|
Java example source code file (CertificateFactory.java)
The CertificateFactory.java Java example source code/* * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. Oracle designates this * particular file as subject to the "Classpath" exception as provided * by Oracle in the LICENSE file that accompanied this code. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ package java.security.cert; import java.io.InputStream; import java.util.Collection; import java.util.Iterator; import java.util.List; import java.security.Provider; import java.security.Security; import java.security.AccessController; import java.security.PrivilegedAction; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import sun.security.jca.*; import sun.security.jca.GetInstance.Instance; /** * This class defines the functionality of a certificate factory, which is * used to generate certificate, certification path ({@code CertPath}) * and certificate revocation list (CRL) objects from their encodings. * * <p>For encodings consisting of multiple certificates, use * {@code generateCertificates} when you want to * parse a collection of possibly unrelated certificates. Otherwise, * use {@code generateCertPath} when you want to generate * a {@code CertPath} (a certificate chain) and subsequently * validate it with a {@code CertPathValidator}. * * <p>A certificate factory for X.509 must return certificates that are an * instance of {@code java.security.cert.X509Certificate}, and CRLs * that are an instance of {@code java.security.cert.X509CRL}. * * <p>The following example reads a file with Base64 encoded certificates, * which are each bounded at the beginning by -----BEGIN CERTIFICATE-----, and * bounded at the end by -----END CERTIFICATE-----. We convert the * {@code FileInputStream} (which does not support {@code mark} * and {@code reset}) to a {@code BufferedInputStream} (which * supports those methods), so that each call to * {@code generateCertificate} consumes only one certificate, and the * read position of the input stream is positioned to the next certificate in * the file: * * <pre>{@code * FileInputStream fis = new FileInputStream(filename); * BufferedInputStream bis = new BufferedInputStream(fis); * * CertificateFactory cf = CertificateFactory.getInstance("X.509"); * * while (bis.available() > 0) { * Certificate cert = cf.generateCertificate(bis); * System.out.println(cert.toString()); * } * }</pre> * * <p>The following example parses a PKCS#7-formatted certificate reply stored * in a file and extracts all the certificates from it: * * <pre> * FileInputStream fis = new FileInputStream(filename); * CertificateFactory cf = CertificateFactory.getInstance("X.509"); * Collection c = cf.generateCertificates(fis); * Iterator i = c.iterator(); * while (i.hasNext()) { * Certificate cert = (Certificate)i.next(); * System.out.println(cert); * } * </pre> * * <p> Every implementation of the Java platform is required to support the * following standard {@code CertificateFactory} type: * <ul> * <li>{@code X.509} * </ul> * and the following standard {@code CertPath} encodings: * <ul> * <li>{@code PKCS7} * <li>{@code PkiPath} * </ul> * The type and encodings are described in the <a href= * "{@docRoot}/../technotes/guides/security/StandardNames.html#CertificateFactory"> * CertificateFactory section</a> and the object, with the only * significant field being <i>certificates. In particular, the * signature and the contents are ignored. This format allows multiple * certificates to be downloaded at once. If no certificates are present, * an empty collection is returned. * * <p>Note that if the given input stream does not support * {@link java.io.InputStream#mark(int) mark} and * {@link java.io.InputStream#reset() reset}, this method will * consume the entire input stream. * * @param inStream the input stream with the certificates. * * @return a (possibly empty) collection view of * java.security.cert.Certificate objects * initialized with the data from the input stream. * * @exception CertificateException on parsing errors. */ public final Collection<? extends Certificate> generateCertificates (InputStream inStream) throws CertificateException { return certFacSpi.engineGenerateCertificates(inStream); } /** * Generates a certificate revocation list (CRL) object and initializes it * with the data read from the input stream {@code inStream}. * * <p>In order to take advantage of the specialized CRL format * supported by this certificate factory, * the returned CRL object can be typecast to the corresponding * CRL class. For example, if this certificate * factory implements X.509 CRLs, the returned CRL object * can be typecast to the {@code X509CRL} class. * * <p>Note that if the given input stream does not support * {@link java.io.InputStream#mark(int) mark} and * {@link java.io.InputStream#reset() reset}, this method will * consume the entire input stream. Otherwise, each call to this * method consumes one CRL and the read position of the input stream * is positioned to the next available byte after the inherent * end-of-CRL marker. If the data in the * input stream does not contain an inherent end-of-CRL marker (other * than EOF) and there is trailing data after the CRL is parsed, a * {@code CRLException} is thrown. * * @param inStream an input stream with the CRL data. * * @return a CRL object initialized with the data * from the input stream. * * @exception CRLException on parsing errors. */ public final CRL generateCRL(InputStream inStream) throws CRLException { return certFacSpi.engineGenerateCRL(inStream); } /** * Returns a (possibly empty) collection view of the CRLs read * from the given input stream {@code inStream}. * * <p>In order to take advantage of the specialized CRL format * supported by this certificate factory, each element in * the returned collection view can be typecast to the corresponding * CRL class. For example, if this certificate * factory implements X.509 CRLs, the elements in the returned * collection can be typecast to the {@code X509CRL} class. * * <p>In the case of a certificate factory for X.509 CRLs, * {@code inStream} may contain a sequence of DER-encoded CRLs. * In addition, {@code inStream} may contain a PKCS#7 CRL * set. This is a PKCS#7 <i>SignedData object, with the only * significant field being <i>crls. In particular, the * signature and the contents are ignored. This format allows multiple * CRLs to be downloaded at once. If no CRLs are present, * an empty collection is returned. * * <p>Note that if the given input stream does not support * {@link java.io.InputStream#mark(int) mark} and * {@link java.io.InputStream#reset() reset}, this method will * consume the entire input stream. * * @param inStream the input stream with the CRLs. * * @return a (possibly empty) collection view of * java.security.cert.CRL objects initialized with the data from the input * stream. * * @exception CRLException on parsing errors. */ public final Collection<? extends CRL> generateCRLs(InputStream inStream) throws CRLException { return certFacSpi.engineGenerateCRLs(inStream); } } |
... this post is sponsored by my books ... | |
#1 New Release! |
FP Best Seller |
Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.
A percentage of advertising revenue from
pages under the /java/jwarehouse
URI on this website is
paid back to open source projects.