View Javadoc
1   /*
2    * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4    *
5    * This code is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU General Public License version 2 only, as
7    * published by the Free Software Foundation.  Oracle designates this
8    * particular file as subject to the "Classpath" exception as provided
9    * by Oracle in the LICENSE file that accompanied this code.
10   *
11   * This code is distributed in the hope that it will be useful, but WITHOUT
12   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13   * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14   * version 2 for more details (a copy is included in the LICENSE file that
15   * accompanied this code).
16   *
17   * You should have received a copy of the GNU General Public License version
18   * 2 along with this work; if not, write to the Free Software Foundation,
19   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20   *
21   * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22   * or visit www.oracle.com if you need additional information or have any
23   * questions.
24   */
25  
26  package java.security.cert;
27  
28  import java.util.Arrays;
29  
30  import java.security.Provider;
31  import java.security.PublicKey;
32  import java.security.NoSuchAlgorithmException;
33  import java.security.NoSuchProviderException;
34  import java.security.InvalidKeyException;
35  import java.security.SignatureException;
36  
37  import sun.security.x509.X509CertImpl;
38  
39  /**
40   * <p>Abstract class for managing a variety of identity certificates.
41   * An identity certificate is a binding of a principal to a public key which
42   * is vouched for by another principal.  (A principal represents
43   * an entity such as an individual user, a group, or a corporation.)
44   *<p>
45   * This class is an abstraction for certificates that have different
46   * formats but important common uses.  For example, different types of
47   * certificates, such as X.509 and PGP, share general certificate
48   * functionality (like encoding and verifying) and
49   * some types of information (like a public key).
50   * <p>
51   * X.509, PGP, and SDSI certificates can all be implemented by
52   * subclassing the Certificate class, even though they contain different
53   * sets of information, and they store and retrieve the information in
54   * different ways.
55   *
56   * @see X509Certificate
57   * @see CertificateFactory
58   *
59   * @author Hemma Prafullchandra
60   */
61  
62  public abstract class Certificate implements java.io.Serializable {
63  
64      private static final long serialVersionUID = -3585440601605666277L;
65  
66      // the certificate type
67      private final String type;
68  
69      /** Cache the hash code for the certiticate */
70      private int hash = -1; // Default to -1
71  
72      /**
73       * Creates a certificate of the specified type.
74       *
75       * @param type the standard name of the certificate type.
76       * See the CertificateFactory section in the <a href=
77       * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
78       * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
79       * for information about standard certificate types.
80       */
81      protected Certificate(String type) {
82          this.type = type;
83      }
84  
85      /**
86       * Returns the type of this certificate.
87       *
88       * @return the type of this certificate.
89       */
90      public final String getType() {
91          return this.type;
92      }
93  
94      /**
95       * Compares this certificate for equality with the specified
96       * object. If the {@code other} object is an
97       * {@code instanceof} {@code Certificate}, then
98       * its encoded form is retrieved and compared with the
99       * encoded form of this certificate.
100      *
101      * @param other the object to test for equality with this certificate.
102      * @return true iff the encoded forms of the two certificates
103      * match, false otherwise.
104      */
105     public boolean equals(Object other) {
106         if (this == other) {
107             return true;
108         }
109         if (!(other instanceof Certificate)) {
110             return false;
111         }
112         try {
113             byte[] thisCert = X509CertImpl.getEncodedInternal(this);
114             byte[] otherCert = X509CertImpl.getEncodedInternal((Certificate)other);
115 
116             return Arrays.equals(thisCert, otherCert);
117         } catch (CertificateException e) {
118             return false;
119         }
120     }
121 
122     /**
123      * Returns a hashcode value for this certificate from its
124      * encoded form.
125      *
126      * @return the hashcode value.
127      */
128     public int hashCode() {
129         int h = hash;
130         if (h == -1) {
131             try {
132                 h = Arrays.hashCode(X509CertImpl.getEncodedInternal(this));
133             } catch (CertificateException e) {
134                 h = 0;
135             }
136             hash = h;
137         }
138         return h;
139     }
140 
141     /**
142      * Returns the encoded form of this certificate. It is
143      * assumed that each certificate type would have only a single
144      * form of encoding; for example, X.509 certificates would
145      * be encoded as ASN.1 DER.
146      *
147      * @return the encoded form of this certificate
148      *
149      * @exception CertificateEncodingException if an encoding error occurs.
150      */
151     public abstract byte[] getEncoded()
152         throws CertificateEncodingException;
153 
154     /**
155      * Verifies that this certificate was signed using the
156      * private key that corresponds to the specified public key.
157      *
158      * @param key the PublicKey used to carry out the verification.
159      *
160      * @exception NoSuchAlgorithmException on unsupported signature
161      * algorithms.
162      * @exception InvalidKeyException on incorrect key.
163      * @exception NoSuchProviderException if there's no default provider.
164      * @exception SignatureException on signature errors.
165      * @exception CertificateException on encoding errors.
166      */
167     public abstract void verify(PublicKey key)
168         throws CertificateException, NoSuchAlgorithmException,
169         InvalidKeyException, NoSuchProviderException,
170         SignatureException;
171 
172     /**
173      * Verifies that this certificate was signed using the
174      * private key that corresponds to the specified public key.
175      * This method uses the signature verification engine
176      * supplied by the specified provider.
177      *
178      * @param key the PublicKey used to carry out the verification.
179      * @param sigProvider the name of the signature provider.
180      *
181      * @exception NoSuchAlgorithmException on unsupported signature
182      * algorithms.
183      * @exception InvalidKeyException on incorrect key.
184      * @exception NoSuchProviderException on incorrect provider.
185      * @exception SignatureException on signature errors.
186      * @exception CertificateException on encoding errors.
187      */
188     public abstract void verify(PublicKey key, String sigProvider)
189         throws CertificateException, NoSuchAlgorithmException,
190         InvalidKeyException, NoSuchProviderException,
191         SignatureException;
192 
193     /**
194      * Verifies that this certificate was signed using the
195      * private key that corresponds to the specified public key.
196      * This method uses the signature verification engine
197      * supplied by the specified provider. Note that the specified
198      * Provider object does not have to be registered in the provider list.
199      *
200      * <p> This method was added to version 1.8 of the Java Platform
201      * Standard Edition. In order to maintain backwards compatibility with
202      * existing service providers, this method cannot be {@code abstract}
203      * and by default throws an {@code UnsupportedOperationException}.
204      *
205      * @param key the PublicKey used to carry out the verification.
206      * @param sigProvider the signature provider.
207      *
208      * @exception NoSuchAlgorithmException on unsupported signature
209      * algorithms.
210      * @exception InvalidKeyException on incorrect key.
211      * @exception SignatureException on signature errors.
212      * @exception CertificateException on encoding errors.
213      * @exception UnsupportedOperationException if the method is not supported
214      * @since 1.8
215      */
216     public void verify(PublicKey key, Provider sigProvider)
217         throws CertificateException, NoSuchAlgorithmException,
218         InvalidKeyException, SignatureException {
219         throw new UnsupportedOperationException();
220     }
221 
222     /**
223      * Returns a string representation of this certificate.
224      *
225      * @return a string representation of this certificate.
226      */
227     public abstract String toString();
228 
229     /**
230      * Gets the public key from this certificate.
231      *
232      * @return the public key.
233      */
234     public abstract PublicKey getPublicKey();
235 
236     /**
237      * Alternate Certificate class for serialization.
238      * @since 1.3
239      */
240     protected static class CertificateRep implements java.io.Serializable {
241 
242         private static final long serialVersionUID = -8563758940495660020L;
243 
244         private String type;
245         private byte[] data;
246 
247         /**
248          * Construct the alternate Certificate class with the Certificate
249          * type and Certificate encoding bytes.
250          *
251          * <p>
252          *
253          * @param type the standard name of the Certificate type. <p>
254          *
255          * @param data the Certificate data.
256          */
257         protected CertificateRep(String type, byte[] data) {
258             this.type = type;
259             this.data = data;
260         }
261 
262         /**
263          * Resolve the Certificate Object.
264          *
265          * <p>
266          *
267          * @return the resolved Certificate Object
268          *
269          * @throws java.io.ObjectStreamException if the Certificate
270          *      could not be resolved
271          */
272         protected Object readResolve() throws java.io.ObjectStreamException {
273             try {
274                 CertificateFactory cf = CertificateFactory.getInstance(type);
275                 return cf.generateCertificate
276                         (new java.io.ByteArrayInputStream(data));
277             } catch (CertificateException e) {
278                 throw new java.io.NotSerializableException
279                                 ("java.security.cert.Certificate: " +
280                                 type +
281                                 ": " +
282                                 e.getMessage());
283             }
284         }
285     }
286 
287     /**
288      * Replace the Certificate to be serialized.
289      *
290      * @return the alternate Certificate object to be serialized
291      *
292      * @throws java.io.ObjectStreamException if a new object representing
293      * this Certificate could not be created
294      * @since 1.3
295      */
296     protected Object writeReplace() throws java.io.ObjectStreamException {
297         try {
298             return new CertificateRep(type, getEncoded());
299         } catch (CertificateException e) {
300             throw new java.io.NotSerializableException
301                                 ("java.security.cert.Certificate: " +
302                                 type +
303                                 ": " +
304                                 e.getMessage());
305         }
306     }
307 }