1 package jsdsi;
2
3 import java.util.HashSet;
4 import java.util.Iterator;
5 import java.util.Set;
6
7 /***
8 * A prover that searches issuer-to-subject. Will only access the
9 * <code>CertStore</code> using <code>AuthCertSelector</code>s and
10 * <code>NameCertSelector</code>s.
11 *
12 * @see CertStore
13 * @see AuthCertSelector
14 * @see NameCertSelector
15 *
16 * @author Sameer Ajmani
17 * @version $Revision: 1.3.4.1 $ $Date: 2005/11/08 03:12:52 $
18 */
19 class FProver extends Prover {
20 /***
21 * Certificates for all issuers.
22 */
23 Set loadedIssuer = new HashSet();
24
25 /***
26 * Certificates for issuers->name-string.
27 */
28 Set loadedValue = new HashSet();
29
30 /***
31 * @see jsdsi.Prover#Prover(Cert, java.security.cert.CertStore)
32 */
33 FProver(Cert c, java.security.cert.CertStore s) {
34 super(c, s);
35 }
36
37 /***
38 * @see jsdsi.Prover#makeProof()
39 */
40 Proof makeProof() {
41 try {
42 if (provee instanceof NameCert) {
43 loadValue(((NameCert) provee).getFullName());
44 } else {
45 loadIssuer(provee.getIssuer());
46 }
47 } catch (ProofFoundException e) {
48 return e.getProof();
49 }
50 return null;
51 }
52
53 /***
54 * Loads all certificates for a given issuer from the cert store to
55 * this <code>FProver</code>'s stored certificates.
56 *
57 * @param i issuer to add the certificates from.
58 * @return a set of this <code>FProver</code>'s certificates plus the
59 * certificates added.
60 * @throws ProofFoundException if a <i>proof is found</i>.
61 */
62 Set loadIssuer(Principal i) throws ProofFoundException {
63 CertSelector sel = new AuthCertSelector(i);
64 return load(loadedIssuer, i, sel, issuer);
65 }
66
67 /***
68 * Loads all certificates for the issuer of a given name and a
69 * name-string from the cert store to this <code>FProver</code>'s
70 * stored certificates.
71 *
72 * @param n name to add the certificates for <code>n</code>'s issuer and
73 * name-string bindings.
74 * @return a set with the used certificates plus the certificates added.
75 * @throws ProofFoundException if a <i>proof is found</i>.
76 */
77 Set loadValue(Name n) throws ProofFoundException {
78 CertSelector sel = new NameCertSelector(n.getIssuer(),
79 n.getNames()[0]);
80 return load(loadedValue, n, sel, value);
81 }
82
83 /***
84 * @see jsdsi.Prover#insert(Proof)
85 */
86 void insert(Proof p) throws ProofFoundException {
87 //System.out.println("INSERT("+p.hashCode()+"): "+p);
88 if (p.getCert().implies(provee)) {
89 //System.out.println("INSERT("+p.hashCode()+"): found proof!");
90 throw new ProofFoundException(p);
91 }
92 if (!check.get(p.getCert()).isEmpty()) {
93 //System.out.println("INSERT("+p.hashCode()+"): already inserted");
94 return; // already have this proof
95 }
96 check.put(p.getCert(), p);
97
98 try {
99 if (p.getCert().getSubject() instanceof Name) {
100 Name key = ((Name) p.getCert().getSubject()).prefix();
101 compatible.put(key, p);
102 // look up compatible certs, and compose
103 Set values = loadValue(key);
104 //System.out.println("INSERT("+p.hashCode()
105 //+"): inserting right-composed "+values.size());
106 Iterator i = values.iterator();
107 while (i.hasNext()) {
108 try {
109 insert(p.compose((Proof) i.next()));
110 } catch (Proof.IncompatibleException e) {
111 //System.out.println("ignoring: "+e);
112 }
113 }
114 return;
115 }
116
117 if (p.getCert() instanceof NameCert) {
118 Name key = ((NameCert) p.getCert()).getFullName();
119 value.put(key, p);
120 // look up compatible certs, and compose
121 Set compats = compatible.get(key);
122 //System.out.println("INSERT("+p.hashCode()
123 //+"): inserting left-composed "+compats.size());
124 Iterator i = compats.iterator();
125 while (i.hasNext()) {
126 try {
127 insert(((Proof) i.next()).compose(p));
128 } catch (Proof.IncompatibleException e) {
129 //System.out.println("ignoring: "+e);
130 }
131 }
132 return;
133 }
134
135 if (p.getCert() instanceof AuthCert) {
136 issuer.put(p.getCert().getIssuer(), p);
137 reverse.put(p.getCert().getSubject(), p);
138
139 // TODO: optimize for provee:
140 // check whether p.tag implies provee.tag
141
142 if (((AuthCert) p.getCert()).getPropagate()
143 && (p.getCert().getSubject() instanceof Principal)) {
144 // search forwards locally to find auth chains
145 Set issuers = issuer.get(p.getCert().getSubject());
146 Iterator i = issuers.iterator();
147 while (i.hasNext()) {
148 try {
149 insert(p.compose((Proof) i.next()));
150 } catch (Proof.IncompatibleException e) {
151 //System.out.println("ignoring: "+e);
152 }
153 }
154 }
155
156 // search backwards locally to find auth chains
157 Set reverses = reverse.get(p.getCert().getIssuer());
158 Iterator i = reverses.iterator();
159 while (i.hasNext()) {
160 try {
161 Proof pf = (Proof) i.next();
162 if ((pf.getCert() instanceof AuthCert)
163 && ((AuthCert) pf.getCert()).getPropagate()
164 && (pf.getCert().getSubject()
165 instanceof Principal)) {
166 insert(pf.compose(p));
167 }
168 } catch (Proof.IncompatibleException e) {
169 //System.out.println("ignoring: "+e);
170 }
171 }
172
173 if (((AuthCert) p.getCert()).getPropagate()
174 && (p.getCert().getSubject() instanceof Principal)) {
175 // search forwards to find new auths
176 Subject s = p.getCert().getSubject();
177 //System.out.println("INSERT("+p.hashCode()
178 //+"): fetching issuer for "+s.hashCode());
179 loadIssuer((Principal) s);
180 }
181 return;
182 }
183
184 throw new Error("unhandled case: "
185 + p.getCert().getClass().getName());
186 } catch (ProofFoundException e) {
187 // invalidate cache
188 check.remove(p.getCert(), p);
189 throw e;
190 }
191 }
192 }
This page was automatically generated by Maven