1 /*
2 * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
24 */
25
26 package java.security.cert;
27
28 import java.io.InputStream;
29 import java.util.Collection;
30 import java.util.Iterator;
31 import java.util.List;
32 import java.security.Provider;
33 import java.security.Security;
34 import java.security.AccessController;
35 import java.security.PrivilegedAction;
36 import java.security.NoSuchAlgorithmException;
37 import java.security.NoSuchProviderException;
38
39 import sun.security.jca.*;
40 import sun.security.jca.GetInstance.Instance;
41
42 /**
43 * This class defines the functionality of a certificate factory, which is
44 * used to generate certificate, certification path (<code>CertPath</code>)
45 * and certificate revocation list (CRL) objects from their encodings.
46 *
47 * <p>For encodings consisting of multiple certificates, use
48 * <code>generateCertificates</code> when you want to
49 * parse a collection of possibly unrelated certificates. Otherwise,
50 * use <code>generateCertPath</code> when you want to generate
51 * a <code>CertPath</code> (a certificate chain) and subsequently
52 * validate it with a <code>CertPathValidator</code>.
53 *
54 * <p>A certificate factory for X.509 must return certificates that are an
55 * instance of <code>java.security.cert.X509Certificate</code>, and CRLs
56 * that are an instance of <code>java.security.cert.X509CRL</code>.
57 *
58 * <p>The following example reads a file with Base64 encoded certificates,
59 * which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and
60 * bounded at the end by -----END CERTIFICATE-----. We convert the
61 * <code>FileInputStream</code> (which does not support <code>mark</code>
62 * and <code>reset</code>) to a <code>BufferedInputStream</code> (which
63 * supports those methods), so that each call to
64 * <code>generateCertificate</code> consumes only one certificate, and the
65 * read position of the input stream is positioned to the next certificate in
66 * the file:<p>
67 *
68 * <pre>{@code
69 * FileInputStream fis = new FileInputStream(filename);
70 * BufferedInputStream bis = new BufferedInputStream(fis);
71 *
72 * CertificateFactory cf = CertificateFactory.getInstance("X.509");
73 *
74 * while (bis.available() > 0) {
75 * Certificate cert = cf.generateCertificate(bis);
76 * System.out.println(cert.toString());
77 * }
78 * }</pre>
79 *
80 * <p>The following example parses a PKCS#7-formatted certificate reply stored
81 * in a file and extracts all the certificates from it:<p>
82 *
83 * <pre>
84 * FileInputStream fis = new FileInputStream(filename);
85 * CertificateFactory cf = CertificateFactory.getInstance("X.509");
86 * Collection c = cf.generateCertificates(fis);
87 * Iterator i = c.iterator();
88 * while (i.hasNext()) {
89 * Certificate cert = (Certificate)i.next();
90 * System.out.println(cert);
91 * }
92 * </pre>
93 *
94 * <p> Every implementation of the Java platform is required to support the
95 * following standard <code>CertificateFactory</code> type:
96 * <ul>
97 * <li><tt>X.509</tt></li>
98 * </ul>
99 * and the following standard <code>CertPath</code> encodings:
100 * <ul>
101 * <li><tt>PKCS7</tt></li>
102 * <li><tt>PkiPath</tt></li>
103 * </ul>
104 * The type and encodings are described in the <a href=
105 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
106 * CertificateFactory section</a> and the <a href=
107 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
108 * CertPath Encodings section</a> of the
109 * Java Cryptography Architecture Standard Algorithm Name Documentation.
110 * Consult the release documentation for your implementation to see if any
111 * other types or encodings are supported.
112 *
113 * @author Hemma Prafullchandra
114 * @author Jan Luehe
115 * @author Sean Mullan
116 *
117 * @see Certificate
118 * @see X509Certificate
119 * @see CertPath
120 * @see CRL
121 * @see X509CRL
122 *
241 * certificate type.
242 *
243 * <p> A new CertificateFactory object encapsulating the
244 * CertificateFactorySpi implementation from the specified Provider
245 * object is returned. Note that the specified Provider object
246 * does not have to be registered in the provider list.
247 *
248 * @param type the certificate type.
249 * See the CertificateFactory section in the <a href=
250 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
251 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
252 * for information about standard certificate types.
253 * @param provider the provider.
254 *
255 * @return a certificate factory object for the specified type.
256 *
257 * @exception CertificateException if a CertificateFactorySpi
258 * implementation for the specified algorithm is not available
259 * from the specified Provider object.
260 *
261 * @exception IllegalArgumentException if the <code>provider</code> is
262 * null.
263 *
264 * @see java.security.Provider
265 *
266 * @since 1.4
267 */
268 public static final CertificateFactory getInstance(String type,
269 Provider provider) throws CertificateException {
270 try {
271 Instance instance = GetInstance.getInstance("CertificateFactory",
272 CertificateFactorySpi.class, type, provider);
273 return new CertificateFactory((CertificateFactorySpi)instance.impl,
274 instance.provider, type);
275 } catch (NoSuchAlgorithmException e) {
276 throw new CertificateException(type + " not found", e);
277 }
278 }
279
280 /**
281 * Returns the provider of this certificate factory.
282 *
283 * @return the provider of this certificate factory.
284 */
285 public final Provider getProvider() {
286 return this.provider;
287 }
288
289 /**
290 * Returns the name of the certificate type associated with this
291 * certificate factory.
292 *
293 * @return the name of the certificate type associated with this
294 * certificate factory.
295 */
296 public final String getType() {
297 return this.type;
298 }
299
300 /**
301 * Generates a certificate object and initializes it with
302 * the data read from the input stream <code>inStream</code>.
303 *
304 * <p>In order to take advantage of the specialized certificate format
305 * supported by this certificate factory,
306 * the returned certificate object can be typecast to the corresponding
307 * certificate class. For example, if this certificate
308 * factory implements X.509 certificates, the returned certificate object
309 * can be typecast to the <code>X509Certificate</code> class.
310 *
311 * <p>In the case of a certificate factory for X.509 certificates, the
312 * certificate provided in <code>inStream</code> must be DER-encoded and
313 * may be supplied in binary or printable (Base64) encoding. If the
314 * certificate is provided in Base64 encoding, it must be bounded at
315 * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at
316 * the end by -----END CERTIFICATE-----.
317 *
318 * <p>Note that if the given input stream does not support
319 * {@link java.io.InputStream#mark(int) mark} and
320 * {@link java.io.InputStream#reset() reset}, this method will
321 * consume the entire input stream. Otherwise, each call to this
322 * method consumes one certificate and the read position of the
323 * input stream is positioned to the next available byte after
324 * the inherent end-of-certificate marker. If the data in the input stream
325 * does not contain an inherent end-of-certificate marker (other
326 * than EOF) and there is trailing data after the certificate is parsed, a
327 * <code>CertificateException</code> is thrown.
328 *
329 * @param inStream an input stream with the certificate data.
330 *
331 * @return a certificate object initialized with the data
332 * from the input stream.
333 *
334 * @exception CertificateException on parsing errors.
335 */
336 public final Certificate generateCertificate(InputStream inStream)
337 throws CertificateException
338 {
339 return certFacSpi.engineGenerateCertificate(inStream);
340 }
341
342 /**
343 * Returns an iteration of the <code>CertPath</code> encodings supported
344 * by this certificate factory, with the default encoding first. See
345 * the CertPath Encodings section in the <a href=
346 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
347 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
348 * for information about standard encoding names and their formats.
349 * <p>
350 * Attempts to modify the returned <code>Iterator</code> via its
351 * <code>remove</code> method result in an
352 * <code>UnsupportedOperationException</code>.
353 *
354 * @return an <code>Iterator</code> over the names of the supported
355 * <code>CertPath</code> encodings (as <code>String</code>s)
356 * @since 1.4
357 */
358 public final Iterator<String> getCertPathEncodings() {
359 return(certFacSpi.engineGetCertPathEncodings());
360 }
361
362 /**
363 * Generates a <code>CertPath</code> object and initializes it with
364 * the data read from the <code>InputStream</code> inStream. The data
365 * is assumed to be in the default encoding. The name of the default
366 * encoding is the first element of the <code>Iterator</code> returned by
367 * the {@link #getCertPathEncodings getCertPathEncodings} method.
368 *
369 * @param inStream an <code>InputStream</code> containing the data
370 * @return a <code>CertPath</code> initialized with the data from the
371 * <code>InputStream</code>
372 * @exception CertificateException if an exception occurs while decoding
373 * @since 1.4
374 */
375 public final CertPath generateCertPath(InputStream inStream)
376 throws CertificateException
377 {
378 return(certFacSpi.engineGenerateCertPath(inStream));
379 }
380
381 /**
382 * Generates a <code>CertPath</code> object and initializes it with
383 * the data read from the <code>InputStream</code> inStream. The data
384 * is assumed to be in the specified encoding. See
385 * the CertPath Encodings section in the <a href=
386 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
387 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
388 * for information about standard encoding names and their formats.
389 *
390 * @param inStream an <code>InputStream</code> containing the data
391 * @param encoding the encoding used for the data
392 * @return a <code>CertPath</code> initialized with the data from the
393 * <code>InputStream</code>
394 * @exception CertificateException if an exception occurs while decoding or
395 * the encoding requested is not supported
396 * @since 1.4
397 */
398 public final CertPath generateCertPath(InputStream inStream,
399 String encoding) throws CertificateException
400 {
401 return(certFacSpi.engineGenerateCertPath(inStream, encoding));
402 }
403
404 /**
405 * Generates a <code>CertPath</code> object and initializes it with
406 * a <code>List</code> of <code>Certificate</code>s.
407 * <p>
408 * The certificates supplied must be of a type supported by the
409 * <code>CertificateFactory</code>. They will be copied out of the supplied
410 * <code>List</code> object.
411 *
412 * @param certificates a <code>List</code> of <code>Certificate</code>s
413 * @return a <code>CertPath</code> initialized with the supplied list of
414 * certificates
415 * @exception CertificateException if an exception occurs
416 * @since 1.4
417 */
418 public final CertPath
419 generateCertPath(List<? extends Certificate> certificates)
420 throws CertificateException
421 {
422 return(certFacSpi.engineGenerateCertPath(certificates));
423 }
424
425 /**
426 * Returns a (possibly empty) collection view of the certificates read
427 * from the given input stream <code>inStream</code>.
428 *
429 * <p>In order to take advantage of the specialized certificate format
430 * supported by this certificate factory, each element in
431 * the returned collection view can be typecast to the corresponding
432 * certificate class. For example, if this certificate
433 * factory implements X.509 certificates, the elements in the returned
434 * collection can be typecast to the <code>X509Certificate</code> class.
435 *
436 * <p>In the case of a certificate factory for X.509 certificates,
437 * <code>inStream</code> may contain a sequence of DER-encoded certificates
438 * in the formats described for
439 * {@link #generateCertificate(java.io.InputStream) generateCertificate}.
440 * In addition, <code>inStream</code> may contain a PKCS#7 certificate
441 * chain. This is a PKCS#7 <i>SignedData</i> object, with the only
442 * significant field being <i>certificates</i>. In particular, the
443 * signature and the contents are ignored. This format allows multiple
444 * certificates to be downloaded at once. If no certificates are present,
445 * an empty collection is returned.
446 *
447 * <p>Note that if the given input stream does not support
448 * {@link java.io.InputStream#mark(int) mark} and
449 * {@link java.io.InputStream#reset() reset}, this method will
450 * consume the entire input stream.
451 *
452 * @param inStream the input stream with the certificates.
453 *
454 * @return a (possibly empty) collection view of
455 * java.security.cert.Certificate objects
456 * initialized with the data from the input stream.
457 *
458 * @exception CertificateException on parsing errors.
459 */
460 public final Collection<? extends Certificate> generateCertificates
461 (InputStream inStream) throws CertificateException {
462 return certFacSpi.engineGenerateCertificates(inStream);
463 }
464
465 /**
466 * Generates a certificate revocation list (CRL) object and initializes it
467 * with the data read from the input stream <code>inStream</code>.
468 *
469 * <p>In order to take advantage of the specialized CRL format
470 * supported by this certificate factory,
471 * the returned CRL object can be typecast to the corresponding
472 * CRL class. For example, if this certificate
473 * factory implements X.509 CRLs, the returned CRL object
474 * can be typecast to the <code>X509CRL</code> class.
475 *
476 * <p>Note that if the given input stream does not support
477 * {@link java.io.InputStream#mark(int) mark} and
478 * {@link java.io.InputStream#reset() reset}, this method will
479 * consume the entire input stream. Otherwise, each call to this
480 * method consumes one CRL and the read position of the input stream
481 * is positioned to the next available byte after the inherent
482 * end-of-CRL marker. If the data in the
483 * input stream does not contain an inherent end-of-CRL marker (other
484 * than EOF) and there is trailing data after the CRL is parsed, a
485 * <code>CRLException</code> is thrown.
486 *
487 * @param inStream an input stream with the CRL data.
488 *
489 * @return a CRL object initialized with the data
490 * from the input stream.
491 *
492 * @exception CRLException on parsing errors.
493 */
494 public final CRL generateCRL(InputStream inStream)
495 throws CRLException
496 {
497 return certFacSpi.engineGenerateCRL(inStream);
498 }
499
500 /**
501 * Returns a (possibly empty) collection view of the CRLs read
502 * from the given input stream <code>inStream</code>.
503 *
504 * <p>In order to take advantage of the specialized CRL format
505 * supported by this certificate factory, each element in
506 * the returned collection view can be typecast to the corresponding
507 * CRL class. For example, if this certificate
508 * factory implements X.509 CRLs, the elements in the returned
509 * collection can be typecast to the <code>X509CRL</code> class.
510 *
511 * <p>In the case of a certificate factory for X.509 CRLs,
512 * <code>inStream</code> may contain a sequence of DER-encoded CRLs.
513 * In addition, <code>inStream</code> may contain a PKCS#7 CRL
514 * set. This is a PKCS#7 <i>SignedData</i> object, with the only
515 * significant field being <i>crls</i>. In particular, the
516 * signature and the contents are ignored. This format allows multiple
517 * CRLs to be downloaded at once. If no CRLs are present,
518 * an empty collection is returned.
519 *
520 * <p>Note that if the given input stream does not support
521 * {@link java.io.InputStream#mark(int) mark} and
522 * {@link java.io.InputStream#reset() reset}, this method will
523 * consume the entire input stream.
524 *
525 * @param inStream the input stream with the CRLs.
526 *
527 * @return a (possibly empty) collection view of
528 * java.security.cert.CRL objects initialized with the data from the input
529 * stream.
530 *
531 * @exception CRLException on parsing errors.
532 */
533 public final Collection<? extends CRL> generateCRLs(InputStream inStream)
|
1 /*
2 * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
24 */
25
26 package java.security.cert;
27
28 import java.io.InputStream;
29 import java.util.Collection;
30 import java.util.Iterator;
31 import java.util.List;
32 import java.security.Provider;
33 import java.security.Security;
34 import java.security.AccessController;
35 import java.security.PrivilegedAction;
36 import java.security.NoSuchAlgorithmException;
37 import java.security.NoSuchProviderException;
38
39 import sun.security.jca.*;
40 import sun.security.jca.GetInstance.Instance;
41
42 /**
43 * This class defines the functionality of a certificate factory, which is
44 * used to generate certificate, certification path ({@code CertPath})
45 * and certificate revocation list (CRL) objects from their encodings.
46 *
47 * <p>For encodings consisting of multiple certificates, use
48 * {@code generateCertificates} when you want to
49 * parse a collection of possibly unrelated certificates. Otherwise,
50 * use {@code generateCertPath} when you want to generate
51 * a {@code CertPath} (a certificate chain) and subsequently
52 * validate it with a {@code CertPathValidator}.
53 *
54 * <p>A certificate factory for X.509 must return certificates that are an
55 * instance of {@code java.security.cert.X509Certificate}, and CRLs
56 * that are an instance of {@code java.security.cert.X509CRL}.
57 *
58 * <p>The following example reads a file with Base64 encoded certificates,
59 * which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and
60 * bounded at the end by -----END CERTIFICATE-----. We convert the
61 * {@code FileInputStream} (which does not support {@code mark}
62 * and {@code reset}) to a {@code BufferedInputStream} (which
63 * supports those methods), so that each call to
64 * {@code generateCertificate} consumes only one certificate, and the
65 * read position of the input stream is positioned to the next certificate in
66 * the file:<p>
67 *
68 * <pre>{@code
69 * FileInputStream fis = new FileInputStream(filename);
70 * BufferedInputStream bis = new BufferedInputStream(fis);
71 *
72 * CertificateFactory cf = CertificateFactory.getInstance("X.509");
73 *
74 * while (bis.available() > 0) {
75 * Certificate cert = cf.generateCertificate(bis);
76 * System.out.println(cert.toString());
77 * }
78 * }</pre>
79 *
80 * <p>The following example parses a PKCS#7-formatted certificate reply stored
81 * in a file and extracts all the certificates from it:<p>
82 *
83 * <pre>
84 * FileInputStream fis = new FileInputStream(filename);
85 * CertificateFactory cf = CertificateFactory.getInstance("X.509");
86 * Collection c = cf.generateCertificates(fis);
87 * Iterator i = c.iterator();
88 * while (i.hasNext()) {
89 * Certificate cert = (Certificate)i.next();
90 * System.out.println(cert);
91 * }
92 * </pre>
93 *
94 * <p> Every implementation of the Java platform is required to support the
95 * following standard {@code CertificateFactory} type:
96 * <ul>
97 * <li>{@code X.509}</li>
98 * </ul>
99 * and the following standard {@code CertPath} encodings:
100 * <ul>
101 * <li>{@code PKCS7}</li>
102 * <li>{@code PkiPath}</li>
103 * </ul>
104 * The type and encodings are described in the <a href=
105 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
106 * CertificateFactory section</a> and the <a href=
107 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
108 * CertPath Encodings section</a> of the
109 * Java Cryptography Architecture Standard Algorithm Name Documentation.
110 * Consult the release documentation for your implementation to see if any
111 * other types or encodings are supported.
112 *
113 * @author Hemma Prafullchandra
114 * @author Jan Luehe
115 * @author Sean Mullan
116 *
117 * @see Certificate
118 * @see X509Certificate
119 * @see CertPath
120 * @see CRL
121 * @see X509CRL
122 *
241 * certificate type.
242 *
243 * <p> A new CertificateFactory object encapsulating the
244 * CertificateFactorySpi implementation from the specified Provider
245 * object is returned. Note that the specified Provider object
246 * does not have to be registered in the provider list.
247 *
248 * @param type the certificate type.
249 * See the CertificateFactory section in the <a href=
250 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory">
251 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
252 * for information about standard certificate types.
253 * @param provider the provider.
254 *
255 * @return a certificate factory object for the specified type.
256 *
257 * @exception CertificateException if a CertificateFactorySpi
258 * implementation for the specified algorithm is not available
259 * from the specified Provider object.
260 *
261 * @exception IllegalArgumentException if the {@code provider} is
262 * null.
263 *
264 * @see java.security.Provider
265 *
266 * @since 1.4
267 */
268 public static final CertificateFactory getInstance(String type,
269 Provider provider) throws CertificateException {
270 try {
271 Instance instance = GetInstance.getInstance("CertificateFactory",
272 CertificateFactorySpi.class, type, provider);
273 return new CertificateFactory((CertificateFactorySpi)instance.impl,
274 instance.provider, type);
275 } catch (NoSuchAlgorithmException e) {
276 throw new CertificateException(type + " not found", e);
277 }
278 }
279
280 /**
281 * Returns the provider of this certificate factory.
282 *
283 * @return the provider of this certificate factory.
284 */
285 public final Provider getProvider() {
286 return this.provider;
287 }
288
289 /**
290 * Returns the name of the certificate type associated with this
291 * certificate factory.
292 *
293 * @return the name of the certificate type associated with this
294 * certificate factory.
295 */
296 public final String getType() {
297 return this.type;
298 }
299
300 /**
301 * Generates a certificate object and initializes it with
302 * the data read from the input stream {@code inStream}.
303 *
304 * <p>In order to take advantage of the specialized certificate format
305 * supported by this certificate factory,
306 * the returned certificate object can be typecast to the corresponding
307 * certificate class. For example, if this certificate
308 * factory implements X.509 certificates, the returned certificate object
309 * can be typecast to the {@code X509Certificate} class.
310 *
311 * <p>In the case of a certificate factory for X.509 certificates, the
312 * certificate provided in {@code inStream} must be DER-encoded and
313 * may be supplied in binary or printable (Base64) encoding. If the
314 * certificate is provided in Base64 encoding, it must be bounded at
315 * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at
316 * the end by -----END CERTIFICATE-----.
317 *
318 * <p>Note that if the given input stream does not support
319 * {@link java.io.InputStream#mark(int) mark} and
320 * {@link java.io.InputStream#reset() reset}, this method will
321 * consume the entire input stream. Otherwise, each call to this
322 * method consumes one certificate and the read position of the
323 * input stream is positioned to the next available byte after
324 * the inherent end-of-certificate marker. If the data in the input stream
325 * does not contain an inherent end-of-certificate marker (other
326 * than EOF) and there is trailing data after the certificate is parsed, a
327 * {@code CertificateException} is thrown.
328 *
329 * @param inStream an input stream with the certificate data.
330 *
331 * @return a certificate object initialized with the data
332 * from the input stream.
333 *
334 * @exception CertificateException on parsing errors.
335 */
336 public final Certificate generateCertificate(InputStream inStream)
337 throws CertificateException
338 {
339 return certFacSpi.engineGenerateCertificate(inStream);
340 }
341
342 /**
343 * Returns an iteration of the {@code CertPath} encodings supported
344 * by this certificate factory, with the default encoding first. See
345 * the CertPath Encodings section in the <a href=
346 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
347 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
348 * for information about standard encoding names and their formats.
349 * <p>
350 * Attempts to modify the returned {@code Iterator} via its
351 * {@code remove} method result in an
352 * {@code UnsupportedOperationException}.
353 *
354 * @return an {@code Iterator} over the names of the supported
355 * {@code CertPath} encodings (as {@code String}s)
356 * @since 1.4
357 */
358 public final Iterator<String> getCertPathEncodings() {
359 return(certFacSpi.engineGetCertPathEncodings());
360 }
361
362 /**
363 * Generates a {@code CertPath} object and initializes it with
364 * the data read from the {@code InputStream} inStream. The data
365 * is assumed to be in the default encoding. The name of the default
366 * encoding is the first element of the {@code Iterator} returned by
367 * the {@link #getCertPathEncodings getCertPathEncodings} method.
368 *
369 * @param inStream an {@code InputStream} containing the data
370 * @return a {@code CertPath} initialized with the data from the
371 * {@code InputStream}
372 * @exception CertificateException if an exception occurs while decoding
373 * @since 1.4
374 */
375 public final CertPath generateCertPath(InputStream inStream)
376 throws CertificateException
377 {
378 return(certFacSpi.engineGenerateCertPath(inStream));
379 }
380
381 /**
382 * Generates a {@code CertPath} object and initializes it with
383 * the data read from the {@code InputStream} inStream. The data
384 * is assumed to be in the specified encoding. See
385 * the CertPath Encodings section in the <a href=
386 * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
387 * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
388 * for information about standard encoding names and their formats.
389 *
390 * @param inStream an {@code InputStream} containing the data
391 * @param encoding the encoding used for the data
392 * @return a {@code CertPath} initialized with the data from the
393 * {@code InputStream}
394 * @exception CertificateException if an exception occurs while decoding or
395 * the encoding requested is not supported
396 * @since 1.4
397 */
398 public final CertPath generateCertPath(InputStream inStream,
399 String encoding) throws CertificateException
400 {
401 return(certFacSpi.engineGenerateCertPath(inStream, encoding));
402 }
403
404 /**
405 * Generates a {@code CertPath} object and initializes it with
406 * a {@code List} of {@code Certificate}s.
407 * <p>
408 * The certificates supplied must be of a type supported by the
409 * {@code CertificateFactory}. They will be copied out of the supplied
410 * {@code List} object.
411 *
412 * @param certificates a {@code List} of {@code Certificate}s
413 * @return a {@code CertPath} initialized with the supplied list of
414 * certificates
415 * @exception CertificateException if an exception occurs
416 * @since 1.4
417 */
418 public final CertPath
419 generateCertPath(List<? extends Certificate> certificates)
420 throws CertificateException
421 {
422 return(certFacSpi.engineGenerateCertPath(certificates));
423 }
424
425 /**
426 * Returns a (possibly empty) collection view of the certificates read
427 * from the given input stream {@code inStream}.
428 *
429 * <p>In order to take advantage of the specialized certificate format
430 * supported by this certificate factory, each element in
431 * the returned collection view can be typecast to the corresponding
432 * certificate class. For example, if this certificate
433 * factory implements X.509 certificates, the elements in the returned
434 * collection can be typecast to the {@code X509Certificate} class.
435 *
436 * <p>In the case of a certificate factory for X.509 certificates,
437 * {@code inStream} may contain a sequence of DER-encoded certificates
438 * in the formats described for
439 * {@link #generateCertificate(java.io.InputStream) generateCertificate}.
440 * In addition, {@code inStream} may contain a PKCS#7 certificate
441 * chain. This is a PKCS#7 <i>SignedData</i> object, with the only
442 * significant field being <i>certificates</i>. In particular, the
443 * signature and the contents are ignored. This format allows multiple
444 * certificates to be downloaded at once. If no certificates are present,
445 * an empty collection is returned.
446 *
447 * <p>Note that if the given input stream does not support
448 * {@link java.io.InputStream#mark(int) mark} and
449 * {@link java.io.InputStream#reset() reset}, this method will
450 * consume the entire input stream.
451 *
452 * @param inStream the input stream with the certificates.
453 *
454 * @return a (possibly empty) collection view of
455 * java.security.cert.Certificate objects
456 * initialized with the data from the input stream.
457 *
458 * @exception CertificateException on parsing errors.
459 */
460 public final Collection<? extends Certificate> generateCertificates
461 (InputStream inStream) throws CertificateException {
462 return certFacSpi.engineGenerateCertificates(inStream);
463 }
464
465 /**
466 * Generates a certificate revocation list (CRL) object and initializes it
467 * with the data read from the input stream {@code inStream}.
468 *
469 * <p>In order to take advantage of the specialized CRL format
470 * supported by this certificate factory,
471 * the returned CRL object can be typecast to the corresponding
472 * CRL class. For example, if this certificate
473 * factory implements X.509 CRLs, the returned CRL object
474 * can be typecast to the {@code X509CRL} class.
475 *
476 * <p>Note that if the given input stream does not support
477 * {@link java.io.InputStream#mark(int) mark} and
478 * {@link java.io.InputStream#reset() reset}, this method will
479 * consume the entire input stream. Otherwise, each call to this
480 * method consumes one CRL and the read position of the input stream
481 * is positioned to the next available byte after the inherent
482 * end-of-CRL marker. If the data in the
483 * input stream does not contain an inherent end-of-CRL marker (other
484 * than EOF) and there is trailing data after the CRL is parsed, a
485 * {@code CRLException} is thrown.
486 *
487 * @param inStream an input stream with the CRL data.
488 *
489 * @return a CRL object initialized with the data
490 * from the input stream.
491 *
492 * @exception CRLException on parsing errors.
493 */
494 public final CRL generateCRL(InputStream inStream)
495 throws CRLException
496 {
497 return certFacSpi.engineGenerateCRL(inStream);
498 }
499
500 /**
501 * Returns a (possibly empty) collection view of the CRLs read
502 * from the given input stream {@code inStream}.
503 *
504 * <p>In order to take advantage of the specialized CRL format
505 * supported by this certificate factory, each element in
506 * the returned collection view can be typecast to the corresponding
507 * CRL class. For example, if this certificate
508 * factory implements X.509 CRLs, the elements in the returned
509 * collection can be typecast to the {@code X509CRL} class.
510 *
511 * <p>In the case of a certificate factory for X.509 CRLs,
512 * {@code inStream} may contain a sequence of DER-encoded CRLs.
513 * In addition, {@code inStream} may contain a PKCS#7 CRL
514 * set. This is a PKCS#7 <i>SignedData</i> object, with the only
515 * significant field being <i>crls</i>. In particular, the
516 * signature and the contents are ignored. This format allows multiple
517 * CRLs to be downloaded at once. If no CRLs are present,
518 * an empty collection is returned.
519 *
520 * <p>Note that if the given input stream does not support
521 * {@link java.io.InputStream#mark(int) mark} and
522 * {@link java.io.InputStream#reset() reset}, this method will
523 * consume the entire input stream.
524 *
525 * @param inStream the input stream with the CRLs.
526 *
527 * @return a (possibly empty) collection view of
528 * java.security.cert.CRL objects initialized with the data from the input
529 * stream.
530 *
531 * @exception CRLException on parsing errors.
532 */
533 public final Collection<? extends CRL> generateCRLs(InputStream inStream)
|