- java.lang.Object
-
- java.security.cert.CertPath
-
- All Implemented Interfaces:
Serializable
public abstract class CertPath extends Object implements Serializable
An immutable sequence of certificates (a certification path).This is an abstract class that defines the methods common to all
CertPaths. Subclasses can handle different kinds of certificates (X.509, PGP, etc.).All
CertPathobjects have a type, a list ofCertificates, and one or more supported encodings. Because theCertPathclass is immutable, aCertPathcannot change in any externally visible way after being constructed. This stipulation applies to all public fields and methods of this class and any added or overridden by subclasses.The type is a
Stringthat identifies the type ofCertificates in the certification path. For each certificatecertin a certification pathcertPath,cert.getType().equals(certPath.getType())must betrue.The list of
Certificates is an orderedListof zero or moreCertificates. ThisListand all of theCertificates contained in it must be immutable.Each
CertPathobject must support one or more encodings so that the object can be translated into a byte array for storage or transmission to other parties. Preferably, these encodings should be well-documented standards (such as PKCS#7). One of the encodings supported by aCertPathis considered the default encoding. This encoding is used if no encoding is explicitly requested (for thegetEncoded()method, for instance).All
CertPathobjects are alsoSerializable.CertPathobjects are resolved into an alternateCertPathRepobject during serialization. This allows aCertPathobject to be serialized into an equivalent representation regardless of its underlying implementation.CertPathobjects can be created with aCertificateFactoryor they can be returned by other classes, such as aCertPathBuilder.By convention, X.509
CertPaths (consisting ofX509Certificates), are ordered starting with the target certificate and ending with a certificate issued by the trust anchor. That is, the issuer of one certificate is the subject of the following one. The certificate representing theTrustAnchorshould not be included in the certification path. Unvalidated X.509CertPaths may not follow these conventions. PKIXCertPathValidators will detect any departure from these conventions that cause the certification path to be invalid and throw aCertPathValidatorException.Every implementation of the Java platform is required to support the following standard
CertPathencodings:PKCS7PkiPath
Concurrent Access
All
CertPathobjects must be thread-safe. That is, multiple threads may concurrently invoke the methods defined in this class on a singleCertPathobject (or more than one) with no ill effects. This is also true for theListreturned byCertPath.getCertificates.Requiring
CertPathobjects to be immutable and thread-safe allows them to be passed around to various pieces of code without worrying about coordinating access. Providing this thread-safety is generally not difficult, since theCertPathandListobjects in question are immutable.- Since:
- 1.4
- See Also:
CertificateFactory,CertPathBuilder, Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description protected static classCertPath.CertPathRepAlternateCertPathclass for serialization.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description booleanequals(Object other)Compares this certification path for equality with the specified object.abstract List<? extends Certificate>getCertificates()Returns the list of certificates in this certification path.abstract byte[]getEncoded()Returns the encoded form of this certification path, using the default encoding.abstract byte[]getEncoded(String encoding)Returns the encoded form of this certification path, using the specified encoding.abstract Iterator<String>getEncodings()Returns an iteration of the encodings supported by this certification path, with the default encoding first.StringgetType()Returns the type ofCertificates in this certification path.inthashCode()Returns the hashcode for this certification path.StringtoString()Returns a string representation of this certification path.protected ObjectwriteReplace()Replaces theCertPathto be serialized with aCertPathRepobject.
-
-
-
Constructor Detail
-
CertPath
protected CertPath(String type)
Creates aCertPathof the specified type.This constructor is protected because most users should use a
CertificateFactoryto createCertPaths.- Parameters:
type- the standard name of the type ofCertificates in this path
-
-
Method Detail
-
getType
public String getType()
Returns the type ofCertificates in this certification path. This is the same string that would be returned bycert.getType()for allCertificates in the certification path.- Returns:
- the type of
Certificates in this certification path (never null)
-
getEncodings
public abstract Iterator<String> getEncodings()
Returns an iteration of the encodings supported by this certification path, with the default encoding first. Attempts to modify the returnedIteratorvia itsremovemethod result in anUnsupportedOperationException.- Returns:
- an
Iteratorover the names of the supported encodings (as Strings)
-
equals
public boolean equals(Object other)
Compares this certification path for equality with the specified object. TwoCertPaths are equal if and only if their types are equal and their certificateLists (and by implication theCertificates in thoseLists) are equal. ACertPathis never equal to an object that is not aCertPath.This algorithm is implemented by this method. If it is overridden, the behavior specified here must be maintained.
- Overrides:
equalsin classObject- Parameters:
other- the object to test for equality with this certification path- Returns:
- true if the specified object is equal to this certification path, false otherwise
- See Also:
Object.hashCode(),HashMap
-
hashCode
public int hashCode()
Returns the hashcode for this certification path. The hash code of a certification path is defined to be the result of the following calculation:
This ensures thathashCode = path.getType().hashCode(); hashCode = 31*hashCode + path.getCertificates().hashCode();path1.equals(path2)implies thatpath1.hashCode()==path2.hashCode()for any two certification paths,path1andpath2, as required by the general contract ofObject.hashCode.- Overrides:
hashCodein classObject- Returns:
- the hashcode value for this certification path
- See Also:
Object.equals(java.lang.Object),System.identityHashCode(java.lang.Object)
-
toString
public String toString()
Returns a string representation of this certification path. This calls thetoStringmethod on each of theCertificates in the path.
-
getEncoded
public abstract byte[] getEncoded() throws CertificateEncodingExceptionReturns the encoded form of this certification path, using the default encoding.- Returns:
- the encoded bytes
- Throws:
CertificateEncodingException- if an encoding error occurs
-
getEncoded
public abstract byte[] getEncoded(String encoding) throws CertificateEncodingException
Returns the encoded form of this certification path, using the specified encoding.- Parameters:
encoding- the name of the encoding to use- Returns:
- the encoded bytes
- Throws:
CertificateEncodingException- if an encoding error occurs or the encoding requested is not supported
-
getCertificates
public abstract List<? extends Certificate> getCertificates()
Returns the list of certificates in this certification path. TheListreturned must be immutable and thread-safe.- Returns:
- an immutable
ListofCertificates (may be empty, but not null)
-
writeReplace
protected Object writeReplace() throws ObjectStreamException
Replaces theCertPathto be serialized with aCertPathRepobject.- Returns:
- the
CertPathRepto be serialized - Throws:
ObjectStreamException- if aCertPathRepobject representing this certification path could not be created
-
-