File Doc Category Size Date Package
CertPath.java API Doc Java SE 6 API 12209 Tue Jun 10 00:25:48 BST 2008 java.security.cert

CertPath

java.lang.Object

public abstract class CertPath extends Object implements Serializable

An immutable sequence of certificates (a certification path).

This is an abstract class that defines the methods common to all CertPaths. Subclasses can handle different kinds of certificates (X.509, PGP, etc.).

All CertPath objects have a type, a list of Certificates, and one or more supported encodings. Because the CertPath class is immutable, a CertPath cannot change in any externally visible way after being constructed. This stipulation applies to all public fields and methods of this class and any added or overridden by subclasses.

The type is a String that identifies the type of Certificates in the certification path. For each certificate cert in a certification path certPath, cert.getType().equals(certPath.getType()) must be true.

The list of Certificates is an ordered List of zero or more Certificates. This List and all of the Certificates contained in it must be immutable.

Each CertPath object must support one or more encodings so that the object can be translated into a byte array for storage or transmission to other parties. Preferably, these encodings should be well-documented standards (such as PKCS#7). One of the encodings supported by a CertPath is considered the default encoding. This encoding is used if no encoding is explicitly requested (for the {@link #getEncoded() getEncoded()} method, for instance).

All CertPath objects are also Serializable. CertPath objects are resolved into an alternate {@link CertPathRep CertPathRep} object during serialization. This allows a CertPath object to be serialized into an equivalent representation regardless of its underlying implementation.

CertPath objects can be created with a CertificateFactory or they can be returned by other classes, such as a CertPathBuilder.

By convention, X.509 CertPaths (consisting of X509Certificates), are ordered starting with the target certificate and ending with a certificate issued by the trust anchor. That is, the issuer of one certificate is the subject of the following one. The certificate representing the {@link TrustAnchor TrustAnchor} should not be included in the certification path. Unvalidated X.509 CertPaths may not follow these conventions. PKIX CertPathValidators will detect any departure from these conventions that cause the certification path to be invalid and throw a CertPathValidatorException.

Concurrent Access

All CertPath objects must be thread-safe. That is, multiple threads may concurrently invoke the methods defined in this class on a single CertPath object (or more than one) with no ill effects. This is also true for the List returned by CertPath.getCertificates.

Requiring CertPath objects to be immutable and thread-safe allows them to be passed around to various pieces of code without worrying about coordinating access. Providing this thread-safety is generally not difficult, since the CertPath and List objects in question are immutable.

see: CertificateFactory
see: CertPathBuilder
version: 1.11 04/07/06
author: Yassir Elley
since: 1.4

Fields Summary
private static final long
serialVersionUID
private String
type
Constructors Summary
protected CertPath(String type)
Creates a CertPath of the specified type.
This constructor is protected because most users should use a CertificateFactory to create CertPaths.
param
type the standard name of the type of Certificates in this path
// the type of certificates in this chain this.type = type;
Methods Summary
public boolean equals(java.lang.Object other)
Compares this certification path for equality with the specified object. Two CertPaths are equal if and only if their types are equal and their certificate Lists (and by implication the Certificates in those Lists) are equal. A CertPath is never equal to an object that is not a CertPath.
This algorithm is implemented by this method. If it is overridden, the behavior specified here must be maintained.
param
other the object to test for equality with this certification path
return
true if the specified object is equal to this certification path, false otherwise
if (this == other) return true; if (! (other instanceof CertPath)) return false; CertPath otherCP = (CertPath) other; if (! otherCP.getType().equals(type)) return false; List thisCertList = this.getCertificates(); List otherCertList = otherCP.getCertificates(); return(thisCertList.equals(otherCertList));
public abstract java.util.List getCertificates()
Returns the list of certificates in this certification path. The List returned must be immutable and thread-safe.
return
an immutable List of Certificates (may be empty, but not null)
public abstract byte[] getEncoded()
Returns the encoded form of this certification path, using the default encoding.
return
the encoded bytes
exception
CertificateEncodingException if an encoding error occurs
public abstract byte[] getEncoded(java.lang.String encoding)
Returns the encoded form of this certification path, using the specified encoding.
param
encoding the name of the encoding to use
return
the encoded bytes
exception
CertificateEncodingException if an encoding error occurs or the encoding requested is not supported
public abstract java.util.Iterator getEncodings()
Returns an iteration of the encodings supported by this certification path, with the default encoding first. Attempts to modify the returned Iterator via its remove method result in an UnsupportedOperationException.
return
an Iterator over the names of the supported encodings (as Strings)
public java.lang.String getType()
Returns the type of Certificates in this certification path. This is the same string that would be returned by {@link java.security.cert.Certificate#getType() cert.getType()} for all Certificates in the certification path.
return
the type of Certificates in this certification path (never null)
return type;
public int hashCode()
Returns the hashcode for this certification path. The hash code of a certification path is defined to be the result of the following calculation:
hashCode = path.getType().hashCode(); hashCode = 31*hashCode + path.getCertificates().hashCode();
This ensures that path1.equals(path2) implies that path1.hashCode()==path2.hashCode() for any two certification paths, path1 and path2, as required by the general contract of Object.hashCode.
return
the hashcode value for this certification path
int hashCode = type.hashCode(); hashCode = 31*hashCode + getCertificates().hashCode(); return hashCode;
public java.lang.String toString()
Returns a string representation of this certification path. This calls the toString method on each of the Certificates in the path.
return
a string representation of this certification path
StringBuffer sb = new StringBuffer(); Iterator stringIterator = getCertificates().iterator(); sb.append("\n" + type + " Cert Path: length = " + getCertificates().size() + ".\n"); sb.append("[\n"); int i = 1; while (stringIterator.hasNext()) { sb.append("==========================================" + "===============Certificate " + i + " start.\n"); Certificate stringCert = (Certificate) stringIterator.next(); sb.append(stringCert.toString()); sb.append("\n========================================" + "=================Certificate " + i + " end.\n\n\n"); i++; } sb.append("\n]"); return sb.toString();
protected java.lang.Object writeReplace()
Replaces the CertPath to be serialized with a CertPathRep object.
return
the CertPathRep to be serialized
throws
ObjectStreamException if a CertPathRep object representing this certification path could not be created
try { return new CertPathRep(type, getEncoded()); } catch (CertificateException ce) { NotSerializableException nse = new NotSerializableException ("java.security.cert.CertPath: " + type); nse.initCause(ce); throw nse; }