Home » apache-harmony-6.0-src-r917296-snapshot » java » security » cert » [javadoc | source]

java.security.cert
abstract public class: X509Certificate [javadoc | source]

java.lang.Object
   java.security.cert.Certificate
      java.security.cert.X509Certificate

All Implemented Interfaces:
    X509Extension, Serializable

Abstract base class for X.509 certificates.

This represents a standard way for accessing the attributes of X.509 certificates.

The basic X.509 v3 format described in ASN.1:

Certificate  ::=  SEQUENCE  {
    tbsCertificate       TBSCertificate,
    signatureAlgorithm   AlgorithmIdentifier,
    signature            BIT STRING  }
    
TBSCertificate  ::=  SEQUENCE  {
     version         [0]  EXPLICIT Version DEFAULT v1,
     serialNumber         CertificateSerialNumber,
     signature            AlgorithmIdentifier,
     issuer               Name,
     validity             Validity,
     subject              Name,
     subjectPublicKeyInfo SubjectPublicKeyInfo,
     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                          -- If present, version must be v2 or v3
     subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                          -- If present, version must be v2 or v3
     extensions      [3]  EXPLICIT Extensions OPTIONAL
                          -- If present, version must be v3
     }

For more information consult RFC 2459 "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt .

Constructor:
protected X509Certificate() { super("X.509"); //$NON-NLS-1$ } Creates a new {@code X509Certificate}.

Method from java.security.cert.X509Certificate Summary:

checkValidity,   checkValidity,   getBasicConstraints,   getExtendedKeyUsage,   getIssuerAlternativeNames,   getIssuerDN,   getIssuerUniqueID,   getIssuerX500Principal,   getKeyUsage,   getNotAfter,   getNotBefore,   getSerialNumber,   getSigAlgName,   getSigAlgOID,   getSigAlgParams,   getSignature,   getSubjectAlternativeNames,   getSubjectDN,   getSubjectUniqueID,   getSubjectX500Principal,   getTBSCertificate,   getVersion

Methods from java.security.cert.Certificate:
equals,   getEncoded,   getPublicKey,   getType,   hashCode,   toString,   verify,   verify,   writeReplace

Methods from java.lang.Object:
clone,   equals,   finalize,   getClass,   hashCode,   notify,   notifyAll,   toString,   wait,   wait,   wait

Method from java.security.cert.X509Certificate Detail:
abstract public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException Checks whether the certificate is currently valid. The validity defined in ASN.1: validity Validity Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate } CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
abstract public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException Checks whether the certificate is valid at the specified date.
abstract public int getBasicConstraints() Returns the path length of the certificate constraints from the {@code BasicContraints} extension.
public List<String> getExtendedKeyUsage() throws CertificateParsingException { return null; } Returns a read-only list of OID strings representing the {@code ExtKeyUsageSyntax} field of the extended key usage extension.
public Collection<?> getIssuerAlternativeNames() throws CertificateParsingException { return null; } Returns a read-only list of the issuer alternative names from the {@code IssuerAltName} extension. The ASN.1 definition of {@code IssuerAltName}: IssuerAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }
abstract public Principal getIssuerDN() Returns the {@code issuer} (issuer distinguished name) as an implementation specific {@code Principal} object. The ASN.1 definition of {@code issuer}: issuer Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType replaced by: #getIssuerX500Principal() .
abstract public boolean[] getIssuerUniqueID() Returns the {@code issuerUniqueID} from the certificate.
public X500Principal getIssuerX500Principal() { try { // TODO if there is no X.509 certificate provider installed // should we try to access Harmony X509CertImpl via classForName? CertificateFactory factory = CertificateFactory .getInstance("X.509"); //$NON-NLS-1$ X509Certificate cert = (X509Certificate) factory .generateCertificate(new ByteArrayInputStream(getEncoded())); return cert.getIssuerX500Principal(); } catch (Exception e) { throw new RuntimeException(Messages.getString("security.59"), e); //$NON-NLS-1$ } } Returns the {@code issuer} (issuer distinguished name) as an {@code X500Principal}.
abstract public boolean[] getKeyUsage() Returns the {@code KeyUsage} extension as a {@code boolean} array. The ASN.1 definition of {@code KeyUsage}: KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
abstract public Date getNotAfter() Returns the {@code notAfter} date of the validity period of the certificate.
abstract public Date getNotBefore() Returns the {@code notBefore} date from the validity period of the certificate.
abstract public BigInteger getSerialNumber() Returns the {@code serialNumber} of the certificate. The ASN.1 definition of {@code serialNumber}: CertificateSerialNumber ::= INTEGER
abstract public String getSigAlgName() Returns the name of the algorithm for the certificate signature.
abstract public String getSigAlgOID() Returns the OID of the signature algorithm from the certificate.
abstract public byte[] getSigAlgParams() Returns the parameters of the signature algorithm in DER-encoded format.
abstract public byte[] getSignature() Returns the raw signature bits from the certificate.
public Collection<?> getSubjectAlternativeNames() throws CertificateParsingException { return null; } Returns a read-only list of the subject alternative names from the {@code SubjectAltName} extension. The ASN.1 definition of {@code SubjectAltName}: SubjectAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }
abstract public Principal getSubjectDN() Returns the {@code subject} (subject distinguished name) as an implementation specific {@code Principal} object. The ASN.1 definition of {@code subject}: subject Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType replaced by: #getSubjectX500Principal() .
abstract public boolean[] getSubjectUniqueID() Returns the {@code subjectUniqueID} from the certificate.
public X500Principal getSubjectX500Principal() { try { // TODO if there is no X.509 certificate provider installed // should we try to access Harmony X509CertImpl via classForName? CertificateFactory factory = CertificateFactory .getInstance("X.509"); //$NON-NLS-1$ X509Certificate cert = (X509Certificate) factory .generateCertificate(new ByteArrayInputStream(getEncoded())); return cert.getSubjectX500Principal(); } catch (Exception e) { throw new RuntimeException(Messages.getString("security.5A"), e); //$NON-NLS-1$ } } Returns the {@code subject} (subject distinguished name) as an {@code X500Principal}.
abstract public byte[] getTBSCertificate() throws CertificateEncodingException Returns the {@code tbsCertificate} information from this certificate in DER-encoded format.
abstract public int getVersion() Returns the certificates {@code version} (version number). The version defined is ASN.1: Version ::= INTEGER { v1(0), v2(1), v3(2) }