IT. Expert System.

All Implemented Interfaces:

Serializable, X509Extension

public final class X509CertImpl
extends X509Certificate

See Also:

Certificate, X509Certificate, Serialized Form

• Nested Class Summary

  • Nested classes/interfaces inherited from class java.security.cert.Certificate

    Certificate.CertificateRep

• Constructor Summary

  Constructors

  Constructor and Description
  X509CertImpl(byte[] encoding) Constructs the instance on the base of ASN.1 encoded form of X.509 certificate provided via array of bytes.
  X509CertImpl(Certificate certificate) Constructs the instance on the base of existing Certificate object to be wrapped.
  X509CertImpl(InputStream in) Constructs the instance on the base of ASN.1 encoded form of X.509 certificate provided via stream parameter.

• Method Summary

  Methods

  Modifier and Type	Method and Description
  void	checkValidity() Checks whether the certificate is currently valid.
  void	checkValidity(Date date) Checks whether the certificate is valid at the specified date.
  int	getBasicConstraints() Returns the path length of the certificate constraints from the BasicContraints extension.
  Set<String>	getCriticalExtensionOIDs() Returns the set of OIDs of the extension(s) marked as CRITICAL, that this implementation manages.
  byte[]	getEncoded() Returns the encoded representation for this certificate.
  List<String>	getExtendedKeyUsage() Returns a read-only list of OID strings representing the ExtKeyUsageSyntax field of the extended key usage extension.
  byte[]	getExtensionValue(String oid) Returns the extension value as DER-encoded OCTET string for the specified OID.
  Collection<List<?>>	getIssuerAlternativeNames() Returns a read-only list of the issuer alternative names from the IssuerAltName extension.
  Principal	getIssuerDN() Returns the issuer (issuer distinguished name) as an implementation specific Principal object.
  boolean[]	getIssuerUniqueID() Returns the issuerUniqueID from the certificate.
  X500Principal	getIssuerX500Principal() Returns the issuer (issuer distinguished name) as an X500Principal.
  boolean[]	getKeyUsage() Returns the KeyUsage extension as a boolean array.
  Set<String>	getNonCriticalExtensionOIDs() Returns the set of OIDs of the extension(s) marked as NON-CRITICAL, that this implementation manages.
  Date	getNotAfter() Returns the notAfter date of the validity period of the certificate.
  Date	getNotBefore() Returns the notBefore date from the validity period of the certificate.
  PublicKey	getPublicKey() Returns the public key corresponding to this certificate.
  BigInteger	getSerialNumber() Returns the serialNumber of the certificate.
  String	getSigAlgName() Returns the name of the algorithm for the certificate signature.
  String	getSigAlgOID() Returns the OID of the signature algorithm from the certificate.
  byte[]	getSigAlgParams() Returns the parameters of the signature algorithm in DER-encoded format.
  byte[]	getSignature() Returns the raw signature bits from the certificate.
  Collection<List<?>>	getSubjectAlternativeNames() Returns a read-only list of the subject alternative names from the SubjectAltName extension.
  Principal	getSubjectDN() Returns the subject (subject distinguished name) as an implementation specific Principal object.
  boolean[]	getSubjectUniqueID() Returns the subjectUniqueID from the certificate.
  X500Principal	getSubjectX500Principal() Returns the subject (subject distinguished name) as an X500Principal.
  byte[]	getTBSCertificate() Returns the tbsCertificate information from this certificate in DER-encoded format.
  int	getVersion() Returns the certificates version (version number).
  boolean	hasUnsupportedCriticalExtension() Returns whether this instance has an extension marked as CRITICAL that it cannot support.
  String	toString() Returns a string containing a concise, human-readable description of the certificate.
  void	verify(PublicKey key) Verifies that this certificate was signed with the given public key.
  void	verify(PublicKey key, String sigProvider) Verifies that this certificate was signed with the given public key.

  • Methods inherited from class java.security.cert.Certificate

    equals, getType, hashCode, writeReplace

  • Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, wait, wait, wait

• Constructor Detail

  • X509CertImpl

    public X509CertImpl(InputStream in)
                 throws CertificateException

    Constructs the instance on the base of ASN.1 encoded form of X.509 certificate provided via stream parameter.

    Parameters:

    in - input stream containing ASN.1 encoded form of certificate.

    Throws:

    CertificateException - if some decoding problems occur.

  • X509CertImpl

    public X509CertImpl(Certificate certificate)

    Constructs the instance on the base of existing Certificate object to be wrapped.

  • X509CertImpl

    public X509CertImpl(byte[] encoding)
                 throws IOException

    Constructs the instance on the base of ASN.1 encoded form of X.509 certificate provided via array of bytes.

    Parameters:

    encoding - byte array containing ASN.1 encoded form of certificate.

    Throws:

    IOException - if some decoding problems occur.

• Method Detail

  • checkValidity

    public void checkValidity()
                       throws CertificateExpiredException,
                              CertificateNotYetValidException

    Description copied from class: X509Certificate
    Checks whether the certificate is currently valid.

    The validity defined in ASN.1:

     validity             Validity
    
     Validity ::= SEQUENCE {
          notBefore       CertificateValidityDate,
          notAfter        CertificateValidityDate }
    
     CertificateValidityDate ::= CHOICE {
          utcTime         UTCTime,
          generalTime     GeneralizedTime }
     

    Specified by:

    checkValidity in class X509Certificate

    Throws:

    CertificateExpiredException - if the certificate has expired.

    CertificateNotYetValidException - if the certificate is not yet valid.

  • checkValidity

    public void checkValidity(Date date)
                       throws CertificateExpiredException,
                              CertificateNotYetValidException

    Description copied from class: X509Certificate
    Checks whether the certificate is valid at the specified date.

    Specified by:

    checkValidity in class X509Certificate

    Parameters:

    date - the date to check the validity against.

    Throws:

    CertificateExpiredException - if the certificate has expired.

    CertificateNotYetValidException - if the certificate is not yet valid.

    See Also:

    X509Certificate.checkValidity()

  • getVersion

    public int getVersion()

    Description copied from class: X509Certificate
    Returns the certificates version (version number).

    The version defined is ASN.1:

     Version ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
     

    Specified by:

    getVersion in class X509Certificate

    Returns:

    the version number.

  • getSerialNumber

    public BigInteger getSerialNumber()

    Description copied from class: X509Certificate
    Returns the serialNumber of the certificate.

    The ASN.1 definition of serialNumber:

     CertificateSerialNumber  ::=  INTEGER
     

    Specified by:

    getSerialNumber in class X509Certificate

    Returns:

    the serial number.

  • getIssuerDN

    public Principal getIssuerDN()

    Description copied from class: X509Certificate
    Returns the issuer (issuer distinguished name) as an implementation specific Principal object.

    The ASN.1 definition of issuer:

      issuer      Name
    
      Name ::= CHOICE {
          RDNSequence }
    
        RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
    
        RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
    
        AttributeTypeAndValue ::= SEQUENCE {
          type     AttributeType,
          value    AttributeValue }
    
        AttributeType ::= OBJECT IDENTIFIER
    
        AttributeValue ::= ANY DEFINED BY AttributeType
     

    replaced by: X509Certificate.getIssuerX500Principal().

    Specified by:

    getIssuerDN in class X509Certificate

    Returns:

    the issuer as an implementation specific Principal.

  • getIssuerX500Principal

    public X500Principal getIssuerX500Principal()

    Description copied from class: X509Certificate
    Returns the issuer (issuer distinguished name) as an X500Principal.

    Overrides:

    getIssuerX500Principal in class X509Certificate

    Returns:

    the issuer (issuer distinguished name).

  • getSubjectDN

    public Principal getSubjectDN()

    Description copied from class: X509Certificate
    Returns the subject (subject distinguished name) as an implementation specific Principal object.

    The ASN.1 definition of subject:

     subject      Name
    
      Name ::= CHOICE {
          RDNSequence }
    
        RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
    
        RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
    
        AttributeTypeAndValue ::= SEQUENCE {
          type     AttributeType,
          value    AttributeValue }
    
        AttributeType ::= OBJECT IDENTIFIER
    
        AttributeValue ::= ANY DEFINED BY AttributeType
     

    replaced by: X509Certificate.getSubjectX500Principal().

    Specified by:

    getSubjectDN in class X509Certificate

    Returns:

    the subject (subject distinguished name).

  • getSubjectX500Principal

    public X500Principal getSubjectX500Principal()

    Description copied from class: X509Certificate
    Returns the subject (subject distinguished name) as an X500Principal.

    Overrides:

    getSubjectX500Principal in class X509Certificate

    Returns:

    the subject (subject distinguished name)

  • getNotBefore

    public Date getNotBefore()

    Description copied from class: X509Certificate
    Returns the notBefore date from the validity period of the certificate.

    Specified by:

    getNotBefore in class X509Certificate

    Returns:

    the start of the validity period.

  • getNotAfter

    public Date getNotAfter()

    Description copied from class: X509Certificate
    Returns the notAfter date of the validity period of the certificate.

    Specified by:

    getNotAfter in class X509Certificate

    Returns:

    the end of the validity period.

  • getTBSCertificate

    public byte[] getTBSCertificate()
                             throws CertificateEncodingException

    Description copied from class: X509Certificate
    Returns the tbsCertificate information from this certificate in DER-encoded format.

    Specified by:

    getTBSCertificate in class X509Certificate

    Returns:

    the DER-encoded certificate information.

    Throws:

    CertificateEncodingException - if an error occurs in encoding

  • getSignature

    public byte[] getSignature()

    Description copied from class: X509Certificate
    Returns the raw signature bits from the certificate.

    Specified by:

    getSignature in class X509Certificate

    Returns:

    the raw signature bits from the certificate.

  • getSigAlgName

    public String getSigAlgName()

    Description copied from class: X509Certificate
    Returns the name of the algorithm for the certificate signature.

    Specified by:

    getSigAlgName in class X509Certificate

    Returns:

    the signature algorithm name.

  • getSigAlgOID

    public String getSigAlgOID()

    Description copied from class: X509Certificate
    Returns the OID of the signature algorithm from the certificate.

    Specified by:

    getSigAlgOID in class X509Certificate

    Returns:

    the OID of the signature algorithm.

  • getSigAlgParams

    public byte[] getSigAlgParams()

    Description copied from class: X509Certificate
    Returns the parameters of the signature algorithm in DER-encoded format.

    Specified by:

    getSigAlgParams in class X509Certificate

    Returns:

    the parameters of the signature algorithm, or null if none are used.

  • getIssuerUniqueID

    public boolean[] getIssuerUniqueID()

    Description copied from class: X509Certificate
    Returns the issuerUniqueID from the certificate.

    Specified by:

    getIssuerUniqueID in class X509Certificate

    Returns:

    the issuerUniqueID or null if there's none in the certificate.

  • getSubjectUniqueID

    public boolean[] getSubjectUniqueID()

    Description copied from class: X509Certificate
    Returns the subjectUniqueID from the certificate.

    Specified by:

    getSubjectUniqueID in class X509Certificate

    Returns:

    the subjectUniqueID or null if there's none in the certificate.

  • getKeyUsage

    public boolean[] getKeyUsage()

    Description copied from class: X509Certificate
    Returns the KeyUsage extension as a boolean array.

    The ASN.1 definition of KeyUsage:

     KeyUsage ::= BIT STRING {
          digitalSignature        (0),
          nonRepudiation          (1),
          keyEncipherment         (2),
          dataEncipherment        (3),
          keyAgreement            (4),
          keyCertSign             (5),
          cRLSign                 (6),
          encipherOnly            (7),
          decipherOnly            (8) }
    
     

    Specified by:

    getKeyUsage in class X509Certificate

    Returns:

    the KeyUsage extension or null if there's none in the certificate.

  • getExtendedKeyUsage

    public List<String> getExtendedKeyUsage()
                                     throws CertificateParsingException

    Description copied from class: X509Certificate
    Returns a read-only list of OID strings representing the ExtKeyUsageSyntax field of the extended key usage extension.

    Overrides:

    getExtendedKeyUsage in class X509Certificate

    Returns:

    the extended key usage extension, or null if there's none in the certificate.

    Throws:

    CertificateParsingException - if the extension decoding fails.

  • getBasicConstraints

    public int getBasicConstraints()

    Description copied from class: X509Certificate
    Returns the path length of the certificate constraints from the BasicContraints extension.

    Specified by:

    getBasicConstraints in class X509Certificate

    Returns:

    the path length of the certificate constraints if the extension is present or -1 if the extension is not present. Integer.MAX_VALUE if there's not limit.

  • getSubjectAlternativeNames

    public Collection<List<?>> getSubjectAlternativeNames()
                                                   throws CertificateParsingException

    Description copied from class: X509Certificate
    Returns a read-only list of the subject alternative names from the SubjectAltName extension.

    The ASN.1 definition of SubjectAltName:

     SubjectAltName ::= GeneralNames
    
     GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
    
     GeneralName ::= CHOICE {
          otherName                       [0]     AnotherName,
          rfc822Name                      [1]     IA5String,
          dNSName                         [2]     IA5String,
          x400Address                     [3]     ORAddress,
          directoryName                   [4]     Name,
          ediPartyName                    [5]     EDIPartyName,
          uniformResourceIdentifier       [6]     IA5String,
          iPAddress                       [7]     OCTET STRING,
          registeredID                    [8]     OBJECT IDENTIFIER }
    
     

    Overrides:

    getSubjectAlternativeNames in class X509Certificate

    Returns:

    the subject alternative names or null if there are none in the certificate.

    Throws:

    CertificateParsingException - if decoding of the extension fails.

  • getIssuerAlternativeNames

    public Collection<List<?>> getIssuerAlternativeNames()
                                                  throws CertificateParsingException

    Description copied from class: X509Certificate
    Returns a read-only list of the issuer alternative names from the IssuerAltName extension.

    The ASN.1 definition of IssuerAltName:

     IssuerAltName ::= GeneralNames
    
     GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
    
     GeneralName ::= CHOICE {
          otherName                       [0]     AnotherName,
          rfc822Name                      [1]     IA5String,
          dNSName                         [2]     IA5String,
          x400Address                     [3]     ORAddress,
          directoryName                   [4]     Name,
          ediPartyName                    [5]     EDIPartyName,
          uniformResourceIdentifier       [6]     IA5String,
          iPAddress                       [7]     OCTET STRING,
          registeredID                    [8]     OBJECT IDENTIFIER }
    
     

    Overrides:

    getIssuerAlternativeNames in class X509Certificate

    Returns:

    the issuer alternative names of null if there are none in the certificate.

    Throws:

    CertificateParsingException - if decoding of the extension fails.

    See Also:

    method documentation for more information.

  • getEncoded

    public byte[] getEncoded()
                      throws CertificateEncodingException

    Description copied from class: Certificate
    Returns the encoded representation for this certificate.

    Specified by:

    getEncoded in class Certificate

    Returns:

    the encoded representation for this certificate.

    Throws:

    CertificateEncodingException - if the encoding fails.

  • getPublicKey

    public PublicKey getPublicKey()

    Description copied from class: Certificate
    Returns the public key corresponding to this certificate.

    Specified by:

    getPublicKey in class Certificate

    Returns:

    the public key corresponding to this certificate.

  • toString

    public String toString()

    Description copied from class: Certificate
    Returns a string containing a concise, human-readable description of the certificate.

    Specified by:

    toString in class Certificate

    Returns:

    a printable representation for the certificate.

  • verify

    public void verify(PublicKey key)
                throws CertificateException,
                       NoSuchAlgorithmException,
                       InvalidKeyException,
                       NoSuchProviderException,
                       SignatureException

    Description copied from class: Certificate
    Verifies that this certificate was signed with the given public key.

    Specified by:

    verify in class Certificate

    Parameters:

    key - PublicKey public key for which verification should be performed.

    Throws:

    CertificateException - if encoding errors are detected.

    NoSuchAlgorithmException - if an unsupported algorithm is detected.

    InvalidKeyException - if an invalid key is detected.

    NoSuchProviderException - if there is no default provider.

    SignatureException - if signature errors are detected.

  • verify

    public void verify(PublicKey key,
              String sigProvider)
                throws CertificateException,
                       NoSuchAlgorithmException,
                       InvalidKeyException,
                       NoSuchProviderException,
                       SignatureException

    Description copied from class: Certificate
    Verifies that this certificate was signed with the given public key. It Uses the signature algorithm given by the provider.

    Specified by:

    verify in class Certificate

    Parameters:

    key - PublicKey public key for which verification should be performed.

    sigProvider - String the name of the signature provider.

    Throws:

    CertificateException - if encoding errors are detected.

    NoSuchAlgorithmException - if an unsupported algorithm is detected.

    InvalidKeyException - if an invalid key is detected.

    NoSuchProviderException - if the specified provider does not exists.

    SignatureException - if signature errors are detected.

  • getNonCriticalExtensionOIDs

    public Set<String> getNonCriticalExtensionOIDs()

    Description copied from interface: X509Extension
    Returns the set of OIDs of the extension(s) marked as NON-CRITICAL, that this implementation manages.

    Returns:

    the set of extension OIDs marked as NON-CRITIAL, an empty set if none are marked as NON-.CRITICAL, or null if no extensions are present.

  • getCriticalExtensionOIDs

    public Set<String> getCriticalExtensionOIDs()

    Description copied from interface: X509Extension
    Returns the set of OIDs of the extension(s) marked as CRITICAL, that this implementation manages.

    Returns:

    the set of extension OIDs marked as CRITIAL, an empty set if none are marked as CRITICAL, or null if no extensions are present.

  • getExtensionValue

    public byte[] getExtensionValue(String oid)

    Description copied from interface: X509Extension
    Returns the extension value as DER-encoded OCTET string for the specified OID.

    Parameters:

    oid - the object identifier to get the extension value for.

    Returns:

    the extension value as DER-encoded OCTET string, or null if no extension for the specified OID can be found.

  • hasUnsupportedCriticalExtension

    public boolean hasUnsupportedCriticalExtension()

    Description copied from interface: X509Extension
    Returns whether this instance has an extension marked as CRITICAL that it cannot support.

    Returns:

    true if an unsupported CRITICAL extension is present, false otherwise.