1. /*

  2.  * @(#)CertificateFactorySpi.java	1.15 03/01/23

  3.  *

  4.  * Copyright 2003 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7. 

  8. package java.security.cert;

  9. 

  10. import java.io.InputStream;

  11. import java.util.Collection;

  12. import java.util.Iterator;

  13. import java.util.List;

  14. import java.security.Provider;

  15. import java.security.NoSuchAlgorithmException;

  16. import java.security.NoSuchProviderException;

  17. 

  18. /**

  19.  * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>)

  20.  * for the <code>CertificateFactory</code> class.

  21.  * All the abstract methods in this class must be implemented by each

  22.  * cryptographic service provider who wishes to supply the implementation

  23.  * of a certificate factory for a particular certificate type, e.g., X.509.

  24.  *

  25.  * <p>Certificate factories are used to generate certificate, certification path

  26.  * (<code>CertPath</code>) and certificate revocation list (CRL) objects from 

  27.  * their encodings.

  28.  *

  29.  * <p>A certificate factory for X.509 must return certificates that are an

  30.  * instance of <code>java.security.cert.X509Certificate</code>, and CRLs

  31.  * that are an instance of <code>java.security.cert.X509CRL</code>.

  32.  *

  33.  * @author Hemma Prafullchandra

  34.  * @author Jan Luehe

  35.  * @author Sean Mullan

  36.  *

  37.  * @version 1.15, 01/23/03

  38.  *

  39.  * @see CertificateFactory

  40.  * @see Certificate

  41.  * @see X509Certificate

  42.  * @see CertPath

  43.  * @see CRL

  44.  * @see X509CRL

  45.  *

  46.  * @since 1.2

  47.  */

  48. 

  49. public abstract class CertificateFactorySpi {

  50. 

  51.     /**

  52.      * Generates a certificate object and initializes it with

  53.      * the data read from the input stream <code>inStream</code>.

  54.      *

  55.      * <p>In order to take advantage of the specialized certificate format

  56.      * supported by this certificate factory,

  57.      * the returned certificate object can be typecast to the corresponding

  58.      * certificate class. For example, if this certificate

  59.      * factory implements X.509 certificates, the returned certificate object

  60.      * can be typecast to the <code>X509Certificate</code> class.

  61.      *

  62.      * <p>In the case of a certificate factory for X.509 certificates, the

  63.      * certificate provided in <code>inStream</code> must be DER-encoded and

  64.      * may be supplied in binary or printable (Base64) encoding. If the

  65.      * certificate is provided in Base64 encoding, it must be bounded at

  66.      * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at

  67.      * the end by -----END CERTIFICATE-----.

  68.      *

  69.      * <p>Note that if the given input stream does not support

  70.      * {@link java.io.InputStream#mark(int) mark} and

  71.      * {@link java.io.InputStream#reset() reset}, this method will

  72.      * consume the entire input stream. Otherwise, each call to this

  73.      * method consumes one certificate and the read position of the input stream

  74.      * is positioned to the next available byte after the the inherent

  75.      * end-of-certificate marker. If the data in the

  76.      * input stream does not contain an inherent end-of-certificate marker (other

  77.      * than EOF) and there is trailing data after the certificate is parsed, a

  78.      * <code>CertificateException</code> is thrown.

  79.      *

  80.      * @param inStream an input stream with the certificate data.

  81.      *

  82.      * @return a certificate object initialized with the data

  83.      * from the input stream.

  84.      *

  85.      * @exception CertificateException on parsing errors.

  86.      */

  87.     public abstract Certificate engineGenerateCertificate(InputStream inStream)

  88.         throws CertificateException;

  89. 

  90.     /**

  91.      * Generates a <code>CertPath</code> object and initializes it with

  92.      * the data read from the <code>InputStream</code> inStream. The data

  93.      * is assumed to be in the default encoding.

  94.      *

  95.      * @param inStream an <code>InputStream</code> containing the data

  96.      * @return a <code>CertPath</code> initialized with the data from the

  97.      *   <code>InputStream</code>

  98.      * @exception CertificateException if an exception occurs while decoding

  99.      * @since 1.4

  100.      */

  101.     public CertPath engineGenerateCertPath(InputStream inStream)

  102.         throws CertificateException

  103.     {

  104.         throw new UnsupportedOperationException();

  105.     }

  106. 

  107.     /**

  108.      * Generates a <code>CertPath</code> object and initializes it with

  109.      * the data read from the <code>InputStream</code> inStream. The data

  110.      * is assumed to be in the specified encoding.

  111.      *

  112.      * <p> This method was added to version 1.4 of the Java 2 Platform

  113.      * Standard Edition. In order to maintain backwards compatibility with

  114.      * existing service providers, this method cannot be <code>abstract</code>

  115.      * and by default throws an <code>UnsupportedOperationException</code>.

  116.      *

  117.      * @param inStream an <code>InputStream</code> containing the data

  118.      * @param encoding the encoding used for the data

  119.      * @return a <code>CertPath</code> initialized with the data from the

  120.      *   <code>InputStream</code>

  121.      * @exception CertificateException if an exception occurs while decoding or

  122.      *   the encoding requested is not supported

  123.      * @exception UnsupportedOperationException if the method is not supported

  124.      * @since 1.4

  125.      */

  126.     public CertPath engineGenerateCertPath(InputStream inStream,

  127.         String encoding) throws CertificateException

  128.     {

  129.         throw new UnsupportedOperationException();

  130.     }

  131. 

  132.     /**

  133.      * Generates a <code>CertPath</code> object and initializes it with

  134.      * a <code>List</code> of <code>Certificate</code>s.

  135.      * <p>

  136.      * The certificates supplied must be of a type supported by the

  137.      * <code>CertificateFactory</code>. They will be copied out of the supplied

  138.      * <code>List</code> object.

  139.      *

  140.      * <p> This method was added to version 1.4 of the Java 2 Platform

  141.      * Standard Edition. In order to maintain backwards compatibility with

  142.      * existing service providers, this method cannot be <code>abstract</code>

  143.      * and by default throws an <code>UnsupportedOperationException</code>.

  144.      *

  145.      * @param certificates a <code>List</code> of <code>Certificate</code>s

  146.      * @return a <code>CertPath</code> initialized with the supplied list of

  147.      *   certificates

  148.      * @exception CertificateException if an exception occurs

  149.      * @exception UnsupportedOperationException if the method is not supported

  150.      * @since 1.4

  151.      */

  152.     public CertPath engineGenerateCertPath(List certificates)

  153.         throws CertificateException

  154.     {

  155.         throw new UnsupportedOperationException();

  156.     }

  157. 

  158.     /**

  159.      * Returns an iteration of the <code>CertPath</code> encodings supported 

  160.      * by this certificate factory, with the default encoding first. See 

  161.      * Appendix A in the 

  162.      * <a href="../../../../guide/security/certpath/CertPathProgGuide.html#AppA">

  163.      * Java Certification Path API Programmer's Guide</a>

  164.      * for information about standard encoding names.

  165.      * <p>

  166.      * Attempts to modify the returned <code>Iterator</code> via its

  167.      * <code>remove</code> method result in an

  168.      * <code>UnsupportedOperationException</code>.

  169.      *

  170.      * <p> This method was added to version 1.4 of the Java 2 Platform

  171.      * Standard Edition. In order to maintain backwards compatibility with

  172.      * existing service providers, this method cannot be <code>abstract</code>

  173.      * and by default throws an <code>UnsupportedOperationException</code>.

  174.      *

  175.      * @return an <code>Iterator</code> over the names of the supported

  176.      *         <code>CertPath</code> encodings (as <code>String</code>s)

  177.      * @exception UnsupportedOperationException if the method is not supported

  178.      * @since 1.4

  179.      */

  180.     public Iterator engineGetCertPathEncodings() {

  181.         throw new UnsupportedOperationException();

  182.     }

  183. 

  184.     /**

  185.      * Returns a (possibly empty) collection view of the certificates read

  186.      * from the given input stream <code>inStream</code>.

  187.      *

  188.      * <p>In order to take advantage of the specialized certificate format

  189.      * supported by this certificate factory, each element in

  190.      * the returned collection view can be typecast to the corresponding

  191.      * certificate class. For example, if this certificate

  192.      * factory implements X.509 certificates, the elements in the returned

  193.      * collection can be typecast to the <code>X509Certificate</code> class.

  194.      *

  195.      * <p>In the case of a certificate factory for X.509 certificates,

  196.      * <code>inStream</code> may contain a single DER-encoded certificate

  197.      * in the formats described for 

  198.      * {@link CertificateFactory#generateCertificate(java.io.InputStream) 

  199.      * generateCertificate}.

  200.      * In addition, <code>inStream</code> may contain a PKCS#7 certificate

  201.      * chain. This is a PKCS#7 <i>SignedData</i> object, with the only

  202.      * significant field being <i>certificates</i>. In particular, the

  203.      * signature and the contents are ignored. This format allows multiple

  204.      * certificates to be downloaded at once. If no certificates are present,

  205.      * an empty collection is returned.

  206.      *

  207.      * <p>Note that if the given input stream does not support

  208.      * {@link java.io.InputStream#mark(int) mark} and

  209.      * {@link java.io.InputStream#reset() reset}, this method will

  210.      * consume the entire input stream.

  211.      *

  212.      * @param inStream the input stream with the certificates.

  213.      *

  214.      * @return a (possibly empty) collection view of

  215.      * java.security.cert.Certificate objects

  216.      * initialized with the data from the input stream.

  217.      *

  218.      * @exception CertificateException on parsing errors.

  219.      */

  220.     public abstract Collection engineGenerateCertificates(InputStream inStream)

  221.         throws CertificateException;

  222. 

  223.     /**

  224.      * Generates a certificate revocation list (CRL) object and initializes it

  225.      * with the data read from the input stream <code>inStream</code>.

  226.      *

  227.      * <p>In order to take advantage of the specialized CRL format

  228.      * supported by this certificate factory,

  229.      * the returned CRL object can be typecast to the corresponding

  230.      * CRL class. For example, if this certificate

  231.      * factory implements X.509 CRLs, the returned CRL object

  232.      * can be typecast to the <code>X509CRL</code> class.

  233.      *

  234.      * <p>Note that if the given input stream does not support

  235.      * {@link java.io.InputStream#mark(int) mark} and

  236.      * {@link java.io.InputStream#reset() reset}, this method will

  237.      * consume the entire input stream. Otherwise, each call to this

  238.      * method consumes one CRL and the read position of the input stream

  239.      * is positioned to the next available byte after the the inherent

  240.      * end-of-CRL marker. If the data in the

  241.      * input stream does not contain an inherent end-of-CRL marker (other

  242.      * than EOF) and there is trailing data after the CRL is parsed, a

  243.      * <code>CRLException</code> is thrown.

  244.      *

  245.      * @param inStream an input stream with the CRL data.

  246.      *

  247.      * @return a CRL object initialized with the data

  248.      * from the input stream.

  249.      *

  250.      * @exception CRLException on parsing errors.

  251.      */

  252.     public abstract CRL engineGenerateCRL(InputStream inStream)

  253.         throws CRLException;

  254. 

  255.     /**

  256.      * Returns a (possibly empty) collection view of the CRLs read

  257.      * from the given input stream <code>inStream</code>.

  258.      *

  259.      * <p>In order to take advantage of the specialized CRL format

  260.      * supported by this certificate factory, each element in

  261.      * the returned collection view can be typecast to the corresponding

  262.      * CRL class. For example, if this certificate

  263.      * factory implements X.509 CRLs, the elements in the returned

  264.      * collection can be typecast to the <code>X509CRL</code> class.

  265.      *

  266.      * <p>In the case of a certificate factory for X.509 CRLs,

  267.      * <code>inStream</code> may contain a single DER-encoded CRL.

  268.      * In addition, <code>inStream</code> may contain a PKCS#7 CRL

  269.      * set. This is a PKCS#7 <i>SignedData</i> object, with the only

  270.      * significant field being <i>crls</i>. In particular, the

  271.      * signature and the contents are ignored. This format allows multiple

  272.      * CRLs to be downloaded at once. If no CRLs are present,

  273.      * an empty collection is returned.

  274.      *

  275.      * <p>Note that if the given input stream does not support

  276.      * {@link java.io.InputStream#mark(int) mark} and

  277.      * {@link java.io.InputStream#reset() reset}, this method will

  278.      * consume the entire input stream.

  279.      *

  280.      * @param inStream the input stream with the CRLs.

  281.      *

  282.      * @return a (possibly empty) collection view of

  283.      * java.security.cert.CRL objects initialized with the data from the input

  284.      * stream.

  285.      *

  286.      * @exception CRLException on parsing errors.

  287.      */

  288.     public abstract Collection engineGenerateCRLs(InputStream inStream)

  289.         throws CRLException;

  290. }