author | chegar |
Thu, 17 Oct 2019 20:54:25 +0100 | |
branch | datagramsocketimpl-branch |
changeset 58679 | 9c3209ff7550 |
parent 58678 | 9cf78a70fa4f |
parent 58242 | 94bb65cb37d3 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
54483
ac20c3bdc55d
8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
valeriep
parents:
50204
diff
changeset
|
2 |
* Copyright (c) 1997, 2019, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
package java.security.cert; |
|
27 |
||
28 |
import java.math.BigInteger; |
|
13406
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
29 |
import java.security.*; |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
30 |
import java.security.spec.*; |
2 | 31 |
import java.util.Collection; |
32 |
import java.util.Date; |
|
33 |
import java.util.List; |
|
34 |
import javax.security.auth.x500.X500Principal; |
|
35 |
||
36 |
import sun.security.x509.X509CertImpl; |
|
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
37 |
import sun.security.util.SignatureUtil; |
2 | 38 |
|
39 |
/** |
|
40 |
* <p> |
|
41 |
* Abstract class for X.509 certificates. This provides a standard |
|
42 |
* way to access all the attributes of an X.509 certificate. |
|
43 |
* <p> |
|
44 |
* In June of 1996, the basic X.509 v3 format was completed by |
|
45 |
* ISO/IEC and ANSI X9, which is described below in ASN.1: |
|
46 |
* <pre> |
|
47 |
* Certificate ::= SEQUENCE { |
|
48 |
* tbsCertificate TBSCertificate, |
|
49 |
* signatureAlgorithm AlgorithmIdentifier, |
|
50 |
* signature BIT STRING } |
|
51 |
* </pre> |
|
52 |
* <p> |
|
53 |
* These certificates are widely used to support authentication and |
|
54 |
* other functionality in Internet security systems. Common applications |
|
55 |
* include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), |
|
56 |
* code signing for trusted software distribution, and Secure Electronic |
|
57 |
* Transactions (SET). |
|
58 |
* <p> |
|
59 |
* These certificates are managed and vouched for by <em>Certificate |
|
60 |
* Authorities</em> (CAs). CAs are services which create certificates by |
|
61 |
* placing data in the X.509 standard format and then digitally signing |
|
62 |
* that data. CAs act as trusted third parties, making introductions |
|
63 |
* between principals who have no direct knowledge of each other. |
|
64 |
* CA certificates are either signed by themselves, or by some other |
|
65 |
* CA such as a "root" CA. |
|
66 |
* <p> |
|
67 |
* More information can be found in |
|
26967
c182469301ee
8037550: Update RFC references in javadoc to RFC 5280
juh
parents:
25859
diff
changeset
|
68 |
* <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509 |
2 | 69 |
* Public Key Infrastructure Certificate and CRL Profile</a>. |
70 |
* <p> |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
71 |
* The ASN.1 definition of {@code tbsCertificate} is: |
2 | 72 |
* <pre> |
73 |
* TBSCertificate ::= SEQUENCE { |
|
74 |
* version [0] EXPLICIT Version DEFAULT v1, |
|
75 |
* serialNumber CertificateSerialNumber, |
|
76 |
* signature AlgorithmIdentifier, |
|
77 |
* issuer Name, |
|
78 |
* validity Validity, |
|
79 |
* subject Name, |
|
80 |
* subjectPublicKeyInfo SubjectPublicKeyInfo, |
|
81 |
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, |
|
82 |
* -- If present, version must be v2 or v3 |
|
83 |
* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, |
|
84 |
* -- If present, version must be v2 or v3 |
|
85 |
* extensions [3] EXPLICIT Extensions OPTIONAL |
|
86 |
* -- If present, version must be v3 |
|
87 |
* } |
|
88 |
* </pre> |
|
89 |
* <p> |
|
90 |
* Certificates are instantiated using a certificate factory. The following is |
|
91 |
* an example of how to instantiate an X.509 certificate: |
|
92 |
* <pre> |
|
10114
d35f0b7bda65
7054969: Null-check-in-finally pattern in java/security documentation
mullan
parents:
6114
diff
changeset
|
93 |
* try (InputStream inStream = new FileInputStream("fileName-of-cert")) { |
2 | 94 |
* CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
95 |
* X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream); |
|
96 |
* } |
|
97 |
* </pre> |
|
98 |
* |
|
99 |
* @author Hemma Prafullchandra |
|
45434
4582657c7260
8181082: class-level since tag issues in java.base & java.datatransfer module
mli
parents:
26967
diff
changeset
|
100 |
* @since 1.2 |
2 | 101 |
* |
102 |
* |
|
103 |
* @see Certificate |
|
104 |
* @see CertificateFactory |
|
105 |
* @see X509Extension |
|
106 |
*/ |
|
107 |
||
108 |
public abstract class X509Certificate extends Certificate |
|
109 |
implements X509Extension { |
|
110 |
||
57950
4612a3cfb927
8229999: Apply java.io.Serial annotations to security types in java.base
darcy
parents:
54483
diff
changeset
|
111 |
@java.io.Serial |
2 | 112 |
private static final long serialVersionUID = -2491127588187038216L; |
113 |
||
114 |
private transient X500Principal subjectX500Principal, issuerX500Principal; |
|
115 |
||
116 |
/** |
|
117 |
* Constructor for X.509 certificates. |
|
118 |
*/ |
|
119 |
protected X509Certificate() { |
|
120 |
super("X.509"); |
|
121 |
} |
|
122 |
||
123 |
/** |
|
124 |
* Checks that the certificate is currently valid. It is if |
|
125 |
* the current date and time are within the validity period given in the |
|
126 |
* certificate. |
|
127 |
* <p> |
|
128 |
* The validity period consists of two date/time values: |
|
129 |
* the first and last dates (and times) on which the certificate |
|
130 |
* is valid. It is defined in |
|
131 |
* ASN.1 as: |
|
132 |
* <pre> |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
133 |
* validity Validity |
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
134 |
* |
2 | 135 |
* Validity ::= SEQUENCE { |
136 |
* notBefore CertificateValidityDate, |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
137 |
* notAfter CertificateValidityDate } |
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
138 |
* |
2 | 139 |
* CertificateValidityDate ::= CHOICE { |
140 |
* utcTime UTCTime, |
|
141 |
* generalTime GeneralizedTime } |
|
142 |
* </pre> |
|
143 |
* |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
144 |
* @throws CertificateExpiredException if the certificate has expired. |
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
145 |
* @throws CertificateNotYetValidException if the certificate is not |
2 | 146 |
* yet valid. |
147 |
*/ |
|
148 |
public abstract void checkValidity() |
|
149 |
throws CertificateExpiredException, CertificateNotYetValidException; |
|
150 |
||
151 |
/** |
|
152 |
* Checks that the given date is within the certificate's |
|
153 |
* validity period. In other words, this determines whether the |
|
154 |
* certificate would be valid at the given date/time. |
|
155 |
* |
|
156 |
* @param date the Date to check against to see if this certificate |
|
157 |
* is valid at that date/time. |
|
158 |
* |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
159 |
* @throws CertificateExpiredException if the certificate has expired |
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
160 |
* with respect to the {@code date} supplied. |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
161 |
* @throws CertificateNotYetValidException if the certificate is not |
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
162 |
* yet valid with respect to the {@code date} supplied. |
2 | 163 |
* |
164 |
* @see #checkValidity() |
|
165 |
*/ |
|
166 |
public abstract void checkValidity(Date date) |
|
167 |
throws CertificateExpiredException, CertificateNotYetValidException; |
|
168 |
||
169 |
/** |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
170 |
* Gets the {@code version} (version number) value from the |
2 | 171 |
* certificate. |
172 |
* The ASN.1 definition for this is: |
|
173 |
* <pre> |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
174 |
* version [0] EXPLICIT Version DEFAULT v1 |
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
175 |
* |
2 | 176 |
* Version ::= INTEGER { v1(0), v2(1), v3(2) } |
177 |
* </pre> |
|
178 |
* @return the version number, i.e. 1, 2 or 3. |
|
179 |
*/ |
|
180 |
public abstract int getVersion(); |
|
181 |
||
182 |
/** |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
183 |
* Gets the {@code serialNumber} value from the certificate. |
2 | 184 |
* The serial number is an integer assigned by the certification |
185 |
* authority to each certificate. It must be unique for each |
|
186 |
* certificate issued by a given CA (i.e., the issuer name and |
|
187 |
* serial number identify a unique certificate). |
|
188 |
* The ASN.1 definition for this is: |
|
189 |
* <pre> |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
190 |
* serialNumber CertificateSerialNumber |
2 | 191 |
* |
192 |
* CertificateSerialNumber ::= INTEGER |
|
193 |
* </pre> |
|
194 |
* |
|
195 |
* @return the serial number. |
|
196 |
*/ |
|
197 |
public abstract BigInteger getSerialNumber(); |
|
198 |
||
199 |
/** |
|
200 |
* <strong>Denigrated</strong>, replaced by {@linkplain |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
201 |
* #getIssuerX500Principal()}. This method returns the {@code issuer} |
2 | 202 |
* as an implementation specific Principal object, which should not be |
203 |
* relied upon by portable code. |
|
204 |
* |
|
205 |
* <p> |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
206 |
* Gets the {@code issuer} (issuer distinguished name) value from |
2 | 207 |
* the certificate. The issuer name identifies the entity that signed (and |
208 |
* issued) the certificate. |
|
209 |
* |
|
210 |
* <p>The issuer name field contains an |
|
211 |
* X.500 distinguished name (DN). |
|
212 |
* The ASN.1 definition for this is: |
|
213 |
* <pre> |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
214 |
* issuer Name |
2 | 215 |
* |
216 |
* Name ::= CHOICE { RDNSequence } |
|
217 |
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName |
|
218 |
* RelativeDistinguishedName ::= |
|
219 |
* SET OF AttributeValueAssertion |
|
220 |
* |
|
221 |
* AttributeValueAssertion ::= SEQUENCE { |
|
222 |
* AttributeType, |
|
223 |
* AttributeValue } |
|
224 |
* AttributeType ::= OBJECT IDENTIFIER |
|
225 |
* AttributeValue ::= ANY |
|
226 |
* </pre> |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
227 |
* The {@code Name} describes a hierarchical name composed of |
2 | 228 |
* attributes, |
229 |
* such as country name, and corresponding values, such as US. |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
230 |
* The type of the {@code AttributeValue} component is determined by |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
231 |
* the {@code AttributeType}; in general it will be a |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
232 |
* {@code directoryString}. A {@code directoryString} is usually |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
233 |
* one of {@code PrintableString}, |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
234 |
* {@code TeletexString} or {@code UniversalString}. |
2 | 235 |
* |
236 |
* @return a Principal whose name is the issuer distinguished name. |
|
237 |
*/ |
|
238 |
public abstract Principal getIssuerDN(); |
|
239 |
||
240 |
/** |
|
241 |
* Returns the issuer (issuer distinguished name) value from the |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
242 |
* certificate as an {@code X500Principal}. |
2 | 243 |
* <p> |
244 |
* It is recommended that subclasses override this method. |
|
245 |
* |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
246 |
* @return an {@code X500Principal} representing the issuer |
2 | 247 |
* distinguished name |
248 |
* @since 1.4 |
|
249 |
*/ |
|
250 |
public X500Principal getIssuerX500Principal() { |
|
251 |
if (issuerX500Principal == null) { |
|
252 |
issuerX500Principal = X509CertImpl.getIssuerX500Principal(this); |
|
253 |
} |
|
254 |
return issuerX500Principal; |
|
255 |
} |
|
256 |
||
257 |
/** |
|
258 |
* <strong>Denigrated</strong>, replaced by {@linkplain |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
259 |
* #getSubjectX500Principal()}. This method returns the {@code subject} |
2 | 260 |
* as an implementation specific Principal object, which should not be |
261 |
* relied upon by portable code. |
|
262 |
* |
|
263 |
* <p> |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
264 |
* Gets the {@code subject} (subject distinguished name) value |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
265 |
* from the certificate. If the {@code subject} value is empty, |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
266 |
* then the {@code getName()} method of the returned |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
267 |
* {@code Principal} object returns an empty string (""). |
2 | 268 |
* |
269 |
* <p> The ASN.1 definition for this is: |
|
270 |
* <pre> |
|
271 |
* subject Name |
|
272 |
* </pre> |
|
273 |
* |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
274 |
* <p>See {@link #getIssuerDN() getIssuerDN} for {@code Name} |
2 | 275 |
* and other relevant definitions. |
276 |
* |
|
277 |
* @return a Principal whose name is the subject name. |
|
278 |
*/ |
|
279 |
public abstract Principal getSubjectDN(); |
|
280 |
||
281 |
/** |
|
282 |
* Returns the subject (subject distinguished name) value from the |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
283 |
* certificate as an {@code X500Principal}. If the subject value |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
284 |
* is empty, then the {@code getName()} method of the returned |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
285 |
* {@code X500Principal} object returns an empty string (""). |
2 | 286 |
* <p> |
287 |
* It is recommended that subclasses override this method. |
|
288 |
* |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
289 |
* @return an {@code X500Principal} representing the subject |
2 | 290 |
* distinguished name |
291 |
* @since 1.4 |
|
292 |
*/ |
|
293 |
public X500Principal getSubjectX500Principal() { |
|
294 |
if (subjectX500Principal == null) { |
|
295 |
subjectX500Principal = X509CertImpl.getSubjectX500Principal(this); |
|
296 |
} |
|
297 |
return subjectX500Principal; |
|
298 |
} |
|
299 |
||
300 |
/** |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
301 |
* Gets the {@code notBefore} date from the validity period of |
2 | 302 |
* the certificate. |
303 |
* The relevant ASN.1 definitions are: |
|
304 |
* <pre> |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
305 |
* validity Validity |
2 | 306 |
* |
307 |
* Validity ::= SEQUENCE { |
|
308 |
* notBefore CertificateValidityDate, |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
309 |
* notAfter CertificateValidityDate } |
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
310 |
* |
2 | 311 |
* CertificateValidityDate ::= CHOICE { |
312 |
* utcTime UTCTime, |
|
313 |
* generalTime GeneralizedTime } |
|
314 |
* </pre> |
|
315 |
* |
|
316 |
* @return the start date of the validity period. |
|
317 |
* @see #checkValidity |
|
318 |
*/ |
|
319 |
public abstract Date getNotBefore(); |
|
320 |
||
321 |
/** |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
322 |
* Gets the {@code notAfter} date from the validity period of |
2 | 323 |
* the certificate. See {@link #getNotBefore() getNotBefore} |
324 |
* for relevant ASN.1 definitions. |
|
325 |
* |
|
326 |
* @return the end date of the validity period. |
|
327 |
* @see #checkValidity |
|
328 |
*/ |
|
329 |
public abstract Date getNotAfter(); |
|
330 |
||
331 |
/** |
|
332 |
* Gets the DER-encoded certificate information, the |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
333 |
* {@code tbsCertificate} from this certificate. |
2 | 334 |
* This can be used to verify the signature independently. |
335 |
* |
|
336 |
* @return the DER-encoded certificate information. |
|
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
337 |
* @throws CertificateEncodingException if an encoding error occurs. |
2 | 338 |
*/ |
339 |
public abstract byte[] getTBSCertificate() |
|
340 |
throws CertificateEncodingException; |
|
341 |
||
342 |
/** |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
343 |
* Gets the {@code signature} value (the raw signature bits) from |
2 | 344 |
* the certificate. |
345 |
* The ASN.1 definition for this is: |
|
346 |
* <pre> |
|
347 |
* signature BIT STRING |
|
348 |
* </pre> |
|
349 |
* |
|
350 |
* @return the signature. |
|
351 |
*/ |
|
352 |
public abstract byte[] getSignature(); |
|
353 |
||
354 |
/** |
|
355 |
* Gets the signature algorithm name for the certificate |
|
6114
9d463b9408ba
6870553: X509Certificate.getSigAlgName method description uses non-standard algorithm name as example
mullan
parents:
5506
diff
changeset
|
356 |
* signature algorithm. An example is the string "SHA256withRSA". |
2 | 357 |
* The ASN.1 definition for this is: |
358 |
* <pre> |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
359 |
* signatureAlgorithm AlgorithmIdentifier |
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
360 |
* |
2 | 361 |
* AlgorithmIdentifier ::= SEQUENCE { |
362 |
* algorithm OBJECT IDENTIFIER, |
|
363 |
* parameters ANY DEFINED BY algorithm OPTIONAL } |
|
364 |
* -- contains a value of the type |
|
365 |
* -- registered for use with the |
|
366 |
* -- algorithm object identifier value |
|
367 |
* </pre> |
|
368 |
* |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
369 |
* <p>The algorithm name is determined from the {@code algorithm} |
2 | 370 |
* OID string. |
371 |
* |
|
372 |
* @return the signature algorithm name. |
|
373 |
*/ |
|
374 |
public abstract String getSigAlgName(); |
|
375 |
||
376 |
/** |
|
377 |
* Gets the signature algorithm OID string from the certificate. |
|
378 |
* An OID is represented by a set of nonnegative whole numbers separated |
|
379 |
* by periods. |
|
380 |
* For example, the string "1.2.840.10040.4.3" identifies the SHA-1 |
|
381 |
* with DSA signature algorithm defined in |
|
382 |
* <a href="http://www.ietf.org/rfc/rfc3279.txt">RFC 3279: Algorithms and |
|
383 |
* Identifiers for the Internet X.509 Public Key Infrastructure Certificate |
|
384 |
* and CRL Profile</a>. |
|
385 |
* |
|
386 |
* <p>See {@link #getSigAlgName() getSigAlgName} for |
|
387 |
* relevant ASN.1 definitions. |
|
388 |
* |
|
389 |
* @return the signature algorithm OID string. |
|
390 |
*/ |
|
391 |
public abstract String getSigAlgOID(); |
|
392 |
||
393 |
/** |
|
394 |
* Gets the DER-encoded signature algorithm parameters from this |
|
395 |
* certificate's signature algorithm. In most cases, the signature |
|
396 |
* algorithm parameters are null; the parameters are usually |
|
397 |
* supplied with the certificate's public key. |
|
398 |
* If access to individual parameter values is needed then use |
|
399 |
* {@link java.security.AlgorithmParameters AlgorithmParameters} |
|
400 |
* and instantiate with the name returned by |
|
401 |
* {@link #getSigAlgName() getSigAlgName}. |
|
402 |
* |
|
403 |
* <p>See {@link #getSigAlgName() getSigAlgName} for |
|
404 |
* relevant ASN.1 definitions. |
|
405 |
* |
|
406 |
* @return the DER-encoded signature algorithm parameters, or |
|
407 |
* null if no parameters are present. |
|
408 |
*/ |
|
409 |
public abstract byte[] getSigAlgParams(); |
|
410 |
||
411 |
/** |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
412 |
* Gets the {@code issuerUniqueID} value from the certificate. |
2 | 413 |
* The issuer unique identifier is present in the certificate |
414 |
* to handle the possibility of reuse of issuer names over time. |
|
26967
c182469301ee
8037550: Update RFC references in javadoc to RFC 5280
juh
parents:
25859
diff
changeset
|
415 |
* RFC 5280 recommends that names not be reused and that |
2 | 416 |
* conforming certificates not make use of unique identifiers. |
417 |
* Applications conforming to that profile should be capable of |
|
418 |
* parsing unique identifiers and making comparisons. |
|
419 |
* |
|
420 |
* <p>The ASN.1 definition for this is: |
|
421 |
* <pre> |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
422 |
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL |
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
423 |
* |
2 | 424 |
* UniqueIdentifier ::= BIT STRING |
425 |
* </pre> |
|
426 |
* |
|
427 |
* @return the issuer unique identifier or null if it is not |
|
428 |
* present in the certificate. |
|
429 |
*/ |
|
430 |
public abstract boolean[] getIssuerUniqueID(); |
|
431 |
||
432 |
/** |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
433 |
* Gets the {@code subjectUniqueID} value from the certificate. |
2 | 434 |
* |
435 |
* <p>The ASN.1 definition for this is: |
|
436 |
* <pre> |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
437 |
* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL |
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
438 |
* |
2 | 439 |
* UniqueIdentifier ::= BIT STRING |
440 |
* </pre> |
|
441 |
* |
|
442 |
* @return the subject unique identifier or null if it is not |
|
443 |
* present in the certificate. |
|
444 |
*/ |
|
445 |
public abstract boolean[] getSubjectUniqueID(); |
|
446 |
||
447 |
/** |
|
448 |
* Gets a boolean array representing bits of |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
449 |
* the {@code KeyUsage} extension, (OID = 2.5.29.15). |
2 | 450 |
* The key usage extension defines the purpose (e.g., encipherment, |
451 |
* signature, certificate signing) of the key contained in the |
|
452 |
* certificate. |
|
453 |
* The ASN.1 definition for this is: |
|
454 |
* <pre> |
|
455 |
* KeyUsage ::= BIT STRING { |
|
456 |
* digitalSignature (0), |
|
457 |
* nonRepudiation (1), |
|
458 |
* keyEncipherment (2), |
|
459 |
* dataEncipherment (3), |
|
460 |
* keyAgreement (4), |
|
461 |
* keyCertSign (5), |
|
462 |
* cRLSign (6), |
|
463 |
* encipherOnly (7), |
|
464 |
* decipherOnly (8) } |
|
465 |
* </pre> |
|
26967
c182469301ee
8037550: Update RFC references in javadoc to RFC 5280
juh
parents:
25859
diff
changeset
|
466 |
* RFC 5280 recommends that when used, this be marked |
2 | 467 |
* as a critical extension. |
468 |
* |
|
469 |
* @return the KeyUsage extension of this certificate, represented as |
|
470 |
* an array of booleans. The order of KeyUsage values in the array is |
|
471 |
* the same as in the above ASN.1 definition. The array will contain a |
|
472 |
* value for each KeyUsage defined above. If the KeyUsage list encoded |
|
473 |
* in the certificate is longer than the above list, it will not be |
|
474 |
* truncated. Returns null if this certificate does not |
|
475 |
* contain a KeyUsage extension. |
|
476 |
*/ |
|
477 |
public abstract boolean[] getKeyUsage(); |
|
478 |
||
479 |
/** |
|
480 |
* Gets an unmodifiable list of Strings representing the OBJECT |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
481 |
* IDENTIFIERs of the {@code ExtKeyUsageSyntax} field of the |
2 | 482 |
* extended key usage extension, (OID = 2.5.29.37). It indicates |
483 |
* one or more purposes for which the certified public key may be |
|
484 |
* used, in addition to or in place of the basic purposes |
|
485 |
* indicated in the key usage extension field. The ASN.1 |
|
486 |
* definition for this is: |
|
487 |
* <pre> |
|
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
488 |
* ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId |
2 | 489 |
* |
18592
80cdfecea074
8019539: Fix doclint errors in java.security and its subpackages
juh
parents:
18551
diff
changeset
|
490 |
* KeyPurposeId ::= OBJECT IDENTIFIER |
2 | 491 |
* </pre> |
492 |
* |
|
493 |
* Key purposes may be defined by any organization with a |
|
494 |
* need. Object identifiers used to identify key purposes shall be |
|
495 |
* assigned in accordance with IANA or ITU-T Rec. X.660 | |
|
496 |
* ISO/IEC/ITU 9834-1. |
|
497 |
* <p> |
|
498 |
* This method was added to version 1.4 of the Java 2 Platform Standard |
|
499 |
* Edition. In order to maintain backwards compatibility with existing |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
500 |
* service providers, this method is not {@code abstract} |
2 | 501 |
* and it provides a default implementation. Subclasses |
502 |
* should override this method with a correct implementation. |
|
503 |
* |
|
504 |
* @return the ExtendedKeyUsage extension of this certificate, |
|
505 |
* as an unmodifiable list of object identifiers represented |
|
506 |
* as Strings. Returns null if this certificate does not |
|
507 |
* contain an ExtendedKeyUsage extension. |
|
508 |
* @throws CertificateParsingException if the extension cannot be decoded |
|
509 |
* @since 1.4 |
|
510 |
*/ |
|
511 |
public List<String> getExtendedKeyUsage() throws CertificateParsingException { |
|
512 |
return X509CertImpl.getExtendedKeyUsage(this); |
|
513 |
} |
|
514 |
||
515 |
/** |
|
516 |
* Gets the certificate constraints path length from the |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
517 |
* critical {@code BasicConstraints} extension, (OID = 2.5.29.19). |
2 | 518 |
* <p> |
519 |
* The basic constraints extension identifies whether the subject |
|
520 |
* of the certificate is a Certificate Authority (CA) and |
|
521 |
* how deep a certification path may exist through that CA. The |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
522 |
* {@code pathLenConstraint} field (see below) is meaningful |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
523 |
* only if {@code cA} is set to TRUE. In this case, it gives the |
2 | 524 |
* maximum number of CA certificates that may follow this certificate in a |
525 |
* certification path. A value of zero indicates that only an end-entity |
|
526 |
* certificate may follow in the path. |
|
527 |
* <p> |
|
528 |
* The ASN.1 definition for this is: |
|
529 |
* <pre> |
|
530 |
* BasicConstraints ::= SEQUENCE { |
|
531 |
* cA BOOLEAN DEFAULT FALSE, |
|
532 |
* pathLenConstraint INTEGER (0..MAX) OPTIONAL } |
|
533 |
* </pre> |
|
534 |
* |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
535 |
* @return the value of {@code pathLenConstraint} if the |
2 | 536 |
* BasicConstraints extension is present in the certificate and the |
537 |
* subject of the certificate is a CA, otherwise -1. |
|
538 |
* If the subject of the certificate is a CA and |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
539 |
* {@code pathLenConstraint} does not appear, |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
540 |
* {@code Integer.MAX_VALUE} is returned to indicate that there is no |
2 | 541 |
* limit to the allowed length of the certification path. |
542 |
*/ |
|
543 |
public abstract int getBasicConstraints(); |
|
544 |
||
545 |
/** |
|
546 |
* Gets an immutable collection of subject alternative names from the |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
547 |
* {@code SubjectAltName} extension, (OID = 2.5.29.17). |
2 | 548 |
* <p> |
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
549 |
* The ASN.1 definition of the {@code SubjectAltName} extension is: |
2 | 550 |
* <pre> |
551 |
* SubjectAltName ::= GeneralNames |
|
552 |
* |
|
553 |
* GeneralNames :: = SEQUENCE SIZE (1..MAX) OF GeneralName |
|
554 |
* |
|
555 |
* GeneralName ::= CHOICE { |
|
556 |
* otherName [0] OtherName, |
|
557 |
* rfc822Name [1] IA5String, |
|
558 |
* dNSName [2] IA5String, |
|
559 |
* x400Address [3] ORAddress, |
|
560 |
* directoryName [4] Name, |
|
561 |
* ediPartyName [5] EDIPartyName, |
|
562 |
* uniformResourceIdentifier [6] IA5String, |
|
563 |
* iPAddress [7] OCTET STRING, |
|
564 |
* registeredID [8] OBJECT IDENTIFIER} |
|
565 |
* </pre> |
|
566 |
* <p> |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
567 |
* If this certificate does not contain a {@code SubjectAltName} |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
568 |
* extension, {@code null} is returned. Otherwise, a |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
569 |
* {@code Collection} is returned with an entry representing each |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
570 |
* {@code GeneralName} included in the extension. Each entry is a |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
571 |
* {@code List} whose first entry is an {@code Integer} |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
572 |
* (the name type, 0-8) and whose second entry is a {@code String} |
2 | 573 |
* or a byte array (the name, in string or ASN.1 DER encoded form, |
574 |
* respectively). |
|
575 |
* <p> |
|
576 |
* <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
577 |
* names are returned as {@code String}s, |
2 | 578 |
* using the well-established string formats for those types (subject to |
26967
c182469301ee
8037550: Update RFC references in javadoc to RFC 5280
juh
parents:
25859
diff
changeset
|
579 |
* the restrictions included in RFC 5280). IPv4 address names are |
2 | 580 |
* returned using dotted quad notation. IPv6 address names are returned |
581 |
* in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values |
|
582 |
* representing the eight 16-bit pieces of the address. OID names are |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
583 |
* returned as {@code String}s represented as a series of nonnegative |
2 | 584 |
* integers separated by periods. And directory names (distinguished names) |
585 |
* are returned in <a href="http://www.ietf.org/rfc/rfc2253.txt"> |
|
586 |
* RFC 2253</a> string format. No standard string format is |
|
587 |
* defined for otherNames, X.400 names, EDI party names, or any |
|
588 |
* other type of names. They are returned as byte arrays |
|
589 |
* containing the ASN.1 DER encoded form of the name. |
|
590 |
* <p> |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
591 |
* Note that the {@code Collection} returned may contain more |
2 | 592 |
* than one name of the same type. Also, note that the returned |
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
593 |
* {@code Collection} is immutable and any entries containing byte |
2 | 594 |
* arrays are cloned to protect against subsequent modifications. |
595 |
* <p> |
|
596 |
* This method was added to version 1.4 of the Java 2 Platform Standard |
|
597 |
* Edition. In order to maintain backwards compatibility with existing |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
598 |
* service providers, this method is not {@code abstract} |
2 | 599 |
* and it provides a default implementation. Subclasses |
600 |
* should override this method with a correct implementation. |
|
601 |
* |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
602 |
* @return an immutable {@code Collection} of subject alternative |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
603 |
* names (or {@code null}) |
2 | 604 |
* @throws CertificateParsingException if the extension cannot be decoded |
605 |
* @since 1.4 |
|
606 |
*/ |
|
607 |
public Collection<List<?>> getSubjectAlternativeNames() |
|
608 |
throws CertificateParsingException { |
|
609 |
return X509CertImpl.getSubjectAlternativeNames(this); |
|
610 |
} |
|
611 |
||
612 |
/** |
|
613 |
* Gets an immutable collection of issuer alternative names from the |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
614 |
* {@code IssuerAltName} extension, (OID = 2.5.29.18). |
2 | 615 |
* <p> |
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
616 |
* The ASN.1 definition of the {@code IssuerAltName} extension is: |
2 | 617 |
* <pre> |
618 |
* IssuerAltName ::= GeneralNames |
|
619 |
* </pre> |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
620 |
* The ASN.1 definition of {@code GeneralNames} is defined |
2 | 621 |
* in {@link #getSubjectAlternativeNames getSubjectAlternativeNames}. |
622 |
* <p> |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
623 |
* If this certificate does not contain an {@code IssuerAltName} |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
624 |
* extension, {@code null} is returned. Otherwise, a |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
625 |
* {@code Collection} is returned with an entry representing each |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
626 |
* {@code GeneralName} included in the extension. Each entry is a |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
627 |
* {@code List} whose first entry is an {@code Integer} |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
628 |
* (the name type, 0-8) and whose second entry is a {@code String} |
2 | 629 |
* or a byte array (the name, in string or ASN.1 DER encoded form, |
630 |
* respectively). For more details about the formats used for each |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
631 |
* name type, see the {@code getSubjectAlternativeNames} method. |
2 | 632 |
* <p> |
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
633 |
* Note that the {@code Collection} returned may contain more |
2 | 634 |
* than one name of the same type. Also, note that the returned |
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
635 |
* {@code Collection} is immutable and any entries containing byte |
2 | 636 |
* arrays are cloned to protect against subsequent modifications. |
637 |
* <p> |
|
638 |
* This method was added to version 1.4 of the Java 2 Platform Standard |
|
639 |
* Edition. In order to maintain backwards compatibility with existing |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
640 |
* service providers, this method is not {@code abstract} |
2 | 641 |
* and it provides a default implementation. Subclasses |
642 |
* should override this method with a correct implementation. |
|
643 |
* |
|
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
644 |
* @return an immutable {@code Collection} of issuer alternative |
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
645 |
* names (or {@code null}) |
2 | 646 |
* @throws CertificateParsingException if the extension cannot be decoded |
647 |
* @since 1.4 |
|
648 |
*/ |
|
649 |
public Collection<List<?>> getIssuerAlternativeNames() |
|
650 |
throws CertificateParsingException { |
|
651 |
return X509CertImpl.getIssuerAlternativeNames(this); |
|
652 |
} |
|
13406
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
653 |
|
44476
e275cd2f9319
8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
mullan
parents:
26967
diff
changeset
|
654 |
/** |
13406
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
655 |
* Verifies that this certificate was signed using the |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
656 |
* private key that corresponds to the specified public key. |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
657 |
* This method uses the signature verification engine |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
658 |
* supplied by the specified provider. Note that the specified |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
659 |
* Provider object does not have to be registered in the provider list. |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
660 |
* |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
661 |
* This method was added to version 1.8 of the Java Platform Standard |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
662 |
* Edition. In order to maintain backwards compatibility with existing |
18551
882a3948c6e6
8017325: Cleanup of the javadoc <code> tag in java.security.cert
juh
parents:
14342
diff
changeset
|
663 |
* service providers, this method is not {@code abstract} |
13406
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
664 |
* and it provides a default implementation. |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
665 |
* |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
666 |
* @param key the PublicKey used to carry out the verification. |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
667 |
* @param sigProvider the signature provider. |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
668 |
* |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
669 |
* @throws NoSuchAlgorithmException on unsupported signature |
13406
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
670 |
* algorithms. |
58242
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
671 |
* @throws InvalidKeyException on incorrect key. |
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
672 |
* @throws SignatureException on signature errors. |
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
673 |
* @throws CertificateException on encoding errors. |
94bb65cb37d3
8230648: Replace @exception tag with @throws in java.base
jboes
parents:
57950
diff
changeset
|
674 |
* @throws UnsupportedOperationException if the method is not supported |
13406
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
675 |
* @since 1.8 |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
676 |
*/ |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
677 |
public void verify(PublicKey key, Provider sigProvider) |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
678 |
throws CertificateException, NoSuchAlgorithmException, |
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
679 |
InvalidKeyException, SignatureException { |
54483
ac20c3bdc55d
8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
valeriep
parents:
50204
diff
changeset
|
680 |
String sigName = getSigAlgName(); |
44476
e275cd2f9319
8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
mullan
parents:
26967
diff
changeset
|
681 |
Signature sig = (sigProvider == null) |
54483
ac20c3bdc55d
8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
valeriep
parents:
50204
diff
changeset
|
682 |
? Signature.getInstance(sigName) |
ac20c3bdc55d
8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
valeriep
parents:
50204
diff
changeset
|
683 |
: Signature.getInstance(sigName, sigProvider); |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
684 |
|
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
685 |
try { |
54483
ac20c3bdc55d
8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
valeriep
parents:
50204
diff
changeset
|
686 |
SignatureUtil.initVerifyWithParam(sig, key, |
ac20c3bdc55d
8216039: TLS with BC and RSASSA-PSS breaks ECDHServerKeyExchange
valeriep
parents:
50204
diff
changeset
|
687 |
SignatureUtil.getParamSpec(sigName, getSigAlgParams())); |
50204
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
688 |
} catch (ProviderException e) { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
689 |
throw new CertificateException(e.getMessage(), e.getCause()); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
690 |
} catch (InvalidAlgorithmParameterException e) { |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
691 |
throw new CertificateException(e); |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
692 |
} |
3195a713e24d
8146293: Add support for RSASSA-PSS Signature algorithm
valeriep
parents:
47216
diff
changeset
|
693 |
|
44476
e275cd2f9319
8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
mullan
parents:
26967
diff
changeset
|
694 |
byte[] tbsCert = getTBSCertificate(); |
e275cd2f9319
8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
mullan
parents:
26967
diff
changeset
|
695 |
sig.update(tbsCert, 0, tbsCert.length); |
e275cd2f9319
8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
mullan
parents:
26967
diff
changeset
|
696 |
|
e275cd2f9319
8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
mullan
parents:
26967
diff
changeset
|
697 |
if (sig.verify(getSignature()) == false) { |
e275cd2f9319
8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
mullan
parents:
26967
diff
changeset
|
698 |
throw new SignatureException("Signature does not match."); |
e275cd2f9319
8175029: StackOverflowError in X509CRL and X509Certificate.verify(PublicKey, Provider)
mullan
parents:
26967
diff
changeset
|
699 |
} |
13406
33d7bf574b42
7026347: Certificate and X509CRL should have verify(PublicKey key, Provider sigProvider)
mullan
parents:
10114
diff
changeset
|
700 |
} |
2 | 701 |
} |