/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @author Alexander Y. Kleymenov
* @version $Revision$
*/
package org.apache.harmony.security.provider.cert;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertPath;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.harmony.security.asn1.ASN1Any;
import org.apache.harmony.security.asn1.ASN1Explicit;
import org.apache.harmony.security.asn1.ASN1Implicit;
import org.apache.harmony.security.asn1.ASN1Oid;
import org.apache.harmony.security.asn1.ASN1Sequence;
import org.apache.harmony.security.asn1.ASN1SequenceOf;
import org.apache.harmony.security.asn1.ASN1Type;
import org.apache.harmony.security.asn1.BerInputStream;
import org.apache.harmony.security.internal.nls.Messages;
import org.apache.harmony.security.pkcs7.ContentInfo;
import org.apache.harmony.security.pkcs7.SignedData;
import org.apache.harmony.security.x509.Certificate;
/**
* This class is an implementation of X.509 CertPath. This implementation
* provides ability to create the instance of X.509 Certification Path
* by several means:
*
* 1. It can be created over the list of X.509 certificates
* (implementations of X509Certificate class) provided in constructor.
*
* 2. It can be created by means of getInstance
methods
* on the base of the following ASN.1 DER encoded forms:
*
* - PkiPath as defined in
* ITU-T Recommendation X.509(2000) Corrigendum 1(2001)
* (can be seen at
* ftp://ftp.bull.com/pub/OSIdirectory/DefectResolution/TechnicalCorrigenda/ApprovedTechnicalCorrigendaToX.509/8%7CX.509-TC1(4th).pdf)
*
* - PKCS #7 SignedData object provided in the form of
* ContentInfo structure. CertPath object is generated on the base of
* certificates presented in certificates
field of the SignedData
* object which in its turn is retrieved from ContentInfo structure.
* (see http://www.ietf.org/rfc/rfc2315.txt
* for more info on PKCS #7)
*
*
*/
public class X509CertPathImpl extends CertPath {
/**
* @serial
*/
private static final long serialVersionUID = 7989755106209515436L;
// supported encoding types:
public static final int PKI_PATH = 0;
public static final int PKCS7 = 1;
// supported encoding names
private static final String[] encodingsArr =
new String[] {"PkiPath", "PKCS7"}; //$NON-NLS-1$ //$NON-NLS-2$
static final List encodings = Collections.unmodifiableList(
Arrays.asList(encodingsArr));
// the list of certificates representing this certification path
private final List certificates;
// PkiPath encoding of the certification path
private byte[] pkiPathEncoding;
// PKCS7 encoding of the certification path
private byte[] pkcs7Encoding;
/**
* Creates an instance of X.509 Certification Path over the specified
* list of certificates.
* @throws CertificateException if some of the object in the list
* is not an instance of subclass of X509Certificate.
*/
public X509CertPathImpl(List certs) throws CertificateException {
super("X.509"); //$NON-NLS-1$
int size = certs.size();
certificates = new ArrayList(size);
for (int i=0; iencoding.
* @throws CertificateException if specified encoding form is not supported,
* or some problems occurred during the decoding.
*/
public static X509CertPathImpl getInstance(InputStream in, String encoding)
throws CertificateException {
if (!encodings.contains(encoding)) {
throw new CertificateException(
Messages.getString("security.15F", encoding)); //$NON-NLS-1$
}
try {
if (encodingsArr[0].equals(encoding)) {
// generate the object from PkiPath encoded form
return (X509CertPathImpl) ASN1.decode(in);
} else {
// generate the object from PKCS #7 encoded form
ContentInfo ci = (ContentInfo) ContentInfo.ASN1.decode(in);
SignedData sd = ci.getSignedData();
if (sd == null) {
throw new CertificateException(
Messages.getString("security.160")); //$NON-NLS-1$
}
List certs = sd.getCertificates();
if (certs == null) {
// empty chain of certificates
certs = new ArrayList();
}
List result = new ArrayList();
for (int i=0; iencoding.
* @throws CertificateException if specified encoding form is not supported,
* or some problems occurred during the decoding.
*/
public static X509CertPathImpl getInstance(byte[] in, String encoding)
throws CertificateException {
if (!encodings.contains(encoding)) {
throw new CertificateException(
Messages.getString("security.15F", encoding)); //$NON-NLS-1$
}
try {
if (encodingsArr[0].equals(encoding)) {
// generate the object from PkiPath encoded form
return (X509CertPathImpl) ASN1.decode(in);
} else {
// generate the object from PKCS #7 encoded form
ContentInfo ci = (ContentInfo) ContentInfo.ASN1.decode(in);
SignedData sd = ci.getSignedData();
if (sd == null) {
throw new CertificateException(
Messages.getString("security.160")); //$NON-NLS-1$
}
List certs = sd.getCertificates();
if (certs == null) {
certs = new ArrayList();
}
List result = new ArrayList();
for (int i=0; i