/* |
|
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. |
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
* |
|
* This code is free software; you can redistribute it and/or modify it |
|
* under the terms of the GNU General Public License version 2 only, as |
|
* published by the Free Software Foundation. Oracle designates this |
|
* particular file as subject to the "Classpath" exception as provided |
|
* by Oracle in the LICENSE file that accompanied this code. |
|
* |
|
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
* version 2 for more details (a copy is included in the LICENSE file that |
|
* accompanied this code). |
|
* |
|
* You should have received a copy of the GNU General Public License version |
|
* 2 along with this work; if not, write to the Free Software Foundation, |
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
* |
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
* or visit www.oracle.com if you need additional information or have any |
|
* questions. |
|
*/ |
|
package java.security.cert; |
|
import java.util.Arrays; |
|
import java.security.Provider; |
|
import java.security.PublicKey; |
|
import java.security.NoSuchAlgorithmException; |
|
import java.security.NoSuchProviderException; |
|
import java.security.InvalidKeyException; |
|
import java.security.SignatureException; |
|
import sun.security.x509.X509CertImpl; |
|
/** |
|
* <p>Abstract class for managing a variety of identity certificates. |
|
* An identity certificate is a binding of a principal to a public key which |
|
* is vouched for by another principal. (A principal represents |
|
* an entity such as an individual user, a group, or a corporation.) |
|
* <p> |
|
* This class is an abstraction for certificates that have different |
|
* formats but important common uses. For example, different types of |
|
* certificates, such as X.509 and PGP, share general certificate |
|
* functionality (like encoding and verifying) and |
|
* some types of information (like a public key). |
|
* <p> |
|
* X.509, PGP, and SDSI certificates can all be implemented by |
|
* subclassing the Certificate class, even though they contain different |
|
* sets of information, and they store and retrieve the information in |
|
* different ways. |
|
* |
|
* @see X509Certificate |
|
* @see CertificateFactory |
|
* |
|
* @author Hemma Prafullchandra |
|
* @since 1.2 |
|
*/ |
|
public abstract class Certificate implements java.io.Serializable { |
|
private static final long serialVersionUID = -3585440601605666277L; |
|
// the certificate type |
|
private final String type; |
|
/** Cache the hash code for the certiticate */ |
|
private int hash = -1; // Default to -1 |
|
/** |
|
* Creates a certificate of the specified type. |
|
* |
|
* @param type the standard name of the certificate type. |
|
* See the CertificateFactory section in the <a href= |
|
* "{@docRoot}/../specs/security/standard-names.html#certificatefactory-types"> |
|
* Java Security Standard Algorithm Names Specification</a> |
|
* for information about standard certificate types. |
|
*/ |
|
protected Certificate(String type) { |
|
this.type = type; |
|
} |
|
/** |
|
* Returns the type of this certificate. |
|
* |
|
* @return the type of this certificate. |
|
*/ |
|
public final String getType() { |
|
return this.type; |
|
} |
|
/** |
|
* Compares this certificate for equality with the specified |
|
* object. If the {@code other} object is an |
|
* {@code instanceof} {@code Certificate}, then |
|
* its encoded form is retrieved and compared with the |
|
* encoded form of this certificate. |
|
* |
|
* @param other the object to test for equality with this certificate. |
|
* @return true iff the encoded forms of the two certificates |
|
* match, false otherwise. |
|
*/ |
|
public boolean equals(Object other) { |
|
if (this == other) { |
|
return true; |
|
} |
|
if (!(other instanceof Certificate)) { |
|
return false; |
|
} |
|
try { |
|
byte[] thisCert = X509CertImpl.getEncodedInternal(this); |
|
byte[] otherCert = X509CertImpl.getEncodedInternal((Certificate)other); |
|
return Arrays.equals(thisCert, otherCert); |
|
} catch (CertificateException e) { |
|
return false; |
|
} |
|
} |
|
/** |
|
* Returns a hashcode value for this certificate from its |
|
* encoded form. |
|
* |
|
* @return the hashcode value. |
|
*/ |
|
public int hashCode() { |
|
int h = hash; |
|
if (h == -1) { |
|
try { |
|
h = Arrays.hashCode(X509CertImpl.getEncodedInternal(this)); |
|
} catch (CertificateException e) { |
|
h = 0; |
|
} |
|
hash = h; |
|
} |
|
return h; |
|
} |
|
/** |
|
* Returns the encoded form of this certificate. It is |
|
* assumed that each certificate type would have only a single |
|
* form of encoding; for example, X.509 certificates would |
|
* be encoded as ASN.1 DER. |
|
* |
|
* @return the encoded form of this certificate |
|
* |
|
* @exception CertificateEncodingException if an encoding error occurs. |
|
*/ |
|
public abstract byte[] getEncoded() |
|
throws CertificateEncodingException; |
|
/** |
|
* Verifies that this certificate was signed using the |
|
* private key that corresponds to the specified public key. |
|
* |
|
* @param key the PublicKey used to carry out the verification. |
|
* |
|
* @exception NoSuchAlgorithmException on unsupported signature |
|
* algorithms. |
|
* @exception InvalidKeyException on incorrect key. |
|
* @exception NoSuchProviderException if there's no default provider. |
|
* @exception SignatureException on signature errors. |
|
* @exception CertificateException on encoding errors. |
|
*/ |
|
public abstract void verify(PublicKey key) |
|
throws CertificateException, NoSuchAlgorithmException, |
|
InvalidKeyException, NoSuchProviderException, |
|
SignatureException; |
|
/** |
|
* Verifies that this certificate was signed using the |
|
* private key that corresponds to the specified public key. |
|
* This method uses the signature verification engine |
|
* supplied by the specified provider. |
|
* |
|
* @param key the PublicKey used to carry out the verification. |
|
* @param sigProvider the name of the signature provider. |
|
* |
|
* @exception NoSuchAlgorithmException on unsupported signature |
|
* algorithms. |
|
* @exception InvalidKeyException on incorrect key. |
|
* @exception NoSuchProviderException on incorrect provider. |
|
* @exception SignatureException on signature errors. |
|
* @exception CertificateException on encoding errors. |
|
*/ |
|
public abstract void verify(PublicKey key, String sigProvider) |
|
throws CertificateException, NoSuchAlgorithmException, |
|
InvalidKeyException, NoSuchProviderException, |
|
SignatureException; |
|
/** |
|
* Verifies that this certificate was signed using the |
|
* private key that corresponds to the specified public key. |
|
* This method uses the signature verification engine |
|
* supplied by the specified provider. Note that the specified |
|
* Provider object does not have to be registered in the provider list. |
|
* |
|
* <p> This method was added to version 1.8 of the Java Platform |
|
* Standard Edition. In order to maintain backwards compatibility with |
|
* existing service providers, this method cannot be {@code abstract} |
|
* and by default throws an {@code UnsupportedOperationException}. |
|
* |
|
* @param key the PublicKey used to carry out the verification. |
|
* @param sigProvider the signature provider. |
|
* |
|
* @exception NoSuchAlgorithmException on unsupported signature |
|
* algorithms. |
|
* @exception InvalidKeyException on incorrect key. |
|
* @exception SignatureException on signature errors. |
|
* @exception CertificateException on encoding errors. |
|
* @exception UnsupportedOperationException if the method is not supported |
|
* @since 1.8 |
|
*/ |
|
public void verify(PublicKey key, Provider sigProvider) |
|
throws CertificateException, NoSuchAlgorithmException, |
|
InvalidKeyException, SignatureException { |
|
throw new UnsupportedOperationException(); |
|
} |
|
/** |
|
* Returns a string representation of this certificate. |
|
* |
|
* @return a string representation of this certificate. |
|
*/ |
|
public abstract String toString(); |
|
/** |
|
* Gets the public key from this certificate. |
|
* |
|
* @return the public key. |
|
*/ |
|
public abstract PublicKey getPublicKey(); |
|
/** |
|
* Alternate Certificate class for serialization. |
|
* @since 1.3 |
|
*/ |
|
protected static class CertificateRep implements java.io.Serializable { |
|
private static final long serialVersionUID = -8563758940495660020L; |
|
private String type; |
|
private byte[] data; |
|
/** |
|
* Construct the alternate Certificate class with the Certificate |
|
* type and Certificate encoding bytes. |
|
* |
|
* @param type the standard name of the Certificate type. |
|
* |
|
* @param data the Certificate data. |
|
*/ |
|
protected CertificateRep(String type, byte[] data) { |
|
this.type = type; |
|
this.data = data; |
|
} |
|
/** |
|
* Resolve the Certificate Object. |
|
* |
|
* @return the resolved Certificate Object |
|
* |
|
* @throws java.io.ObjectStreamException if the Certificate |
|
* could not be resolved |
|
*/ |
|
protected Object readResolve() throws java.io.ObjectStreamException { |
|
try { |
|
CertificateFactory cf = CertificateFactory.getInstance(type); |
|
return cf.generateCertificate |
|
(new java.io.ByteArrayInputStream(data)); |
|
} catch (CertificateException e) { |
|
throw new java.io.NotSerializableException |
|
("java.security.cert.Certificate: " + |
|
type + |
|
": " + |
|
e.getMessage()); |
|
} |
|
} |
|
} |
|
/** |
|
* Replace the Certificate to be serialized. |
|
* |
|
* @return the alternate Certificate object to be serialized |
|
* |
|
* @throws java.io.ObjectStreamException if a new object representing |
|
* this Certificate could not be created |
|
* @since 1.3 |
|
*/ |
|
protected Object writeReplace() throws java.io.ObjectStreamException { |
|
try { |
|
return new CertificateRep(type, getEncoded()); |
|
} catch (CertificateException e) { |
|
throw new java.io.NotSerializableException |
|
("java.security.cert.Certificate: " + |
|
type + |
|
": " + |
|
e.getMessage()); |
|
} |
|
} |
|
} |