1. /*

  2.  * @(#)CertificateFactory.java	1.15 00/02/02

  3.  *

  4.  * Copyright 1998-2000 Sun Microsystems, Inc. All Rights Reserved.

  5.  * 

  6.  * This software is the proprietary information of Sun Microsystems, Inc.  

  7.  * Use is subject to license terms.

  8.  * 

  9.  */

  10. 

  11. package java.security.cert;

  12. 

  13. import java.io.InputStream;

  14. import java.util.Collection;

  15. import java.security.Provider;

  16. import java.security.AccessController;

  17. import java.security.PrivilegedAction;

  18. import java.security.NoSuchAlgorithmException;

  19. import java.security.NoSuchProviderException;

  20. import java.lang.reflect.Method;

  21. import java.lang.reflect.InvocationTargetException;

  22. 

  23. /**

  24.  * This class defines the functionality of a certificate factory, which is

  25.  * used to generate certificate and certificate revocation list (CRL) objects

  26.  * from their encodings.

  27.  *

  28.  * <p>A certificate factory for X.509 must return certificates that are an

  29.  * instance of <code>java.security.cert.X509Certificate</code>, and CRLs

  30.  * that are an instance of <code>java.security.cert.X509CRL</code>.

  31.  *

  32.  * <p>The following example reads a file with Base64 encoded certificates,

  33.  * which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and

  34.  * bounded at the end by -----END CERTIFICATE-----. We convert the

  35.  * <code>FileInputStream</code> (which does not support <code>mark</code>

  36.  * and <code>reset</code>) to a <code>ByteArrayInputStream</code> (which

  37.  * supports those methods), so that each call to

  38.  * <code>generateCertificate</code> consumes only one certificate, and the

  39.  * read position of the input stream is positioned to the next certificate in

  40.  * the file:<p>

  41.  *

  42.  * <pre>

  43.  * FileInputStream fis = new FileInputStream(filename);

  44.  * DataInputStream dis = new DataInputStream(fis);

  45.  *

  46.  * CertificateFactory cf = CertificateFactory.getInstance("X.509");

  47.  *

  48.  * byte[] bytes = new byte[dis.available()];

  49.  * dis.readFully(bytes);

  50.  * ByteArrayInputStream bais = new ByteArrayInputStream(bytes);

  51.  *

  52.  * while (bais.available() > 0) {

  53.  *    Certificate cert = cf.generateCertificate(bais);

  54.  *    System.out.println(cert.toString());

  55.  * }

  56.  * </pre>

  57.  *

  58.  * <p>The following example parses a PKCS#7-formatted certificate reply stored

  59.  * in a file and extracts all the certificates from it:<p>

  60.  *

  61.  * <pre>

  62.  * FileInputStream fis = new FileInputStream(filename);

  63.  * CertificateFactory cf = CertificateFactory.getInstance("X.509");

  64.  * Collection c = cf.generateCertificates(fis);

  65.  * Iterator i = c.iterator();

  66.  * while (i.hasNext()) {

  67.  *    Certificate cert = (Certificate)i.next();

  68.  *    System.out.println(cert);

  69.  * }

  70.  * </pre>

  71.  *

  72.  * @author Hemma Prafullchandra

  73.  * @author Jan Luehe

  74.  *

  75.  * @version 1.15, 02/02/00

  76.  *

  77.  * @see Certificate

  78.  * @see X509Certificate

  79.  * @see CRL

  80.  * @see X509CRL

  81.  *

  82.  * @since 1.2

  83.  */

  84. 

  85. public class CertificateFactory {

  86.     // for use with the reflection API

  87.     private static final Class cl = java.security.Security.class;

  88.     private static final Class[] GET_IMPL_PARAMS = { String.class,

  89. 						     String.class,

  90. 						     String.class };

  91.     private static Method implMethod;

  92. 

  93.     static {

  94. 	implMethod = (Method)

  95. 	    AccessController.doPrivileged(new PrivilegedAction() {

  96. 	    public Object run() {

  97. 		Method m = null;

  98. 		try {

  99. 		    m = cl.getDeclaredMethod("getImpl", GET_IMPL_PARAMS);

  100. 		    if (m != null)

  101. 			m.setAccessible(true);

  102. 		} catch (NoSuchMethodException nsme) {

  103. 		}

  104. 		return m;

  105. 	    }

  106. 	});

  107.     }

  108. 

  109.     // The certificate type

  110.     private String type;

  111. 

  112.     // The provider

  113.     private Provider provider;

  114. 

  115.     // The provider implementation

  116.     private CertificateFactorySpi certFacSpi;

  117. 

  118.     /**

  119.      * Creates a CertificateFactory object of the given type, and encapsulates

  120.      * the given provider implementation (SPI object) in it.

  121.      *

  122.      * @param certFacSpi the provider implementation.

  123.      * @param provider the provider.

  124.      * @param type the certificate type.

  125.      */

  126.     protected CertificateFactory(CertificateFactorySpi certFacSpi,

  127. 				 Provider provider, String type)

  128.     {

  129. 	this.certFacSpi = certFacSpi;

  130. 	this.provider = provider;

  131. 	this.type = type;

  132.     }

  133. 

  134.     /**

  135.      * Generates a certificate factory object that implements the

  136.      * specified certificate type. If the default provider package

  137.      * provides an implementation of the requested certificate type,

  138.      * an instance of certificate factory containing that

  139.      * implementation is returned.

  140.      * If the type is not available in the default

  141.      * package, other packages are searched.

  142.      *

  143.      * @param type the name of the requested certificate type.

  144.      * See Appendix A in the <a href=

  145.      * "../../../../guide/security/CryptoSpec.html#AppA">

  146.      * Java Cryptography Architecture API Specification & Reference </a>

  147.      * for information about standard certificate types.

  148.      *

  149.      * @return a certificate factory object for the specified type.

  150.      *

  151.      * @exception CertificateException if the requested certificate type is

  152.      * not available in the default provider package or any of the other

  153.      * provider packages that were searched.

  154.      */

  155.     public static final CertificateFactory getInstance(String type)

  156. 	throws CertificateException

  157.     {

  158. 	try {

  159. 	    if (implMethod == null) {

  160. 		throw new CertificateException(type + " not found");

  161. 	    }

  162. 

  163. 	    // The underlying method is static, so we set the object

  164. 	    // argument to null.

  165. 	    Object[] objs = (Object[])implMethod.invoke(null,

  166. 					       new Object[]

  167. 					       { type,

  168. 						 "CertificateFactory",

  169. 						 null

  170. 					       } );

  171. 	    return new CertificateFactory((CertificateFactorySpi)objs[0],

  172. 					  (Provider)objs[1], type);

  173. 	} catch (IllegalAccessException iae) {

  174. 	    throw new CertificateException(type + " not found");

  175. 	} catch (InvocationTargetException ite) {

  176. 	    throw new CertificateException(type + " not found");

  177. 	}

  178.     }

  179. 

  180.     /**

  181.      * Generates a certificate factory object for the specified

  182.      * certificate type from the specified provider.

  183.      *

  184.      * @param type the certificate type

  185.      * @param provider the name of the provider.

  186.      *

  187.      * @return a certificate factory object for the specified type.

  188.      *

  189.      * @exception CertificateException if the certificate type is

  190.      * not available from the specified provider.

  191.      *

  192.      * @exception NoSuchProviderException if the provider has not been

  193.      * configured.

  194.      *

  195.      * @see Provider

  196.      */

  197.     public static final CertificateFactory getInstance(String type,

  198. 					  	       String provider)

  199. 	throws CertificateException, NoSuchProviderException

  200.     {

  201. 	if (provider == null || provider.length() == 0)

  202. 	    throw new IllegalArgumentException("missing provider");

  203. 	try {

  204. 	    if (implMethod == null) {

  205. 		throw new CertificateException(type + " not found");

  206. 	    }

  207. 

  208. 	    // The underlying method is static, so we set the object

  209. 	    // argument to null.

  210. 	    Object[] objs = (Object[])implMethod.invoke(null,

  211. 					       new Object[]

  212. 					       { type,

  213. 						 "CertificateFactory",

  214. 						 provider

  215. 					       } );

  216. 	    return new CertificateFactory((CertificateFactorySpi)objs[0],

  217. 					  (Provider)objs[1], type);

  218. 	} catch (IllegalAccessException iae) {

  219. 	    throw new CertificateException(type + " not found");

  220. 	} catch (InvocationTargetException ite) {

  221. 	    Throwable t = ite.getTargetException();

  222. 	    if (t!=null && t instanceof NoSuchProviderException) {

  223. 		throw (NoSuchProviderException)t;

  224. 	    } else {

  225. 		throw new CertificateException(type + " not found");

  226. 	    }

  227. 	}

  228.     }

  229. 

  230.     /**

  231.      * Returns the provider of this certificate factory.

  232.      *

  233.      * @return the provider of this certificate factory.

  234.      */

  235.     public final Provider getProvider() {

  236. 	return this.provider;

  237.     }

  238. 

  239.     /**

  240.      * Returns the name of the certificate type associated with this

  241.      * certificate factory.

  242.      *

  243.      * @return the name of the certificate type associated with this

  244.      * certificate factory.

  245.      */

  246.     public final String getType() {

  247. 	return this.type;

  248.     }

  249. 

  250.     /**

  251.      * Generates a certificate object and initializes it with

  252.      * the data read from the input stream <code>inStream</code>.

  253.      *

  254.      * <p>The given input stream <code>inStream</code> must contain a single

  255.      * certificate.

  256.      *

  257.      * <p>In order to take advantage of the specialized certificate format

  258.      * supported by this certificate factory,

  259.      * the returned certificate object can be typecast to the corresponding

  260.      * certificate class. For example, if this certificate

  261.      * factory implements X.509 certificates, the returned certificate object

  262.      * can be typecast to the <code>X509Certificate</code> class.

  263.      *

  264.      * <p>In the case of a certificate factory for X.509 certificates, the

  265.      * certificate provided in <code>inStream</code> must be DER-encoded and

  266.      * may be supplied in binary or printable (Base64) encoding. If the

  267.      * certificate is provided in Base64 encoding, it must be bounded at

  268.      * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at

  269.      * the end by -----END CERTIFICATE-----.

  270.      *

  271.      * <p>Note that if the given input stream does not support

  272.      * {@link java.io.InputStream#mark(int) mark} and

  273.      * {@link java.io.InputStream#reset() reset}, this method will

  274.      * consume the entire input stream.

  275.      *

  276.      * @param inStream an input stream with the certificate data.

  277.      *

  278.      * @return a certificate object initialized with the data

  279.      * from the input stream.

  280.      *

  281.      * @exception CertificateException on parsing errors.

  282.      */

  283.     public final Certificate generateCertificate(InputStream inStream)

  284.         throws CertificateException

  285.     {

  286. 	return certFacSpi.engineGenerateCertificate(inStream);

  287.     }

  288. 

  289.     /**

  290.      * Returns a (possibly empty) collection view of the certificates read

  291.      * from the given input stream <code>inStream</code>.

  292.      *

  293.      * <p>In order to take advantage of the specialized certificate format

  294.      * supported by this certificate factory, each element in

  295.      * the returned collection view can be typecast to the corresponding

  296.      * certificate class. For example, if this certificate

  297.      * factory implements X.509 certificates, the elements in the returned

  298.      * collection can be typecast to the <code>X509Certificate</code> class.

  299.      *

  300.      * <p>In the case of a certificate factory for X.509 certificates,

  301.      * <code>inStream</code> may contain a sequence of DER-encoded certificates

  302.      * in the formats described for

  303.      * {@link #generateCertificate(java.io.InputStream) generateCertificate}.

  304.      * In addition, <code>inStream</code> may contain a PKCS#7 certificate

  305.      * chain. This is a PKCS#7 <i>SignedData</i> object, with the only

  306.      * significant field being <i>certificates</i>. In particular, the

  307.      * signature and the contents are ignored. This format allows multiple

  308.      * certificates to be downloaded at once. If no certificates are present,

  309.      * an empty collection is returned.

  310.      *

  311.      * <p>Note that if the given input stream does not support

  312.      * {@link java.io.InputStream#mark(int) mark} and

  313.      * {@link java.io.InputStream#reset() reset}, this method will

  314.      * consume the entire input stream.

  315.      *

  316.      * @param inStream the input stream with the certificates.

  317.      *

  318.      * @return a (possibly empty) collection view of

  319.      * java.security.cert.Certificate objects

  320.      * initialized with the data from the input stream.

  321.      *

  322.      * @exception CertificateException on parsing errors.

  323.      */

  324.     public final Collection generateCertificates(InputStream inStream)

  325.         throws CertificateException

  326.     {

  327. 	return certFacSpi.engineGenerateCertificates(inStream);

  328.     }

  329. 

  330.     /**

  331.      * Generates a certificate revocation list (CRL) object and initializes it

  332.      * with the data read from the input stream <code>inStream</code>.

  333.      *

  334.      * <p>In order to take advantage of the specialized CRL format

  335.      * supported by this certificate factory,

  336.      * the returned CRL object can be typecast to the corresponding

  337.      * CRL class. For example, if this certificate

  338.      * factory implements X.509 CRLs, the returned CRL object

  339.      * can be typecast to the <code>X509CRL</code> class.

  340.      *

  341.      * <p>Note that if the given input stream does not support

  342.      * {@link java.io.InputStream#mark(int) mark} and

  343.      * {@link java.io.InputStream#reset() reset}, this method will

  344.      * consume the entire input stream.

  345.      *

  346.      * @param inStream an input stream with the CRL data.

  347.      *

  348.      * @return a CRL object initialized with the data

  349.      * from the input stream.

  350.      *

  351.      * @exception CRLException on parsing errors.

  352.      */

  353.     public final CRL generateCRL(InputStream inStream)

  354.         throws CRLException

  355.     {

  356. 	return certFacSpi.engineGenerateCRL(inStream);

  357.     }

  358. 

  359.     /**

  360.      * Returns a (possibly empty) collection view of the CRLs read

  361.      * from the given input stream <code>inStream</code>.

  362.      *

  363.      * <p>In order to take advantage of the specialized CRL format

  364.      * supported by this certificate factory, each element in

  365.      * the returned collection view can be typecast to the corresponding

  366.      * CRL class. For example, if this certificate

  367.      * factory implements X.509 CRLs, the elements in the returned

  368.      * collection can be typecast to the <code>X509CRL</code> class.

  369.      *

  370.      * <p>In the case of a certificate factory for X.509 CRLs,

  371.      * <code>inStream</code> may contain a sequence of DER-encoded CRLs.

  372.      * In addition, <code>inStream</code> may contain a PKCS#7 CRL

  373.      * set. This is a PKCS#7 <i>SignedData</i> object, with the only

  374.      * significant field being <i>crls</i>. In particular, the

  375.      * signature and the contents are ignored. This format allows multiple

  376.      * CRLs to be downloaded at once. If no CRLs are present,

  377.      * an empty collection is returned.

  378.      *

  379.      * <p>Note that if the given input stream does not support

  380.      * {@link java.io.InputStream#mark(int) mark} and

  381.      * {@link java.io.InputStream#reset() reset}, this method will

  382.      * consume the entire input stream.

  383.      *

  384.      * @param inStream the input stream with the CRLs.

  385.      *

  386.      * @return a (possibly empty) collection view of

  387.      * java.security.cert.CRL objects initialized with the data from the input

  388.      * stream.

  389.      *

  390.      * @exception CRLException on parsing errors.

  391.      */

  392.     public final Collection generateCRLs(InputStream inStream)

  393.         throws CRLException

  394.     {

  395. 	return certFacSpi.engineGenerateCRLs(inStream);

  396.     }

  397. }