/*
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.cert;
import java.util.Arrays;
import java.security.Provider;
import java.security.PublicKey;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.InvalidKeyException;
import java.security.SignatureException;
import sun.security.x509.X509CertImpl;
Abstract class for managing a variety of identity certificates.
An identity certificate is a binding of a principal to a public key which
is vouched for by another principal. (A principal represents
an entity such as an individual user, a group, or a corporation.)
This class is an abstraction for certificates that have different
formats but important common uses. For example, different types of
certificates, such as X.509 and PGP, share general certificate
functionality (like encoding and verifying) and
some types of information (like a public key).
X.509, PGP, and SDSI certificates can all be implemented by
subclassing the Certificate class, even though they contain different
sets of information, and they store and retrieve the information in
different ways.
Author: Hemma Prafullchandra See Also: - X509Certificate
- CertificateFactory
Since: 1.2
/**
* <p>Abstract class for managing a variety of identity certificates.
* An identity certificate is a binding of a principal to a public key which
* is vouched for by another principal. (A principal represents
* an entity such as an individual user, a group, or a corporation.)
* <p>
* This class is an abstraction for certificates that have different
* formats but important common uses. For example, different types of
* certificates, such as X.509 and PGP, share general certificate
* functionality (like encoding and verifying) and
* some types of information (like a public key).
* <p>
* X.509, PGP, and SDSI certificates can all be implemented by
* subclassing the Certificate class, even though they contain different
* sets of information, and they store and retrieve the information in
* different ways.
*
* @see X509Certificate
* @see CertificateFactory
*
* @author Hemma Prafullchandra
* @since 1.2
*/
public abstract class Certificate implements java.io.Serializable {
private static final long serialVersionUID = -3585440601605666277L;
// the certificate type
private final String type;
Cache the hash code for the certiticate /** Cache the hash code for the certiticate */
private int hash = -1; // Default to -1
Creates a certificate of the specified type.
Params: - type – the standard name of the certificate type.
See the CertificateFactory section in the
Java Security Standard Algorithm Names Specification
for information about standard certificate types.
/**
* Creates a certificate of the specified type.
*
* @param type the standard name of the certificate type.
* See the CertificateFactory section in the <a href=
* "{@docRoot}/../specs/security/standard-names.html#certificatefactory-types">
* Java Security Standard Algorithm Names Specification</a>
* for information about standard certificate types.
*/
protected Certificate(String type) {
this.type = type;
}
Returns the type of this certificate.
Returns: the type of this certificate.
/**
* Returns the type of this certificate.
*
* @return the type of this certificate.
*/
public final String getType() {
return this.type;
}
Compares this certificate for equality with the specified object. If the other
object is an instanceof
Certificate
, then its encoded form is retrieved and compared with the encoded form of this certificate. Params: - other – the object to test for equality with this certificate.
Returns: true iff the encoded forms of the two certificates
match, false otherwise.
/**
* Compares this certificate for equality with the specified
* object. If the {@code other} object is an
* {@code instanceof} {@code Certificate}, then
* its encoded form is retrieved and compared with the
* encoded form of this certificate.
*
* @param other the object to test for equality with this certificate.
* @return true iff the encoded forms of the two certificates
* match, false otherwise.
*/
public boolean equals(Object other) {
if (this == other) {
return true;
}
if (!(other instanceof Certificate)) {
return false;
}
try {
byte[] thisCert = X509CertImpl.getEncodedInternal(this);
byte[] otherCert = X509CertImpl.getEncodedInternal((Certificate)other);
return Arrays.equals(thisCert, otherCert);
} catch (CertificateException e) {
return false;
}
}
Returns a hashcode value for this certificate from its
encoded form.
Returns: the hashcode value.
/**
* Returns a hashcode value for this certificate from its
* encoded form.
*
* @return the hashcode value.
*/
public int hashCode() {
int h = hash;
if (h == -1) {
try {
h = Arrays.hashCode(X509CertImpl.getEncodedInternal(this));
} catch (CertificateException e) {
h = 0;
}
hash = h;
}
return h;
}
Returns the encoded form of this certificate. It is
assumed that each certificate type would have only a single
form of encoding; for example, X.509 certificates would
be encoded as ASN.1 DER.
Throws: - CertificateEncodingException – if an encoding error occurs.
Returns: the encoded form of this certificate
/**
* Returns the encoded form of this certificate. It is
* assumed that each certificate type would have only a single
* form of encoding; for example, X.509 certificates would
* be encoded as ASN.1 DER.
*
* @return the encoded form of this certificate
*
* @exception CertificateEncodingException if an encoding error occurs.
*/
public abstract byte[] getEncoded()
throws CertificateEncodingException;
Verifies that this certificate was signed using the
private key that corresponds to the specified public key.
Params: - key – the PublicKey used to carry out the verification.
Throws: - NoSuchAlgorithmException – on unsupported signature
algorithms.
- InvalidKeyException – on incorrect key.
- NoSuchProviderException – if there's no default provider.
- SignatureException – on signature errors.
- CertificateException – on encoding errors.
/**
* Verifies that this certificate was signed using the
* private key that corresponds to the specified public key.
*
* @param key the PublicKey used to carry out the verification.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception NoSuchProviderException if there's no default provider.
* @exception SignatureException on signature errors.
* @exception CertificateException on encoding errors.
*/
public abstract void verify(PublicKey key)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException,
SignatureException;
Verifies that this certificate was signed using the
private key that corresponds to the specified public key.
This method uses the signature verification engine
supplied by the specified provider.
Params: - key – the PublicKey used to carry out the verification.
- sigProvider – the name of the signature provider.
Throws: - NoSuchAlgorithmException – on unsupported signature
algorithms.
- InvalidKeyException – on incorrect key.
- NoSuchProviderException – on incorrect provider.
- SignatureException – on signature errors.
- CertificateException – on encoding errors.
/**
* Verifies that this certificate was signed using the
* private key that corresponds to the specified public key.
* This method uses the signature verification engine
* supplied by the specified provider.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the name of the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception NoSuchProviderException on incorrect provider.
* @exception SignatureException on signature errors.
* @exception CertificateException on encoding errors.
*/
public abstract void verify(PublicKey key, String sigProvider)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, NoSuchProviderException,
SignatureException;
Verifies that this certificate was signed using the
private key that corresponds to the specified public key.
This method uses the signature verification engine
supplied by the specified provider. Note that the specified
Provider object does not have to be registered in the provider list.
This method was added to version 1.8 of the Java Platform Standard Edition. In order to maintain backwards compatibility with existing service providers, this method cannot be abstract
and by default throws an UnsupportedOperationException
.
Params: - key – the PublicKey used to carry out the verification.
- sigProvider – the signature provider.
Throws: - NoSuchAlgorithmException – on unsupported signature
algorithms.
- InvalidKeyException – on incorrect key.
- SignatureException – on signature errors.
- CertificateException – on encoding errors.
- UnsupportedOperationException – if the method is not supported
Since: 1.8
/**
* Verifies that this certificate was signed using the
* private key that corresponds to the specified public key.
* This method uses the signature verification engine
* supplied by the specified provider. Note that the specified
* Provider object does not have to be registered in the provider list.
*
* <p> This method was added to version 1.8 of the Java Platform
* Standard Edition. In order to maintain backwards compatibility with
* existing service providers, this method cannot be {@code abstract}
* and by default throws an {@code UnsupportedOperationException}.
*
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider.
*
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CertificateException on encoding errors.
* @exception UnsupportedOperationException if the method is not supported
* @since 1.8
*/
public void verify(PublicKey key, Provider sigProvider)
throws CertificateException, NoSuchAlgorithmException,
InvalidKeyException, SignatureException {
throw new UnsupportedOperationException();
}
Returns a string representation of this certificate.
Returns: a string representation of this certificate.
/**
* Returns a string representation of this certificate.
*
* @return a string representation of this certificate.
*/
public abstract String toString();
Gets the public key from this certificate.
Returns: the public key.
/**
* Gets the public key from this certificate.
*
* @return the public key.
*/
public abstract PublicKey getPublicKey();
Alternate Certificate class for serialization.
Since: 1.3
/**
* Alternate Certificate class for serialization.
* @since 1.3
*/
protected static class CertificateRep implements java.io.Serializable {
private static final long serialVersionUID = -8563758940495660020L;
private String type;
private byte[] data;
Construct the alternate Certificate class with the Certificate
type and Certificate encoding bytes.
Params: - type – the standard name of the Certificate type.
- data – the Certificate data.
/**
* Construct the alternate Certificate class with the Certificate
* type and Certificate encoding bytes.
*
* @param type the standard name of the Certificate type.
*
* @param data the Certificate data.
*/
protected CertificateRep(String type, byte[] data) {
this.type = type;
this.data = data;
}
Resolve the Certificate Object.
Throws: - ObjectStreamException – if the Certificate
could not be resolved
Returns: the resolved Certificate Object
/**
* Resolve the Certificate Object.
*
* @return the resolved Certificate Object
*
* @throws java.io.ObjectStreamException if the Certificate
* could not be resolved
*/
protected Object readResolve() throws java.io.ObjectStreamException {
try {
CertificateFactory cf = CertificateFactory.getInstance(type);
return cf.generateCertificate
(new java.io.ByteArrayInputStream(data));
} catch (CertificateException e) {
throw new java.io.NotSerializableException
("java.security.cert.Certificate: " +
type +
": " +
e.getMessage());
}
}
}
Replace the Certificate to be serialized.
Throws: - ObjectStreamException – if a new object representing
this Certificate could not be created
Returns: the alternate Certificate object to be serialized Since: 1.3
/**
* Replace the Certificate to be serialized.
*
* @return the alternate Certificate object to be serialized
*
* @throws java.io.ObjectStreamException if a new object representing
* this Certificate could not be created
* @since 1.3
*/
protected Object writeReplace() throws java.io.ObjectStreamException {
try {
return new CertificateRep(type, getEncoded());
} catch (CertificateException e) {
throw new java.io.NotSerializableException
("java.security.cert.Certificate: " +
type +
": " +
e.getMessage());
}
}
}