|
|
250 |
*/
|
|
|
251 |
public String toString() {
|
|
|
252 |
String out = "[\n";
|
|
|
253 |
|
|
|
254 |
int i = 0;
|
|
|
255 |
for (List<Vertex> l : mOrigList) {
|
|
|
256 |
out = out + "LinkedList[" + i++ + "]:\n";
|
|
|
257 |
|
|
|
258 |
for (Vertex step : l) {
|
|
|
259 |
try {
|
|
|
260 |
out = out + step.toString();
|
|
|
261 |
out = out + "\n";
|
|
|
262 |
}
|
|
|
263 |
catch (Exception e) { out = out + "No Such Element\n"; }
|
|
|
264 |
}
|
|
|
265 |
}
|
|
|
266 |
out = out + "]\n";
|
|
|
267 |
|
|
|
268 |
return out;
|
|
|
269 |
}
|
|
|
270 |
}
|