/* * @(#)CertPath.java 1.9 03/12/19 * * Copyright 2004 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package java.security.cert; import java.io.ByteArrayInputStream; import java.io.NotSerializableException; import java.io.ObjectStreamException; import java.io.Serializable; import java.util.Iterator; import java.util.List; /** * An immutable sequence of certificates (a certification path). *

* This is an abstract class that defines the methods common to all * CertPaths. Subclasses can handle different kinds of * certificates (X.509, PGP, etc.). *

* All CertPath objects have a type, a list of * Certificates, and one or more supported encodings. Because the * CertPath class is immutable, a CertPath cannot * change in any externally visible way after being constructed. This * stipulation applies to all public fields and methods of this class and any * added or overridden by subclasses. *

* The type is a String that identifies the type of * Certificates in the certification path. For each * certificate cert in a certification path certPath, * cert.getType().equals(certPath.getType()) must be * true. *

* The list of Certificates is an ordered List of * zero or more Certificates. This List and all * of the Certificates contained in it must be immutable. *

* Each CertPath object must support one or more encodings * so that the object can be translated into a byte array for storage or * transmission to other parties. Preferably, these encodings should be * well-documented standards (such as PKCS#7). One of the encodings supported * by a CertPath is considered the default encoding. This * encoding is used if no encoding is explicitly requested (for the * {@link #getEncoded() getEncoded()} method, for instance). *

* All CertPath objects are also Serializable. * CertPath objects are resolved into an alternate * {@link CertPathRep CertPathRep} object during serialization. This allows * a CertPath object to be serialized into an equivalent * representation regardless of its underlying implementation. *

* CertPath objects can be created with a * CertificateFactory or they can be returned by other classes, * such as a CertPathBuilder. *

* By convention, X.509 CertPaths (consisting of * X509Certificates), are ordered starting with the target * certificate and ending with a certificate issued by the trust anchor. That * is, the issuer of one certificate is the subject of the following one. The * certificate representing the {@link TrustAnchor TrustAnchor} should not be * included in the certification path. Unvalidated X.509 CertPaths * may not follow these conventions. PKIX CertPathValidators will * detect any departure from these conventions that cause the certification * path to be invalid and throw a CertPathValidatorException. *

* Concurrent Access *

* All CertPath objects must be thread-safe. That is, multiple * threads may concurrently invoke the methods defined in this class on a * single CertPath object (or more than one) with no * ill effects. This is also true for the List returned by * CertPath.getCertificates. *

* Requiring CertPath objects to be immutable and thread-safe * allows them to be passed around to various pieces of code without worrying * about coordinating access. Providing this thread-safety is * generally not difficult, since the CertPath and * List objects in question are immutable. * * @see CertificateFactory * @see CertPathBuilder * * @version 1.9 12/19/03 * @author Yassir Elley * @since 1.4 */ public abstract class CertPath implements Serializable { private static final long serialVersionUID = 6068470306649138683L; private String type; // the type of certificates in this chain /** * Creates a CertPath of the specified type. *

* This constructor is protected because most users should use a * CertificateFactory to create CertPaths. * * @param type the standard name of the type of * Certificates in this path */ protected CertPath(String type) { this.type = type; } /** * Returns the type of Certificates in this certification * path. This is the same string that would be returned by * {@link java.security.cert.Certificate#getType() cert.getType()} * for all Certificates in the certification path. * * @return the type of Certificates in this certification * path (never null) */ public String getType() { return type; } /** * Returns an iteration of the encodings supported by this certification * path, with the default encoding first. Attempts to modify the returned * Iterator via its remove method result in an * UnsupportedOperationException. * * @return an Iterator over the names of the supported * encodings (as Strings) */ public abstract Iterator getEncodings(); /** * Compares this certification path for equality with the specified * object. Two CertPaths are equal if and only if their * types are equal and their certificate Lists (and by * implication the Certificates in those Lists) * are equal. A CertPath is never equal to an object that is * not a CertPath. *

* This algorithm is implemented by this method. If it is overridden, * the behavior specified here must be maintained. * * @param other the object to test for equality with this certification path * @return true if the specified object is equal to this certification path, * false otherwise */ public boolean equals(Object other) { if (this == other) return true; if (! (other instanceof CertPath)) return false; CertPath otherCP = (CertPath) other; if (! otherCP.getType().equals(type)) return false; List thisCertList = this.getCertificates(); List otherCertList = otherCP.getCertificates(); return(thisCertList.equals(otherCertList)); } /** * Returns the hashcode for this certification path. The hash code of * a certification path is defined to be the result of the following * calculation: * 


     *  hashCode = path.getType().hashCode();
     *  hashCode = 31*hashCode + path.getCertificates().hashCode();
     *
* This ensures that path1.equals(path2) implies that * path1.hashCode()==path2.hashCode() for any two certification * paths, path1 and path2, as required by the * general contract of Object.hashCode. * * @return the hashcode value for this certification path */ public int hashCode() { int hashCode = type.hashCode(); hashCode = 31*hashCode + getCertificates().hashCode(); return hashCode; } /** * Returns a string representation of this certification path. * This calls the toString method on each of the * Certificates in the path. * * @return a string representation of this certification path */ public String toString() { StringBuffer sb = new StringBuffer(); Iterator stringIterator = getCertificates().iterator(); sb.append("\n" + type + " Cert Path: length = " + getCertificates().size() + ".\n"); sb.append("[\n"); int i = 1; while (stringIterator.hasNext()) { sb.append("==========================================" + "===============Certificate " + i + " start.\n"); Certificate stringCert = (Certificate) stringIterator.next(); sb.append(stringCert.toString()); sb.append("\n========================================" + "=================Certificate " + i + " end.\n\n\n"); i++; } sb.append("\n]"); return sb.toString(); } /** * Returns the encoded form of this certification path, using the default * encoding. * * @return the encoded bytes * @exception CertificateEncodingException if an encoding error occurs */ public abstract byte[] getEncoded() throws CertificateEncodingException; /** * Returns the encoded form of this certification path, using the * specified encoding. * * @param encoding the name of the encoding to use * @return the encoded bytes * @exception CertificateEncodingException if an encoding error occurs or * the encoding requested is not supported */ public abstract byte[] getEncoded(String encoding) throws CertificateEncodingException; /** * Returns the list of certificates in this certification path. * The List returned must be immutable and thread-safe. * * @return an immutable List of Certificates * (may be empty, but not null) */ public abstract List getCertificates(); /** * Replaces the CertPath to be serialized with a * CertPathRep object. * * @return the CertPathRep to be serialized * * @throws ObjectStreamException if a CertPathRep object * representing this certification path could not be created */ protected Object writeReplace() throws ObjectStreamException { try { return new CertPathRep(type, getEncoded()); } catch (CertificateException ce) { NotSerializableException nse = new NotSerializableException ("java.security.cert.CertPath: " + type); nse.initCause(ce); throw nse; } } /** * Alternate CertPath class for serialization. */ protected static class CertPathRep implements Serializable { private static final long serialVersionUID = 3015633072427920915L; /** The Certificate type */ private String type; /** The encoded form of the cert path */ private byte[] data; /** * Creates a CertPathRep with the specified * type and encoded form of a certification path. * * @param type the standard name of a CertPath type * @param data the encoded form of the certification path */ protected CertPathRep(String type, byte[] data) { this.type = type; this.data = data; } /** * Returns a CertPath constructed from the type and data. * * @return the resolved CertPath object * * @throws ObjectStreamException if a CertPath could not * be constructed */ protected Object readResolve() throws ObjectStreamException { try { CertificateFactory cf = CertificateFactory.getInstance(type); return cf.generateCertPath(new ByteArrayInputStream(data)); } catch (CertificateException ce) { NotSerializableException nse = new NotSerializableException ("java.security.cert.CertPath: " + type); nse.initCause(ce); throw nse; } } } }