1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package javax.security.cert; 19 20 import java.io.ByteArrayInputStream; 21 import java.io.InputStream; 22 import java.lang.reflect.Constructor; 23 import java.math.BigInteger; 24 import java.security.AccessController; 25 import java.security.InvalidKeyException; 26 import java.security.NoSuchAlgorithmException; 27 import java.security.NoSuchProviderException; 28 import java.security.Principal; 29 import java.security.PublicKey; 30 import java.security.Security; 31 import java.security.SignatureException; 32 import java.security.cert.CertificateFactory; 33 import java.util.Date; 34 35 /** 36 * Abstract base class for X.509 certificates. 37 * <p> 38 * This represents a standard way for accessing the attributes of X.509 v1 39 * certificates. 40 * <p> 41 * Note: This package is provided only for compatibility reasons. 42 * It contains a simplified version of the java.security.cert package that was 43 * previously used by JSSE (Java SSL package). All applications that do not have 44 * to be compatible with older versions of JSSE (that is before Java SDK 1.5) 45 * should only use java.security.cert. 46 */ 47 public abstract class X509Certificate extends Certificate { 48 49 private static Constructor constructor; 50 51 static { 52 try { 53 String classname = (String) AccessController.doPrivileged( 54 new java.security.PrivilegedAction() { 55 public Object run() { 56 return Security.getProperty("cert.provider.x509v1"); 57 } 58 } 59 ); 60 Class cl = Class.forName(classname); 61 constructor = 62 cl.getConstructor(new Class[] {InputStream.class}); 63 } catch (Throwable e) { 64 } 65 } 66 67 /** 68 * Creates a new {@code X509Certificate}. 69 */ 70 public X509Certificate() { 71 super(); 72 } 73 74 /** 75 * Creates a new {@code X509Certificate} and initializes it from the 76 * specified input stream. 77 * 78 * @param inStream 79 * input stream containing data to initialize the certificate. 80 * @return the certificate initialized from the specified input stream 81 * @throws CertificateException 82 * if the certificate cannot be created or initialized. 83 */ 84 public static final X509Certificate getInstance(InputStream inStream) 85 throws CertificateException { 86 if (inStream == null) { 87 throw new CertificateException("inStream == null"); 88 } 89 if (constructor != null) { 90 try { 91 return (X509Certificate) 92 constructor.newInstance(new Object[] {inStream}); 93 } catch (Throwable e) { 94 throw new CertificateException(e.getMessage()); 95 } 96 } 97 98 final java.security.cert.X509Certificate cert; 99 try { 100 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 101 cert = (java.security.cert.X509Certificate) 102 cf.generateCertificate(inStream); 103 } catch (java.security.cert.CertificateException e) { 104 throw new CertificateException(e.getMessage()); 105 } 106 107 return new X509Certificate() { 108 109 public byte[] getEncoded() throws CertificateEncodingException { 110 try { 111 return cert.getEncoded(); 112 } catch (java.security.cert.CertificateEncodingException e) { 113 throw new CertificateEncodingException(e.getMessage()); 114 } 115 } 116 117 public void verify(PublicKey key) throws CertificateException, 118 NoSuchAlgorithmException, InvalidKeyException, 119 NoSuchProviderException, SignatureException { 120 try { 121 cert.verify(key); 122 } catch (java.security.cert.CertificateException e) { 123 throw new CertificateException(e.getMessage()); 124 } 125 } 126 127 public void verify(PublicKey key, String sigProvider) 128 throws CertificateException, 129 NoSuchAlgorithmException, InvalidKeyException, 130 NoSuchProviderException, SignatureException { 131 try { 132 cert.verify(key, sigProvider); 133 } catch (java.security.cert.CertificateException e) { 134 throw new CertificateException(e.getMessage()); 135 } 136 } 137 138 public String toString() { 139 return cert.toString(); 140 } 141 142 public PublicKey getPublicKey() { 143 return cert.getPublicKey(); 144 } 145 146 public void checkValidity() throws CertificateExpiredException, 147 CertificateNotYetValidException { 148 try { 149 cert.checkValidity(); 150 } catch (java.security.cert.CertificateNotYetValidException e) { 151 throw new CertificateNotYetValidException(e.getMessage()); 152 } catch (java.security.cert.CertificateExpiredException e) { 153 throw new CertificateExpiredException(e.getMessage()); 154 } 155 } 156 157 public void checkValidity(Date date) 158 throws CertificateExpiredException, 159 CertificateNotYetValidException { 160 try { 161 cert.checkValidity(date); 162 } catch (java.security.cert.CertificateNotYetValidException e) { 163 throw new CertificateNotYetValidException(e.getMessage()); 164 } catch (java.security.cert.CertificateExpiredException e) { 165 throw new CertificateExpiredException(e.getMessage()); 166 } 167 } 168 169 public int getVersion() { 170 return 2; 171 } 172 173 public BigInteger getSerialNumber() { 174 return cert.getSerialNumber(); 175 } 176 177 public Principal getIssuerDN() { 178 return cert.getIssuerDN(); 179 } 180 181 public Principal getSubjectDN() { 182 return cert.getSubjectDN(); 183 } 184 185 public Date getNotBefore() { 186 return cert.getNotBefore(); 187 } 188 189 public Date getNotAfter() { 190 return cert.getNotAfter(); 191 } 192 193 public String getSigAlgName() { 194 return cert.getSigAlgName(); 195 } 196 197 public String getSigAlgOID() { 198 return cert.getSigAlgOID(); 199 } 200 201 public byte[] getSigAlgParams() { 202 return cert.getSigAlgParams(); 203 } 204 }; 205 } 206 207 /** 208 * Creates a new {@code X509Certificate} and initializes it from the 209 * specified byte array. 210 * 211 * @param certData 212 * byte array containing data to initialize the certificate. 213 * @return the certificate initialized from the specified byte array 214 * @throws CertificateException 215 * if the certificate cannot be created or initialized. 216 */ 217 public static final X509Certificate getInstance(byte[] certData) 218 throws CertificateException { 219 if (certData == null) { 220 throw new CertificateException("certData == null"); 221 } 222 ByteArrayInputStream bais = new ByteArrayInputStream(certData); 223 return getInstance(bais); 224 } 225 226 /** 227 * Checks whether the certificate is currently valid. 228 * <p> 229 * The validity defined in ASN.1: 230 * 231 * <pre> 232 * validity Validity 233 * 234 * Validity ::= SEQUENCE { 235 * notBefore CertificateValidityDate, 236 * notAfter CertificateValidityDate } 237 * 238 * CertificateValidityDate ::= CHOICE { 239 * utcTime UTCTime, 240 * generalTime GeneralizedTime } 241 * </pre> 242 * 243 * @throws CertificateExpiredException 244 * if the certificate has expired. 245 * @throws CertificateNotYetValidException 246 * if the certificate is not yet valid. 247 */ 248 public abstract void checkValidity() 249 throws CertificateExpiredException, CertificateNotYetValidException; 250 251 252 /** 253 * Checks whether the certificate is valid at the specified date. 254 * 255 * @param date 256 * the date to check the validity against. 257 * @throws CertificateExpiredException 258 * if the certificate has expired. 259 * @throws CertificateNotYetValidException 260 * if the certificate is not yet valid. 261 * @see #checkValidity() 262 */ 263 public abstract void checkValidity(Date date) 264 throws CertificateExpiredException, CertificateNotYetValidException; 265 266 /** 267 * Returns the certificates {@code version} (version number). 268 * <p> 269 * The version defined is ASN.1: 270 * 271 * <pre> 272 * Version ::= INTEGER { v1(0), v2(1), v3(2) } 273 * </pre> 274 * 275 * @return the version number. 276 */ 277 public abstract int getVersion(); 278 279 /** 280 * Returns the {@code serialNumber} of the certificate. 281 * <p> 282 * The ASN.1 definition of {@code serialNumber}: 283 * 284 * <pre> 285 * CertificateSerialNumber ::= INTEGER 286 * </pre> 287 * 288 * @return the serial number. 289 */ 290 public abstract BigInteger getSerialNumber(); 291 292 /** 293 * Returns the {@code issuer} (issuer distinguished name) as an 294 * implementation specific {@code Principal} object. 295 * <p> 296 * The ASN.1 definition of {@code issuer}: 297 * 298 * <pre> 299 * issuer Name 300 * 301 * Name ::= CHOICE { 302 * RDNSequence } 303 * 304 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 305 * 306 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue 307 * 308 * AttributeTypeAndValue ::= SEQUENCE { 309 * type AttributeType, 310 * value AttributeValue } 311 * 312 * AttributeType ::= OBJECT IDENTIFIER 313 * 314 * AttributeValue ::= ANY DEFINED BY AttributeType 315 * </pre> 316 * 317 * @return the {@code issuer} as an implementation specific {@code 318 * Principal}. 319 */ 320 public abstract Principal getIssuerDN(); 321 322 /** 323 * Returns the {@code subject} (subject distinguished name) as an 324 * implementation specific {@code Principal} object. 325 * <p> 326 * The ASN.1 definition of {@code subject}: 327 * 328 * <pre> 329 * subject Name 330 * 331 * Name ::= CHOICE { 332 * RDNSequence } 333 * 334 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 335 * 336 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue 337 * 338 * AttributeTypeAndValue ::= SEQUENCE { 339 * type AttributeType, 340 * value AttributeValue } 341 * 342 * AttributeType ::= OBJECT IDENTIFIER 343 * 344 * AttributeValue ::= ANY DEFINED BY AttributeType 345 * </pre> 346 * 347 * @return the {@code subject} (subject distinguished name). 348 */ 349 public abstract Principal getSubjectDN(); 350 351 /** 352 * Returns the {@code notBefore} date from the validity period of the 353 * certificate. 354 * 355 * @return the start of the validity period. 356 */ 357 public abstract Date getNotBefore(); 358 359 /** 360 * Returns the {@code notAfter} date of the validity period of the 361 * certificate. 362 * 363 * @return the end of the validity period. 364 */ 365 public abstract Date getNotAfter(); 366 367 /** 368 * Returns the name of the algorithm for the certificate signature. 369 * 370 * @return the signature algorithm name. 371 */ 372 public abstract String getSigAlgName(); 373 374 /** 375 * Returns the OID of the signature algorithm from the certificate. 376 * 377 * @return the OID of the signature algorithm. 378 */ 379 public abstract String getSigAlgOID(); 380 381 /** 382 * Returns the parameters of the signature algorithm in DER-encoded format. 383 * 384 * @return the parameters of the signature algorithm, or null if none are 385 * used. 386 */ 387 public abstract byte[] getSigAlgParams(); 388 } 389