Back to index...

	/*
	* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package java.security.cert;

	import java.util.Arrays;

	import java.security.Provider;
	import java.security.PublicKey;
	import java.security.NoSuchAlgorithmException;
	import java.security.NoSuchProviderException;
	import java.security.InvalidKeyException;
	import java.security.SignatureException;

	import sun.security.x509.X509CertImpl;

	/**
	* <p>Abstract class for managing a variety of identity certificates.
	* An identity certificate is a binding of a principal to a public key which
	* is vouched for by another principal. (A principal represents
	* an entity such as an individual user, a group, or a corporation.)
	*<p>
	* This class is an abstraction for certificates that have different
	* formats but important common uses. For example, different types of
	* certificates, such as X.509 and PGP, share general certificate
	* functionality (like encoding and verifying) and
	* some types of information (like a public key).
	* <p>
	* X.509, PGP, and SDSI certificates can all be implemented by
	* subclassing the Certificate class, even though they contain different
	* sets of information, and they store and retrieve the information in
	* different ways.
	*
	* @see X509Certificate
	* @see CertificateFactory
	*
	* @author Hemma Prafullchandra
	*/

	public abstract class Certificate implements java.io.Serializable {

	private static final long serialVersionUID = -3585440601605666277L;

	// the certificate type
	private final String type;

	/** Cache the hash code for the certiticate */
	private int hash = -1; // Default to -1

	/**
	* Creates a certificate of the specified type.
	*
	* @param type the standard name of the certificate type.
	* See the CertificateFactory section in the <a href=
	* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
	* Java Cryptography Architecture Standard Algorithm Name Documentation</a>
	* for information about standard certificate types.
	*/
	protected Certificate(String type) {
	this.type = type;
	}

	/**
	* Returns the type of this certificate.
	*
	* @return the type of this certificate.
	*/
	public final String getType() {
	return this.type;
	}

	/**
	* Compares this certificate for equality with the specified
	* object. If the {@code other} object is an
	* {@code instanceof} {@code Certificate}, then
	* its encoded form is retrieved and compared with the
	* encoded form of this certificate.
	*
	* @param other the object to test for equality with this certificate.
	* @return true iff the encoded forms of the two certificates
	* match, false otherwise.
	*/
	public boolean equals(Object other) {
	if (this == other) {
	return true;
	}
	if (!(other instanceof Certificate)) {
	return false;
	}
	try {
	byte[] thisCert = X509CertImpl.getEncodedInternal(this);
	byte[] otherCert = X509CertImpl.getEncodedInternal((Certificate)other);

	return Arrays.equals(thisCert, otherCert);
	} catch (CertificateException e) {
	return false;
	}
	}

	/**
	* Returns a hashcode value for this certificate from its
	* encoded form.
	*
	* @return the hashcode value.
	*/
	public int hashCode() {
	int h = hash;
	if (h == -1) {
	try {
	h = Arrays.hashCode(X509CertImpl.getEncodedInternal(this));
	} catch (CertificateException e) {
	h = 0;
	}
	hash = h;
	}
	return h;
	}

	/**
	* Returns the encoded form of this certificate. It is
	* assumed that each certificate type would have only a single
	* form of encoding; for example, X.509 certificates would
	* be encoded as ASN.1 DER.
	*
	* @return the encoded form of this certificate
	*
	* @exception CertificateEncodingException if an encoding error occurs.
	*/
	public abstract byte[] getEncoded()
	throws CertificateEncodingException;

	/**
	* Verifies that this certificate was signed using the
	* private key that corresponds to the specified public key.
	*
	* @param key the PublicKey used to carry out the verification.
	*
	* @exception NoSuchAlgorithmException on unsupported signature
	* algorithms.
	* @exception InvalidKeyException on incorrect key.
	* @exception NoSuchProviderException if there's no default provider.
	* @exception SignatureException on signature errors.
	* @exception CertificateException on encoding errors.
	*/
	public abstract void verify(PublicKey key)
	throws CertificateException, NoSuchAlgorithmException,
	InvalidKeyException, NoSuchProviderException,
	SignatureException;

	/**
	* Verifies that this certificate was signed using the
	* private key that corresponds to the specified public key.
	* This method uses the signature verification engine
	* supplied by the specified provider.
	*
	* @param key the PublicKey used to carry out the verification.
	* @param sigProvider the name of the signature provider.
	*
	* @exception NoSuchAlgorithmException on unsupported signature
	* algorithms.
	* @exception InvalidKeyException on incorrect key.
	* @exception NoSuchProviderException on incorrect provider.
	* @exception SignatureException on signature errors.
	* @exception CertificateException on encoding errors.
	*/
	public abstract void verify(PublicKey key, String sigProvider)
	throws CertificateException, NoSuchAlgorithmException,
	InvalidKeyException, NoSuchProviderException,
	SignatureException;

	/**
	* Verifies that this certificate was signed using the
	* private key that corresponds to the specified public key.
	* This method uses the signature verification engine
	* supplied by the specified provider. Note that the specified
	* Provider object does not have to be registered in the provider list.
	*
	* <p> This method was added to version 1.8 of the Java Platform
	* Standard Edition. In order to maintain backwards compatibility with
	* existing service providers, this method cannot be {@code abstract}
	* and by default throws an {@code UnsupportedOperationException}.
	*
	* @param key the PublicKey used to carry out the verification.
	* @param sigProvider the signature provider.
	*
	* @exception NoSuchAlgorithmException on unsupported signature
	* algorithms.
	* @exception InvalidKeyException on incorrect key.
	* @exception SignatureException on signature errors.
	* @exception CertificateException on encoding errors.
	* @exception UnsupportedOperationException if the method is not supported
	* @since 1.8
	*/
	public void verify(PublicKey key, Provider sigProvider)
	throws CertificateException, NoSuchAlgorithmException,
	InvalidKeyException, SignatureException {
	throw new UnsupportedOperationException();
	}

	/**
	* Returns a string representation of this certificate.
	*
	* @return a string representation of this certificate.
	*/
	public abstract String toString();

	/**
	* Gets the public key from this certificate.
	*
	* @return the public key.
	*/
	public abstract PublicKey getPublicKey();

	/**
	* Alternate Certificate class for serialization.
	* @since 1.3
	*/
	protected static class CertificateRep implements java.io.Serializable {

	private static final long serialVersionUID = -8563758940495660020L;

	private String type;
	private byte[] data;

	/**
	* Construct the alternate Certificate class with the Certificate
	* type and Certificate encoding bytes.
	*
	* <p>
	*
	* @param type the standard name of the Certificate type. <p>
	*
	* @param data the Certificate data.
	*/
	protected CertificateRep(String type, byte[] data) {
	this.type = type;
	this.data = data;
	}

	/**
	* Resolve the Certificate Object.
	*
	* <p>
	*
	* @return the resolved Certificate Object
	*
	* @throws java.io.ObjectStreamException if the Certificate
	* could not be resolved
	*/
	protected Object readResolve() throws java.io.ObjectStreamException {
	try {
	CertificateFactory cf = CertificateFactory.getInstance(type);
	return cf.generateCertificate
	(new java.io.ByteArrayInputStream(data));
	} catch (CertificateException e) {
	throw new java.io.NotSerializableException
	("java.security.cert.Certificate: " +
	type +
	": " +
	e.getMessage());
	}
	}
	}

	/**
	* Replace the Certificate to be serialized.
	*
	* @return the alternate Certificate object to be serialized
	*
	* @throws java.io.ObjectStreamException if a new object representing
	* this Certificate could not be created
	* @since 1.3
	*/
	protected Object writeReplace() throws java.io.ObjectStreamException {
	try {
	return new CertificateRep(type, getEncoded());
	} catch (CertificateException e) {
	throw new java.io.NotSerializableException
	("java.security.cert.Certificate: " +
	type +
	": " +
	e.getMessage());
	}
	}
	}

Back to index...