151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 294c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. 351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage java.security.cert; 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.io.InputStream; 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.Collection; 3051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.Iterator; 3151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.List; 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.Provider; 3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.Security; 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.AccessController; 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.PrivilegedAction; 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.NoSuchAlgorithmException; 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.NoSuchProviderException; 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.security.jca.*; 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport sun.security.jca.GetInstance.Instance; 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This class defines the functionality of a certificate factory, which is 4494c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * used to generate certificate, certification path ({@code CertPath}) 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * and certificate revocation list (CRL) objects from their encodings. 4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>For encodings consisting of multiple certificates, use 4894c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code generateCertificates} when you want to 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * parse a collection of possibly unrelated certificates. Otherwise, 5094c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * use {@code generateCertPath} when you want to generate 5194c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * a {@code CertPath} (a certificate chain) and subsequently 5294c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * validate it with a {@code CertPathValidator}. 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>A certificate factory for X.509 must return certificates that are an 5594c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * instance of {@code java.security.cert.X509Certificate}, and CRLs 5694c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * that are an instance of {@code java.security.cert.X509CRL}. 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>The following example reads a file with Base64 encoded certificates, 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * bounded at the end by -----END CERTIFICATE-----. We convert the 6194c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code FileInputStream} (which does not support {@code mark} 6294c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * and {@code reset}) to a {@code BufferedInputStream} (which 6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * supports those methods), so that each call to 6494c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code generateCertificate} consumes only one certificate, and the 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * read position of the input stream is positioned to the next certificate in 6694c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * the file: 6751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6894c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * <pre>{@code 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FileInputStream fis = new FileInputStream(filename); 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * BufferedInputStream bis = new BufferedInputStream(fis); 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateFactory cf = CertificateFactory.getInstance("X.509"); 7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * while (bis.available() > 0) { 7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Certificate cert = cf.generateCertificate(bis); 7651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * System.out.println(cert.toString()); 7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } 7894c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * }</pre> 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>The following example parses a PKCS#7-formatted certificate reply stored 8194c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * in a file and extracts all the certificates from it: 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FileInputStream fis = new FileInputStream(filename); 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateFactory cf = CertificateFactory.getInstance("X.509"); 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Collection c = cf.generateCertificates(fis); 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Iterator i = c.iterator(); 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * while (i.hasNext()) { 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Certificate cert = (Certificate)i.next(); 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * System.out.println(cert); 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 94444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <p> Android provides the following <code>CertificateFactory</code> types: 95444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <table> 96a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * <thead> 97a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * <tr> 98a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * <th>Algorithm</th> 99a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * <th>Supported API Levels</th> 100a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * </tr> 101a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * </thead> 102a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * <tbody> 103a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * <tr> 104a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * <td>X.509</td> 105a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * <td>1+</td> 106a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * </tr> 107a52aa9ffde23844fad4fd1980fdd129662afd0a4Adam Vartanian * </tbody> 108444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * </table> 1093f608065d645c5190cc02d0459d7529cc002a083Przemyslaw Szczepaniak * and the following <code>CertPath</code> encodings: 110444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <table> 111444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <thead> 112444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <tr> 113444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <th>Name</th> 114444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <th>Supported (API Levels)</th> 115444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * </tr> 116444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * </thead> 117444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <tbody> 118444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <tr> 119444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <td>PKCS7</td> 120444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <td>1+</td> 121444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * </tr> 122444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <tr> 123444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <td>PkiPath</td> 124444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * <td>1+</td> 125444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * </tr> 126444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * </tbody> 127444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * </table> 128444325bf794144dcdc90ab594232be2def307ca1Przemyslaw Szczepaniak * 12951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The type and encodings are described in the <a href= 130309f9df28350e15445b9135e8b710fa2b34b5dc1Yi Kong * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#CertificateFactory"> 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateFactory section</a> and the <a href= 132309f9df28350e15445b9135e8b710fa2b34b5dc1Yi Kong * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#CertPathEncodings"> 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertPath Encodings section</a> of the 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Java Cryptography Architecture Standard Algorithm Name Documentation. 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Hemma Prafullchandra 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Jan Luehe 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Sean Mullan 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see Certificate 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see X509Certificate 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see CertPath 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see CRL 14451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see X509CRL 14551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 14651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.2 14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic class CertificateFactory { 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // The certificate type 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private String type; 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // The provider 15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private Provider provider; 15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // The provider implementation 15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private CertificateFactorySpi certFacSpi; 15951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Creates a CertificateFactory object of the given type, and encapsulates 16251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the given provider implementation (SPI object) in it. 16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param certFacSpi the provider implementation. 16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param provider the provider. 16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param type the certificate type. 16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 16851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski protected CertificateFactory(CertificateFactorySpi certFacSpi, 16951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Provider provider, String type) 17051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { 17151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.certFacSpi = certFacSpi; 17251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.provider = provider; 17351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski this.type = type; 17451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 17551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 17651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 17751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns a certificate factory object that implements the 17851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * specified certificate type. 17951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 18051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> This method traverses the list of registered security Providers, 18151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * starting with the most preferred Provider. 18251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * A new CertificateFactory object encapsulating the 18351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateFactorySpi implementation from the first 18451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Provider that supports the specified type is returned. 18551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 18651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> Note that the list of registered providers may be retrieved via 18751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the {@link Security#getProviders() Security.getProviders()} method. 18851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 18951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param type the name of the requested certificate type. 19051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * See the CertificateFactory section in the <a href= 191309f9df28350e15445b9135e8b710fa2b34b5dc1Yi Kong * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#CertificateFactory"> 19251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 19351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for information about standard certificate types. 19451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 19551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a certificate factory object for the specified type. 19651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 19751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException if no Provider supports a 19851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateFactorySpi implementation for the 19951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * specified type. 20051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 20151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see java.security.Provider 20251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 20351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static final CertificateFactory getInstance(String type) 20451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateException { 20551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 20651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Instance instance = GetInstance.getInstance("CertificateFactory", 20751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski CertificateFactorySpi.class, type); 20851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return new CertificateFactory((CertificateFactorySpi)instance.impl, 20951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski instance.provider, type); 21051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (NoSuchAlgorithmException e) { 21151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CertificateException(type + " not found", e); 21251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 21351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 21451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 21551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 21651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns a certificate factory object for the specified 21751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate type. 21851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 21951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> A new CertificateFactory object encapsulating the 22051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateFactorySpi implementation from the specified provider 22151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is returned. The specified provider must be registered 22251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * in the security provider list. 22351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 22451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> Note that the list of registered providers may be retrieved via 22551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the {@link Security#getProviders() Security.getProviders()} method. 22651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 22751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param type the certificate type. 22851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * See the CertificateFactory section in the <a href= 229309f9df28350e15445b9135e8b710fa2b34b5dc1Yi Kong * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#CertificateFactory"> 23051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 23151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for information about standard certificate types. 23251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 23351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param provider the name of the provider. 23451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 23551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a certificate factory object for the specified type. 23651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 23751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException if a CertificateFactorySpi 23851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * implementation for the specified algorithm is not 23951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * available from the specified provider. 24051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 24151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception NoSuchProviderException if the specified provider is not 24251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * registered in the security provider list. 24351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 24451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception IllegalArgumentException if the provider name is null 24551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or empty. 24651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 24751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see java.security.Provider 24851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 24951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static final CertificateFactory getInstance(String type, 25051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski String provider) throws CertificateException, 25151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski NoSuchProviderException { 25251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 253491d88834d8af35b9701f92d972212d873dbb6a0Adam Vartanian // Android-added: Check for Bouncy Castle deprecation 254491d88834d8af35b9701f92d972212d873dbb6a0Adam Vartanian Providers.checkBouncyCastleDeprecation(provider, "CertificateFactory", type); 25551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Instance instance = GetInstance.getInstance("CertificateFactory", 25651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski CertificateFactorySpi.class, type, provider); 25751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return new CertificateFactory((CertificateFactorySpi)instance.impl, 25851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski instance.provider, type); 25951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (NoSuchAlgorithmException e) { 26051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CertificateException(type + " not found", e); 26151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 26251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 26351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 26451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 26551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns a certificate factory object for the specified 26651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate type. 26751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 26851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> A new CertificateFactory object encapsulating the 26951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateFactorySpi implementation from the specified Provider 27051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * object is returned. Note that the specified Provider object 27151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * does not have to be registered in the provider list. 27251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 27351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param type the certificate type. 27451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * See the CertificateFactory section in the <a href= 275309f9df28350e15445b9135e8b710fa2b34b5dc1Yi Kong * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#CertificateFactory"> 27651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 27751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for information about standard certificate types. 27851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param provider the provider. 27951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 28051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a certificate factory object for the specified type. 28151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 28251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException if a CertificateFactorySpi 28351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * implementation for the specified algorithm is not available 28451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * from the specified Provider object. 28551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 28694c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * @exception IllegalArgumentException if the {@code provider} is 28751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * null. 28851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 28951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see java.security.Provider 29051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 29151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4 29251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 29351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static final CertificateFactory getInstance(String type, 29451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Provider provider) throws CertificateException { 29551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 296491d88834d8af35b9701f92d972212d873dbb6a0Adam Vartanian // Android-added: Check for Bouncy Castle deprecation 297491d88834d8af35b9701f92d972212d873dbb6a0Adam Vartanian Providers.checkBouncyCastleDeprecation(provider, "CertificateFactory", type); 29851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Instance instance = GetInstance.getInstance("CertificateFactory", 29951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski CertificateFactorySpi.class, type, provider); 30051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return new CertificateFactory((CertificateFactorySpi)instance.impl, 30151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski instance.provider, type); 30251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (NoSuchAlgorithmException e) { 30351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CertificateException(type + " not found", e); 30451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 30551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 30651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 30751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 30851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the provider of this certificate factory. 30951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 31051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the provider of this certificate factory. 31151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 31251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public final Provider getProvider() { 31351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return this.provider; 31451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 31551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 31651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 31751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the name of the certificate type associated with this 31851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate factory. 31951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 32051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the name of the certificate type associated with this 32151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate factory. 32251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 32351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public final String getType() { 32451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return this.type; 32551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 32651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 32751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 32851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Generates a certificate object and initializes it with 32994c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * the data read from the input stream {@code inStream}. 33051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 33151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>In order to take advantage of the specialized certificate format 33251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * supported by this certificate factory, 33351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the returned certificate object can be typecast to the corresponding 33451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate class. For example, if this certificate 33551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * factory implements X.509 certificates, the returned certificate object 33694c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * can be typecast to the {@code X509Certificate} class. 33751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 33851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>In the case of a certificate factory for X.509 certificates, the 33994c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * certificate provided in {@code inStream} must be DER-encoded and 34051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * may be supplied in binary or printable (Base64) encoding. If the 34151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate is provided in Base64 encoding, it must be bounded at 34251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at 34351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the end by -----END CERTIFICATE-----. 34451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 34551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>Note that if the given input stream does not support 34651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link java.io.InputStream#mark(int) mark} and 34751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link java.io.InputStream#reset() reset}, this method will 34851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * consume the entire input stream. Otherwise, each call to this 34951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * method consumes one certificate and the read position of the 35051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * input stream is positioned to the next available byte after 35151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the inherent end-of-certificate marker. If the data in the input stream 35251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * does not contain an inherent end-of-certificate marker (other 35351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * than EOF) and there is trailing data after the certificate is parsed, a 35494c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code CertificateException} is thrown. 35551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 35651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param inStream an input stream with the certificate data. 35751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 35851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a certificate object initialized with the data 35951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * from the input stream. 36051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 36151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException on parsing errors. 36251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 36351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public final Certificate generateCertificate(InputStream inStream) 36451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateException 36551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { 36651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return certFacSpi.engineGenerateCertificate(inStream); 36751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 36851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 36951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 37094c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * Returns an iteration of the {@code CertPath} encodings supported 37151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by this certificate factory, with the default encoding first. See 37251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the CertPath Encodings section in the <a href= 373309f9df28350e15445b9135e8b710fa2b34b5dc1Yi Kong * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#CertPathEncodings"> 37451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 37551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for information about standard encoding names and their formats. 37651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 37794c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * Attempts to modify the returned {@code Iterator} via its 37894c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code remove} method result in an 37994c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code UnsupportedOperationException}. 38051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 38194c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * @return an {@code Iterator} over the names of the supported 38294c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code CertPath} encodings (as {@code String}s) 38351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4 38451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 38551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public final Iterator<String> getCertPathEncodings() { 38651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return(certFacSpi.engineGetCertPathEncodings()); 38751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 38851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 38951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 39094c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * Generates a {@code CertPath} object and initializes it with 39194c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * the data read from the {@code InputStream} inStream. The data 39251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is assumed to be in the default encoding. The name of the default 39394c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * encoding is the first element of the {@code Iterator} returned by 39451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the {@link #getCertPathEncodings getCertPathEncodings} method. 39551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 39694c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * @param inStream an {@code InputStream} containing the data 39794c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * @return a {@code CertPath} initialized with the data from the 39894c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code InputStream} 39951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException if an exception occurs while decoding 40051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4 40151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 40251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public final CertPath generateCertPath(InputStream inStream) 40351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateException 40451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { 40551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return(certFacSpi.engineGenerateCertPath(inStream)); 40651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 40751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 40851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 40994c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * Generates a {@code CertPath} object and initializes it with 41094c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * the data read from the {@code InputStream} inStream. The data 41151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is assumed to be in the specified encoding. See 41251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the CertPath Encodings section in the <a href= 413309f9df28350e15445b9135e8b710fa2b34b5dc1Yi Kong * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#CertPathEncodings"> 41451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 41551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for information about standard encoding names and their formats. 41651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 41794c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * @param inStream an {@code InputStream} containing the data 41851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param encoding the encoding used for the data 41994c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * @return a {@code CertPath} initialized with the data from the 42094c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code InputStream} 42151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException if an exception occurs while decoding or 42251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the encoding requested is not supported 42351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4 42451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 42551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public final CertPath generateCertPath(InputStream inStream, 42651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski String encoding) throws CertificateException 42751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { 42851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return(certFacSpi.engineGenerateCertPath(inStream, encoding)); 42951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 43051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 43151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 43294c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * Generates a {@code CertPath} object and initializes it with 43394c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * a {@code List} of {@code Certificate}s. 43451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 43551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The certificates supplied must be of a type supported by the 43694c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code CertificateFactory}. They will be copied out of the supplied 43794c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code List} object. 43851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 43994c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * @param certificates a {@code List} of {@code Certificate}s 44094c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * @return a {@code CertPath} initialized with the supplied list of 44151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificates 44251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException if an exception occurs 44351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4 44451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 44551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public final CertPath 44651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski generateCertPath(List<? extends Certificate> certificates) 44751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateException 44851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { 44951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return(certFacSpi.engineGenerateCertPath(certificates)); 45051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 45151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 45251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 45351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns a (possibly empty) collection view of the certificates read 45494c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * from the given input stream {@code inStream}. 45551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 45651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>In order to take advantage of the specialized certificate format 45751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * supported by this certificate factory, each element in 45851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the returned collection view can be typecast to the corresponding 45951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate class. For example, if this certificate 46051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * factory implements X.509 certificates, the elements in the returned 46194c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * collection can be typecast to the {@code X509Certificate} class. 46251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 46351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>In the case of a certificate factory for X.509 certificates, 46494c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code inStream} may contain a sequence of DER-encoded certificates 46551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * in the formats described for 46651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link #generateCertificate(java.io.InputStream) generateCertificate}. 46794c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * In addition, {@code inStream} may contain a PKCS#7 certificate 46851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * chain. This is a PKCS#7 <i>SignedData</i> object, with the only 46951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * significant field being <i>certificates</i>. In particular, the 47051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signature and the contents are ignored. This format allows multiple 47151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificates to be downloaded at once. If no certificates are present, 47251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * an empty collection is returned. 47351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 47451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>Note that if the given input stream does not support 47551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link java.io.InputStream#mark(int) mark} and 47651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link java.io.InputStream#reset() reset}, this method will 47751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * consume the entire input stream. 47851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 47951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param inStream the input stream with the certificates. 48051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 48151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a (possibly empty) collection view of 48251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * java.security.cert.Certificate objects 48351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * initialized with the data from the input stream. 48451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 48551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException on parsing errors. 48651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 48751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public final Collection<? extends Certificate> generateCertificates 48851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski (InputStream inStream) throws CertificateException { 48951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return certFacSpi.engineGenerateCertificates(inStream); 49051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 49151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 49251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 49351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Generates a certificate revocation list (CRL) object and initializes it 49494c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * with the data read from the input stream {@code inStream}. 49551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 49651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>In order to take advantage of the specialized CRL format 49751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * supported by this certificate factory, 49851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the returned CRL object can be typecast to the corresponding 49951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CRL class. For example, if this certificate 50051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * factory implements X.509 CRLs, the returned CRL object 50194c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * can be typecast to the {@code X509CRL} class. 50251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 50351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>Note that if the given input stream does not support 50451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link java.io.InputStream#mark(int) mark} and 50551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link java.io.InputStream#reset() reset}, this method will 50651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * consume the entire input stream. Otherwise, each call to this 50751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * method consumes one CRL and the read position of the input stream 50851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is positioned to the next available byte after the inherent 50951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * end-of-CRL marker. If the data in the 51051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * input stream does not contain an inherent end-of-CRL marker (other 51151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * than EOF) and there is trailing data after the CRL is parsed, a 51294c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code CRLException} is thrown. 51351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 51451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param inStream an input stream with the CRL data. 51551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 51651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a CRL object initialized with the data 51751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * from the input stream. 51851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 51951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CRLException on parsing errors. 52051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 52151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public final CRL generateCRL(InputStream inStream) 52251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CRLException 52351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski { 52451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return certFacSpi.engineGenerateCRL(inStream); 52551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 52651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 52751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 52851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns a (possibly empty) collection view of the CRLs read 52994c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * from the given input stream {@code inStream}. 53051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 53151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>In order to take advantage of the specialized CRL format 53251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * supported by this certificate factory, each element in 53351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the returned collection view can be typecast to the corresponding 53451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CRL class. For example, if this certificate 53551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * factory implements X.509 CRLs, the elements in the returned 53694c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * collection can be typecast to the {@code X509CRL} class. 53751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 53851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>In the case of a certificate factory for X.509 CRLs, 53994c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * {@code inStream} may contain a sequence of DER-encoded CRLs. 54094c24c5bb69f6dfec482f85f767ef0fc7dd98cbbSergio Giro * In addition, {@code inStream} may contain a PKCS#7 CRL 54151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * set. This is a PKCS#7 <i>SignedData</i> object, with the only 54251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * significant field being <i>crls</i>. In particular, the 54351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signature and the contents are ignored. This format allows multiple 54451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CRLs to be downloaded at once. If no CRLs are present, 54551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * an empty collection is returned. 54651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 54751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>Note that if the given input stream does not support 54851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link java.io.InputStream#mark(int) mark} and 54951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * {@link java.io.InputStream#reset() reset}, this method will 55051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * consume the entire input stream. 55151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 55251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param inStream the input stream with the CRLs. 55351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 55451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a (possibly empty) collection view of 55551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * java.security.cert.CRL objects initialized with the data from the input 55651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * stream. 55751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 55851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CRLException on parsing errors. 55951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 56051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public final Collection<? extends CRL> generateCRLs(InputStream inStream) 56151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CRLException { 56251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return certFacSpi.engineGenerateCRLs(inStream); 56351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 56451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 565