/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package javax.security.cert;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.CertificateFactory;
import java.util.Date;
/**
* Abstract base class for X.509 certificates.
* <p>
* This represents a standard way for accessing the attributes of X.509 v1
* certificates.
* <p>
* Note: This package is provided only for compatibility reasons.
* It contains a simplified version of the java.security.cert package that was
* previously used by JSSE (Java SSL package). All applications that do not have
* to be compatible with older versions of JSSE (that is before Java SDK 1.5)
* should only use java.security.cert.
*/
public abstract class X509Certificate extends Certificate {
private static Constructor constructor;
static {
try {
String classname = Security.getProperty("cert.provider.x509v1");
Class cl = Class.forName(classname);
constructor = cl.getConstructor(new Class[] {InputStream.class});
} catch (Exception|LinkageError e) {
}
}
/**
* Creates a new {@code X509Certificate}.
*/
public X509Certificate() {
}
/**
* Creates a new {@code X509Certificate} and initializes it from the
* specified input stream.
*
* @param inStream
* input stream containing data to initialize the certificate.
* @return the certificate initialized from the specified input stream
* @throws CertificateException
* if the certificate cannot be created or initialized.
*/
public static final X509Certificate getInstance(InputStream inStream)
throws CertificateException {
if (inStream == null) {
throw new CertificateException("inStream == null");
}
if (constructor != null) {
try {
return (X509Certificate)
constructor.newInstance(new Object[] {inStream});
} catch (ReflectiveOperationException e) {
throw new CertificateException(e.getMessage());
}
}
final java.security.cert.X509Certificate cert;
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cert = (java.security.cert.X509Certificate)
cf.generateCertificate(inStream);
} catch (java.security.cert.CertificateException e) {
throw new CertificateException(e.getMessage());
}
return new X509Certificate() {
public byte[] getEncoded() throws CertificateEncodingException {
try {
return cert.getEncoded();
} catch (java.security.cert.CertificateEncodingException e) {
throw new CertificateEncodingException(e.getMessage());
}
}
public void verify(PublicKey key) throws CertificateException,
NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException {
try {
cert.verify(key);
} catch (java.security.cert.CertificateException e) {
throw new CertificateException(e.getMessage());
}
}
public void verify(PublicKey key, String sigProvider)
throws CertificateException,
NoSuchAlgorithmException, InvalidKeyException,
NoSuchProviderException, SignatureException {
try {
cert.verify(key, sigProvider);
} catch (java.security.cert.CertificateException e) {
throw new CertificateException(e.getMessage());
}
}
public String toString() {
return cert.toString();
}
public PublicKey getPublicKey() {
return cert.getPublicKey();
}
public void checkValidity() throws CertificateExpiredException,
CertificateNotYetValidException {
try {
cert.checkValidity();
} catch (java.security.cert.CertificateNotYetValidException e) {
throw new CertificateNotYetValidException(e.getMessage());
} catch (java.security.cert.CertificateExpiredException e) {
throw new CertificateExpiredException(e.getMessage());
}
}
public void checkValidity(Date date)
throws CertificateExpiredException,
CertificateNotYetValidException {
try {
cert.checkValidity(date);
} catch (java.security.cert.CertificateNotYetValidException e) {
throw new CertificateNotYetValidException(e.getMessage());
} catch (java.security.cert.CertificateExpiredException e) {
throw new CertificateExpiredException(e.getMessage());
}
}
public int getVersion() {
return 2;
}
public BigInteger getSerialNumber() {
return cert.getSerialNumber();
}
public Principal getIssuerDN() {
return cert.getIssuerDN();
}
public Principal getSubjectDN() {
return cert.getSubjectDN();
}
public Date getNotBefore() {
return cert.getNotBefore();
}
public Date getNotAfter() {
return cert.getNotAfter();
}
public String getSigAlgName() {
return cert.getSigAlgName();
}
public String getSigAlgOID() {
return cert.getSigAlgOID();
}
public byte[] getSigAlgParams() {
return cert.getSigAlgParams();
}
};
}
/**
* Creates a new {@code X509Certificate} and initializes it from the
* specified byte array.
*
* @param certData
* byte array containing data to initialize the certificate.
* @return the certificate initialized from the specified byte array
* @throws CertificateException
* if the certificate cannot be created or initialized.
*/
public static final X509Certificate getInstance(byte[] certData)
throws CertificateException {
if (certData == null) {
throw new CertificateException("certData == null");
}
ByteArrayInputStream bais = new ByteArrayInputStream(certData);
return getInstance(bais);
}
/**
* Checks whether the certificate is currently valid.
* <p>
* The validity defined in ASN.1:
*
* <pre>
* validity Validity
*
* Validity ::= SEQUENCE {
* notBefore CertificateValidityDate,
* notAfter CertificateValidityDate }
*
* CertificateValidityDate ::= CHOICE {
* utcTime UTCTime,
* generalTime GeneralizedTime }
* </pre>
*
* @throws CertificateExpiredException
* if the certificate has expired.
* @throws CertificateNotYetValidException
* if the certificate is not yet valid.
*/
public abstract void checkValidity()
throws CertificateExpiredException, CertificateNotYetValidException;
/**
* Checks whether the certificate is valid at the specified date.
*
* @param date
* the date to check the validity against.
* @throws CertificateExpiredException
* if the certificate has expired.
* @throws CertificateNotYetValidException
* if the certificate is not yet valid.
* @see #checkValidity()
*/
public abstract void checkValidity(Date date)
throws CertificateExpiredException, CertificateNotYetValidException;
/**
* Returns the certificates {@code version} (version number).
* <p>
* The version defined is ASN.1:
*
* <pre>
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
* </pre>
*
* @return the version number.
*/
public abstract int getVersion();
/**
* Returns the {@code serialNumber} of the certificate.
* <p>
* The ASN.1 definition of {@code serialNumber}:
*
* <pre>
* CertificateSerialNumber ::= INTEGER
* </pre>
*
* @return the serial number.
*/
public abstract BigInteger getSerialNumber();
/**
* Returns the {@code issuer} (issuer distinguished name) as an
* implementation specific {@code Principal} object.
* <p>
* The ASN.1 definition of {@code issuer}:
*
* <pre>
* issuer Name
*
* Name ::= CHOICE {
* RDNSequence }
*
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
*
* RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
*
* AttributeTypeAndValue ::= SEQUENCE {
* type AttributeType,
* value AttributeValue }
*
* AttributeType ::= OBJECT IDENTIFIER
*
* AttributeValue ::= ANY DEFINED BY AttributeType
* </pre>
*
* @return the {@code issuer} as an implementation specific {@code
* Principal}.
*/
public abstract Principal getIssuerDN();
/**
* Returns the {@code subject} (subject distinguished name) as an
* implementation specific {@code Principal} object.
* <p>
* The ASN.1 definition of {@code subject}:
*
* <pre>
* subject Name
*
* Name ::= CHOICE {
* RDNSequence }
*
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
*
* RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
*
* AttributeTypeAndValue ::= SEQUENCE {
* type AttributeType,
* value AttributeValue }
*
* AttributeType ::= OBJECT IDENTIFIER
*
* AttributeValue ::= ANY DEFINED BY AttributeType
* </pre>
*
* @return the {@code subject} (subject distinguished name).
*/
public abstract Principal getSubjectDN();
/**
* Returns the {@code notBefore} date from the validity period of the
* certificate.
*
* @return the start of the validity period.
*/
public abstract Date getNotBefore();
/**
* Returns the {@code notAfter} date of the validity period of the
* certificate.
*
* @return the end of the validity period.
*/
public abstract Date getNotAfter();
/**
* Returns the name of the algorithm for the certificate signature.
*
* @return the signature algorithm name.
*/
public abstract String getSigAlgName();
/**
* Returns the OID of the signature algorithm from the certificate.
*
* @return the OID of the signature algorithm.
*/
public abstract String getSigAlgOID();
/**
* Returns the parameters of the signature algorithm in DER-encoded format.
*
* @return the parameters of the signature algorithm, or null if none are
* used.
*/
public abstract byte[] getSigAlgParams();
}