IT. Expert System.

Android Reference

X509Certificate

java.security.cert

Class X509Certificate

java.lang.Object
- java.security.cert.Certificate
- - java.security.cert.X509Certificate

All Implemented Interfaces:: Serializable, X509Extension

Direct Known Subclasses:: TestCertUtils.TestX509Certificate, X509CertImpl

public abstract class X509Certificate
extends Certificate
implements X509Extension

Abstract base class for X.509 certificates.

This represents a standard way for accessing the attributes of X.509 certificates.

The basic X.509 v3 format described in ASN.1:

 Certificate  ::=  SEQUENCE  {
     tbsCertificate       TBSCertificate,
     signatureAlgorithm   AlgorithmIdentifier,
     signature            BIT STRING  }

 TBSCertificate  ::=  SEQUENCE  {
      version         [0]  EXPLICIT Version DEFAULT v1,
      serialNumber         CertificateSerialNumber,
      signature            AlgorithmIdentifier,
      issuer               Name,
      validity             Validity,
      subject              Name,
      subjectPublicKeyInfo SubjectPublicKeyInfo,
      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                           -- If present, version must be v2 or v3
      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                           -- If present, version must be v2 or v3
      extensions      [3]  EXPLICIT Extensions OPTIONAL
                           -- If present, version must be v3
      }

For more information consult RFC 2459 "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt .

See Also:: Serialized Form

Nested Class Summary
- Nested classes/interfaces inherited from class java.security.cert.Certificate
  Certificate.CertificateRep

Constructor Summary

Constructors
Modifier Constructor and Description

protected X509Certificate()
Creates a new X509Certificate.

Constructors
Modifier	Constructor and Description
`protected`	`X509Certificate()` Creates a new `X509Certificate`.

Method Summary

Methods
Modifier and Type	Method and Description
`abstract void`	`checkValidity()` Checks whether the certificate is currently valid.
`abstract void`	`checkValidity(Date date)` Checks whether the certificate is valid at the specified date.
`abstract int`	`getBasicConstraints()` Returns the path length of the certificate constraints from the `BasicContraints` extension.
`List<String>`	`getExtendedKeyUsage()` Returns a read-only list of OID strings representing the `ExtKeyUsageSyntax` field of the extended key usage extension.
`Collection<List<?>>`	`getIssuerAlternativeNames()` Returns a read-only list of the issuer alternative names from the `IssuerAltName` extension.
`abstract Principal`	`getIssuerDN()` Returns the `issuer` (issuer distinguished name) as an implementation specific `Principal` object.
`abstract boolean[]`	`getIssuerUniqueID()` Returns the `issuerUniqueID` from the certificate.
`X500Principal`	`getIssuerX500Principal()` Returns the `issuer` (issuer distinguished name) as an `X500Principal`.
`abstract boolean[]`	`getKeyUsage()` Returns the `KeyUsage` extension as a `boolean` array.
`abstract Date`	`getNotAfter()` Returns the `notAfter` date of the validity period of the certificate.
`abstract Date`	`getNotBefore()` Returns the `notBefore` date from the validity period of the certificate.
`abstract BigInteger`	`getSerialNumber()` Returns the `serialNumber` of the certificate.
`abstract String`	`getSigAlgName()` Returns the name of the algorithm for the certificate signature.
`abstract String`	`getSigAlgOID()` Returns the OID of the signature algorithm from the certificate.
`abstract byte[]`	`getSigAlgParams()` Returns the parameters of the signature algorithm in DER-encoded format.
`abstract byte[]`	`getSignature()` Returns the raw signature bits from the certificate.
`Collection<List<?>>`	`getSubjectAlternativeNames()` Returns a read-only list of the subject alternative names from the `SubjectAltName` extension.
`abstract Principal`	`getSubjectDN()` Returns the `subject` (subject distinguished name) as an implementation specific `Principal` object.
`abstract boolean[]`	`getSubjectUniqueID()` Returns the `subjectUniqueID` from the certificate.
`X500Principal`	`getSubjectX500Principal()` Returns the `subject` (subject distinguished name) as an `X500Principal`.
`abstract byte[]`	`getTBSCertificate()` Returns the `tbsCertificate` information from this certificate in DER-encoded format.
`abstract int`	`getVersion()` Returns the certificates `version` (version number).

Methods inherited from class java.security.cert.Certificate
equals, getEncoded, getPublicKey, getType, hashCode, toString, verify, verify, writeReplace

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.cert.X509Extension
getCriticalExtensionOIDs, getExtensionValue, getNonCriticalExtensionOIDs, hasUnsupportedCriticalExtension

Constructor Detail
- X509Certificate
```
protected X509Certificate()
```
  Creates a new X509Certificate.

Method Detail

checkValidity

public abstract void checkValidity()
                            throws CertificateExpiredException,
                                   CertificateNotYetValidException

Checks whether the certificate is currently valid.

The validity defined in ASN.1:

 validity             Validity

 Validity ::= SEQUENCE {
      notBefore       CertificateValidityDate,
      notAfter        CertificateValidityDate }

 CertificateValidityDate ::= CHOICE {
      utcTime         UTCTime,
      generalTime     GeneralizedTime }

Throws:: CertificateExpiredException - if the certificate has expired.; CertificateNotYetValidException - if the certificate is not yet valid.

checkValidity
```
public abstract void checkValidity(Date date)
                            throws CertificateExpiredException,
                                   CertificateNotYetValidException
```
Checks whether the certificate is valid at the specified date.

Parameters:
date - the date to check the validity against.

Throws:

CertificateExpiredException - if the certificate has expired.

CertificateNotYetValidException - if the certificate is not yet valid.
See Also:
checkValidity()

getVersion
```
public abstract int getVersion()
```
Returns the certificates version (version number).
The version defined is ASN.1:
```
 Version ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
 
```
Returns:
the version number.

getSerialNumber
```
public abstract BigInteger getSerialNumber()
```
Returns the serialNumber of the certificate.
The ASN.1 definition of serialNumber:
```
 CertificateSerialNumber  ::=  INTEGER
 
```
Returns:
the serial number.

getIssuerDN

public abstract Principal getIssuerDN()

Returns the issuer (issuer distinguished name) as an implementation specific Principal object.

The ASN.1 definition of issuer:

  issuer      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType

replaced by: getIssuerX500Principal().

Returns:: the issuer as an implementation specific Principal.

getIssuerX500Principal
```
public X500Principal getIssuerX500Principal()
```
Returns the issuer (issuer distinguished name) as an X500Principal.

Returns:
the issuer (issuer distinguished name).

getSubjectDN

public abstract Principal getSubjectDN()

Returns the subject (subject distinguished name) as an implementation specific Principal object.

The ASN.1 definition of subject:

 subject      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType

replaced by: getSubjectX500Principal().

Returns:: the subject (subject distinguished name).

getSubjectX500Principal
```
public X500Principal getSubjectX500Principal()
```
Returns the subject (subject distinguished name) as an X500Principal.

Returns:
the subject (subject distinguished name)

getNotBefore
```
public abstract Date getNotBefore()
```
Returns the notBefore date from the validity period of the certificate.

Returns:
the start of the validity period.

getNotAfter
```
public abstract Date getNotAfter()
```
Returns the notAfter date of the validity period of the certificate.

Returns:
the end of the validity period.

getTBSCertificate
```
public abstract byte[] getTBSCertificate()
                                  throws CertificateEncodingException
```
Returns the tbsCertificate information from this certificate in DER-encoded format.

Returns:
the DER-encoded certificate information.

Throws:

CertificateEncodingException - if an error occurs in encoding

getSignature
```
public abstract byte[] getSignature()
```
Returns the raw signature bits from the certificate.

Returns:
the raw signature bits from the certificate.

getSigAlgName
```
public abstract String getSigAlgName()
```
Returns the name of the algorithm for the certificate signature.

Returns:
the signature algorithm name.

getSigAlgOID
```
public abstract String getSigAlgOID()
```
Returns the OID of the signature algorithm from the certificate.

Returns:
the OID of the signature algorithm.

getSigAlgParams
```
public abstract byte[] getSigAlgParams()
```
Returns the parameters of the signature algorithm in DER-encoded format.

Returns:
the parameters of the signature algorithm, or null if none are used.

getIssuerUniqueID
```
public abstract boolean[] getIssuerUniqueID()
```
Returns the issuerUniqueID from the certificate.

Returns:
the issuerUniqueID or null if there's none in the certificate.

getSubjectUniqueID
```
public abstract boolean[] getSubjectUniqueID()
```
Returns the subjectUniqueID from the certificate.

Returns:
the subjectUniqueID or null if there's none in the certificate.

getKeyUsage

public abstract boolean[] getKeyUsage()

Returns the KeyUsage extension as a boolean array.

The ASN.1 definition of KeyUsage:

 KeyUsage ::= BIT STRING {
      digitalSignature        (0),
      nonRepudiation          (1),
      keyEncipherment         (2),
      dataEncipherment        (3),
      keyAgreement            (4),
      keyCertSign             (5),
      cRLSign                 (6),
      encipherOnly            (7),
      decipherOnly            (8) }

Returns:: the KeyUsage extension or null if there's none in the certificate.

getExtendedKeyUsage
```
public List<String> getExtendedKeyUsage()
                                 throws CertificateParsingException
```
Returns a read-only list of OID strings representing the ExtKeyUsageSyntax field of the extended key usage extension.

Returns:
the extended key usage extension, or null if there's none in the certificate.

Throws:

CertificateParsingException - if the extension decoding fails.

getBasicConstraints
```
public abstract int getBasicConstraints()
```
Returns the path length of the certificate constraints from the BasicContraints extension.

Returns:
the path length of the certificate constraints if the extension is present or -1 if the extension is not present. Integer.MAX_VALUE if there's not limit.

getSubjectAlternativeNames

public Collection<List<?>> getSubjectAlternativeNames()
                                               throws CertificateParsingException

Returns a read-only list of the subject alternative names from the SubjectAltName extension.

The ASN.1 definition of SubjectAltName:

 SubjectAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }

Returns:: the subject alternative names or null if there are none in the certificate.
Throws:: CertificateParsingException - if decoding of the extension fails.

getIssuerAlternativeNames

public Collection<List<?>> getIssuerAlternativeNames()
                                              throws CertificateParsingException

Returns a read-only list of the issuer alternative names from the IssuerAltName extension.

The ASN.1 definition of IssuerAltName:

 IssuerAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }

Returns:: the issuer alternative names of null if there are none in the certificate.
Throws:: CertificateParsingException - if decoding of the extension fails.

Content

Android Reference

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Java basics

Java Enterprise Edition (EE)

Java Standard Edition (SE)

SQL

HTML

PHP

CSS

Java Script

MYSQL

JQUERY

VBS

REGEX

C

C++

C#

Design patterns

RFC (standard status)

RFC (proposed standard status)

RFC (draft standard status)

RFC (informational status)

RFC (experimental status)

RFC (best current practice status)

RFC (historic status)

RFC (unknown status)

IT dictionary

License.

All information of this service is derived from the free sources and is provided solely in the form of quotations. This service provides information and interfaces solely for the familiarization (not ownership) and under the "as is" condition.

IT. Expert System.

Android Reference

X509Certificate

Class X509Certificate

Nested Class Summary

Nested classes/interfaces inherited from class java.security.cert.Certificate

Constructor Summary

Method Summary

Methods inherited from class java.security.cert.Certificate

Methods inherited from class java.lang.Object

Methods inherited from interface java.security.cert.X509Extension

Constructor Detail

X509Certificate

Method Detail

checkValidity

checkValidity

getVersion

getSerialNumber

getIssuerDN

getIssuerX500Principal

getSubjectDN

getSubjectX500Principal

getNotBefore

getNotAfter

getTBSCertificate

getSignature

getSigAlgName

getSigAlgOID

getSigAlgParams

getIssuerUniqueID

getSubjectUniqueID

getKeyUsage

getExtendedKeyUsage

getBasicConstraints

getSubjectAlternativeNames

getIssuerAlternativeNames

Android Reference

Java basics

Java Enterprise Edition (EE)

Java Standard Edition (SE)

SQL

HTML

PHP

CSS

Java Script

MYSQL

JQUERY

VBS

REGEX

C

C++

C#

Design patterns

RFC (standard status)

RFC (proposed standard status)

RFC (draft standard status)

RFC (informational status)

RFC (experimental status)

RFC (best current practice status)

RFC (historic status)

RFC (unknown status)

IT dictionary