1 package jsdsi;
2
3 import java.util.HashSet;
4 import java.util.Iterator;
5 import java.util.Set;
6
7 /***
8 * A prover that searches subject-to-issuer. Will only access the
9 * <code>CertStore</code> using <code>CompatibleCertSelectors</code>
10 * and <ocde>SubjectCertSelectors</code>.
11 *
12 * @see CertStore
13 * @see CompatibleCertSelector
14 * @see SubjectCertSelector
15 *
16 * @author Sameer Ajmani
17 * @version $Revision: 1.3.4.1 $ $Date: 2005/11/08 03:12:52 $
18 */
19 class RProver extends Prover {
20 /***
21 * Certificates from issuers to subject's.
22 */
23 Set loadedReverse = new HashSet();
24
25 /***
26 * Certificates for issuers to local names.
27 */
28 Set loadedCompatible = new HashSet();
29
30 /***
31 * @see jsdsi.Prover#Prover(Cert, java.security.cert.CertStore)
32 */
33 RProver(Cert c, java.security.cert.CertStore s) {
34 super(c, s);
35 assert(!(c.getSubject() instanceof Name));
36 }
37
38 /***
39 * @see jsdsi.Prover#makeProof()
40 */
41 Proof makeProof() {
42 try {
43 loadReverse(provee.getSubject());
44 } catch (ProofFoundException e) {
45 return e.getProof();
46 }
47 return null;
48 }
49
50 /***
51 * Loads the certificates for a given subject to this
52 * <code>RProver</code>'s certificates.
53 *
54 * @param s subject to load certificates for.
55 * @return this <code>RProvers</code> set of certificates for
56 * the subject <code>s</code>.
57 * @throws ProofFoundException if a <i>proof is found</i>.
58 */
59 Set loadReverse(Subject s) throws ProofFoundException {
60 CertSelector sel = new SubjectCertSelector(s);
61 return load(loadedReverse, s, sel, reverse);
62 }
63
64 /***
65 * Loads all certificates for a given name-issuer and
66 * name-string (local) to this<code>RProver</code>'s certificates.
67 *
68 * @param n name to load the certificates for.
69 * @return a set of certificates from the issuer of <code>n</code>
70 * for the local name of <code>n</code>.
71 * @throws ProofFoundException if a <i>proof is found</i>.
72 */
73 Set loadCompatible(Name n) throws ProofFoundException {
74 CertSelector sel =
75 new CompatibleCertSelector(n.getIssuer(), n.getNames()[0]);
76 return load(loadedCompatible, n, sel, compatible);
77 }
78
79 /***
80 * @see jsdsi.Prover#insert(Proof)
81 */
82 void insert(Proof p) throws ProofFoundException {
83 //System.out.println("INSERT("+p.hashCode()+"): "+p);
84 if (p.getCert().implies(provee)) {
85 //System.out.println("INSERT("+p.hashCode()+"): found proof!");
86 throw new ProofFoundException(p);
87 }
88 if (!check.get(p.getCert()).isEmpty()) {
89 //System.out.println("INSERT("+p.hashCode()+"): already inserted");
90 return; // already have this proof
91 }
92 check.put(p.getCert(), p);
93
94 try {
95 if (p.getCert().getSubject() instanceof Name) {
96 Name key = ((Name) p.getCert().getSubject()).prefix();
97 compatible.put(key, p);
98 // look up compatible certs, and compose
99 Set values = value.get(key);
100 //System.out.println("INSERT("+p.hashCode()
101 //+"): inserting right-composed "+values.size());
102 Iterator i = values.iterator();
103 while (i.hasNext()) {
104 try {
105 insert(p.compose((Proof) i.next()));
106 } catch (Proof.IncompatibleException e) {
107 //System.out.println("ignoring: "+e);
108 }
109 }
110 return;
111 }
112
113 if (p.getCert() instanceof NameCert) {
114 Name key = ((NameCert) p.getCert()).getFullName();
115 value.put(key, p);
116 reverse.put(p.getCert().getSubject(), p);
117 // look up compatible certs, and compose
118 Set compats = loadCompatible(key);
119 //System.out.println("INSERT("+p.hashCode()
120 //+"): inserting left-composed "+compats.size());
121 Iterator i = compats.iterator();
122 while (i.hasNext()) {
123 try {
124 insert(((Proof) i.next()).compose(p));
125 } catch (Proof.IncompatibleException e) {
126 //System.out.println("ignoring: "+e);
127 }
128 }
129 // search backwards to find extended names
130 Subject s = p.getCert().getIssuer();
131 //System.out.println("INSERT("+p.hashCode()
132 //+"): fetching reverse for "+s.hashCode());
133 loadReverse(s);
134 return;
135 }
136
137 if (p.getCert() instanceof AuthCert) {
138 issuer.put(p.getCert().getIssuer(), p);
139 reverse.put(p.getCert().getSubject(), p);
140
141 // TODO: optimize for provee:
142 // p.tag implies provee.tag
143
144 if (((AuthCert) p.getCert()).getPropagate()
145 && (p.getCert().getSubject() instanceof Principal)) {
146 // search forwards locally to find auth chains
147 Set issuers = issuer.get(p.getCert().getSubject());
148 Iterator i = issuers.iterator();
149 while (i.hasNext()) {
150 try {
151 insert(p.compose((Proof) i.next()));
152 } catch (Proof.IncompatibleException e) {
153 //System.out.println("ignoring: "+e);
154 }
155 }
156 }
157
158 // search backwards locally to find auth chains
159 Set reverses = reverse.get(p.getCert().getIssuer());
160 Iterator i = reverses.iterator();
161 while (i.hasNext()) {
162 try {
163 Proof pf = (Proof) i.next();
164 if ((pf.getCert() instanceof AuthCert)
165 && ((AuthCert) pf.getCert()).getPropagate()
166 && (pf.getCert().getSubject()
167 instanceof Principal)) {
168 insert(pf.compose(p));
169 }
170 } catch (Proof.IncompatibleException e) {
171 //System.out.println("ignoring: "+e);
172 }
173 }
174
175 // search backwards to find new auths
176 Subject s = p.getCert().getIssuer();
177 //System.out.println("INSERT("+p.hashCode()
178 //+"): fetching reverse for "+s.hashCode());
179 loadReverse(s);
180 return;
181 }
182
183 throw new Error("unhandled case: "
184 + p.getCert().getClass().getName());
185 } catch (ProofFoundException e) {
186 // invalidate cache
187 check.remove(p.getCert(), p);
188 throw e;
189 }
190 }
191 }
This page was automatically generated by Maven