151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 2199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage javax.security.cert; 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.PublicKey; 3051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.NoSuchAlgorithmException; 3151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.NoSuchProviderException; 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.InvalidKeyException; 3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.SignatureException; 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>Abstract class for managing a variety of identity certificates. 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * An identity certificate is a guarantee by a principal that 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * a public key is that of another principal. (A principal represents 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * an entity such as an individual user, a group, or a corporation.) 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *<p> 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This class is an abstraction for certificates that have different 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * formats but important common uses. For example, different types of 4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificates, such as X.509 and PGP, share general certificate 4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * functionality (like encoding and verifying) and 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * some types of information (like a public key). 4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * X.509, PGP, and SDSI certificates can all be implemented by 4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * subclassing the Certificate class, even though they contain different 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * sets of information, and they store and retrieve the information in 5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * different ways. 5151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 52199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * <p><em>Note: The classes in the package {@code javax.security.cert} 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * exist for compatibility with earlier versions of the 5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Java Secure Sockets Extension (JSSE). New applications should instead 5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * use the standard Java SE certificate classes located in 56199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * {@code java.security.cert}.</em></p> 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see X509Certificate 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Hemma Prafullchandra 6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic abstract class Certificate { 6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Compares this certificate for equality with the specified 67199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * object. If the {@code other} object is an 68199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * {@code instanceof} {@code Certificate}, then 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * its encoded form is retrieved and compared with the 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * encoded form of this certificate. 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param other the object to test for equality with this certificate. 7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return true if the encoded forms of the two certificates 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * match, false otherwise. 7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 7651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public boolean equals(Object other) { 7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (this == other) 7851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return true; 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (!(other instanceof Certificate)) 8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return false; 8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] thisCert = this.getEncoded(); 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] otherCert = ((Certificate)other).getEncoded(); 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (thisCert.length != otherCert.length) 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return false; 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (int i = 0; i < thisCert.length; i++) 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (thisCert[i] != otherCert[i]) 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return false; 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return true; 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (CertificateException e) { 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return false; 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 9551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 9751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns a hashcode value for this certificate from its 9851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * encoded form. 9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the hashcode value. 10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 10251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public int hashCode() { 10351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski int retval = 0; 10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 10551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski byte[] certData = this.getEncoded(); 10651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski for (int i = 1; i < certData.length; i++) { 10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski retval += certData[i] * i; 10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return (retval); 11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (CertificateException e) { 11151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return (retval); 11251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns the encoded form of this certificate. It is 11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * assumed that each certificate type would have only a single 11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * form of encoding; for example, X.509 certificates would 11951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * be encoded as ASN.1 DER. 12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return encoded form of this certificate 12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateEncodingException on internal certificate 12351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * encoding failure 12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 12551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract byte[] getEncoded() throws CertificateEncodingException; 12651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Verifies that this certificate was signed using the 12951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * private key that corresponds to the specified public key. 13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param key the PublicKey used to carry out the verification. 13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception NoSuchAlgorithmException on unsupported signature 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * algorithms. 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception InvalidKeyException on incorrect key. 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception NoSuchProviderException if there's no default provider. 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception SignatureException on signature errors. 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException on encoding errors. 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void verify(PublicKey key) 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateException, NoSuchAlgorithmException, 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski InvalidKeyException, NoSuchProviderException, 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski SignatureException; 14451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 14551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 14651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Verifies that this certificate was signed using the 14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * private key that corresponds to the specified public key. 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This method uses the signature verification engine 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * supplied by the specified provider. 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param key the PublicKey used to carry out the verification. 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param sigProvider the name of the signature provider. 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception NoSuchAlgorithmException on unsupported signature algorithms. 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception InvalidKeyException on incorrect key. 15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception NoSuchProviderException on incorrect provider. 15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception SignatureException on signature errors. 15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException on encoding errors. 15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 15951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void verify(PublicKey key, String sigProvider) 16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateException, NoSuchAlgorithmException, 16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski InvalidKeyException, NoSuchProviderException, 16251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski SignatureException; 16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Returns a string representation of this certificate. 16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a string representation of this certificate. 16851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 16951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract String toString(); 17051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 17151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 17251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the public key from this certificate. 17351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 17451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the public key. 17551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 17651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract PublicKey getPublicKey(); 17751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 178