java.lang.Objectjava.security.cert.Certificate
java.security.cert.X509Certificate
All Implemented Interfaces:
X509Extension, Serializable
This represents a standard way for accessing the attributes of X.509 certificates.
The basic X.509 v3 format described in ASN.1:
Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING }
TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version must be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version must be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version must be v3
}
For more information consult RFC 2459 "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt .
| Constructor: |
|---|
|
| Method from java.security.cert.X509Certificate Summary: |
|---|
| checkValidity, checkValidity, getBasicConstraints, getExtendedKeyUsage, getIssuerAlternativeNames, getIssuerDN, getIssuerUniqueID, getIssuerX500Principal, getKeyUsage, getNotAfter, getNotBefore, getSerialNumber, getSigAlgName, getSigAlgOID, getSigAlgParams, getSignature, getSubjectAlternativeNames, getSubjectDN, getSubjectUniqueID, getSubjectX500Principal, getTBSCertificate, getVersion |
| Methods from java.security.cert.Certificate: |
|---|
| equals, getEncoded, getPublicKey, getType, hashCode, toString, verify, verify, writeReplace |
| Methods from java.lang.Object: |
|---|
| clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Method from java.security.cert.X509Certificate Detail: |
|---|
The validity defined in ASN.1:
validity Validity
Validity ::= SEQUENCE {
notBefore CertificateValidityDate,
notAfter CertificateValidityDate }
CertificateValidityDate ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
|
|
|
|
The ASN.1 definition of {@code IssuerAltName}:
IssuerAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] AnotherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
|
The ASN.1 definition of {@code issuer}:
issuer Name
Name ::= CHOICE {
RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
replaced by: #getIssuerX500Principal() . |
|
|
The ASN.1 definition of {@code KeyUsage}:
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1),
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
|
|
|
The ASN.1 definition of {@code serialNumber}: CertificateSerialNumber ::= INTEGER |
|
|
|
|
The ASN.1 definition of {@code SubjectAltName}:
SubjectAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE {
otherName [0] AnotherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
|
The ASN.1 definition of {@code subject}:
subject Name
Name ::= CHOICE {
RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
AttributeTypeAndValue ::= SEQUENCE {
type AttributeType,
value AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY DEFINED BY AttributeType
replaced by: #getSubjectX500Principal() . |
|
|
|
The version defined is ASN.1:
Version ::= INTEGER { v1(0), v2(1), v3(2) }
|