public class X509CertImpl extends java.security.cert.X509Certificate implements java.io.Serializable, DerEncoder
These certificates are managed and vouched for by Certificate Authorities (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties, making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.
RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates. That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions.
More recent work includes the IETF PKIX Working Group efforts, especially part 1.
X509CertInfo
,
Serialized FormModifier and Type | Class and Description |
---|---|
protected static class |
X509CertImpl.CertificateRep1 |
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
ALG_ID |
protected AlgorithmId |
algId |
protected X509CertInfo |
info |
static java.lang.String |
INFO |
static java.lang.String |
ISSUER_DN |
static java.lang.String |
NAME
Public attribute names.
|
static java.lang.String |
PUBLIC_KEY |
static java.lang.String |
SERIAL_ID |
static java.lang.String |
SIG |
static java.lang.String |
SIG_ALG |
protected byte[] |
signature |
static java.lang.String |
SIGNATURE |
static java.lang.String |
SIGNED_CERT |
static java.lang.String |
SUBJECT_DN
The following are defined for ease-of-use.
|
Constructor and Description |
---|
X509CertImpl()
Default constructor.
|
X509CertImpl(byte[] certData)
Unmarshals a certificate from its encoded form, parsing the
encoded bytes.
|
X509CertImpl(byte[] certData,
X509CertInfo certInfo)
As a special optimization, this constructor acts as X509CertImpl(byte[])
except that it takes an X509CertInfo which it uses as a 'hint' for
how to construct one field.
|
X509CertImpl(DerValue derVal)
Unmarshal a certificate from its encoded form, parsing a DER value.
|
X509CertImpl(java.io.InputStream in)
unmarshals an X.509 certificate from an input stream.
|
X509CertImpl(X509CertInfo certInfo)
Construct an initialized X509 Certificate.
|
Modifier and Type | Method and Description |
---|---|
void |
checkValidity()
Checks that the certificate is currently valid, i.e. the current
time is within the specified validity period.
|
void |
checkValidity(java.util.Date date)
Checks that the specified date is within the certificate's
validity period, or basically if the certificate would be
valid at the specified date/time.
|
void |
decode(java.io.InputStream in)
Decode an X.509 certificate from an input stream.
|
void |
delete(java.lang.String name)
Delete the requested attribute from the certificate.
|
void |
derEncode(java.io.OutputStream out)
DER encode this object onto an output stream.
|
void |
encode(java.io.OutputStream out)
Appends the certificate to an output stream.
|
java.lang.Object |
get(java.lang.String name)
Return the requested attribute from the certificate.
|
int |
getBasicConstraints()
Get the certificate constraints path length from the
the critical BasicConstraints extension, (oid = 2.5.29.19).
|
boolean |
getBasicConstraintsIsCA() |
java.util.Set<java.lang.String> |
getCriticalExtensionOIDs()
Gets a Set of the extension(s) marked CRITICAL in the
certificate by OID strings.
|
java.util.Enumeration<java.lang.String> |
getElements()
Return an enumeration of names of attributes existing within this
attribute.
|
byte[] |
getEncoded()
Returns the encoded form of this certificate.
|
Extension |
getExtension(java.lang.String oid) |
byte[] |
getExtensionValue(java.lang.String oid)
Gets the DER encoded extension identified by the passed
in oid String.
|
X509CertInfo |
getInfo() |
java.security.Principal |
getIssuerDN()
Gets the issuer distinguished name from the certificate.
|
CertificateIssuerName |
getIssuerObj() |
boolean[] |
getIssuerUniqueID()
Gets the Issuer Unique Identity from the certificate.
|
boolean[] |
getKeyUsage()
Get a boolean array representing the bits of the KeyUsage extension,
(oid = 2.5.29.15).
|
java.lang.String |
getName()
Return the name of this attribute.
|
java.util.Set<java.lang.String> |
getNonCriticalExtensionOIDs()
Gets a Set of the extension(s) marked NON-CRITICAL in the
certificate by OID strings.
|
java.util.Date |
getNotAfter()
Gets the notAfter date from the validity period of the certificate.
|
java.util.Date |
getNotBefore()
Gets the notBefore date from the validity period of the certificate.
|
java.security.PublicKey |
getPublicKey()
Gets the publickey from this certificate.
|
java.math.BigInteger |
getSerialNumber()
Gets the serial number from the certificate.
|
java.lang.String |
getSigAlgName()
Gets the signature algorithm name for the certificate
signature algorithm.
|
java.lang.String |
getSigAlgOID()
Gets the signature algorithm OID string from the certificate.
|
byte[] |
getSigAlgParams()
Gets the DER encoded signature algorithm parameters from this
certificate's signature algorithm.
|
byte[] |
getSignature()
Gets the raw Signature bits from the certificate.
|
java.security.Principal |
getSubjectDN()
Gets the subject distinguished name from the certificate.
|
CertificateSubjectName |
getSubjectObj() |
boolean[] |
getSubjectUniqueID()
Gets the Subject Unique Identity from the certificate.
|
byte[] |
getTBSCertificate()
Gets the DER encoded certificate informations, the
tbsCertificate from this certificate. |
int |
getVersion()
Gets the version number from the certificate.
|
boolean |
hasUnsupportedCriticalExtension() |
void |
set(java.lang.String name,
java.lang.Object obj)
Set the requested attribute in the certificate.
|
void |
sign(java.security.PrivateKey key,
java.lang.String algorithm)
Creates an X.509 certificate, and signs it using the key
passed (associating a signature algorithm and an X.500 name).
|
void |
sign(java.security.PrivateKey key,
java.lang.String algorithm,
java.lang.String provider)
Creates an X.509 certificate, and signs it using the key
passed (associating a signature algorithm and an X.500 name).
|
java.lang.String |
toString()
Returns a printable representation of the certificate.
|
void |
verify(java.security.PublicKey key)
Throws an exception if the certificate was not signed using the
verification key provided.
|
void |
verify(java.security.PublicKey key,
java.lang.String sigProvider)
Throws an exception if the certificate was not signed using the
verification key provided.
|
protected java.lang.Object |
writeReplace() |
public static final java.lang.String NAME
public static final java.lang.String INFO
public static final java.lang.String ALG_ID
public static final java.lang.String SIGNATURE
public static final java.lang.String SIGNED_CERT
public static final java.lang.String SUBJECT_DN
public static final java.lang.String ISSUER_DN
public static final java.lang.String SERIAL_ID
public static final java.lang.String PUBLIC_KEY
public static final java.lang.String SIG_ALG
public static final java.lang.String SIG
protected X509CertInfo info
protected AlgorithmId algId
protected byte[] signature
public X509CertImpl()
public X509CertImpl(byte[] certData) throws java.security.cert.CertificateException
certData
- the encoded bytes, with no trailing padding.java.security.cert.CertificateException
- on parsing and initialization errors.public X509CertImpl(byte[] certData, X509CertInfo certInfo) throws java.security.cert.CertificateException
certData
- the encode bytes, with no traiing paddingcertInfo
- the certInfo which has already been constructed
from the certDatajava.security.cert.CertificateException
public X509CertImpl(java.io.InputStream in) throws java.security.cert.CertificateException
in
- an input stream holding at least one certificatejava.security.cert.CertificateException
- on parsing and initialization errors.public X509CertImpl(X509CertInfo certInfo)
certInfo
- the X509CertificateInfo which the Certificate is to be
created from.public X509CertImpl(DerValue derVal) throws java.security.cert.CertificateException
derVal
- the der value containing the encoded cert.java.security.cert.CertificateException
- on parsing and initialization errors.public boolean hasUnsupportedCriticalExtension()
hasUnsupportedCriticalExtension
in interface java.security.cert.X509Extension
public void decode(java.io.InputStream in) throws java.security.cert.CertificateException, java.io.IOException
in
- an input stream holding at least one certificatejava.security.cert.CertificateException
- on parsing errors.java.io.IOException
- on other errors.public void encode(java.io.OutputStream out) throws java.security.cert.CertificateEncodingException
out
- an input stream to which the certificate is appended.java.security.cert.CertificateEncodingException
- on encoding errors.public void derEncode(java.io.OutputStream out) throws java.io.IOException
DerEncoder
interface.derEncode
in interface DerEncoder
out
- the output stream on which to write the DER encoding.java.io.IOException
- on encoding error.public byte[] getEncoded() throws java.security.cert.CertificateEncodingException
getEncoded
in class java.security.cert.Certificate
java.security.cert.CertificateEncodingException
- if an encoding error occurs.public void verify(java.security.PublicKey key) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
verify
in class java.security.cert.Certificate
key
- the public key used for verification.java.security.InvalidKeyException
- on incorrect key.java.security.NoSuchAlgorithmException
- on unsupported signature
algorithms.java.security.NoSuchProviderException
- if there's no default provider.java.security.SignatureException
- on signature errors.java.security.cert.CertificateException
- on encoding errors.public void verify(java.security.PublicKey key, java.lang.String sigProvider) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
verify
in class java.security.cert.Certificate
key
- the public key used for verification.sigProvider
- the name of the provider.java.security.NoSuchAlgorithmException
- on unsupported signature
algorithms.java.security.InvalidKeyException
- on incorrect key.java.security.NoSuchProviderException
- on incorrect provider.java.security.SignatureException
- on signature errors.java.security.cert.CertificateException
- on encoding errors.public void sign(java.security.PrivateKey key, java.lang.String algorithm) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
key
- the private key used for signing.algorithm
- the name of the signature algorithm used.java.security.InvalidKeyException
- on incorrect key.java.security.NoSuchAlgorithmException
- on unsupported signature
algorithms.java.security.NoSuchProviderException
- if there's no default provider.java.security.SignatureException
- on signature errors.java.security.cert.CertificateException
- on encoding errors.public void sign(java.security.PrivateKey key, java.lang.String algorithm, java.lang.String provider) throws java.security.cert.CertificateException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
key
- the private key used for signing.algorithm
- the name of the signature algorithm used.provider
- the name of the provider.java.security.NoSuchAlgorithmException
- on unsupported signature
algorithms.java.security.InvalidKeyException
- on incorrect key.java.security.NoSuchProviderException
- on incorrect provider.java.security.SignatureException
- on signature errors.java.security.cert.CertificateException
- on encoding errors.public void checkValidity() throws java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException
checkValidity
in class java.security.cert.X509Certificate
java.security.cert.CertificateExpiredException
- if the certificate has expired.java.security.cert.CertificateNotYetValidException
- if the certificate is not
yet valid.public void checkValidity(java.util.Date date) throws java.security.cert.CertificateExpiredException, java.security.cert.CertificateNotYetValidException
checkValidity
in class java.security.cert.X509Certificate
date
- the Date to check against to see if this certificate
is valid at that date/time.java.security.cert.CertificateExpiredException
- if the certificate has expired
with respect to the date
supplied.java.security.cert.CertificateNotYetValidException
- if the certificate is not
yet valid with respect to the date
supplied.public java.lang.Object get(java.lang.String name) throws java.security.cert.CertificateParsingException
name
- the name of the attribute.java.security.cert.CertificateParsingException
- on invalid attribute identifier.public void set(java.lang.String name, java.lang.Object obj) throws java.security.cert.CertificateException, java.io.IOException
name
- the name of the attribute.obj
- the value of the attribute.java.security.cert.CertificateException
- on invalid attribute identifier.java.io.IOException
- on encoding error of attribute.public void delete(java.lang.String name) throws java.security.cert.CertificateException, java.io.IOException
name
- the name of the attribute.java.security.cert.CertificateException
- on invalid attribute identifier.java.io.IOException
- on other errors.public java.util.Enumeration<java.lang.String> getElements()
public java.lang.String getName()
public java.lang.String toString()
toString
in class java.security.cert.Certificate
public java.security.PublicKey getPublicKey()
getPublicKey
in class java.security.cert.Certificate
public int getVersion()
getVersion
in class java.security.cert.X509Certificate
public java.math.BigInteger getSerialNumber()
getSerialNumber
in class java.security.cert.X509Certificate
public java.security.Principal getSubjectDN()
getSubjectDN
in class java.security.cert.X509Certificate
public CertificateSubjectName getSubjectObj()
public X509CertInfo getInfo()
public java.security.Principal getIssuerDN()
getIssuerDN
in class java.security.cert.X509Certificate
public CertificateIssuerName getIssuerObj()
public java.util.Date getNotBefore()
getNotBefore
in class java.security.cert.X509Certificate
public java.util.Date getNotAfter()
getNotAfter
in class java.security.cert.X509Certificate
public byte[] getTBSCertificate() throws java.security.cert.CertificateEncodingException
tbsCertificate
from this certificate.
This can be used to verify the signature independently.getTBSCertificate
in class java.security.cert.X509Certificate
java.security.cert.CertificateEncodingException
- if an encoding error occurs.public byte[] getSignature()
getSignature
in class java.security.cert.X509Certificate
public java.lang.String getSigAlgName()
getSigAlgName
in class java.security.cert.X509Certificate
public java.lang.String getSigAlgOID()
getSigAlgOID
in class java.security.cert.X509Certificate
public byte[] getSigAlgParams()
getSigAlgParams
in class java.security.cert.X509Certificate
public boolean[] getIssuerUniqueID()
getIssuerUniqueID
in class java.security.cert.X509Certificate
public boolean[] getSubjectUniqueID()
getSubjectUniqueID
in class java.security.cert.X509Certificate
public java.util.Set<java.lang.String> getCriticalExtensionOIDs()
getCriticalExtensionOIDs
in interface java.security.cert.X509Extension
public java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()
getNonCriticalExtensionOIDs
in interface java.security.cert.X509Extension
public Extension getExtension(java.lang.String oid)
public byte[] getExtensionValue(java.lang.String oid)
getExtensionValue
in interface java.security.cert.X509Extension
oid
- the Object Identifier value for the extension.public boolean[] getKeyUsage()
getKeyUsage
in class java.security.cert.X509Certificate
public int getBasicConstraints()
getBasicConstraints
in class java.security.cert.X509Certificate
public boolean getBasicConstraintsIsCA()
protected java.lang.Object writeReplace() throws java.io.ObjectStreamException
writeReplace
in class java.security.cert.Certificate
java.io.ObjectStreamException