3909N/A * Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * This class defines a certificate factory for X.509 v3 certificates & 0N/A * certification paths, and X.509 v2 certificate revocation lists (CRLs). 0N/A * @author Hemma Prafullchandra 0N/A * @author Sean Mullan 0N/A * @see java.security.cert.CertificateFactorySpi 0N/A * @see java.security.cert.Certificate 0N/A * @see java.security.cert.CertPath 0N/A * @see java.security.cert.CRL 0N/A * @see java.security.cert.X509Certificate 0N/A * @see java.security.cert.X509CRL 0N/A * @see sun.security.x509.X509CertImpl 0N/A * @see sun.security.x509.X509CRLImpl 0N/A * Generates an X.509 certificate object and initializes it with 0N/A * the data read from the input stream <code>is</code>. 0N/A * @param is an input stream with the certificate data. 0N/A * @return an X.509 certificate object initialized with the data 0N/A * from the input stream. 0N/A * @exception CertificateException on parsing errors. 0N/A // clear the caches (for debugging) 0N/A * Read from the stream until length bytes have been read or EOF has 0N/A * been reached. Return the number of bytes actually read. 0N/A * Return an interned X509CertImpl for the given certificate. 0N/A * If the given X509Certificate or X509CertImpl is already present 0N/A * in the cert cache, the cached object is returned. Otherwise, 0N/A * if it is a X509Certificate, it is first converted to a X509CertImpl. 0N/A * Then the X509CertImpl is added to the cache and returned. 0N/A * Note that all certificates created via generateCertificate(InputStream) 0N/A * are already interned and this method does not need to be called. 0N/A * It is useful for certificates that cannot be created via 0N/A * generateCertificate() and for converting other X509Certificate 0N/A * implementations to an X509CertImpl. 0N/A * Return an interned X509CRLImpl for the given certificate. 0N/A * For more information, see intern(X509Certificate). 0N/A * Get the X509CertImpl or X509CRLImpl from the cache. 0N/A * Add the X509CertImpl or X509CRLImpl to the cache. 0N/A * Generates a <code>CertPath</code> object and initializes it with 0N/A * the data read from the <code>InputStream</code> inStream. The data 0N/A * is assumed to be in the default encoding. 0N/A * @param inStream an <code>InputStream</code> containing the data 0N/A * @return a <code>CertPath</code> initialized with the data from the 0N/A * <code>InputStream</code> 0N/A * @exception CertificateException if an exception occurs while decoding 0N/A * Generates a <code>CertPath</code> object and initializes it with 0N/A * the data read from the <code>InputStream</code> inStream. The data 0N/A * is assumed to be in the specified encoding. 0N/A * @param inStream an <code>InputStream</code> containing the data 0N/A * @param encoding the encoding used for the data 0N/A * @return a <code>CertPath</code> initialized with the data from the 0N/A * <code>InputStream</code> 0N/A * @exception CertificateException if an exception occurs while decoding or 0N/A * the encoding requested is not supported 0N/A * Generates a <code>CertPath</code> object and initializes it with 0N/A * a <code>List</code> of <code>Certificate</code>s. 0N/A * The certificates supplied must be of a type supported by the 0N/A * <code>CertificateFactory</code>. They will be copied out of the supplied 0N/A * <code>List</code> object. 0N/A * @param certificates a <code>List</code> of <code>Certificate</code>s 0N/A * @return a <code>CertPath</code> initialized with the supplied list of 0N/A * @exception CertificateException if an exception occurs 0N/A * Returns an iteration of the <code>CertPath</code> encodings supported 0N/A * by this certificate factory, with the default encoding first. 0N/A * Attempts to modify the returned <code>Iterator</code> via its 0N/A * <code>remove</code> method result in an 0N/A * <code>UnsupportedOperationException</code>. 0N/A * @return an <code>Iterator</code> over the names of the supported 0N/A * <code>CertPath</code> encodings (as <code>String</code>s) 0N/A * Returns a (possibly empty) collection view of X.509 certificates read 0N/A * from the given input stream <code>is</code>. 0N/A * @param is the input stream with the certificates. 0N/A * @return a (possibly empty) collection view of X.509 certificate objects 0N/A * initialized with the data from the input stream. 0N/A * @exception CertificateException on parsing errors. 0N/A * Generates an X.509 certificate revocation list (CRL) object and 0N/A * initializes it with the data read from the given input stream 0N/A * @param is an input stream with the CRL data. 0N/A * @return an X.509 CRL object initialized with the data 0N/A * from the input stream. 0N/A * @exception CRLException on parsing errors. 0N/A // clear the cache (for debugging) 0N/A * Returns a (possibly empty) collection view of X.509 CRLs read 0N/A * from the given input stream <code>is</code>. 0N/A * @param is the input stream with the CRLs. 0N/A * @return a (possibly empty) collection view of X.509 CRL objects 0N/A * initialized with the data from the input stream. 0N/A * @exception CRLException on parsing errors. 0N/A * Parses the data in the given input stream as a sequence of DER 0N/A * encoded X.509 certificates (in binary or base 64 encoded format) OR 0N/A * as a single PKCS#7 encoded blob (in binary or base64 encoded format). 2243N/A // certs are optional in PKCS #7 0N/A * Parses the data in the given input stream as a sequence of DER encoded 0N/A * X.509 CRLs (in binary or base 64 encoded format) OR as a single PKCS#7 0N/A * encoded blob (in binary or base 64 encoded format). 2243N/A // CRLs are optional in PKCS #7 2243N/A * Returns an ASN.1 SEQUENCE from a stream, which might be a BER-encoded 2243N/A * binary block or a PEM-style BASE64-encoded ASCII data. In the latter 2243N/A * case, it's de-BASE64'ed before return. 2243N/A * After the reading, the input stream pointer is after the BER block, or 2243N/A * after the newline character after the -----END SOMETHING----- line. 2243N/A * @param is the InputStream 2243N/A * @returns byte block or null if end of stream 2243N/A * @throws IOException If any parsing error 2243N/A // The first character of a BLOCK. 2243N/A // Read BASE64 encoded data, might skip info at the beginning 2243N/A // Step 1: Read until header is found 2243N/A int hyphen = (c==
'-') ?
1:
0;
// count of consequent hyphens 2243N/A int last = (c==
'-') ? -
1: c;
// the char before hyphen 2243N/A // We accept useless data after the last block, 2243N/A // Step 2: Read the rest of header, determine the line end 2243N/A // Step 4: Consume the footer 2243N/A // Add next == '\n' for maximum safety, in case endline 2243N/A * Read one BER data block. This method is aware of indefinite-length BER 2243N/A * encoding and will read all of the sub-sections in a recursive way 2243N/A * @param is Read from this InputStream 2243N/A * @param bout Write into this OutputStream 2243N/A * @param tag Tag already read (-1 mean not read) 2243N/A * @returns The current tag, used to check EOC in indefinite-length BER 2243N/A * @throws IOException Any parsing error 2243N/A if (
tag == -
1) {
// Not read before the call, read now 2243N/A if (n ==
0x80) {
// Indefinite-length encoding 2243N/A "Non constructed encoding must have definite length");
2243N/A if (
subTag ==
0) {
// EOC, end of indefinite-length section 2243N/A }
else {
// ignore longer length forms