3909N/A * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * This class defines the <i>Service Provider Interface</i> (<b>SPI</b>) 0N/A * for the <code>CertificateFactory</code> class. 0N/A * All the abstract methods in this class must be implemented by each 0N/A * cryptographic service provider who wishes to supply the implementation 0N/A * of a certificate factory for a particular certificate type, e.g., X.509. 0N/A * <p>Certificate factories are used to generate certificate, certification path 0N/A * (<code>CertPath</code>) and certificate revocation list (CRL) objects from 0N/A * <p>A certificate factory for X.509 must return certificates that are an 0N/A * instance of <code>java.security.cert.X509Certificate</code>, and CRLs 0N/A * that are an instance of <code>java.security.cert.X509CRL</code>. 0N/A * @author Hemma Prafullchandra 0N/A * @author Sean Mullan 0N/A * @see CertificateFactory 0N/A * @see X509Certificate 0N/A * Generates a certificate object and initializes it with 0N/A * the data read from the input stream <code>inStream</code>. 0N/A * <p>In order to take advantage of the specialized certificate format 0N/A * supported by this certificate factory, 0N/A * the returned certificate object can be typecast to the corresponding 0N/A * certificate class. For example, if this certificate 0N/A * factory implements X.509 certificates, the returned certificate object 0N/A * can be typecast to the <code>X509Certificate</code> class. 0N/A * <p>In the case of a certificate factory for X.509 certificates, the 0N/A * certificate provided in <code>inStream</code> must be DER-encoded and 0N/A * may be supplied in binary or printable (Base64) encoding. If the 0N/A * certificate is provided in Base64 encoding, it must be bounded at 0N/A * the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at 0N/A * the end by -----END CERTIFICATE-----. 0N/A * <p>Note that if the given input stream does not support 0N/A * {@link java.io.InputStream#mark(int) mark} and 0N/A * {@link java.io.InputStream#reset() reset}, this method will 0N/A * consume the entire input stream. Otherwise, each call to this 0N/A * method consumes one certificate and the read position of the input stream 1104N/A * is positioned to the next available byte after the inherent 0N/A * end-of-certificate marker. If the data in the 0N/A * input stream does not contain an inherent end-of-certificate marker (other 0N/A * than EOF) and there is trailing data after the certificate is parsed, a 0N/A * <code>CertificateException</code> is thrown. 0N/A * @param inStream an input stream with the certificate data. 0N/A * @return a certificate object initialized with the data 0N/A * from the input stream. 0N/A * @exception CertificateException on parsing errors. 0N/A * Generates a <code>CertPath</code> object and initializes it with 0N/A * the data read from the <code>InputStream</code> inStream. The data 0N/A * is assumed to be in the default encoding. 0N/A * <p> This method was added to version 1.4 of the Java 2 Platform 0N/A * Standard Edition. In order to maintain backwards compatibility with 0N/A * existing service providers, this method cannot be <code>abstract</code> 0N/A * and by default throws an <code>UnsupportedOperationException</code>. 0N/A * @param inStream an <code>InputStream</code> containing the data 0N/A * @return a <code>CertPath</code> initialized with the data from the 0N/A * <code>InputStream</code> 0N/A * @exception CertificateException if an exception occurs while decoding 0N/A * @exception UnsupportedOperationException if the method is not supported 0N/A * Generates a <code>CertPath</code> object and initializes it with 0N/A * the data read from the <code>InputStream</code> inStream. The data 0N/A * is assumed to be in the specified encoding. 0N/A * <p> This method was added to version 1.4 of the Java 2 Platform 0N/A * Standard Edition. In order to maintain backwards compatibility with 0N/A * existing service providers, this method cannot be <code>abstract</code> 0N/A * and by default throws an <code>UnsupportedOperationException</code>. 0N/A * @param inStream an <code>InputStream</code> containing the data 0N/A * @param encoding the encoding used for the data 0N/A * @return a <code>CertPath</code> initialized with the data from the 0N/A * <code>InputStream</code> 0N/A * @exception CertificateException if an exception occurs while decoding or 0N/A * the encoding requested is not supported 0N/A * @exception UnsupportedOperationException if the method is not supported 0N/A * Generates a <code>CertPath</code> object and initializes it with 0N/A * a <code>List</code> of <code>Certificate</code>s. 0N/A * The certificates supplied must be of a type supported by the 0N/A * <code>CertificateFactory</code>. They will be copied out of the supplied 0N/A * <code>List</code> object. 0N/A * <p> This method was added to version 1.4 of the Java 2 Platform 0N/A * Standard Edition. In order to maintain backwards compatibility with 0N/A * existing service providers, this method cannot be <code>abstract</code> 0N/A * and by default throws an <code>UnsupportedOperationException</code>. 0N/A * @param certificates a <code>List</code> of <code>Certificate</code>s 0N/A * @return a <code>CertPath</code> initialized with the supplied list of 0N/A * @exception CertificateException if an exception occurs 0N/A * @exception UnsupportedOperationException if the method is not supported 0N/A * Returns an iteration of the <code>CertPath</code> encodings supported 0N/A * by this certificate factory, with the default encoding first. See 3465N/A * the CertPath Encodings section in the <a href= 3465N/A * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 0N/A * for information about standard encoding names. 0N/A * Attempts to modify the returned <code>Iterator</code> via its 0N/A * <code>remove</code> method result in an 0N/A * <code>UnsupportedOperationException</code>. 0N/A * <p> This method was added to version 1.4 of the Java 2 Platform 0N/A * Standard Edition. In order to maintain backwards compatibility with 0N/A * existing service providers, this method cannot be <code>abstract</code> 0N/A * and by default throws an <code>UnsupportedOperationException</code>. 0N/A * @return an <code>Iterator</code> over the names of the supported 0N/A * <code>CertPath</code> encodings (as <code>String</code>s) 0N/A * @exception UnsupportedOperationException if the method is not supported 0N/A * Returns a (possibly empty) collection view of the certificates read 0N/A * from the given input stream <code>inStream</code>. 0N/A * <p>In order to take advantage of the specialized certificate format 0N/A * supported by this certificate factory, each element in 0N/A * the returned collection view can be typecast to the corresponding 0N/A * certificate class. For example, if this certificate 0N/A * factory implements X.509 certificates, the elements in the returned 0N/A * collection can be typecast to the <code>X509Certificate</code> class. 0N/A * <p>In the case of a certificate factory for X.509 certificates, 0N/A * <code>inStream</code> may contain a single DER-encoded certificate 0N/A * in the formats described for 0N/A * {@link CertificateFactory#generateCertificate(java.io.InputStream) 0N/A * generateCertificate}. 0N/A * In addition, <code>inStream</code> may contain a PKCS#7 certificate 0N/A * chain. This is a PKCS#7 <i>SignedData</i> object, with the only 0N/A * significant field being <i>certificates</i>. In particular, the 0N/A * signature and the contents are ignored. This format allows multiple 0N/A * certificates to be downloaded at once. If no certificates are present, 0N/A * an empty collection is returned. 0N/A * <p>Note that if the given input stream does not support 0N/A * {@link java.io.InputStream#mark(int) mark} and 0N/A * {@link java.io.InputStream#reset() reset}, this method will 0N/A * consume the entire input stream. 0N/A * @param inStream the input stream with the certificates. 0N/A * @return a (possibly empty) collection view of 0N/A * java.security.cert.Certificate objects 0N/A * initialized with the data from the input stream. 0N/A * @exception CertificateException on parsing errors. 0N/A * Generates a certificate revocation list (CRL) object and initializes it 0N/A * with the data read from the input stream <code>inStream</code>. 0N/A * <p>In order to take advantage of the specialized CRL format 0N/A * supported by this certificate factory, 0N/A * the returned CRL object can be typecast to the corresponding 0N/A * CRL class. For example, if this certificate 0N/A * factory implements X.509 CRLs, the returned CRL object 0N/A * can be typecast to the <code>X509CRL</code> class. 0N/A * <p>Note that if the given input stream does not support 0N/A * {@link java.io.InputStream#mark(int) mark} and 0N/A * {@link java.io.InputStream#reset() reset}, this method will 0N/A * consume the entire input stream. Otherwise, each call to this 0N/A * method consumes one CRL and the read position of the input stream 1104N/A * is positioned to the next available byte after the inherent 0N/A * end-of-CRL marker. If the data in the 0N/A * input stream does not contain an inherent end-of-CRL marker (other 0N/A * than EOF) and there is trailing data after the CRL is parsed, a 0N/A * <code>CRLException</code> is thrown. 0N/A * @param inStream an input stream with the CRL data. 0N/A * @return a CRL object initialized with the data 0N/A * from the input stream. 0N/A * @exception CRLException on parsing errors. 0N/A * Returns a (possibly empty) collection view of the CRLs read 0N/A * from the given input stream <code>inStream</code>. 0N/A * <p>In order to take advantage of the specialized CRL format 0N/A * supported by this certificate factory, each element in 0N/A * the returned collection view can be typecast to the corresponding 0N/A * CRL class. For example, if this certificate 0N/A * factory implements X.509 CRLs, the elements in the returned 0N/A * collection can be typecast to the <code>X509CRL</code> class. 0N/A * <p>In the case of a certificate factory for X.509 CRLs, 0N/A * <code>inStream</code> may contain a single DER-encoded CRL. 0N/A * In addition, <code>inStream</code> may contain a PKCS#7 CRL 0N/A * set. This is a PKCS#7 <i>SignedData</i> object, with the only 0N/A * significant field being <i>crls</i>. In particular, the 0N/A * signature and the contents are ignored. This format allows multiple 0N/A * CRLs to be downloaded at once. If no CRLs are present, 0N/A * an empty collection is returned. 0N/A * <p>Note that if the given input stream does not support 0N/A * {@link java.io.InputStream#mark(int) mark} and 0N/A * {@link java.io.InputStream#reset() reset}, this method will 0N/A * consume the entire input stream. 0N/A * @param inStream the input stream with the CRLs. 0N/A * @return a (possibly empty) collection view of 0N/A * java.security.cert.CRL objects initialized with the data from the input 0N/A * @exception CRLException on parsing errors.