001 /* CertificateFactory.java -- Certificate Factory Class 002 Copyright (C) 1999, 2002, 2003, 2004 Free Software Foundation, Inc. 003 004 This file is part of GNU Classpath. 005 006 GNU Classpath is free software; you can redistribute it and/or modify 007 it under the terms of the GNU General Public License as published by 008 the Free Software Foundation; either version 2, or (at your option) 009 any later version. 010 011 GNU Classpath is distributed in the hope that it will be useful, but 012 WITHOUT ANY WARRANTY; without even the implied warranty of 013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 014 General Public License for more details. 015 016 You should have received a copy of the GNU General Public License 017 along with GNU Classpath; see the file COPYING. If not, write to the 018 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 019 02110-1301 USA. 020 021 Linking this library statically or dynamically with other modules is 022 making a combined work based on this library. Thus, the terms and 023 conditions of the GNU General Public License cover the whole 024 combination. 025 026 As a special exception, the copyright holders of this library give you 027 permission to link this library with independent modules to produce an 028 executable, regardless of the license terms of these independent 029 modules, and to copy and distribute the resulting executable under 030 terms of your choice, provided that you also meet, for each linked 031 independent module, the terms and conditions of the license of that 032 module. An independent module is a module which is not derived from 033 or based on this library. If you modify this library, you may extend 034 this exception to your version of the library, but you are not 035 obligated to do so. If you do not wish to do so, delete this 036 exception statement from your version. */ 037 038 039 package java.security.cert; 040 041 import gnu.java.security.Engine; 042 043 import java.io.InputStream; 044 import java.lang.reflect.InvocationTargetException; 045 import java.security.KeyStoreException; 046 import java.security.NoSuchAlgorithmException; 047 import java.security.NoSuchProviderException; 048 import java.security.Provider; 049 import java.security.Security; 050 import java.util.Collection; 051 import java.util.Iterator; 052 import java.util.List; 053 054 /** 055 * This class implements the CertificateFactory class interface used to 056 * generate certificates, certificate revocation lists (CRLs), and certificate 057 * paths objects from their encoded forms. 058 * 059 * @author Mark Benvenuto 060 * @author Casey Marshall 061 * @since 1.2 062 * @status Fully compatible with JDK 1.4. 063 */ 064 public class CertificateFactory 065 { 066 067 /** The service name for certificate factories. */ 068 private static final String CERTIFICATE_FACTORY = "CertificateFactory"; 069 070 private CertificateFactorySpi certFacSpi; 071 private Provider provider; 072 private String type; 073 074 /** 075 * Creates an instance of CertificateFactory. 076 * 077 * @param certFacSpi The underlying CertificateFactory engine. 078 * @param provider The provider of this implementation. 079 * @param type The type of Certificate this factory creates. 080 */ 081 protected CertificateFactory(CertificateFactorySpi certFacSpi, 082 Provider provider, String type) 083 { 084 this.certFacSpi = certFacSpi; 085 this.provider = provider; 086 this.type = type; 087 } 088 089 /** 090 * Returns an instance of a <code>CertificateFactory</code> representing the 091 * specified certificate factory type. 092 * 093 * @param type The type of certificate factory to create. 094 * @return A <code>CertificateFactory</code> of the desired type. 095 * @throws CertificateException If the type of certificate factory is not 096 * implemented by any installed provider. 097 * @throws IllegalArgumentException if <code>type</code> is 098 * <code>null</code> or is an empty string. 099 */ 100 public static final CertificateFactory getInstance(String type) 101 throws CertificateException 102 { 103 Provider[] p = Security.getProviders(); 104 CertificateException lastException = null; 105 for (int i = 0; i < p.length; i++) 106 try 107 { 108 return getInstance(type, p[i]); 109 } 110 catch (CertificateException x) 111 { 112 lastException = x; 113 } 114 if (lastException != null) 115 throw lastException; 116 throw new CertificateException(type); 117 } 118 119 /** 120 * Returns an instance of a <code>CertificateFactory</code> representing the 121 * specified certificate factory type from the named provider. 122 * 123 * @param type The type of certificate factory to create. 124 * @param provider The name of the provider to use. 125 * @return A <code>CertificateFactory</code> for the desired type. 126 * @throws CertificateException If the type of certificate is not implemented 127 * by the named provider. 128 * @throws NoSuchProviderException If the named provider is not installed. 129 * @throws IllegalArgumentException if either <code>type</code> or 130 * <code>provider</code> is <code>null</code>, or if 131 * <code>type</code> is an empty string. 132 */ 133 public static final CertificateFactory getInstance(String type, 134 String provider) 135 throws CertificateException, NoSuchProviderException 136 { 137 if (provider == null) 138 throw new IllegalArgumentException("provider MUST NOT be null"); 139 Provider p = Security.getProvider(provider); 140 if (p == null) 141 throw new NoSuchProviderException(provider); 142 return getInstance(type, p); 143 } 144 145 /** 146 * Returns an instance of a <code>CertificateFactory</code> representing the 147 * specified certificate factory type from the designated provider. 148 * 149 * @param type The type of certificate factory to create. 150 * @param provider The provider from which to get the implementation. 151 * @return A <code>CertificateFactory</code> for the desired type. 152 * @throws CertificateException If the type of certificate is not implemented 153 * by the provider. 154 * @throws IllegalArgumentException if either <code>type</code> or 155 * <code>provider</code> is <code>null</code>, or if 156 * <code>type</code> is an empty string. 157 */ 158 public static final CertificateFactory getInstance(String type, 159 Provider provider) 160 throws CertificateException 161 { 162 Throwable cause; 163 try 164 { 165 Object spi = Engine.getInstance(CERTIFICATE_FACTORY, type, provider); 166 return new CertificateFactory((CertificateFactorySpi) spi, provider, type); 167 } 168 catch (ClassCastException x) 169 { 170 cause = x; 171 } 172 catch (InvocationTargetException x) 173 { 174 cause = x.getCause() != null ? x.getCause() : x; 175 } 176 catch (NoSuchAlgorithmException x) 177 { 178 cause = x; 179 } 180 CertificateException x = new CertificateException(type); 181 x.initCause(cause); 182 throw x; 183 } 184 185 /** 186 * Gets the provider of this implementation. 187 * 188 * @return The provider of this implementation. 189 */ 190 public final Provider getProvider() 191 { 192 return provider; 193 } 194 195 /** 196 * Returns the type of the certificate this factory creates. 197 * 198 * @return A string with the type of certificate 199 */ 200 public final String getType() 201 { 202 return type; 203 } 204 205 /** 206 * Generates a Certificate from the encoded data read 207 * from an InputStream. 208 * 209 * <p>The input stream must contain only one certificate. 210 * 211 * <p>If there exists a specialized certificate class for the 212 * certificate format handled by the certificate factory 213 * then the return Ceritificate should be a typecast of it. 214 * Ex: A X.509 CertificateFactory should return X509Certificate. 215 * 216 * <p>For X.509 certificates, the certificate in inStream must be 217 * DER encoded and supplied in binary or printable (Base64) 218 * encoding. If the certificate is in Base64 encoding, it must be 219 * bounded by -----BEGINCERTIFICATE-----, and 220 * -----END CERTIFICATE-----. 221 * 222 * @param inStream An input stream containing the certificate data. 223 * @return A certificate initialized from the decoded InputStream data. 224 * @throws CertificateException If an error occurs decoding the 225 * certificate. 226 */ 227 public final Certificate generateCertificate(InputStream inStream) 228 throws CertificateException 229 { 230 return certFacSpi.engineGenerateCertificate(inStream); 231 } 232 233 /** 234 * Returns a collection of certificates that were read from the 235 * input stream. It may be empty, have only one, or have 236 * multiple certificates. 237 * 238 * For a X.509 certificate factory, the stream may contain a 239 * single DER encoded certificate or a PKCS#7 certificate 240 * chain. This is a PKCS#7 <I>SignedData</I> object with the 241 * most significant field being <I>certificates</I>. If no 242 * CRLs are present, then an empty collection is returned. 243 * 244 * @param inStream An input stream containing the certificate data. 245 * @return A collection of certificates initialized from the decoded 246 * InputStream data. 247 * @throws CertificateException If an error occurs decoding the 248 * certificates. 249 */ 250 public final Collection<? extends Certificate> generateCertificates(InputStream inStream) 251 throws CertificateException 252 { 253 return certFacSpi.engineGenerateCertificates(inStream); 254 } 255 256 /** 257 * Generates a CRL based on the encoded data read 258 * from the InputStream. 259 * 260 * <p>The input stream must contain only one CRL. 261 * 262 * <p>If there exists a specialized CRL class for the 263 * CRL format handled by the certificate factory 264 * then the return CRL should be a typecast of it. 265 * Ex: A X.509 CertificateFactory should return X509CRL. 266 * 267 * @param inStream An input stream containing the CRL data. 268 * @return A CRL initialized from the decoded InputStream data. 269 * @throws CRLException If an error occurs decoding the CRL. 270 */ 271 public final CRL generateCRL(InputStream inStream) 272 throws CRLException 273 { 274 return certFacSpi.engineGenerateCRL(inStream); 275 } 276 277 /** 278 * <p>Generates CRLs based on the encoded data read 279 * from the InputStream. 280 * 281 * <p>For a X.509 certificate factory, the stream may contain a 282 * single DER encoded CRL or a PKCS#7 CRL set. This is a 283 * PKCS#7 <I>SignedData</I> object with the most significant 284 * field being <I>crls</I>. If no CRLs are present, then an 285 * empty collection is returned. 286 * 287 * @param inStream an input stream containing the CRLs. 288 * @return a collection of CRLs initialized from the decoded 289 * InputStream data. 290 * @throws CRLException If an error occurs decoding the CRLs. 291 */ 292 public final Collection<? extends CRL> generateCRLs(InputStream inStream) 293 throws CRLException 294 { 295 return certFacSpi.engineGenerateCRLs( inStream ); 296 } 297 298 /** 299 * Generate a {@link CertPath} and initialize it with data parsed from 300 * the input stream. The default encoding of this factory is used. 301 * 302 * @param inStream The InputStream containing the CertPath data. 303 * @return A CertPath initialized from the input stream data. 304 * @throws CertificateException If an error occurs decoding the 305 * CertPath. 306 */ 307 public final CertPath generateCertPath(InputStream inStream) 308 throws CertificateException 309 { 310 return certFacSpi.engineGenerateCertPath(inStream); 311 } 312 313 /** 314 * Generate a {@link CertPath} and initialize it with data parsed from 315 * the input stream, using the specified encoding. 316 * 317 * @param inStream The InputStream containing the CertPath data. 318 * @param encoding The encoding of the InputStream data. 319 * @return A CertPath initialized from the input stream data. 320 * @throws CertificateException If an error occurs decoding the 321 * CertPath. 322 */ 323 public final CertPath generateCertPath(InputStream inStream, String encoding) 324 throws CertificateException 325 { 326 return certFacSpi.engineGenerateCertPath(inStream, encoding); 327 } 328 329 /** 330 * Generate a {@link CertPath} and initialize it with the certificates 331 * in the {@link java.util.List} argument. 332 * 333 * @param certificates The list of certificates with which to create 334 * the CertPath. 335 * @return A CertPath initialized from the certificates. 336 * @throws CertificateException If an error occurs generating the 337 * CertPath. 338 */ 339 public final CertPath generateCertPath(List<? extends Certificate> certificates) 340 throws CertificateException 341 { 342 return certFacSpi.engineGenerateCertPath(certificates); 343 } 344 345 /** 346 * Returns an Iterator of CertPath encodings supported by this 347 * factory, with the default encoding first. The returned Iterator 348 * cannot be modified. 349 * 350 * @return The Iterator of supported encodings. 351 */ 352 public final Iterator<String> getCertPathEncodings() 353 { 354 return certFacSpi.engineGetCertPathEncodings(); 355 } 356 } // class CertificateFactory