TrustStore.java

/*
 *   Copyright (c) 2012 Mike Heath.  All rights reserved.
 *
 *   Licensed under the Apache License, Version 2.0 (the "License");
 *   you may not use this file except in compliance with the License.
 *   You may obtain a copy of the License at
 *
 *       http://www.apache.org/licenses/LICENSE-2.0
 *
 *   Unless required by applicable law or agreed to in writing, software
 *   distributed under the License is distributed on an "AS IS" BASIS,
 *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *   See the License for the specific language governing permissions and
 *   limitations under the License.
 *
 */
package cloudeventbus.pki;

import java.util.AbstractSet;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

/**
 * @author Mike Heath <elcapo@gmail.com>
 */
public class TrustStore extends AbstractSet<Certificate> {

	private final Map<Long, Certificate> certificates = Collections.synchronizedMap(new HashMap<Long, Certificate>());

	public TrustStore(Certificate... certs) {
		for (Certificate certificate : certs) {
			add(certificate);
		}
	}

	@Override
	public Iterator<Certificate> iterator() {
		return certificates.values().iterator();
	}

	@Override
	public int size() {
		return certificates.size();
	}

	/**
	 * Returns the certificate from the trust store with the specified serial number.
	 *
	 * @param serialNumber the serial number of the certificate
	 * @return the certificate from the trust store with the specified serial number, {@code null} if the trust store
	 *         does not contain a certificate with the specified serial number.
	 */
	public Certificate get(long serialNumber) {
		return certificates.get(serialNumber);
	}

	/**
	 * Adds a certificate to the trust store.
	 *
	 * @param certificate the certificate to add to the trust store.
	 */
	public boolean add(Certificate certificate) {
		if (certificate.getType() != Certificate.Type.AUTHORITY) {
			throw  new InvalidCertificateException("Only certificates with type authority may be used in a trust store.");
		}
		final long serialNumber = certificate.getSerialNumber();
		if (get(serialNumber) != null) {
			throw new DuplicateCertificateException("The trust store already contains a certificate with serial number" + serialNumber);
		}
		certificates.put(serialNumber, certificate);
		return true;
	}

	public boolean remove(Long serialNumber) {
		return certificates.remove(serialNumber) != null;
	}

	public void validateCertificate(Certificate certificate) {
		final long issuerSerialNumber = certificate.getIssuer();
		final Certificate issuerCertificate = get(issuerSerialNumber);
		if (issuerCertificate == null) {
			throw new UntrustedCertificateException("This trust store does not contain an authority certificate with the serial number " + issuerCertificate);
		}
		issuerCertificate.validateSignature(certificate);
	}

	public void validateCertificateChain(CertificateChain certificateChain) {
		if (certificateChain.size() == 0) {
			throw new IllegalArgumentException("Cannot validate an empty certificate chain.");
		}
		validateCertificate(certificateChain.getFirst());
	}
}