public abstract class X509Certificate extends Certificate implements X509Extension
This represents a standard way for accessing the attributes of X.509 certificates.
The basic X.509 v3 format described in ASN.1:
Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL -- If present, version must be v3 }
For more information consult RFC 2459 "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt .
Certificate.CertificateRep
Modifier | Constructor and Description |
---|---|
protected |
X509Certificate()
Creates a new
X509Certificate . |
Modifier and Type | Method and Description |
---|---|
abstract void |
checkValidity()
Checks whether the certificate is currently valid.
|
abstract void |
checkValidity(Date date)
Checks whether the certificate is valid at the specified date.
|
abstract int |
getBasicConstraints()
Returns the path length of the certificate constraints from the
BasicContraints extension. |
List<String> |
getExtendedKeyUsage()
Returns a read-only list of OID strings representing the
ExtKeyUsageSyntax field of the extended key usage extension. |
Collection<List<?>> |
getIssuerAlternativeNames()
Returns a read-only list of the issuer alternative names from the
IssuerAltName extension. |
abstract Principal |
getIssuerDN()
Returns the
issuer (issuer distinguished name) as an
implementation specific Principal object. |
abstract boolean[] |
getIssuerUniqueID()
Returns the
issuerUniqueID from the certificate. |
X500Principal |
getIssuerX500Principal()
Returns the
issuer (issuer distinguished name) as an X500Principal . |
abstract boolean[] |
getKeyUsage()
Returns the
KeyUsage extension as a boolean array. |
abstract Date |
getNotAfter()
Returns the
notAfter date of the validity period of the
certificate. |
abstract Date |
getNotBefore()
Returns the
notBefore date from the validity period of the
certificate. |
abstract BigInteger |
getSerialNumber()
Returns the
serialNumber of the certificate. |
abstract String |
getSigAlgName()
Returns the name of the algorithm for the certificate signature.
|
abstract String |
getSigAlgOID()
Returns the OID of the signature algorithm from the certificate.
|
abstract byte[] |
getSigAlgParams()
Returns the parameters of the signature algorithm in DER-encoded format.
|
abstract byte[] |
getSignature()
Returns the raw signature bits from the certificate.
|
Collection<List<?>> |
getSubjectAlternativeNames()
Returns a read-only list of the subject alternative names from the
SubjectAltName extension. |
abstract Principal |
getSubjectDN()
Returns the
subject (subject distinguished name) as an
implementation specific Principal object. |
abstract boolean[] |
getSubjectUniqueID()
Returns the
subjectUniqueID from the certificate. |
X500Principal |
getSubjectX500Principal()
Returns the
subject (subject distinguished name) as an X500Principal . |
abstract byte[] |
getTBSCertificate()
Returns the
tbsCertificate information from this certificate in
DER-encoded format. |
abstract int |
getVersion()
Returns the certificates
version (version number). |
equals, getEncoded, getPublicKey, getType, hashCode, toString, verify, verify, writeReplace
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
getCriticalExtensionOIDs, getExtensionValue, getNonCriticalExtensionOIDs, hasUnsupportedCriticalExtension
public abstract void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException
The validity defined in ASN.1:
validity Validity Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate } CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
CertificateExpiredException
- if the certificate has expired.CertificateNotYetValidException
- if the certificate is not yet valid.public abstract void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException
date
- the date to check the validity against.CertificateExpiredException
- if the certificate has expired.CertificateNotYetValidException
- if the certificate is not yet valid.checkValidity()
public abstract int getVersion()
version
(version number).
The version defined is ASN.1:
Version ::= INTEGER { v1(0), v2(1), v3(2) }
public abstract BigInteger getSerialNumber()
serialNumber
of the certificate.
The ASN.1 definition of serialNumber
:
CertificateSerialNumber ::= INTEGER
public abstract Principal getIssuerDN()
issuer
(issuer distinguished name) as an
implementation specific Principal
object.
The ASN.1 definition of issuer
:
issuer Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeTypereplaced by:
getIssuerX500Principal()
.issuer
as an implementation specific Principal
.public X500Principal getIssuerX500Principal()
issuer
(issuer distinguished name) as an X500Principal
.issuer
(issuer distinguished name).public abstract Principal getSubjectDN()
subject
(subject distinguished name) as an
implementation specific Principal
object.
The ASN.1 definition of subject
:
subject Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType
replaced by: getSubjectX500Principal()
.
subject
(subject distinguished name).public X500Principal getSubjectX500Principal()
subject
(subject distinguished name) as an X500Principal
.subject
(subject distinguished name)public abstract Date getNotBefore()
notBefore
date from the validity period of the
certificate.public abstract Date getNotAfter()
notAfter
date of the validity period of the
certificate.public abstract byte[] getTBSCertificate() throws CertificateEncodingException
tbsCertificate
information from this certificate in
DER-encoded format.CertificateEncodingException
- if an error occurs in encodingpublic abstract byte[] getSignature()
public abstract String getSigAlgName()
public abstract String getSigAlgOID()
public abstract byte[] getSigAlgParams()
null
if
none are used.public abstract boolean[] getIssuerUniqueID()
issuerUniqueID
from the certificate.issuerUniqueID
or null
if there's none in the
certificate.public abstract boolean[] getSubjectUniqueID()
subjectUniqueID
from the certificate.subjectUniqueID
or null if there's none in the
certificate.public abstract boolean[] getKeyUsage()
KeyUsage
extension as a boolean
array.
The ASN.1 definition of KeyUsage
:
KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
KeyUsage
extension or null
if there's none in
the certificate.public List<String> getExtendedKeyUsage() throws CertificateParsingException
ExtKeyUsageSyntax
field of the extended key usage extension.null
if there's none
in the certificate.CertificateParsingException
- if the extension decoding fails.public abstract int getBasicConstraints()
BasicContraints
extension.-1
if the extension is not present. Integer.MAX_VALUE
if there's not limit.public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException
SubjectAltName
extension.
The ASN.1 definition of SubjectAltName
:
SubjectAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }
null
if there are none
in the certificate.CertificateParsingException
- if decoding of the extension fails.public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException
IssuerAltName
extension.
The ASN.1 definition of IssuerAltName
:
IssuerAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }
null
if there are none in
the certificate.CertificateParsingException
- if decoding of the extension fails.