@Deprecated
public class X509Cert
extends java.lang.Object
implements java.security.Certificate, java.io.Serializable
CertAndKeyGen
,
Serialized FormModifier and Type | Field and Description |
---|---|
protected AlgorithmId |
algid
Deprecated.
|
Constructor and Description |
---|
X509Cert()
Deprecated.
Construct a uninitialized X509 Cert on which
decode must later be called (or which may be deserialized).
|
X509Cert(byte[] cert)
Deprecated.
Unmarshals a certificate from its encoded form, parsing the
encoded bytes.
|
X509Cert(byte[] buf,
int offset,
int len)
Deprecated.
Unmarshals a certificate from its encoded form, parsing the
encoded bytes.
|
X509Cert(DerValue derVal)
Deprecated.
Unmarshal a certificate from its encoded form, parsing a DER value.
|
X509Cert(X500Name subjectName,
X509Key subjectPublicKey,
java.util.Date notBefore,
java.util.Date notAfter)
Deprecated.
Partially constructs a certificate from descriptive parameters.
|
Modifier and Type | Method and Description |
---|---|
void |
decode(java.io.InputStream in)
Deprecated.
Decode an X.509 certificate from an input stream.
|
void |
encode(java.io.OutputStream out)
Deprecated.
Appends the certificate to an output stream.
|
byte[] |
encodeAndSign(BigInt serial,
X500Signer issuer)
Deprecated.
Creates an X.509 certificate, and signs it using the issuer
passed (associating a signature algorithm and an X.500 name).
|
boolean |
equals(java.lang.Object other)
Deprecated.
Compares two certificates.
|
boolean |
equals(X509Cert src)
Deprecated.
Compares two certificates, returning false if any data
differs between the two.
|
java.lang.String |
getFormat()
Deprecated.
Returns the "X.509" format identifier.
|
java.security.Principal |
getGuarantor()
Deprecated.
Returns getIssuerName
|
AlgorithmId |
getIssuerAlgorithmId()
Deprecated.
Returns the algorithm used by the issuer to sign the certificate.
|
X500Name |
getIssuerName()
Deprecated.
Returns the certificate issuer's X.500 distinguished name.
|
java.util.Date |
getNotAfter()
Deprecated.
Returns the last time the certificate is valid.
|
java.util.Date |
getNotBefore()
Deprecated.
Returns the first time the certificate is valid.
|
java.security.Principal |
getPrincipal()
Deprecated.
Returns getSubjectName
|
java.security.PublicKey |
getPublicKey()
Deprecated.
Returns the subject's public key.
|
BigInt |
getSerialNumber()
Deprecated.
Returns the certificate's serial number.
|
byte[] |
getSignedCert()
Deprecated.
Return the signed X.509 certificate as a byte array.
|
X500Signer |
getSigner(AlgorithmId algorithmId,
java.security.PrivateKey privateKey)
Deprecated.
Returns an X500Signer that may be used to create signatures.
|
X500Name |
getSubjectName()
Deprecated.
Returns the subject's X.500 distinguished name.
|
java.security.Signature |
getVerifier(java.lang.String algorithm)
Deprecated.
Returns a signature object that may be used to verify signatures
created using a specified signature algorithm and the public key
contained in this certificate.
|
int |
getVersion()
Deprecated.
Returns the X.509 version number of this certificate, zero based.
|
int |
hashCode()
Deprecated.
Calculates a hash code value for the object.
|
java.lang.String |
toString()
Deprecated.
Returns a printable representation of the certificate.
|
java.lang.String |
toString(boolean detailed)
Deprecated.
Returns a printable representation of the certificate.
|
void |
verify(java.security.PublicKey issuerPublicKey)
Deprecated.
Throws an exception if the certificate is invalid because it is
now outside of the certificate's validity period, or because it
was not signed using the verification key provided.
|
protected AlgorithmId algid
public X509Cert()
public X509Cert(byte[] cert) throws java.io.IOException
cert
- the encoded bytes, with no terminatu (CONSUMED)java.io.IOException
- when the certificate is improperly encoded.public X509Cert(byte[] buf, int offset, int len) throws java.io.IOException
buf
- the buffer holding the encoded bytesoffset
- the offset in the buffer where the bytes beginlen
- how many bytes of certificate existjava.io.IOException
- when the certificate is improperly encoded.public X509Cert(DerValue derVal) throws java.io.IOException
derVal
- the der value containing the encoded cert.java.io.IOException
- when the certificate is improperly encoded.public X509Cert(X500Name subjectName, X509Key subjectPublicKey, java.util.Date notBefore, java.util.Date notAfter) throws CertException
Until the certificate has been signed and encoded, some of the mandatory fields in the certificate will not be available via accessor functions: the serial number, issuer name and signing algorithm, and of course the signed certificate. The fields passed to this constructor are available, and must be non-null.
Note that the public key being signed is generally independent of the signature algorithm being used. So for example Diffie-Hellman keys (which do not support signatures) can be placed in X.509 certificates when some other signature algorithm (e.g. DSS/DSA, or one of the RSA based algorithms) is used.
subjectName
- the X.500 distinguished name being certifiedsubjectPublicKey
- the public key being certified. This
must be an "X509Key" implementing the "PublicKey" interface.notBefore
- the first time the certificate is validnotAfter
- the last time the certificate is validCertException
- if the public key is inappropriateCertAndKeyGen
public void decode(java.io.InputStream in) throws java.io.IOException
decode
in interface java.security.Certificate
in
- an input stream holding at least one certificatejava.io.IOException
- when the certificate is improperly encoded.public void encode(java.io.OutputStream out) throws java.io.IOException
encode
in interface java.security.Certificate
out
- an input stream to which the certificate is appended.java.io.IOException
- when appending fails.public boolean equals(java.lang.Object other)
equals
in class java.lang.Object
other
- the object being compared with this onepublic boolean equals(X509Cert src)
src
- the object being compared with this onepublic java.lang.String getFormat()
getFormat
in interface java.security.Certificate
public java.security.Principal getGuarantor()
getGuarantor
in interface java.security.Certificate
public java.security.Principal getPrincipal()
getPrincipal
in interface java.security.Certificate
public void verify(java.security.PublicKey issuerPublicKey) throws CertException
Note that since this class represents only a single X.509 certificate, it cannot know anything about the certificate chain which is used to provide the verification key and to establish trust. Other code must manage and use those cert chains. For now, you must walk the cert chain being used to verify any given cert. Start at the root, which is a self-signed certificate; verify it using the key inside the certificate. Then use that to verify the next certificate in the chain, issued by that CA. In this manner, verify each certificate until you reach the particular certificate you wish to verify. You should not use a certificate if any of the verification operations for its certificate chain were unsuccessful.
issuerPublicKey
- the public key of the issuing CACertException
- when the certificate is not valid.public byte[] encodeAndSign(BigInt serial, X500Signer issuer) throws java.io.IOException, java.security.SignatureException
serial
- the serial number of the certificate (non-null)issuer
- the certificate issuer (CA) (non-null)java.io.IOException
- if any of the data could not be encoded,
or when any mandatory data was omittedjava.security.SignatureException
- on signing failuresgetSignedCert()
,
getSigner(org.mozilla.jss.netscape.security.x509.AlgorithmId, java.security.PrivateKey)
,
CertAndKeyGen
public X500Signer getSigner(AlgorithmId algorithmId, java.security.PrivateKey privateKey) throws java.security.NoSuchAlgorithmException, java.security.InvalidKeyException
NOTE: If the private key is by itself capable of creating signatures, this fact may not be recognized at this time. Specifically, the case of DSS/DSA keys which get their algorithm parameters from higher in the certificate chain is not supportable without using an X509CertChain API, and there is no current support for other sources of algorithm parameters.
algorithmId
- the signature algorithm to be used. Note that a
given public/private key pair may support several such algorithms.privateKey
- the private key used to create the signature,
which must correspond to the public key in this certificatejava.security.NoSuchAlgorithmException
- if the signature
algorithm is not supportedjava.security.InvalidKeyException
- if either the key in the certificate,
or the private key parameter, does not support the requested
signature algorithmpublic java.security.Signature getVerifier(java.lang.String algorithm) throws java.security.NoSuchAlgorithmException, java.security.InvalidKeyException
NOTE: If the public key in this certificate is not by itself capable of verifying signatures, this may not be recognized at this time. Specifically, the case of DSS/DSA keys which get their algorithm parameters from higher in the certificate chain is not supportable without using an X509CertChain API, and there is no current support for other sources of algorithm parameters.
algorithm
- the algorithm of the signature to be verifiedjava.security.NoSuchAlgorithmException
- if the signature
algorithm is not supportedjava.security.InvalidKeyException
- if the key in the certificate
does not support the requested signature algorithmpublic byte[] getSignedCert()
public BigInt getSerialNumber()
public X500Name getSubjectName()
public X500Name getIssuerName()
public AlgorithmId getIssuerAlgorithmId()
public java.util.Date getNotBefore()
public java.util.Date getNotAfter()
public java.security.PublicKey getPublicKey()
Two such public key algorithms are: DSS/DSA, where algorithm parameters could be acquired from a CA certificate in the chain of issuers; and Diffie-Hellman, with a similar solution although the CA then needs both a Diffie-Hellman certificate and a signature capable certificate.
getPublicKey
in interface java.security.Certificate
public int getVersion()
public int hashCode()
hashCode
in class java.lang.Object
public java.lang.String toString()
toString
in class java.lang.Object
public java.lang.String toString(boolean detailed)
toString
in interface java.security.Certificate
detailed
- true iff lots of detail is requested