forked from wupeixuan/JDKSourceCode1.8
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCertPath.java
More file actions
343 lines (318 loc) · 12.3 KB
/
CertPath.java
File metadata and controls
343 lines (318 loc) · 12.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
/*
* Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*
*/
package java.security.cert;
import java.io.ByteArrayInputStream;
import java.io.NotSerializableException;
import java.io.ObjectStreamException;
import java.io.Serializable;
import java.util.Iterator;
import java.util.List;
/**
* An immutable sequence of certificates (a certification path).
* <p>
* This is an abstract class that defines the methods common to all
* {@code CertPath}s. Subclasses can handle different kinds of
* certificates (X.509, PGP, etc.).
* <p>
* All {@code CertPath} objects have a type, a list of
* {@code Certificate}s, and one or more supported encodings. Because the
* {@code CertPath} class is immutable, a {@code CertPath} cannot
* change in any externally visible way after being constructed. This
* stipulation applies to all public fields and methods of this class and any
* added or overridden by subclasses.
* <p>
* The type is a {@code String} that identifies the type of
* {@code Certificate}s in the certification path. For each
* certificate {@code cert} in a certification path {@code certPath},
* {@code cert.getType().equals(certPath.getType())} must be
* {@code true}.
* <p>
* The list of {@code Certificate}s is an ordered {@code List} of
* zero or more {@code Certificate}s. This {@code List} and all
* of the {@code Certificate}s contained in it must be immutable.
* <p>
* Each {@code CertPath} object must support one or more encodings
* so that the object can be translated into a byte array for storage or
* transmission to other parties. Preferably, these encodings should be
* well-documented standards (such as PKCS#7). One of the encodings supported
* by a {@code CertPath} is considered the default encoding. This
* encoding is used if no encoding is explicitly requested (for the
* {@link #getEncoded() getEncoded()} method, for instance).
* <p>
* All {@code CertPath} objects are also {@code Serializable}.
* {@code CertPath} objects are resolved into an alternate
* {@link CertPathRep CertPathRep} object during serialization. This allows
* a {@code CertPath} object to be serialized into an equivalent
* representation regardless of its underlying implementation.
* <p>
* {@code CertPath} objects can be created with a
* {@code CertificateFactory} or they can be returned by other classes,
* such as a {@code CertPathBuilder}.
* <p>
* By convention, X.509 {@code CertPath}s (consisting of
* {@code X509Certificate}s), are ordered starting with the target
* certificate and ending with a certificate issued by the trust anchor. That
* is, the issuer of one certificate is the subject of the following one. The
* certificate representing the {@link TrustAnchor TrustAnchor} should not be
* included in the certification path. Unvalidated X.509 {@code CertPath}s
* may not follow these conventions. PKIX {@code CertPathValidator}s will
* detect any departure from these conventions that cause the certification
* path to be invalid and throw a {@code CertPathValidatorException}.
*
* <p> Every implementation of the Java platform is required to support the
* following standard {@code CertPath} encodings:
* <ul>
* <li>{@code PKCS7}</li>
* <li>{@code PkiPath}</li>
* </ul>
* These encodings are described in the <a href=
* "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings">
* CertPath Encodings section</a> of the
* Java Cryptography Architecture Standard Algorithm Name Documentation.
* Consult the release documentation for your implementation to see if any
* other encodings are supported.
* <p>
* <b>Concurrent Access</b>
* <p>
* All {@code CertPath} objects must be thread-safe. That is, multiple
* threads may concurrently invoke the methods defined in this class on a
* single {@code CertPath} object (or more than one) with no
* ill effects. This is also true for the {@code List} returned by
* {@code CertPath.getCertificates}.
* <p>
* Requiring {@code CertPath} objects to be immutable and thread-safe
* allows them to be passed around to various pieces of code without worrying
* about coordinating access. Providing this thread-safety is
* generally not difficult, since the {@code CertPath} and
* {@code List} objects in question are immutable.
*
* @see CertificateFactory
* @see CertPathBuilder
*
* @author Yassir Elley
* @since 1.4
*/
public abstract class CertPath implements Serializable {
private static final long serialVersionUID = 6068470306649138683L;
private String type; // the type of certificates in this chain
/**
* Creates a {@code CertPath} of the specified type.
* <p>
* This constructor is protected because most users should use a
* {@code CertificateFactory} to create {@code CertPath}s.
*
* @param type the standard name of the type of
* {@code Certificate}s in this path
*/
protected CertPath(String type) {
this.type = type;
}
/**
* Returns the type of {@code Certificate}s in this certification
* path. This is the same string that would be returned by
* {@link java.security.cert.Certificate#getType() cert.getType()}
* for all {@code Certificate}s in the certification path.
*
* @return the type of {@code Certificate}s in this certification
* path (never null)
*/
public String getType() {
return type;
}
/**
* Returns an iteration of the encodings supported by this certification
* path, with the default encoding first. Attempts to modify the returned
* {@code Iterator} via its {@code remove} method result in an
* {@code UnsupportedOperationException}.
*
* @return an {@code Iterator} over the names of the supported
* encodings (as Strings)
*/
public abstract Iterator<String> getEncodings();
/**
* Compares this certification path for equality with the specified
* object. Two {@code CertPath}s are equal if and only if their
* types are equal and their certificate {@code List}s (and by
* implication the {@code Certificate}s in those {@code List}s)
* are equal. A {@code CertPath} is never equal to an object that is
* not a {@code CertPath}.
* <p>
* This algorithm is implemented by this method. If it is overridden,
* the behavior specified here must be maintained.
*
* @param other the object to test for equality with this certification path
* @return true if the specified object is equal to this certification path,
* false otherwise
*/
public boolean equals(Object other) {
if (this == other)
return true;
if (! (other instanceof CertPath))
return false;
CertPath otherCP = (CertPath) other;
if (! otherCP.getType().equals(type))
return false;
List<? extends Certificate> thisCertList = this.getCertificates();
List<? extends Certificate> otherCertList = otherCP.getCertificates();
return(thisCertList.equals(otherCertList));
}
/**
* Returns the hashcode for this certification path. The hash code of
* a certification path is defined to be the result of the following
* calculation:
* <pre>{@code
* hashCode = path.getType().hashCode();
* hashCode = 31*hashCode + path.getCertificates().hashCode();
* }</pre>
* This ensures that {@code path1.equals(path2)} implies that
* {@code path1.hashCode()==path2.hashCode()} for any two certification
* paths, {@code path1} and {@code path2}, as required by the
* general contract of {@code Object.hashCode}.
*
* @return the hashcode value for this certification path
*/
public int hashCode() {
int hashCode = type.hashCode();
hashCode = 31*hashCode + getCertificates().hashCode();
return hashCode;
}
/**
* Returns a string representation of this certification path.
* This calls the {@code toString} method on each of the
* {@code Certificate}s in the path.
*
* @return a string representation of this certification path
*/
public String toString() {
StringBuffer sb = new StringBuffer();
Iterator<? extends Certificate> stringIterator =
getCertificates().iterator();
sb.append("\n" + type + " Cert Path: length = "
+ getCertificates().size() + ".\n");
sb.append("[\n");
int i = 1;
while (stringIterator.hasNext()) {
sb.append("=========================================="
+ "===============Certificate " + i + " start.\n");
Certificate stringCert = stringIterator.next();
sb.append(stringCert.toString());
sb.append("\n========================================"
+ "=================Certificate " + i + " end.\n\n\n");
i++;
}
sb.append("\n]");
return sb.toString();
}
/**
* Returns the encoded form of this certification path, using the default
* encoding.
*
* @return the encoded bytes
* @exception CertificateEncodingException if an encoding error occurs
*/
public abstract byte[] getEncoded()
throws CertificateEncodingException;
/**
* Returns the encoded form of this certification path, using the
* specified encoding.
*
* @param encoding the name of the encoding to use
* @return the encoded bytes
* @exception CertificateEncodingException if an encoding error occurs or
* the encoding requested is not supported
*/
public abstract byte[] getEncoded(String encoding)
throws CertificateEncodingException;
/**
* Returns the list of certificates in this certification path.
* The {@code List} returned must be immutable and thread-safe.
*
* @return an immutable {@code List} of {@code Certificate}s
* (may be empty, but not null)
*/
public abstract List<? extends Certificate> getCertificates();
/**
* Replaces the {@code CertPath} to be serialized with a
* {@code CertPathRep} object.
*
* @return the {@code CertPathRep} to be serialized
*
* @throws ObjectStreamException if a {@code CertPathRep} object
* representing this certification path could not be created
*/
protected Object writeReplace() throws ObjectStreamException {
try {
return new CertPathRep(type, getEncoded());
} catch (CertificateException ce) {
NotSerializableException nse =
new NotSerializableException
("java.security.cert.CertPath: " + type);
nse.initCause(ce);
throw nse;
}
}
/**
* Alternate {@code CertPath} class for serialization.
* @since 1.4
*/
protected static class CertPathRep implements Serializable {
private static final long serialVersionUID = 3015633072427920915L;
/** The Certificate type */
private String type;
/** The encoded form of the cert path */
private byte[] data;
/**
* Creates a {@code CertPathRep} with the specified
* type and encoded form of a certification path.
*
* @param type the standard name of a {@code CertPath} type
* @param data the encoded form of the certification path
*/
protected CertPathRep(String type, byte[] data) {
this.type = type;
this.data = data;
}
/**
* Returns a {@code CertPath} constructed from the type and data.
*
* @return the resolved {@code CertPath} object
*
* @throws ObjectStreamException if a {@code CertPath} could not
* be constructed
*/
protected Object readResolve() throws ObjectStreamException {
try {
CertificateFactory cf = CertificateFactory.getInstance(type);
return cf.generateCertPath(new ByteArrayInputStream(data));
} catch (CertificateException ce) {
NotSerializableException nse =
new NotSerializableException
("java.security.cert.CertPath: " + type);
nse.initCause(ce);
throw nse;
}
}
}
}