public final class X509CertImpl extends X509Certificate
Certificate
,
X509Certificate
,
Serialized FormCertificate.CertificateRep
Constructor and Description |
---|
X509CertImpl(byte[] encoding)
Constructs the instance on the base of ASN.1 encoded
form of X.509 certificate provided via array of bytes.
|
X509CertImpl(Certificate certificate)
Constructs the instance on the base of existing Certificate object to
be wrapped.
|
X509CertImpl(InputStream in)
Constructs the instance on the base of ASN.1 encoded
form of X.509 certificate provided via stream parameter.
|
Modifier and Type | Method and Description |
---|---|
void |
checkValidity()
Checks whether the certificate is currently valid.
|
void |
checkValidity(Date date)
Checks whether the certificate is valid at the specified date.
|
int |
getBasicConstraints()
Returns the path length of the certificate constraints from the
BasicContraints extension. |
Set<String> |
getCriticalExtensionOIDs()
Returns the set of OIDs of the extension(s) marked as CRITICAL, that this
implementation manages.
|
byte[] |
getEncoded()
Returns the encoded representation for this certificate.
|
List<String> |
getExtendedKeyUsage()
Returns a read-only list of OID strings representing the
ExtKeyUsageSyntax field of the extended key usage extension. |
byte[] |
getExtensionValue(String oid)
Returns the extension value as DER-encoded OCTET string for the specified
OID.
|
Collection<List<?>> |
getIssuerAlternativeNames()
Returns a read-only list of the issuer alternative names from the
IssuerAltName extension. |
Principal |
getIssuerDN()
Returns the
issuer (issuer distinguished name) as an
implementation specific Principal object. |
boolean[] |
getIssuerUniqueID()
Returns the
issuerUniqueID from the certificate. |
X500Principal |
getIssuerX500Principal()
Returns the
issuer (issuer distinguished name) as an X500Principal . |
boolean[] |
getKeyUsage()
Returns the
KeyUsage extension as a boolean array. |
Set<String> |
getNonCriticalExtensionOIDs()
Returns the set of OIDs of the extension(s) marked as NON-CRITICAL, that
this implementation manages.
|
Date |
getNotAfter()
Returns the
notAfter date of the validity period of the
certificate. |
Date |
getNotBefore()
Returns the
notBefore date from the validity period of the
certificate. |
PublicKey |
getPublicKey()
Returns the public key corresponding to this certificate.
|
BigInteger |
getSerialNumber()
Returns the
serialNumber of the certificate. |
String |
getSigAlgName()
Returns the name of the algorithm for the certificate signature.
|
String |
getSigAlgOID()
Returns the OID of the signature algorithm from the certificate.
|
byte[] |
getSigAlgParams()
Returns the parameters of the signature algorithm in DER-encoded format.
|
byte[] |
getSignature()
Returns the raw signature bits from the certificate.
|
Collection<List<?>> |
getSubjectAlternativeNames()
Returns a read-only list of the subject alternative names from the
SubjectAltName extension. |
Principal |
getSubjectDN()
Returns the
subject (subject distinguished name) as an
implementation specific Principal object. |
boolean[] |
getSubjectUniqueID()
Returns the
subjectUniqueID from the certificate. |
X500Principal |
getSubjectX500Principal()
Returns the
subject (subject distinguished name) as an X500Principal . |
byte[] |
getTBSCertificate()
Returns the
tbsCertificate information from this certificate in
DER-encoded format. |
int |
getVersion()
Returns the certificates
version (version number). |
boolean |
hasUnsupportedCriticalExtension()
Returns whether this instance has an extension marked as CRITICAL that it
cannot support.
|
String |
toString()
Returns a string containing a concise, human-readable description of the
certificate.
|
void |
verify(PublicKey key)
Verifies that this certificate was signed with the given public key.
|
void |
verify(PublicKey key,
String sigProvider)
Verifies that this certificate was signed with the given public key.
|
equals, getType, hashCode, writeReplace
public X509CertImpl(InputStream in) throws CertificateException
in
- input stream containing ASN.1 encoded form of certificate.CertificateException
- if some decoding problems occur.public X509CertImpl(Certificate certificate)
public X509CertImpl(byte[] encoding) throws IOException
encoding
- byte array containing ASN.1 encoded form of certificate.IOException
- if some decoding problems occur.public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException
X509Certificate
The validity defined in ASN.1:
validity Validity Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate } CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
checkValidity
in class X509Certificate
CertificateExpiredException
- if the certificate has expired.CertificateNotYetValidException
- if the certificate is not yet valid.public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException
X509Certificate
checkValidity
in class X509Certificate
date
- the date to check the validity against.CertificateExpiredException
- if the certificate has expired.CertificateNotYetValidException
- if the certificate is not yet valid.X509Certificate.checkValidity()
public int getVersion()
X509Certificate
version
(version number).
The version defined is ASN.1:
Version ::= INTEGER { v1(0), v2(1), v3(2) }
getVersion
in class X509Certificate
public BigInteger getSerialNumber()
X509Certificate
serialNumber
of the certificate.
The ASN.1 definition of serialNumber
:
CertificateSerialNumber ::= INTEGER
getSerialNumber
in class X509Certificate
public Principal getIssuerDN()
X509Certificate
issuer
(issuer distinguished name) as an
implementation specific Principal
object.
The ASN.1 definition of issuer
:
issuer Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeTypereplaced by:
X509Certificate.getIssuerX500Principal()
.getIssuerDN
in class X509Certificate
issuer
as an implementation specific Principal
.public X500Principal getIssuerX500Principal()
X509Certificate
issuer
(issuer distinguished name) as an X500Principal
.getIssuerX500Principal
in class X509Certificate
issuer
(issuer distinguished name).public Principal getSubjectDN()
X509Certificate
subject
(subject distinguished name) as an
implementation specific Principal
object.
The ASN.1 definition of subject
:
subject Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType
replaced by: X509Certificate.getSubjectX500Principal()
.
getSubjectDN
in class X509Certificate
subject
(subject distinguished name).public X500Principal getSubjectX500Principal()
X509Certificate
subject
(subject distinguished name) as an X500Principal
.getSubjectX500Principal
in class X509Certificate
subject
(subject distinguished name)public Date getNotBefore()
X509Certificate
notBefore
date from the validity period of the
certificate.getNotBefore
in class X509Certificate
public Date getNotAfter()
X509Certificate
notAfter
date of the validity period of the
certificate.getNotAfter
in class X509Certificate
public byte[] getTBSCertificate() throws CertificateEncodingException
X509Certificate
tbsCertificate
information from this certificate in
DER-encoded format.getTBSCertificate
in class X509Certificate
CertificateEncodingException
- if an error occurs in encodingpublic byte[] getSignature()
X509Certificate
getSignature
in class X509Certificate
public String getSigAlgName()
X509Certificate
getSigAlgName
in class X509Certificate
public String getSigAlgOID()
X509Certificate
getSigAlgOID
in class X509Certificate
public byte[] getSigAlgParams()
X509Certificate
getSigAlgParams
in class X509Certificate
null
if
none are used.public boolean[] getIssuerUniqueID()
X509Certificate
issuerUniqueID
from the certificate.getIssuerUniqueID
in class X509Certificate
issuerUniqueID
or null
if there's none in the
certificate.public boolean[] getSubjectUniqueID()
X509Certificate
subjectUniqueID
from the certificate.getSubjectUniqueID
in class X509Certificate
subjectUniqueID
or null if there's none in the
certificate.public boolean[] getKeyUsage()
X509Certificate
KeyUsage
extension as a boolean
array.
The ASN.1 definition of KeyUsage
:
KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
getKeyUsage
in class X509Certificate
KeyUsage
extension or null
if there's none in
the certificate.public List<String> getExtendedKeyUsage() throws CertificateParsingException
X509Certificate
ExtKeyUsageSyntax
field of the extended key usage extension.getExtendedKeyUsage
in class X509Certificate
null
if there's none
in the certificate.CertificateParsingException
- if the extension decoding fails.public int getBasicConstraints()
X509Certificate
BasicContraints
extension.getBasicConstraints
in class X509Certificate
-1
if the extension is not present. Integer.MAX_VALUE
if there's not limit.public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException
X509Certificate
SubjectAltName
extension.
The ASN.1 definition of SubjectAltName
:
SubjectAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }
getSubjectAlternativeNames
in class X509Certificate
null
if there are none
in the certificate.CertificateParsingException
- if decoding of the extension fails.public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException
X509Certificate
IssuerAltName
extension.
The ASN.1 definition of IssuerAltName
:
IssuerAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }
getIssuerAlternativeNames
in class X509Certificate
null
if there are none in
the certificate.CertificateParsingException
- if decoding of the extension fails.method documentation for more information.
public byte[] getEncoded() throws CertificateEncodingException
Certificate
getEncoded
in class Certificate
CertificateEncodingException
- if the encoding fails.public PublicKey getPublicKey()
Certificate
getPublicKey
in class Certificate
public String toString()
Certificate
toString
in class Certificate
public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
Certificate
verify
in class Certificate
key
- PublicKey public key for which verification should be
performed.CertificateException
- if encoding errors are detected.NoSuchAlgorithmException
- if an unsupported algorithm is detected.InvalidKeyException
- if an invalid key is detected.NoSuchProviderException
- if there is no default provider.SignatureException
- if signature errors are detected.public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
Certificate
verify
in class Certificate
key
- PublicKey public key for which verification should be
performed.sigProvider
- String the name of the signature provider.CertificateException
- if encoding errors are detected.NoSuchAlgorithmException
- if an unsupported algorithm is detected.InvalidKeyException
- if an invalid key is detected.NoSuchProviderException
- if the specified provider does not exists.SignatureException
- if signature errors are detected.public Set<String> getNonCriticalExtensionOIDs()
X509Extension
null
if no
extensions are present.public Set<String> getCriticalExtensionOIDs()
X509Extension
null
if no extensions are
present.public byte[] getExtensionValue(String oid)
X509Extension
oid
- the object identifier to get the extension value for.null
if no extension for the specified OID can be found.public boolean hasUnsupportedCriticalExtension()
X509Extension
true
if an unsupported CRITICAL extension is present,
false
otherwise.