001: /*
002: * @(#)CertPath.java 1.11 06/10/10
003: *
004: * Copyright 1990-2006 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: */
026:
027: package java.security.cert;
028:
029: import java.io.ByteArrayInputStream;
030: import java.io.NotSerializableException;
031: import java.io.ObjectStreamException;
032: import java.io.Serializable;
033: import java.util.Iterator;
034: import java.util.List;
035:
036: /**
037: * An immutable sequence of certificates (a certification path).
038: * <p>
039: * This is an abstract class that defines the methods common to all
040: * <code>CertPath</code>s. Subclasses can handle different kinds of
041: * certificates (X.509, PGP, etc.).
042: * <p>
043: * All <code>CertPath</code> objects have a type, a list of
044: * <code>Certificate</code>s, and one or more supported encodings. Because the
045: * <code>CertPath</code> class is immutable, a <code>CertPath</code> cannot
046: * change in any externally visible way after being constructed. This
047: * stipulation applies to all public fields and methods of this class and any
048: * added or overridden by subclasses.
049: * <p>
050: * The type is a <code>String</code> that identifies the type of
051: * <code>Certificate</code>s in the certification path. For each
052: * certificate <code>cert</code> in a certification path <code>certPath</code>,
053: * <code>cert.getType().equals(certPath.getType())</code> must be
054: * <code>true</code>.
055: * <p>
056: * The list of <code>Certificate</code>s is an ordered <code>List</code> of
057: * zero or more <code>Certificate</code>s. This <code>List</code> and all
058: * of the <code>Certificate</code>s contained in it must be immutable.
059: * <p>
060: * Each <code>CertPath</code> object must support one or more encodings
061: * so that the object can be translated into a byte array for storage or
062: * transmission to other parties. Preferably, these encodings should be
063: * well-documented standards (such as PKCS#7). One of the encodings supported
064: * by a <code>CertPath</code> is considered the default encoding. This
065: * encoding is used if no encoding is explicitly requested (for the
066: * {@link #getEncoded() getEncoded()} method, for instance).
067: * <p>
068: * All <code>CertPath</code> objects are also <code>Serializable</code>.
069: * <code>CertPath</code> objects are resolved into an alternate
070: * {@link CertPathRep CertPathRep} object during serialization. This allows
071: * a <code>CertPath</code> object to be serialized into an equivalent
072: * representation regardless of its underlying implementation.
073: * <p>
074: * By convention, X.509 <code>CertPath</code>s (consisting of
075: * <code>X509Certificate</code>s), are ordered starting with the target
076: * certificate and ending with a certificate issued by the trust anchor. That
077: * is, the issuer of one certificate is the subject of the following one.
078: * Unvalidated X.509 <code>CertPath</code>s
079: * may not follow these conventions.
080: * <p>
081: * <b>Concurrent Access</b>
082: * <p>
083: * All <code>CertPath</code> objects must be thread-safe. That is, multiple
084: * threads may concurrently invoke the methods defined in this class on a
085: * single <code>CertPath</code> object (or more than one) with no
086: * ill effects. This is also true for the <code>List</code> returned by
087: * <code>CertPath.getCertificates</code>.
088: * <p>
089: * Requiring <code>CertPath</code> objects to be immutable and thread-safe
090: * allows them to be passed around to various pieces of code without worrying
091: * about coordinating access. Providing this thread-safety is
092: * generally not difficult, since the <code>CertPath</code> and
093: * <code>List</code> objects in question are immutable.
094: *
095: * @see CertificateFactory
096: *
097: * @version 1.11 10/10/06
098: * @author Yassir Elley
099: * @since 1.4
100: */
101: public abstract class CertPath implements Serializable {
102:
103: private String type; // the type of certificates in this chain
104:
105: /**
106: * Creates a <code>CertPath</code> of the specified type.
107: * <p>
108: * This constructor is protected because most users should use a
109: * <code>CertificateFactory</code> to create <code>CertPath</code>s.
110: *
111: * @param type the standard name of the type of
112: * <code>Certificate</code>s in this path
113: */
114: protected CertPath(String type) {
115: this .type = type;
116: }
117:
118: /**
119: * Returns the type of <code>Certificate</code>s in this certification
120: * path. This is the same string that would be returned by
121: * {@link java.security.cert.Certificate#getType() cert.getType()}
122: * for all <code>Certificate</code>s in the certification path.
123: *
124: * @return the type of <code>Certificate</code>s in this certification
125: * path (never null)
126: */
127: public String getType() {
128: return type;
129: }
130:
131: /**
132: * Returns an iteration of the encodings supported by this certification
133: * path, with the default encoding first. Attempts to modify the returned
134: * <code>Iterator</code> via its <code>remove</code> method result in an
135: * <code>UnsupportedOperationException</code>.
136: *
137: * @return an <code>Iterator</code> over the names of the supported
138: * encodings (as Strings)
139: */
140: public abstract Iterator getEncodings();
141:
142: /**
143: * Compares this certification path for equality with the specified
144: * object. Two <code>CertPath</code>s are equal if and only if their
145: * types are equal and their certificate <code>List</code>s (and by
146: * implication the <code>Certificate</code>s in those <code>List</code>s)
147: * are equal. A <code>CertPath</code> is never equal to an object that is
148: * not a <code>CertPath</code>.
149: * <p>
150: * This algorithm is implemented by this method. If it is overridden,
151: * the behavior specified here must be maintained.
152: *
153: * @param other the object to test for equality with this certification path
154: * @return true if the specified object is equal to this certification path,
155: * false otherwise
156: */
157: public boolean equals(Object other) {
158: if (this == other)
159: return true;
160:
161: if (!(other instanceof CertPath))
162: return false;
163:
164: CertPath otherCP = (CertPath) other;
165: if (!otherCP.getType().equals(type))
166: return false;
167:
168: List this CertList = this .getCertificates();
169: List otherCertList = otherCP.getCertificates();
170: return (this CertList.equals(otherCertList));
171: }
172:
173: /**
174: * Returns the hashcode for this certification path. The hash code of
175: * a certification path is defined to be the result of the following
176: * calculation:
177: * <pre><code>
178: * hashCode = path.getType().hashCode();
179: * hashCode = 31*hashCode + path.getCertificates().hashCode();
180: * </code></pre>
181: * This ensures that <code>path1.equals(path2)</code> implies that
182: * <code>path1.hashCode()==path2.hashCode()</code> for any two certification
183: * paths, <code>path1</code> and <code>path2</code>, as required by the
184: * general contract of <code>Object.hashCode</code>.
185: *
186: * @return the hashcode value for this certification path
187: */
188: public int hashCode() {
189: int hashCode = type.hashCode();
190: hashCode = 31 * hashCode + getCertificates().hashCode();
191: return hashCode;
192: }
193:
194: /**
195: * Returns a string representation of this certification path.
196: * This calls the <code>toString</code> method on each of the
197: * <code>Certificate</code>s in the path.
198: *
199: * @return a string representation of this certification path
200: */
201: public String toString() {
202: StringBuffer sb = new StringBuffer();
203: Iterator stringIterator = getCertificates().iterator();
204:
205: sb.append("\n" + type + " Cert Path: length = "
206: + getCertificates().size() + ".\n");
207: sb.append("[\n");
208: int i = 1;
209: while (stringIterator.hasNext()) {
210: sb.append("=========================================="
211: + "===============Certificate " + i + " start.\n");
212: Certificate stringCert = (Certificate) stringIterator
213: .next();
214: sb.append(stringCert.toString());
215: sb.append("\n========================================"
216: + "=================Certificate " + i
217: + " end.\n\n\n");
218: i++;
219: }
220:
221: sb.append("\n]");
222: return sb.toString();
223: }
224:
225: /**
226: * Returns the encoded form of this certification path, using the default
227: * encoding.
228: *
229: * @return the encoded bytes
230: * @exception CertificateEncodingException if an encoding error occurs
231: */
232: public abstract byte[] getEncoded()
233: throws CertificateEncodingException;
234:
235: /**
236: * Returns the encoded form of this certification path, using the
237: * specified encoding.
238: *
239: * @param encoding the name of the encoding to use
240: * @return the encoded bytes
241: * @exception CertificateEncodingException if an encoding error occurs or
242: * the encoding requested is not supported
243: */
244: public abstract byte[] getEncoded(String encoding)
245: throws CertificateEncodingException;
246:
247: /**
248: * Returns the list of certificates in this certification path.
249: * The <code>List</code> returned must be immutable and thread-safe.
250: *
251: * @return an immutable <code>List</code> of <code>Certificate</code>s
252: * (may be empty, but not null)
253: */
254: public abstract List getCertificates();
255:
256: /**
257: * Replaces the <code>CertPath</code> to be serialized with a
258: * <code>CertPathRep</code> object.
259: *
260: * @return the <code>CertPathRep</code> to be serialized
261: *
262: * @throws ObjectStreamException if a <code>CertPathRep</code> object
263: * representing this certification path could not be created
264: */
265: protected Object writeReplace() throws ObjectStreamException {
266: try {
267: return new CertPathRep(type, getEncoded());
268: } catch (CertificateException ce) {
269: NotSerializableException nse = new NotSerializableException(
270: "java.security.cert.CertPath: " + type);
271: nse.initCause(ce);
272: throw nse;
273: }
274: }
275:
276: /**
277: * Alternate <code>CertPath</code> class for serialization.
278: */
279: protected static class CertPathRep implements Serializable {
280: /** The Certificate type */
281: private String type;
282: /** The encoded form of the cert path */
283: private byte[] data;
284:
285: /**
286: * Creates a <code>CertPathRep</code> with the specified
287: * type and encoded form of a certification path.
288: *
289: * @param type the standard name of a <code>CertPath</code> type
290: * @param data the encoded form of the certification path
291: */
292: protected CertPathRep(String type, byte[] data) {
293: this .type = type;
294: this .data = data;
295: }
296:
297: /**
298: * Returns a <code>CertPath</code> constructed from the type and data.
299: *
300: * @return the resolved <code>CertPath</code> object
301: *
302: * @throws ObjectStreamException if a <code>CertPath</code> could not
303: * be constructed
304: */
305: protected Object readResolve() throws ObjectStreamException {
306: try {
307: CertificateFactory cf = CertificateFactory
308: .getInstance(type);
309: return cf.generateCertPath(new ByteArrayInputStream(
310: data));
311: } catch (CertificateException ce) {
312: NotSerializableException nse = new NotSerializableException(
313: "java.security.cert.CertPath: " + type);
314: nse.initCause(ce);
315: throw nse;
316: }
317: }
318: }
319: }
|