Path: blob/aarch64-shenandoah-jdk8u272-b10/jdk/src/share/classes/java/security/Identity.java
38829 views
/*1* Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package java.security;2627import java.io.Serializable;28import java.util.*;2930/**31* <p>This class represents identities: real-world objects such as people,32* companies or organizations whose identities can be authenticated using33* their public keys. Identities may also be more abstract (or concrete)34* constructs, such as daemon threads or smart cards.35*36* <p>All Identity objects have a name and a public key. Names are37* immutable. Identities may also be scoped. That is, if an Identity is38* specified to have a particular scope, then the name and public39* key of the Identity are unique within that scope.40*41* <p>An Identity also has a set of certificates (all certifying its own42* public key). The Principal names specified in these certificates need43* not be the same, only the key.44*45* <p>An Identity can be subclassed, to include postal and email addresses,46* telephone numbers, images of faces and logos, and so on.47*48* @see IdentityScope49* @see Signer50* @see Principal51*52* @author Benjamin Renaud53* @deprecated This class is no longer used. Its functionality has been54* replaced by {@code java.security.KeyStore}, the55* {@code java.security.cert} package, and56* {@code java.security.Principal}.57*/58@Deprecated59public abstract class Identity implements Principal, Serializable {6061/** use serialVersionUID from JDK 1.1.x for interoperability */62private static final long serialVersionUID = 3609922007826600659L;6364/**65* The name for this identity.66*67* @serial68*/69private String name;7071/**72* The public key for this identity.73*74* @serial75*/76private PublicKey publicKey;7778/**79* Generic, descriptive information about the identity.80*81* @serial82*/83String info = "No further information available.";8485/**86* The scope of the identity.87*88* @serial89*/90IdentityScope scope;9192/**93* The certificates for this identity.94*95* @serial96*/97Vector<Certificate> certificates;9899/**100* Constructor for serialization only.101*/102protected Identity() {103this("restoring...");104}105106/**107* Constructs an identity with the specified name and scope.108*109* @param name the identity name.110* @param scope the scope of the identity.111*112* @exception KeyManagementException if there is already an identity113* with the same name in the scope.114*/115public Identity(String name, IdentityScope scope) throws116KeyManagementException {117this(name);118if (scope != null) {119scope.addIdentity(this);120}121this.scope = scope;122}123124/**125* Constructs an identity with the specified name and no scope.126*127* @param name the identity name.128*/129public Identity(String name) {130this.name = name;131}132133/**134* Returns this identity's name.135*136* @return the name of this identity.137*/138public final String getName() {139return name;140}141142/**143* Returns this identity's scope.144*145* @return the scope of this identity.146*/147public final IdentityScope getScope() {148return scope;149}150151/**152* Returns this identity's public key.153*154* @return the public key for this identity.155*156* @see #setPublicKey157*/158public PublicKey getPublicKey() {159return publicKey;160}161162/**163* Sets this identity's public key. The old key and all of this164* identity's certificates are removed by this operation.165*166* <p>First, if there is a security manager, its {@code checkSecurityAccess}167* method is called with {@code "setIdentityPublicKey"}168* as its argument to see if it's ok to set the public key.169*170* @param key the public key for this identity.171*172* @exception KeyManagementException if another identity in the173* identity's scope has the same public key, or if another exception occurs.174*175* @exception SecurityException if a security manager exists and its176* {@code checkSecurityAccess} method doesn't allow177* setting the public key.178*179* @see #getPublicKey180* @see SecurityManager#checkSecurityAccess181*/182/* Should we throw an exception if this is already set? */183public void setPublicKey(PublicKey key) throws KeyManagementException {184185check("setIdentityPublicKey");186this.publicKey = key;187certificates = new Vector<Certificate>();188}189190/**191* Specifies a general information string for this identity.192*193* <p>First, if there is a security manager, its {@code checkSecurityAccess}194* method is called with {@code "setIdentityInfo"}195* as its argument to see if it's ok to specify the information string.196*197* @param info the information string.198*199* @exception SecurityException if a security manager exists and its200* {@code checkSecurityAccess} method doesn't allow201* setting the information string.202*203* @see #getInfo204* @see SecurityManager#checkSecurityAccess205*/206public void setInfo(String info) {207check("setIdentityInfo");208this.info = info;209}210211/**212* Returns general information previously specified for this identity.213*214* @return general information about this identity.215*216* @see #setInfo217*/218public String getInfo() {219return info;220}221222/**223* Adds a certificate for this identity. If the identity has a public224* key, the public key in the certificate must be the same, and if225* the identity does not have a public key, the identity's226* public key is set to be that specified in the certificate.227*228* <p>First, if there is a security manager, its {@code checkSecurityAccess}229* method is called with {@code "addIdentityCertificate"}230* as its argument to see if it's ok to add a certificate.231*232* @param certificate the certificate to be added.233*234* @exception KeyManagementException if the certificate is not valid,235* if the public key in the certificate being added conflicts with236* this identity's public key, or if another exception occurs.237*238* @exception SecurityException if a security manager exists and its239* {@code checkSecurityAccess} method doesn't allow240* adding a certificate.241*242* @see SecurityManager#checkSecurityAccess243*/244public void addCertificate(Certificate certificate)245throws KeyManagementException {246247check("addIdentityCertificate");248249if (certificates == null) {250certificates = new Vector<Certificate>();251}252if (publicKey != null) {253if (!keyEquals(publicKey, certificate.getPublicKey())) {254throw new KeyManagementException(255"public key different from cert public key");256}257} else {258publicKey = certificate.getPublicKey();259}260certificates.addElement(certificate);261}262263private boolean keyEquals(PublicKey aKey, PublicKey anotherKey) {264String aKeyFormat = aKey.getFormat();265String anotherKeyFormat = anotherKey.getFormat();266if ((aKeyFormat == null) ^ (anotherKeyFormat == null))267return false;268if (aKeyFormat != null && anotherKeyFormat != null)269if (!aKeyFormat.equalsIgnoreCase(anotherKeyFormat))270return false;271return java.util.Arrays.equals(aKey.getEncoded(),272anotherKey.getEncoded());273}274275276/**277* Removes a certificate from this identity.278*279* <p>First, if there is a security manager, its {@code checkSecurityAccess}280* method is called with {@code "removeIdentityCertificate"}281* as its argument to see if it's ok to remove a certificate.282*283* @param certificate the certificate to be removed.284*285* @exception KeyManagementException if the certificate is286* missing, or if another exception occurs.287*288* @exception SecurityException if a security manager exists and its289* {@code checkSecurityAccess} method doesn't allow290* removing a certificate.291*292* @see SecurityManager#checkSecurityAccess293*/294public void removeCertificate(Certificate certificate)295throws KeyManagementException {296check("removeIdentityCertificate");297if (certificates != null) {298certificates.removeElement(certificate);299}300}301302/**303* Returns a copy of all the certificates for this identity.304*305* @return a copy of all the certificates for this identity.306*/307public Certificate[] certificates() {308if (certificates == null) {309return new Certificate[0];310}311int len = certificates.size();312Certificate[] certs = new Certificate[len];313certificates.copyInto(certs);314return certs;315}316317/**318* Tests for equality between the specified object and this identity.319* This first tests to see if the entities actually refer to the same320* object, in which case it returns true. Next, it checks to see if321* the entities have the same name and the same scope. If they do,322* the method returns true. Otherwise, it calls323* {@link #identityEquals(Identity) identityEquals}, which subclasses should324* override.325*326* @param identity the object to test for equality with this identity.327*328* @return true if the objects are considered equal, false otherwise.329*330* @see #identityEquals331*/332public final boolean equals(Object identity) {333334if (identity == this) {335return true;336}337338if (identity instanceof Identity) {339Identity i = (Identity)identity;340if (this.fullName().equals(i.fullName())) {341return true;342} else {343return identityEquals(i);344}345}346return false;347}348349/**350* Tests for equality between the specified identity and this identity.351* This method should be overriden by subclasses to test for equality.352* The default behavior is to return true if the names and public keys353* are equal.354*355* @param identity the identity to test for equality with this identity.356*357* @return true if the identities are considered equal, false358* otherwise.359*360* @see #equals361*/362protected boolean identityEquals(Identity identity) {363if (!name.equalsIgnoreCase(identity.name))364return false;365366if ((publicKey == null) ^ (identity.publicKey == null))367return false;368369if (publicKey != null && identity.publicKey != null)370if (!publicKey.equals(identity.publicKey))371return false;372373return true;374375}376377/**378* Returns a parsable name for identity: identityName.scopeName379*/380String fullName() {381String parsable = name;382if (scope != null) {383parsable += "." + scope.getName();384}385return parsable;386}387388/**389* Returns a short string describing this identity, telling its390* name and its scope (if any).391*392* <p>First, if there is a security manager, its {@code checkSecurityAccess}393* method is called with {@code "printIdentity"}394* as its argument to see if it's ok to return the string.395*396* @return information about this identity, such as its name and the397* name of its scope (if any).398*399* @exception SecurityException if a security manager exists and its400* {@code checkSecurityAccess} method doesn't allow401* returning a string describing this identity.402*403* @see SecurityManager#checkSecurityAccess404*/405public String toString() {406check("printIdentity");407String printable = name;408if (scope != null) {409printable += "[" + scope.getName() + "]";410}411return printable;412}413414/**415* Returns a string representation of this identity, with416* optionally more details than that provided by the417* {@code toString} method without any arguments.418*419* <p>First, if there is a security manager, its {@code checkSecurityAccess}420* method is called with {@code "printIdentity"}421* as its argument to see if it's ok to return the string.422*423* @param detailed whether or not to provide detailed information.424*425* @return information about this identity. If {@code detailed}426* is true, then this method returns more information than that427* provided by the {@code toString} method without any arguments.428*429* @exception SecurityException if a security manager exists and its430* {@code checkSecurityAccess} method doesn't allow431* returning a string describing this identity.432*433* @see #toString434* @see SecurityManager#checkSecurityAccess435*/436public String toString(boolean detailed) {437String out = toString();438if (detailed) {439out += "\n";440out += printKeys();441out += "\n" + printCertificates();442if (info != null) {443out += "\n\t" + info;444} else {445out += "\n\tno additional information available.";446}447}448return out;449}450451String printKeys() {452String key = "";453if (publicKey != null) {454key = "\tpublic key initialized";455} else {456key = "\tno public key";457}458return key;459}460461String printCertificates() {462String out = "";463if (certificates == null) {464return "\tno certificates";465} else {466out += "\tcertificates: \n";467468int i = 1;469for (Certificate cert : certificates) {470out += "\tcertificate " + i++ +471"\tfor : " + cert.getPrincipal() + "\n";472out += "\t\t\tfrom : " +473cert.getGuarantor() + "\n";474}475}476return out;477}478479/**480* Returns a hashcode for this identity.481*482* @return a hashcode for this identity.483*/484public int hashCode() {485return name.hashCode();486}487488private static void check(String directive) {489SecurityManager security = System.getSecurityManager();490if (security != null) {491security.checkSecurityAccess(directive);492}493}494}495496497