001 /*
002 * Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved.
003 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
004 *
005 * This code is free software; you can redistribute it and/or modify it
006 * under the terms of the GNU General Public License version 2 only, as
007 * published by the Free Software Foundation. Sun designates this
008 * particular file as subject to the "Classpath" exception as provided
009 * by Sun in the LICENSE file that accompanied this code.
010 *
011 * This code is distributed in the hope that it will be useful, but WITHOUT
012 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
013 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
014 * version 2 for more details (a copy is included in the LICENSE file that
015 * accompanied this code).
016 *
017 * You should have received a copy of the GNU General Public License version
018 * 2 along with this work; if not, write to the Free Software Foundation,
019 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
020 *
021 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
022 * CA 95054 USA or visit www.sun.com if you need additional information or
023 * have any questions.
024 */
025
026 package java.security;
027
028 import java.io.Serializable;
029 import java.util.*;
030
031 /**
032 * <p>This class represents identities: real-world objects such as people,
033 * companies or organizations whose identities can be authenticated using
034 * their public keys. Identities may also be more abstract (or concrete)
035 * constructs, such as daemon threads or smart cards.
036 *
037 * <p>All Identity objects have a name and a public key. Names are
038 * immutable. Identities may also be scoped. That is, if an Identity is
039 * specified to have a particular scope, then the name and public
040 * key of the Identity are unique within that scope.
041 *
042 * <p>An Identity also has a set of certificates (all certifying its own
043 * public key). The Principal names specified in these certificates need
044 * not be the same, only the key.
045 *
046 * <p>An Identity can be subclassed, to include postal and email addresses,
047 * telephone numbers, images of faces and logos, and so on.
048 *
049 * @see IdentityScope
050 * @see Signer
051 * @see Principal
052 *
053 * @version 1.69
054 * @author Benjamin Renaud
055 * @deprecated This class is no longer used. Its functionality has been
056 * replaced by <code>java.security.KeyStore</code>, the
057 * <code>java.security.cert</code> package, and
058 * <code>java.security.Principal</code>.
059 */
060 @Deprecated
061 public abstract class Identity implements Principal, Serializable {
062
063 /** use serialVersionUID from JDK 1.1.x for interoperability */
064 private static final long serialVersionUID = 3609922007826600659L;
065
066 /**
067 * The name for this identity.
068 *
069 * @serial
070 */
071 private String name;
072
073 /**
074 * The public key for this identity.
075 *
076 * @serial
077 */
078 private PublicKey publicKey;
079
080 /**
081 * Generic, descriptive information about the identity.
082 *
083 * @serial
084 */
085 String info = "No further information available.";
086
087 /**
088 * The scope of the identity.
089 *
090 * @serial
091 */
092 IdentityScope scope;
093
094 /**
095 * The certificates for this identity.
096 *
097 * @serial
098 */
099 Vector<Certificate> certificates;
100
101 /**
102 * Constructor for serialization only.
103 */
104 protected Identity() {
105 this ("restoring...");
106 }
107
108 /**
109 * Constructs an identity with the specified name and scope.
110 *
111 * @param name the identity name.
112 * @param scope the scope of the identity.
113 *
114 * @exception KeyManagementException if there is already an identity
115 * with the same name in the scope.
116 */
117 public Identity(String name, IdentityScope scope)
118 throws KeyManagementException {
119 this (name);
120 if (scope != null) {
121 scope.addIdentity(this );
122 }
123 this .scope = scope;
124 }
125
126 /**
127 * Constructs an identity with the specified name and no scope.
128 *
129 * @param name the identity name.
130 */
131 public Identity(String name) {
132 this .name = name;
133 }
134
135 /**
136 * Returns this identity's name.
137 *
138 * @return the name of this identity.
139 */
140 public final String getName() {
141 return name;
142 }
143
144 /**
145 * Returns this identity's scope.
146 *
147 * @return the scope of this identity.
148 */
149 public final IdentityScope getScope() {
150 return scope;
151 }
152
153 /**
154 * Returns this identity's public key.
155 *
156 * @return the public key for this identity.
157 *
158 * @see #setPublicKey
159 */
160 public PublicKey getPublicKey() {
161 return publicKey;
162 }
163
164 /**
165 * Sets this identity's public key. The old key and all of this
166 * identity's certificates are removed by this operation.
167 *
168 * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
169 * method is called with <code>"setIdentityPublicKey"</code>
170 * as its argument to see if it's ok to set the public key.
171 *
172 * @param key the public key for this identity.
173 *
174 * @exception KeyManagementException if another identity in the
175 * identity's scope has the same public key, or if another exception occurs.
176 *
177 * @exception SecurityException if a security manager exists and its
178 * <code>checkSecurityAccess</code> method doesn't allow
179 * setting the public key.
180 *
181 * @see #getPublicKey
182 * @see SecurityManager#checkSecurityAccess
183 */
184 /* Should we throw an exception if this is already set? */
185 public void setPublicKey(PublicKey key)
186 throws KeyManagementException {
187
188 check("setIdentityPublicKey");
189 this .publicKey = key;
190 certificates = new Vector<Certificate>();
191 }
192
193 /**
194 * Specifies a general information string for this identity.
195 *
196 * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
197 * method is called with <code>"setIdentityInfo"</code>
198 * as its argument to see if it's ok to specify the information string.
199 *
200 * @param info the information string.
201 *
202 * @exception SecurityException if a security manager exists and its
203 * <code>checkSecurityAccess</code> method doesn't allow
204 * setting the information string.
205 *
206 * @see #getInfo
207 * @see SecurityManager#checkSecurityAccess
208 */
209 public void setInfo(String info) {
210 check("setIdentityInfo");
211 this .info = info;
212 }
213
214 /**
215 * Returns general information previously specified for this identity.
216 *
217 * @return general information about this identity.
218 *
219 * @see #setInfo
220 */
221 public String getInfo() {
222 return info;
223 }
224
225 /**
226 * Adds a certificate for this identity. If the identity has a public
227 * key, the public key in the certificate must be the same, and if
228 * the identity does not have a public key, the identity's
229 * public key is set to be that specified in the certificate.
230 *
231 * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
232 * method is called with <code>"addIdentityCertificate"</code>
233 * as its argument to see if it's ok to add a certificate.
234 *
235 * @param certificate the certificate to be added.
236 *
237 * @exception KeyManagementException if the certificate is not valid,
238 * if the public key in the certificate being added conflicts with
239 * this identity's public key, or if another exception occurs.
240 *
241 * @exception SecurityException if a security manager exists and its
242 * <code>checkSecurityAccess</code> method doesn't allow
243 * adding a certificate.
244 *
245 * @see SecurityManager#checkSecurityAccess
246 */
247 public void addCertificate(Certificate certificate)
248 throws KeyManagementException {
249
250 check("addIdentityCertificate");
251
252 if (certificates == null) {
253 certificates = new Vector<Certificate>();
254 }
255 if (publicKey != null) {
256 if (!keyEquals(publicKey, certificate.getPublicKey())) {
257 throw new KeyManagementException(
258 "public key different from cert public key");
259 }
260 } else {
261 publicKey = certificate.getPublicKey();
262 }
263 certificates.addElement(certificate);
264 }
265
266 private boolean keyEquals(Key aKey, Key anotherKey) {
267 String aKeyFormat = aKey.getFormat();
268 String anotherKeyFormat = anotherKey.getFormat();
269 if ((aKeyFormat == null) ^ (anotherKeyFormat == null))
270 return false;
271 if (aKeyFormat != null && anotherKeyFormat != null)
272 if (!aKeyFormat.equalsIgnoreCase(anotherKeyFormat))
273 return false;
274 return java.util.Arrays.equals(aKey.getEncoded(), anotherKey
275 .getEncoded());
276 }
277
278 /**
279 * Removes a certificate from this identity.
280 *
281 * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
282 * method is called with <code>"removeIdentityCertificate"</code>
283 * as its argument to see if it's ok to remove a certificate.
284 *
285 * @param certificate the certificate to be removed.
286 *
287 * @exception KeyManagementException if the certificate is
288 * missing, or if another exception occurs.
289 *
290 * @exception SecurityException if a security manager exists and its
291 * <code>checkSecurityAccess</code> method doesn't allow
292 * removing a certificate.
293 *
294 * @see SecurityManager#checkSecurityAccess
295 */
296 public void removeCertificate(Certificate certificate)
297 throws KeyManagementException {
298 check("removeIdentityCertificate");
299 if (certificates != null) {
300 certificates.removeElement(certificate);
301 }
302 }
303
304 /**
305 * Returns a copy of all the certificates for this identity.
306 *
307 * @return a copy of all the certificates for this identity.
308 */
309 public Certificate[] certificates() {
310 if (certificates == null) {
311 return new Certificate[0];
312 }
313 int len = certificates.size();
314 Certificate[] certs = new Certificate[len];
315 certificates.copyInto(certs);
316 return certs;
317 }
318
319 /**
320 * Tests for equality between the specified object and this identity.
321 * This first tests to see if the entities actually refer to the same
322 * object, in which case it returns true. Next, it checks to see if
323 * the entities have the same name and the same scope. If they do,
324 * the method returns true. Otherwise, it calls
325 * {@link #identityEquals(Identity) identityEquals}, which subclasses should
326 * override.
327 *
328 * @param identity the object to test for equality with this identity.
329 *
330 * @return true if the objects are considered equal, false otherwise.
331 *
332 * @see #identityEquals
333 */
334 public final boolean equals(Object identity) {
335
336 if (identity == this ) {
337 return true;
338 }
339
340 if (identity instanceof Identity) {
341 Identity i = (Identity) identity;
342 if (this .fullName().equals(i.fullName())) {
343 return true;
344 } else {
345 return identityEquals(i);
346 }
347 }
348 return false;
349 }
350
351 /**
352 * Tests for equality between the specified identity and this identity.
353 * This method should be overriden by subclasses to test for equality.
354 * The default behavior is to return true if the names and public keys
355 * are equal.
356 *
357 * @param identity the identity to test for equality with this identity.
358 *
359 * @return true if the identities are considered equal, false
360 * otherwise.
361 *
362 * @see #equals
363 */
364 protected boolean identityEquals(Identity identity) {
365 if (!name.equalsIgnoreCase(identity.name))
366 return false;
367
368 if ((publicKey == null) ^ (identity.publicKey == null))
369 return false;
370
371 if (publicKey != null && identity.publicKey != null)
372 if (!publicKey.equals(identity.publicKey))
373 return false;
374
375 return true;
376
377 }
378
379 /**
380 * Returns a parsable name for identity: identityName.scopeName
381 */
382 String fullName() {
383 String parsable = name;
384 if (scope != null) {
385 parsable += "." + scope.getName();
386 }
387 return parsable;
388 }
389
390 /**
391 * Returns a short string describing this identity, telling its
392 * name and its scope (if any).
393 *
394 * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
395 * method is called with <code>"printIdentity"</code>
396 * as its argument to see if it's ok to return the string.
397 *
398 * @return information about this identity, such as its name and the
399 * name of its scope (if any).
400 *
401 * @exception SecurityException if a security manager exists and its
402 * <code>checkSecurityAccess</code> method doesn't allow
403 * returning a string describing this identity.
404 *
405 * @see SecurityManager#checkSecurityAccess
406 */
407 public String toString() {
408 check("printIdentity");
409 String printable = name;
410 if (scope != null) {
411 printable += "[" + scope.getName() + "]";
412 }
413 return printable;
414 }
415
416 /**
417 * Returns a string representation of this identity, with
418 * optionally more details than that provided by the
419 * <code>toString</code> method without any arguments.
420 *
421 * <p>First, if there is a security manager, its <code>checkSecurityAccess</code>
422 * method is called with <code>"printIdentity"</code>
423 * as its argument to see if it's ok to return the string.
424 *
425 * @param detailed whether or not to provide detailed information.
426 *
427 * @return information about this identity. If <code>detailed</code>
428 * is true, then this method returns more information than that
429 * provided by the <code>toString</code> method without any arguments.
430 *
431 * @exception SecurityException if a security manager exists and its
432 * <code>checkSecurityAccess</code> method doesn't allow
433 * returning a string describing this identity.
434 *
435 * @see #toString
436 * @see SecurityManager#checkSecurityAccess
437 */
438 public String toString(boolean detailed) {
439 String out = toString();
440 if (detailed) {
441 out += "\n";
442 out += printKeys();
443 out += "\n" + printCertificates();
444 if (info != null) {
445 out += "\n\t" + info;
446 } else {
447 out += "\n\tno additional information available.";
448 }
449 }
450 return out;
451 }
452
453 String printKeys() {
454 String key = "";
455 if (publicKey != null) {
456 key = "\tpublic key initialized";
457 } else {
458 key = "\tno public key";
459 }
460 return key;
461 }
462
463 String printCertificates() {
464 String out = "";
465 if (certificates == null) {
466 return "\tno certificates";
467 } else {
468 out += "\tcertificates: \n";
469
470 int i = 1;
471 for (Certificate cert : certificates) {
472 out += "\tcertificate " + i++ + "\tfor : "
473 + cert.getPrincipal() + "\n";
474 out += "\t\t\tfrom : " + cert.getGuarantor() + "\n";
475 }
476 }
477 return out;
478 }
479
480 /**
481 * Returns a hashcode for this identity.
482 *
483 * @return a hashcode for this identity.
484 */
485 public int hashCode() {
486 return name.hashCode();
487 }
488
489 private static void check(String directive) {
490 SecurityManager security = System.getSecurityManager();
491 if (security != null) {
492 security.checkSecurityAccess(directive);
493 }
494 }
495 }
|