- /*
- * @(#)CertPath.java 1.6 03/01/23
- *
- * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
- * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
- */
-
- package java.security.cert;
-
- import java.io.ByteArrayInputStream;
- import java.io.NotSerializableException;
- import java.io.ObjectStreamException;
- import java.io.Serializable;
- import java.util.Iterator;
- import java.util.List;
-
- /**
- * An immutable sequence of certificates (a certification path).
- * <p>
- * This is an abstract class that defines the methods common to all
- * <code>CertPath</code>s. Subclasses can handle different kinds of
- * certificates (X.509, PGP, etc.).
- * <p>
- * All <code>CertPath</code> objects have a type, a list of
- * <code>Certificate</code>s, and one or more supported encodings. Because the
- * <code>CertPath</code> class is immutable, a <code>CertPath</code> cannot
- * change in any externally visible way after being constructed. This
- * stipulation applies to all public fields and methods of this class and any
- * added or overridden by subclasses.
- * <p>
- * The type is a <code>String</code> that identifies the type of
- * <code>Certificate</code>s in the certification path. For each
- * certificate <code>cert</code> in a certification path <code>certPath</code>,
- * <code>cert.getType().equals(certPath.getType())</code> must be
- * <code>true</code>.
- * <p>
- * The list of <code>Certificate</code>s is an ordered <code>List</code> of
- * zero or more <code>Certificate</code>s. This <code>List</code> and all
- * of the <code>Certificate</code>s contained in it must be immutable.
- * <p>
- * Each <code>CertPath</code> object must support one or more encodings
- * so that the object can be translated into a byte array for storage or
- * transmission to other parties. Preferably, these encodings should be
- * well-documented standards (such as PKCS#7). One of the encodings supported
- * by a <code>CertPath</code> is considered the default encoding. This
- * encoding is used if no encoding is explicitly requested (for the
- * {@link #getEncoded() getEncoded()} method, for instance).
- * <p>
- * All <code>CertPath</code> objects are also <code>Serializable</code>.
- * <code>CertPath</code> objects are resolved into an alternate
- * {@link CertPathRep CertPathRep} object during serialization. This allows
- * a <code>CertPath</code> object to be serialized into an equivalent
- * representation regardless of its underlying implementation.
- * <p>
- * <code>CertPath</code> objects can be created with a
- * <code>CertificateFactory</code> or they can be returned by other classes,
- * such as a <code>CertPathBuilder</code>.
- * <p>
- * By convention, X.509 <code>CertPath</code>s (consisting of
- * <code>X509Certificate</code>s), are ordered starting with the target
- * certificate and ending with a certificate issued by the trust anchor. That
- * is, the issuer of one certificate is the subject of the following one. The
- * certificate representing the {@link TrustAnchor TrustAnchor} should not be
- * included in the certification path. Unvalidated X.509 <code>CertPath</code>s
- * may not follow these conventions. PKIX <code>CertPathValidator</code>s will
- * detect any departure from these conventions that cause the certification
- * path to be invalid and throw a <code>CertPathValidatorException</code>.
- * <p>
- * <b>Concurrent Access</b>
- * <p>
- * All <code>CertPath</code> objects must be thread-safe. That is, multiple
- * threads may concurrently invoke the methods defined in this class on a
- * single <code>CertPath</code> object (or more than one) with no
- * ill effects. This is also true for the <code>List</code> returned by
- * <code>CertPath.getCertificates</code>.
- * <p>
- * Requiring <code>CertPath</code> objects to be immutable and thread-safe
- * allows them to be passed around to various pieces of code without worrying
- * about coordinating access. Providing this thread-safety is
- * generally not difficult, since the <code>CertPath</code> and
- * <code>List</code> objects in question are immutable.
- *
- * @see CertificateFactory
- * @see CertPathBuilder
- *
- * @version 1.6 01/23/03
- * @author Yassir Elley
- * @since 1.4
- */
- public abstract class CertPath implements Serializable {
-
- private String type; // the type of certificates in this chain
-
- /**
- * Creates a <code>CertPath</code> of the specified type.
- * <p>
- * This constructor is protected because most users should use a
- * <code>CertificateFactory</code> to create <code>CertPath</code>s.
- *
- * @param type the standard name of the type of
- * <code>Certificate</code>s in this path
- */
- protected CertPath(String type) {
- this.type = type;
- }
-
- /**
- * Returns the type of <code>Certificate</code>s in this certification
- * path. This is the same string that would be returned by
- * {@link java.security.cert.Certificate#getType() cert.getType()}
- * for all <code>Certificate</code>s in the certification path.
- *
- * @return the type of <code>Certificate</code>s in this certification
- * path (never null)
- */
- public String getType() {
- return type;
- }
-
- /**
- * Returns an iteration of the encodings supported by this certification
- * path, with the default encoding first. Attempts to modify the returned
- * <code>Iterator</code> via its <code>remove</code> method result in an
- * <code>UnsupportedOperationException</code>.
- *
- * @return an <code>Iterator</code> over the names of the supported
- * encodings (as Strings)
- */
- public abstract Iterator getEncodings();
-
- /**
- * Compares this certification path for equality with the specified
- * object. Two <code>CertPath</code>s are equal if and only if their
- * types are equal and their certificate <code>List</code>s (and by
- * implication the <code>Certificate</code>s in those <code>List</code>s)
- * are equal. A <code>CertPath</code> is never equal to an object that is
- * not a <code>CertPath</code>.
- * <p>
- * This algorithm is implemented by this method. If it is overridden,
- * the behavior specified here must be maintained.
- *
- * @param other the object to test for equality with this certification path
- * @return true if the specified object is equal to this certification path,
- * false otherwise
- */
- public boolean equals(Object other) {
- if (this == other)
- return true;
-
- if (! (other instanceof CertPath))
- return false;
-
- CertPath otherCP = (CertPath) other;
- if (! otherCP.getType().equals(type))
- return false;
-
- List thisCertList = this.getCertificates();
- List otherCertList = otherCP.getCertificates();
- return(thisCertList.equals(otherCertList));
- }
-
- /**
- * Returns the hashcode for this certification path. The hash code of
- * a certification path is defined to be the result of the following
- * calculation:
- * <pre><code>
- * hashCode = path.getType().hashCode();
- * hashCode = 31*hashCode + path.getCertificates().hashCode();
- * </code></pre>
- * This ensures that <code>path1.equals(path2)</code> implies that
- * <code>path1.hashCode()==path2.hashCode()</code> for any two certification
- * paths, <code>path1</code> and <code>path2</code>, as required by the
- * general contract of <code>Object.hashCode</code>.
- *
- * @return the hashcode value for this certification path
- */
- public int hashCode() {
- int hashCode = type.hashCode();
- hashCode = 31*hashCode + getCertificates().hashCode();
- return hashCode;
- }
-
- /**
- * Returns a string representation of this certification path.
- * This calls the <code>toString</code> method on each of the
- * <code>Certificate</code>s in the path.
- *
- * @return a string representation of this certification path
- */
- public String toString() {
- StringBuffer sb = new StringBuffer();
- Iterator stringIterator = getCertificates().iterator();
-
- sb.append("\n" + type + " Cert Path: length = "
- + getCertificates().size() + ".\n");
- sb.append("[\n");
- int i = 1;
- while (stringIterator.hasNext()) {
- sb.append("=========================================="
- + "===============Certificate " + i + " start.\n");
- Certificate stringCert = (Certificate) stringIterator.next();
- sb.append(stringCert.toString());
- sb.append("\n========================================"
- + "=================Certificate " + i + " end.\n\n\n");
- i++;
- }
-
- sb.append("\n]");
- return sb.toString();
- }
-
- /**
- * Returns the encoded form of this certification path, using the default
- * encoding.
- *
- * @return the encoded bytes
- * @exception CertificateEncodingException if an encoding error occurs
- */
- public abstract byte[] getEncoded()
- throws CertificateEncodingException;
-
- /**
- * Returns the encoded form of this certification path, using the
- * specified encoding.
- *
- * @param encoding the name of the encoding to use
- * @return the encoded bytes
- * @exception CertificateEncodingException if an encoding error occurs or
- * the encoding requested is not supported
- */
- public abstract byte[] getEncoded(String encoding)
- throws CertificateEncodingException;
-
- /**
- * Returns the list of certificates in this certification path.
- * The <code>List</code> returned must be immutable and thread-safe.
- *
- * @return an immutable <code>List</code> of <code>Certificate</code>s
- * (may be empty, but not null)
- */
- public abstract List getCertificates();
-
- /**
- * Replaces the <code>CertPath</code> to be serialized with a
- * <code>CertPathRep</code> object.
- *
- * @return the <code>CertPathRep</code> to be serialized
- *
- * @throws ObjectStreamException if a <code>CertPathRep</code> object
- * representing this certification path could not be created
- */
- protected Object writeReplace() throws ObjectStreamException {
- try {
- return new CertPathRep(type, getEncoded());
- } catch (CertificateException ce) {
- NotSerializableException nse =
- new NotSerializableException
- ("java.security.cert.CertPath: " + type);
- nse.initCause(ce);
- throw nse;
- }
- }
-
- /**
- * Alternate <code>CertPath</code> class for serialization.
- */
- protected static class CertPathRep implements Serializable {
- /** The Certificate type */
- private String type;
- /** The encoded form of the cert path */
- private byte[] data;
-
- /**
- * Creates a <code>CertPathRep</code> with the specified
- * type and encoded form of a certification path.
- *
- * @param type the standard name of a <code>CertPath</code> type
- * @param data the encoded form of the certification path
- */
- protected CertPathRep(String type, byte[] data) {
- this.type = type;
- this.data = data;
- }
-
- /**
- * Returns a <code>CertPath</code> constructed from the type and data.
- *
- * @return the resolved <code>CertPath</code> object
- *
- * @throws ObjectStreamException if a <code>CertPath</code> could not
- * be constructed
- */
- protected Object readResolve() throws ObjectStreamException {
- try {
- CertificateFactory cf = CertificateFactory.getInstance(type);
- return cf.generateCertPath(new ByteArrayInputStream(data));
- } catch (CertificateException ce) {
- NotSerializableException nse =
- new NotSerializableException
- ("java.security.cert.CertPath: " + type);
- nse.initCause(ce);
- throw nse;
- }
- }
- }
- }