| /* |
| * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package java.security.cert; |
| |
| import java.io.InputStream; |
| import java.util.Collection; |
| import java.util.Iterator; |
| import java.util.List; |
| import java.security.Provider; |
| import java.security.NoSuchAlgorithmException; |
| import java.security.NoSuchProviderException; |
| |
| /** |
| * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>) |
| * for the {@code CertificateFactory} class. |
| * All the abstract methods in this class must be implemented by each |
| * cryptographic service provider who wishes to supply the implementation |
| * of a certificate factory for a particular certificate type, e.g., X.509. |
| * |
| * <p>Certificate factories are used to generate certificate, certification path |
| * ({@code CertPath}) and certificate revocation list (CRL) objects from |
| * their encodings. |
| * |
| * <p>A certificate factory for X.509 must return certificates that are an |
| * instance of {@code java.security.cert.X509Certificate}, and CRLs |
| * that are an instance of {@code java.security.cert.X509CRL}. |
| * |
| * @author Hemma Prafullchandra |
| * @author Jan Luehe |
| * @author Sean Mullan |
| * |
| * |
| * @see CertificateFactory |
| * @see Certificate |
| * @see X509Certificate |
| * @see CertPath |
| * @see CRL |
| * @see X509CRL |
| * |
| * @since 1.2 |
| */ |
| |
| public abstract class CertificateFactorySpi { |
| |
| /** |
| * Generates a certificate object and initializes it with |
| * the data read from the input stream {@code inStream}. |
| * |
| * <p>In order to take advantage of the specialized certificate format |
| * supported by this certificate factory, |
| * the returned certificate object can be typecast to the corresponding |
| * certificate class. For example, if this certificate |
| * factory implements X.509 certificates, the returned certificate object |
| * can be typecast to the {@code X509Certificate} class. |
| * |
| * <p>In the case of a certificate factory for X.509 certificates, the |
| * certificate provided in {@code inStream} must be DER-encoded and |
| * may be supplied in binary or printable (Base64) encoding. If the |
| * certificate is provided in Base64 encoding, it must be bounded at |
| * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at |
| * the end by -----END CERTIFICATE-----. |
| * |
| * <p>Note that if the given input stream does not support |
| * {@link java.io.InputStream#mark(int) mark} and |
| * {@link java.io.InputStream#reset() reset}, this method will |
| * consume the entire input stream. Otherwise, each call to this |
| * method consumes one certificate and the read position of the input stream |
| * is positioned to the next available byte after the inherent |
| * end-of-certificate marker. If the data in the |
| * input stream does not contain an inherent end-of-certificate marker (other |
| * than EOF) and there is trailing data after the certificate is parsed, a |
| * {@code CertificateException} is thrown. |
| * |
| * @param inStream an input stream with the certificate data. |
| * |
| * @return a certificate object initialized with the data |
| * from the input stream. |
| * |
| * @exception CertificateException on parsing errors. |
| */ |
| public abstract Certificate engineGenerateCertificate(InputStream inStream) |
| throws CertificateException; |
| |
| /** |
| * Generates a {@code CertPath} object and initializes it with |
| * the data read from the {@code InputStream} inStream. The data |
| * is assumed to be in the default encoding. |
| * |
| * <p> This method was added to version 1.4 of the Java 2 Platform |
| * Standard Edition. In order to maintain backwards compatibility with |
| * existing service providers, this method cannot be {@code abstract} |
| * and by default throws an {@code UnsupportedOperationException}. |
| * |
| * @param inStream an {@code InputStream} containing the data |
| * @return a {@code CertPath} initialized with the data from the |
| * {@code InputStream} |
| * @exception CertificateException if an exception occurs while decoding |
| * @exception UnsupportedOperationException if the method is not supported |
| * @since 1.4 |
| */ |
| public CertPath engineGenerateCertPath(InputStream inStream) |
| throws CertificateException |
| { |
| throw new UnsupportedOperationException(); |
| } |
| |
| /** |
| * Generates a {@code CertPath} object and initializes it with |
| * the data read from the {@code InputStream} inStream. The data |
| * is assumed to be in the specified encoding. |
| * |
| * <p> This method was added to version 1.4 of the Java 2 Platform |
| * Standard Edition. In order to maintain backwards compatibility with |
| * existing service providers, this method cannot be {@code abstract} |
| * and by default throws an {@code UnsupportedOperationException}. |
| * |
| * @param inStream an {@code InputStream} containing the data |
| * @param encoding the encoding used for the data |
| * @return a {@code CertPath} initialized with the data from the |
| * {@code InputStream} |
| * @exception CertificateException if an exception occurs while decoding or |
| * the encoding requested is not supported |
| * @exception UnsupportedOperationException if the method is not supported |
| * @since 1.4 |
| */ |
| public CertPath engineGenerateCertPath(InputStream inStream, |
| String encoding) throws CertificateException |
| { |
| throw new UnsupportedOperationException(); |
| } |
| |
| /** |
| * Generates a {@code CertPath} object and initializes it with |
| * a {@code List} of {@code Certificate}s. |
| * <p> |
| * The certificates supplied must be of a type supported by the |
| * {@code CertificateFactory}. They will be copied out of the supplied |
| * {@code List} object. |
| * |
| * <p> This method was added to version 1.4 of the Java 2 Platform |
| * Standard Edition. In order to maintain backwards compatibility with |
| * existing service providers, this method cannot be {@code abstract} |
| * and by default throws an {@code UnsupportedOperationException}. |
| * |
| * @param certificates a {@code List} of {@code Certificate}s |
| * @return a {@code CertPath} initialized with the supplied list of |
| * certificates |
| * @exception CertificateException if an exception occurs |
| * @exception UnsupportedOperationException if the method is not supported |
| * @since 1.4 |
| */ |
| public CertPath |
| engineGenerateCertPath(List<? extends Certificate> certificates) |
| throws CertificateException |
| { |
| throw new UnsupportedOperationException(); |
| } |
| |
| /** |
| * Returns an iteration of the {@code CertPath} encodings supported |
| * by this certificate factory, with the default encoding first. See |
| * the CertPath Encodings section in the <a href= |
| * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertPathEncodings"> |
| * Java Cryptography Architecture Standard Algorithm Name Documentation</a> |
| * for information about standard encoding names. |
| * <p> |
| * Attempts to modify the returned {@code Iterator} via its |
| * {@code remove} method result in an |
| * {@code UnsupportedOperationException}. |
| * |
| * <p> This method was added to version 1.4 of the Java 2 Platform |
| * Standard Edition. In order to maintain backwards compatibility with |
| * existing service providers, this method cannot be {@code abstract} |
| * and by default throws an {@code UnsupportedOperationException}. |
| * |
| * @return an {@code Iterator} over the names of the supported |
| * {@code CertPath} encodings (as {@code String}s) |
| * @exception UnsupportedOperationException if the method is not supported |
| * @since 1.4 |
| */ |
| public Iterator<String> engineGetCertPathEncodings() { |
| throw new UnsupportedOperationException(); |
| } |
| |
| /** |
| * Returns a (possibly empty) collection view of the certificates read |
| * from the given input stream {@code inStream}. |
| * |
| * <p>In order to take advantage of the specialized certificate format |
| * supported by this certificate factory, each element in |
| * the returned collection view can be typecast to the corresponding |
| * certificate class. For example, if this certificate |
| * factory implements X.509 certificates, the elements in the returned |
| * collection can be typecast to the {@code X509Certificate} class. |
| * |
| * <p>In the case of a certificate factory for X.509 certificates, |
| * {@code inStream} may contain a single DER-encoded certificate |
| * in the formats described for |
| * {@link CertificateFactory#generateCertificate(java.io.InputStream) |
| * generateCertificate}. |
| * In addition, {@code inStream} may contain a PKCS#7 certificate |
| * chain. This is a PKCS#7 <i>SignedData</i> object, with the only |
| * significant field being <i>certificates</i>. In particular, the |
| * signature and the contents are ignored. This format allows multiple |
| * certificates to be downloaded at once. If no certificates are present, |
| * an empty collection is returned. |
| * |
| * <p>Note that if the given input stream does not support |
| * {@link java.io.InputStream#mark(int) mark} and |
| * {@link java.io.InputStream#reset() reset}, this method will |
| * consume the entire input stream. |
| * |
| * @param inStream the input stream with the certificates. |
| * |
| * @return a (possibly empty) collection view of |
| * java.security.cert.Certificate objects |
| * initialized with the data from the input stream. |
| * |
| * @exception CertificateException on parsing errors. |
| */ |
| public abstract Collection<? extends Certificate> |
| engineGenerateCertificates(InputStream inStream) |
| throws CertificateException; |
| |
| /** |
| * Generates a certificate revocation list (CRL) object and initializes it |
| * with the data read from the input stream {@code inStream}. |
| * |
| * <p>In order to take advantage of the specialized CRL format |
| * supported by this certificate factory, |
| * the returned CRL object can be typecast to the corresponding |
| * CRL class. For example, if this certificate |
| * factory implements X.509 CRLs, the returned CRL object |
| * can be typecast to the {@code X509CRL} class. |
| * |
| * <p>Note that if the given input stream does not support |
| * {@link java.io.InputStream#mark(int) mark} and |
| * {@link java.io.InputStream#reset() reset}, this method will |
| * consume the entire input stream. Otherwise, each call to this |
| * method consumes one CRL and the read position of the input stream |
| * is positioned to the next available byte after the inherent |
| * end-of-CRL marker. If the data in the |
| * input stream does not contain an inherent end-of-CRL marker (other |
| * than EOF) and there is trailing data after the CRL is parsed, a |
| * {@code CRLException} is thrown. |
| * |
| * @param inStream an input stream with the CRL data. |
| * |
| * @return a CRL object initialized with the data |
| * from the input stream. |
| * |
| * @exception CRLException on parsing errors. |
| */ |
| public abstract CRL engineGenerateCRL(InputStream inStream) |
| throws CRLException; |
| |
| /** |
| * Returns a (possibly empty) collection view of the CRLs read |
| * from the given input stream {@code inStream}. |
| * |
| * <p>In order to take advantage of the specialized CRL format |
| * supported by this certificate factory, each element in |
| * the returned collection view can be typecast to the corresponding |
| * CRL class. For example, if this certificate |
| * factory implements X.509 CRLs, the elements in the returned |
| * collection can be typecast to the {@code X509CRL} class. |
| * |
| * <p>In the case of a certificate factory for X.509 CRLs, |
| * {@code inStream} may contain a single DER-encoded CRL. |
| * In addition, {@code inStream} may contain a PKCS#7 CRL |
| * set. This is a PKCS#7 <i>SignedData</i> object, with the only |
| * significant field being <i>crls</i>. In particular, the |
| * signature and the contents are ignored. This format allows multiple |
| * CRLs to be downloaded at once. If no CRLs are present, |
| * an empty collection is returned. |
| * |
| * <p>Note that if the given input stream does not support |
| * {@link java.io.InputStream#mark(int) mark} and |
| * {@link java.io.InputStream#reset() reset}, this method will |
| * consume the entire input stream. |
| * |
| * @param inStream the input stream with the CRLs. |
| * |
| * @return a (possibly empty) collection view of |
| * java.security.cert.CRL objects initialized with the data from the input |
| * stream. |
| * |
| * @exception CRLException on parsing errors. |
| */ |
| public abstract Collection<? extends CRL> engineGenerateCRLs |
| (InputStream inStream) throws CRLException; |
| } |