/* |
|
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. |
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
* |
|
* This code is free software; you can redistribute it and/or modify it |
|
* under the terms of the GNU General Public License version 2 only, as |
|
* published by the Free Software Foundation. Oracle designates this |
|
* particular file as subject to the "Classpath" exception as provided |
|
* by Oracle in the LICENSE file that accompanied this code. |
|
* |
|
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
* version 2 for more details (a copy is included in the LICENSE file that |
|
* accompanied this code). |
|
* |
|
* You should have received a copy of the GNU General Public License version |
|
* 2 along with this work; if not, write to the Free Software Foundation, |
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
* |
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
* or visit www.oracle.com if you need additional information or have any |
|
* questions. |
|
*/ |
|
package sun.security.provider.certpath; |
|
import java.util.ArrayList; |
|
import java.util.Collections; |
|
import java.util.Iterator; |
|
import java.util.List; |
|
/** |
|
* An AdjacencyList is used to store the history of certification paths |
|
* attempted in constructing a path from an initiator to a target. The |
|
* AdjacencyList is initialized with a <code>List</code> of |
|
* <code>List</code>s, where each sub-<code>List</code> contains objects of |
|
* type <code>Vertex</code>. A <code>Vertex</code> describes one possible or |
|
* actual step in the chain building process, and the associated |
|
* <code>Certificate</code>. Specifically, a <code>Vertex</code> object |
|
* contains a <code>Certificate</code> and an index value referencing the |
|
* next sub-list in the process. If the index value is -1 then this |
|
* <code>Vertex</code> doesn't continue the attempted build path. |
|
* <p> |
|
* Example: |
|
* <p> |
|
* Attempted Paths:<ul> |
|
* <li>C1->C2->C3 |
|
* <li>C1->C4->C5 |
|
* <li>C1->C4->C6 |
|
* <li>C1->C4->C7 |
|
* <li>C1->C8->C9 |
|
* <li>C1->C10->C11 |
|
* </ul> |
|
* <p> |
|
* AdjacencyList structure:<ul> |
|
* <li>AL[0] = C1,1 |
|
* <li>AL[1] = C2,2 =>C4,3 =>C8,4 =>C10,5 |
|
* <li>AL[2] = C3,-1 |
|
* <li>AL[3] = C5,-1 =>C6,-1 =>C7,-1 |
|
* <li>AL[4] = C9,-1 |
|
* <li>AL[5] = C11,-1 |
|
* </ul> |
|
* <p> |
|
* The iterator method returns objects of type <code>BuildStep</code>, not |
|
* objects of type <code>Vertex</code>. |
|
* A <code>BuildStep</code> contains a <code>Vertex</code> and a result code, |
|
* accessible via getResult method. There are five result values. |
|
* <code>POSSIBLE</code> denotes that the current step represents a |
|
* <code>Certificate</code> that the builder is considering at this point in |
|
* the build. <code>FOLLOW</code> denotes a <code>Certificate</code> (one of |
|
* those noted as <code>POSSIBLE</code>) that the builder is using to try |
|
* extending the chain. <code>BACK</code> represents that a |
|
* <code>FOLLOW</code> was incorrect, and is being removed from the chain. |
|
* There is exactly one <code>FOLLOW</code> for each <code>BACK</code>. The |
|
* values <code>SUCCEED</code> and <code>FAIL</code> mean that we've come to |
|
* the end of the build process, and there will not be any more entries in |
|
* the list. |
|
* <p> |
|
* @see sun.security.provider.certpath.BuildStep |
|
* @see sun.security.provider.certpath.Vertex |
|
* <p> |
|
* @author seth proctor |
|
* @since 1.4 |
|
*/ |
|
public class AdjacencyList { |
|
// the actual set of steps the AdjacencyList represents |
|
private ArrayList<BuildStep> mStepList; |
|
// the original list, just for the toString method |
|
private List<List<Vertex>> mOrigList; |
|
/** |
|
* Constructs a new <code>AdjacencyList</code> based on the specified |
|
* <code>List</code>. See the example above. |
|
* |
|
* @param list a <code>List</code> of <code>List</code>s of |
|
* <code>Vertex</code> objects |
|
*/ |
|
public AdjacencyList(List<List<Vertex>> list) { |
|
mStepList = new ArrayList<BuildStep>(); |
|
mOrigList = list; |
|
buildList(list, 0, null); |
|
} |
|
/** |
|
* Gets an <code>Iterator</code> to iterate over the set of |
|
* <code>BuildStep</code>s in build-order. Any attempts to change |
|
* the list through the remove method will fail. |
|
* |
|
* @return an <code>Iterator</code> over the <code>BuildStep</code>s |
|
*/ |
|
public Iterator<BuildStep> iterator() { |
|
return Collections.unmodifiableList(mStepList).iterator(); |
|
} |
|
/** |
|
* Recursive, private method which actually builds the step list from |
|
* the given adjacency list. <code>Follow</code> is the parent BuildStep |
|
* that we followed to get here, and if it's null, it means that we're |
|
* at the start. |
|
*/ |
|
private boolean buildList(List<List<Vertex>> theList, int index, |
|
BuildStep follow) { |
|
// Each time this method is called, we're examining a new list |
|
// from the global list. So, we have to start by getting the list |
|
// that contains the set of Vertexes we're considering. |
|
List<Vertex> l = theList.get(index); |
|
// we're interested in the case where all indexes are -1... |
|
boolean allNegOne = true; |
|
// ...and in the case where every entry has a Throwable |
|
boolean allXcps = true; |
|
for (Vertex v : l) { |
|
if (v.getIndex() != -1) { |
|
// count an empty list the same as an index of -1...this |
|
// is to patch a bug somewhere in the builder |
|
if (theList.get(v.getIndex()).size() != 0) |
|
allNegOne = false; |
|
} else { |
|
if (v.getThrowable() == null) |
|
allXcps = false; |
|
} |
|
// every entry, regardless of the final use for it, is always |
|
// entered as a possible step before we take any actions |
|
mStepList.add(new BuildStep(v, BuildStep.POSSIBLE)); |
|
} |
|
if (allNegOne) { |
|
// There are two cases that we could be looking at here. We |
|
// may need to back up, or the build may have succeeded at |
|
// this point. This is based on whether or not any |
|
// exceptions were found in the list. |
|
if (allXcps) { |
|
// we need to go back...see if this is the last one |
|
if (follow == null) |
|
mStepList.add(new BuildStep(null, BuildStep.FAIL)); |
|
else |
|
mStepList.add(new BuildStep(follow.getVertex(), |
|
BuildStep.BACK)); |
|
return false; |
|
} else { |
|
// we succeeded...now the only question is which is the |
|
// successful step? If there's only one entry without |
|
// a throwable, then that's the successful step. Otherwise, |
|
// we'll have to make some guesses... |
|
List<Vertex> possibles = new ArrayList<>(); |
|
for (Vertex v : l) { |
|
if (v.getThrowable() == null) |
|
possibles.add(v); |
|
} |
|
if (possibles.size() == 1) { |
|
// real easy...we've found the final Vertex |
|
mStepList.add(new BuildStep(possibles.get(0), |
|
BuildStep.SUCCEED)); |
|
} else { |
|
// ok...at this point, there is more than one Cert |
|
// which might be the succeed step...how do we know |
|
// which it is? I'm going to assume that our builder |
|
// algorithm is good enough to know which is the |
|
// correct one, and put it first...but a FIXME goes |
|
// here anyway, and we should be comparing to the |
|
// target/initiator Cert... |
|
mStepList.add(new BuildStep(possibles.get(0), |
|
BuildStep.SUCCEED)); |
|
} |
|
return true; |
|
} |
|
} else { |
|
// There's at least one thing that we can try before we give |
|
// up and go back. Run through the list now, and enter a new |
|
// BuildStep for each path that we try to follow. If none of |
|
// the paths we try produce a successful end, we're going to |
|
// have to back out ourselves. |
|
boolean success = false; |
|
for (Vertex v : l) { |
|
// Note that we'll only find a SUCCEED case when we're |
|
// looking at the last possible path, so we don't need to |
|
// consider success in the while loop |
|
if (v.getIndex() != -1) { |
|
if (theList.get(v.getIndex()).size() != 0) { |
|
// If the entry we're looking at doesn't have an |
|
// index of -1, and doesn't lead to an empty list, |
|
// then it's something we follow! |
|
BuildStep bs = new BuildStep(v, BuildStep.FOLLOW); |
|
mStepList.add(bs); |
|
success = buildList(theList, v.getIndex(), bs); |
|
} |
|
} |
|
} |
|
if (success) { |
|
// We're already finished! |
|
return true; |
|
} else { |
|
// We failed, and we've exhausted all the paths that we |
|
// could take. The only choice is to back ourselves out. |
|
if (follow == null) |
|
mStepList.add(new BuildStep(null, BuildStep.FAIL)); |
|
else |
|
mStepList.add(new BuildStep(follow.getVertex(), |
|
BuildStep.BACK)); |
|
return false; |
|
} |
|
} |
|
} |
|
/** |
|
* Prints out a string representation of this AdjacencyList. |
|
* |
|
* @return String representation |
|
*/ |
|
@Override |
|
public String toString() { |
|
StringBuilder sb = new StringBuilder("[\n"); |
|
int i = 0; |
|
for (List<Vertex> l : mOrigList) { |
|
sb.append("LinkedList[").append(i++).append("]:\n"); |
|
for (Vertex step : l) { |
|
sb.append(step.toString()).append("\n"); |
|
} |
|
} |
|
sb.append("]\n"); |
|
return sb.toString(); |
|
} |
|
} |