Abstract class for managing a variety of identity certificates. * An identity certificate is a binding of a principal to a public key which * is vouched for by another principal. (A principal represents * an entity such as an individual user, a group, or a corporation.) *
* This class is an abstraction for certificates that have different * formats but important common uses. For example, different types of * certificates, such as X.509 and PGP, share general certificate * functionality (like encoding and verifying) and * some types of information (like a public key). *
* X.509, PGP, and SDSI certificates can all be implemented by * subclassing the Certificate class, even though they contain different * sets of information, and they store and retrieve the information in * different ways. * * @see X509Certificate * @see CertificateFactory * * @author Hemma Prafullchandra */ public abstract class Certificate implements java.io.Serializable { private static final long serialVersionUID = -3585440601605666277L; // the certificate type private final String type; /** * Creates a certificate of the specified type. * * @param type the standard name of the certificate type. * See the CertificateFactory section in the * Java Cryptography Architecture Standard Algorithm Name Documentation * for information about standard certificate types. */ protected Certificate(String type) { this.type = type; } /** * Returns the type of this certificate. * * @return the type of this certificate. */ public final String getType() { return this.type; } /** * Compares this certificate for equality with the specified * object. If the {@code other} object is an * {@code instanceof} {@code Certificate}, then * its encoded form is retrieved and compared with the * encoded form of this certificate. * * @param other the object to test for equality with this certificate. * @return true iff the encoded forms of the two certificates * match, false otherwise. */ public boolean equals(Object other) { if (this == other) { return true; } if (!(other instanceof Certificate)) { return false; } try { byte[] thisCert = X509CertImpl.getEncodedInternal(this); byte[] otherCert = X509CertImpl.getEncodedInternal((Certificate)other); return Arrays.equals(thisCert, otherCert); } catch (CertificateException e) { return false; } } /** * Returns a hashcode value for this certificate from its * encoded form. * * @return the hashcode value. */ public int hashCode() { int retval = 0; try { byte[] certData = X509CertImpl.getEncodedInternal(this); for (int i = 1; i < certData.length; i++) { retval += certData[i] * i; } return retval; } catch (CertificateException e) { return retval; } } /** * Returns the encoded form of this certificate. It is * assumed that each certificate type would have only a single * form of encoding; for example, X.509 certificates would * be encoded as ASN.1 DER. * * @return the encoded form of this certificate * * @exception CertificateEncodingException if an encoding error occurs. */ public abstract byte[] getEncoded() throws CertificateEncodingException; /** * Verifies that this certificate was signed using the * private key that corresponds to the specified public key. * * @param key the PublicKey used to carry out the verification. * * @exception NoSuchAlgorithmException on unsupported signature * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public abstract void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException; /** * Verifies that this certificate was signed using the * private key that corresponds to the specified public key. * This method uses the signature verification engine * supplied by the specified provider. * * @param key the PublicKey used to carry out the verification. * @param sigProvider the name of the signature provider. * * @exception NoSuchAlgorithmException on unsupported signature * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. */ public abstract void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException; /** * Verifies that this certificate was signed using the * private key that corresponds to the specified public key. * This method uses the signature verification engine * supplied by the specified provider. Note that the specified * Provider object does not have to be registered in the provider list. * *
This method was added to version 1.8 of the Java Platform * Standard Edition. In order to maintain backwards compatibility with * existing service providers, this method cannot be {@code abstract} * and by default throws an {@code UnsupportedOperationException}. * * @param key the PublicKey used to carry out the verification. * @param sigProvider the signature provider. * * @exception NoSuchAlgorithmException on unsupported signature * algorithms. * @exception InvalidKeyException on incorrect key. * @exception SignatureException on signature errors. * @exception CertificateException on encoding errors. * @exception UnsupportedOperationException if the method is not supported * @since 1.8 */ public void verify(PublicKey key, Provider sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException { throw new UnsupportedOperationException(); } /** * Returns a string representation of this certificate. * * @return a string representation of this certificate. */ public abstract String toString(); /** * Gets the public key from this certificate. * * @return the public key. */ public abstract PublicKey getPublicKey(); /** * Alternate Certificate class for serialization. * @since 1.3 */ protected static class CertificateRep implements java.io.Serializable { private static final long serialVersionUID = -8563758940495660020L; private String type; private byte[] data; /** * Construct the alternate Certificate class with the Certificate * type and Certificate encoding bytes. * *
* * @param type the standard name of the Certificate type.
* * @param data the Certificate data. */ protected CertificateRep(String type, byte[] data) { this.type = type; this.data = data; } /** * Resolve the Certificate Object. * *
* * @return the resolved Certificate Object * * @throws java.io.ObjectStreamException if the Certificate * could not be resolved */ protected Object readResolve() throws java.io.ObjectStreamException { try { CertificateFactory cf = CertificateFactory.getInstance(type); return cf.generateCertificate (new java.io.ByteArrayInputStream(data)); } catch (CertificateException e) { throw new java.io.NotSerializableException ("java.security.cert.Certificate: " + type + ": " + e.getMessage()); } } } /** * Replace the Certificate to be serialized. * * @return the alternate Certificate object to be serialized * * @throws java.io.ObjectStreamException if a new object representing * this Certificate could not be created * @since 1.3 */ protected Object writeReplace() throws java.io.ObjectStreamException { try { return new CertificateRep(type, getEncoded()); } catch (CertificateException e) { throw new java.io.NotSerializableException ("java.security.cert.Certificate: " + type + ": " + e.getMessage()); } } }