Skip navigation links

Oracle Security Developer Tools Security Engine Java API Reference
11g (11.1.1)

E10674-02


oracle.security.crypto.cert
Class X509

java.lang.Object
  extended by oracle.security.crypto.cert.Certificate
      extended by oracle.security.crypto.cert.X509

All Implemented Interfaces:
java.io.Externalizable, java.io.Serializable, oracle.security.crypto.asn1.ASN1Object, oracle.security.crypto.util.Streamable

public class X509
extends Certificate
implements oracle.security.crypto.asn1.ASN1Object

This class encapsulates X.509 Version 3 certificates.

Both RSA and DSA certificates are supported. This class provides the methods for reading and writing X509 Version 1 fields of the certificate.

Any X509 v3 extension can be handled through X509Extension. A subset of the standard extensions defined in RFC 2459 are conveniently implemented as subclasses of X509Extension, in the oracle.security.crypto.cert.ext package.

See Also:
X509Extension, X509ExtensionSet, Serialized Form

Field Summary
protected  boolean isDecoded
           

 

Fields inherited from class oracle.security.crypto.cert.Certificate
holder, key

 

Constructor Summary
X509()
          Creates a new empty instance.
X509(byte[] data)
          Constructs an X.509 certificate from the given DER encoding.
X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)
          Construct new, signed certificate using the given PKCS #10 certificate request.
X509(java.io.File file)
          Construct from the specified file.
X509(java.io.InputStream is)
          Construct from the specified input stream.
X509(java.net.URL url)
          Construct from the specified URL.
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter)
          Creates a new, signed certificate with the given name and public key, having the given validity dates.
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)
          Creates a new, signed certificate with the given name and public key.
X509(X500Name subject, SPKAC spkac, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)
          Creates a new, signed certificate using the given SPKAC object.

 

Method Summary
 void addExtension(X509Extension ext)
          Add an extension.
protected  void decode()
           
 boolean equals(java.lang.Object o)
          Compare this certificate to the specified object.
 byte[] getCertID(oracle.security.crypto.core.MessageDigest md)
          Compute the ID of this certificate.
static byte[] getCertID(X500Name issuer, java.math.BigInteger serial, oracle.security.crypto.core.MessageDigest md)
          Compute the ID of a certificate.
 byte[] getEncoded()
          Returns the ASN.1 encoding.
 X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid)
          Return the first extension with the specified ID, or null if it was not present.
 X509ExtensionSet getExtensionSet()
          Returns the set of X509Extensions.
 byte[] getFingerprint()
          Compute and return MD5 fingerprint of the certificate.
 Entity getHolder()
          Get the holder of the certificate.
 X500Name getIssuer()
          Returns the name of the issuer.
 java.util.Date getNotAfterDate()
          Get the not after date.
 java.util.Date getNotBeforeDate()
          Get the not before date.
 oracle.security.crypto.core.PublicKey getPublicKey()
          Gets the public key.
 java.math.BigInteger getSerialNo()
          Get the serial number.
 oracle.security.crypto.asn1.ASN1ObjectID getSigAlgOID()
          Get the signature algorithm OID used for signing this certificate.
 java.lang.String getSigAlgString()
          Get the string representation of the signature algorithm used to sign this certificate.
 byte[] getSigBytes()
          Returns the signature bytes, signing the certificate first if needed.
 X500Name getSubject()
          Returns the name of the subject of this certificate (same as getHolder, except the return type is X500Name).
 int hashCode()
           
 boolean hasUnrecognizedCriticalExtension()
          Indicates whether this certificate contains an unrecognized critical extesion.
 void input(java.io.InputStream is)
           
 int length()
          Returns length of DER encoding of this certificate.
 void output(java.io.OutputStream os)
          Output to the specified output stream.
 void readExternal(java.io.ObjectInput is)
           
 void setExtensions(X509ExtensionSet exts)
          Set the X509Extensionss.
 void setHolder(X500Name holder)
          Set the holder of the certificate.
 void setIssuer(X500Name issuer)
          Sets the issuer name which will be used to sign this certificate.
 void setIssuerCertificate(X509 ic)
          Specifies the issuer certificate that will be used to verify this certificate.
 void setIssuerCRL(CRL crl)
          Set the issuer CRL.
 void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik)
          Specifies the private key that will be used to sign this certificate.
 void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
           
 void setNotAfterDate(java.util.Date nad)
          Set the not after date.
 void setNotBeforeDate(java.util.Date nbd)
          Set the not before date.
 void setPublicKey(oracle.security.crypto.core.PublicKey key)
          Sets the public key.
 void setSerialNo(java.math.BigInteger sn)
          Set the serial number.
 void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
           
 void setSubject(X500Name subject)
          Sets the name of the subject of this certificate.
 void setValidity(int days)
          Set validity period for the specified number of days.
 void sign()
          Generate the contents of this certificate and sign it.
 void sign(oracle.security.crypto.core.RandomBitsSource rbs)
          Generate the contents of this certificate and sign it.
 java.lang.String toString()
          Returns a verbose humanly readable representation of this certificate.
 boolean verify()
          Verifies this certificate.
 boolean verifyCertCRL()
          Verify certificate against the issuer CRL.
 boolean verifyCertDate()
          Verify the date of the certificate.
 boolean verifyCertSignature()
          Verify the signature of the certificate.
 boolean verifySignature(byte[] docBytes, byte[] sigBytes, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
          Verify a signature made with this certificate's public key.
 void writeExternal(java.io.ObjectOutput os)
           

 

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

 

Field Detail

isDecoded

protected boolean isDecoded

Constructor Detail

X509

public X509()
Creates a new empty instance.

X509

public X509(java.io.InputStream is)
     throws java.io.IOException
Construct from the specified input stream.
Throws:
java.io.IOException

X509

public X509(java.io.File file)
     throws java.io.IOException
Construct from the specified file.
Throws:
java.io.IOException

X509

public X509(java.net.URL url)
     throws java.io.IOException
Construct from the specified URL.
Throws:
java.io.IOException

X509

public X509(byte[] data)
     throws java.io.IOException
Constructs an X.509 certificate from the given DER encoding.
Throws:
java.io.IOException

X509

public X509(CertificateRequest cr,
            X509 issuerCertificate,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws oracle.security.crypto.core.SignatureException
Construct new, signed certificate using the given PKCS #10 certificate request.
Parameters:
cr - the certificate request
issuer - the issuer's certificate
issuerPrivateKey - the issuer's private key
serial - the serial number of the new certificate
days - number of days for which the certificate shall be valid
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            SPKAC spkac,
            X509 issuerCertificate,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws oracle.security.crypto.core.SignatureException
Creates a new, signed certificate using the given SPKAC object.
Parameters:
subject - the subject's name
spkac - the subject's Signed PublicKey And Chanllenge
issuerCertificate - the issuer's certificate
serial - the serial number of the new certificate
days - number of days for which the certificate shall be valid
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            oracle.security.crypto.core.PublicKey subjectKey,
            X500Name issuer,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws oracle.security.crypto.core.SignatureException
Creates a new, signed certificate with the given name and public key.
Parameters:
subject - the subject's name
subjectKey - the subject's public key
issuer - the issuer's certificate
issuerPrivateKey - the issuer's private key
serial - the serial number of the new certificate
days - number of days for which the certificate shall be valid
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            oracle.security.crypto.core.PublicKey subjectKey,
            X500Name issuer,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            java.util.Date notBefore,
            java.util.Date notAfter)
     throws oracle.security.crypto.core.SignatureException
Creates a new, signed certificate with the given name and public key, having the given validity dates.
Parameters:
subject - the subject's name
subjectKey - the subject's public key
issuer - the issuer's certificate
issuerPrivateKey - the issuer's private key
serial - the serial number of the new certificate
notBefore - the first day for which the certificate shall be valid
notAfter - the last day for which the certificate shall be valid
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

Method Detail

decode

protected void decode()

sign

public void sign()
          throws oracle.security.crypto.core.SignatureException
Generate the contents of this certificate and sign it.
Throws:
oracle.security.crypto.core.SignatureException - if there is an error during signing

sign

public void sign(oracle.security.crypto.core.RandomBitsSource rbs)
          throws oracle.security.crypto.core.SignatureException
Generate the contents of this certificate and sign it.
Parameters:
rbs - the random number generator to be used for signing, if needed
Throws:
oracle.security.crypto.core.SignatureException - if there is an error during signing

getSigBytes

public byte[] getSigBytes()
                   throws oracle.security.crypto.core.SignatureException
Returns the signature bytes, signing the certificate first if needed.
Throws:
oracle.security.crypto.core.SignatureException

input

public void input(java.io.InputStream is)
           throws java.io.IOException
Specified by:
input in interface oracle.security.crypto.util.Streamable
Throws:
java.io.IOException

output

public void output(java.io.OutputStream os)
            throws java.io.IOException
Output to the specified output stream.
Specified by:
output in interface oracle.security.crypto.util.Streamable
Throws:
java.io.IOException

length

public int length()
Returns length of DER encoding of this certificate.

Throws a StreamableOutputException if an error occurs while generating the DER encoding.

Specified by:
length in interface oracle.security.crypto.util.Streamable

getEncoded

public byte[] getEncoded()
Returns the ASN.1 encoding.

Throws a StreamableOutputException if an error occurs while generating the encoded bytes.


verify

public boolean verify()
               throws oracle.security.crypto.core.AuthenticationException
Verifies this certificate.

More precisely:

Specified by:
verify in class Certificate
Returns:
true if the certificate is valid, and false otherwise
Throws:
oracle.security.crypto.core.AuthenticationException - If the verification operation could not be performed for some reason (for example, a necessary credential or token has the wrong format)
See Also:
setIssuerCertificate(oracle.security.crypto.cert.X509), setIssuerCRL(oracle.security.crypto.cert.CRL)

verifyCertDate

public boolean verifyCertDate()
Verify the date of the certificate.

verifyCertSignature

public boolean verifyCertSignature()
                            throws oracle.security.crypto.core.AuthenticationException
Verify the signature of the certificate. To use this method, the issuer certificate must be set.
Throws:
oracle.security.crypto.core.AuthenticationException
See Also:
setIssuerCertificate(oracle.security.crypto.cert.X509)

verifyCertCRL

public boolean verifyCertCRL()
Verify certificate against the issuer CRL. To use this method, the issuer CRL must be set.
See Also:
setIssuerCRL(oracle.security.crypto.cert.CRL)

getHolder

public Entity getHolder()
Get the holder of the certificate.
Overrides:
getHolder in class Certificate
Returns:
the holder

setHolder

public void setHolder(X500Name holder)
Set the holder of the certificate.

getPublicKey

public oracle.security.crypto.core.PublicKey getPublicKey()
Gets the public key.
Overrides:
getPublicKey in class Certificate
Returns:
the public key

setPublicKey

public void setPublicKey(oracle.security.crypto.core.PublicKey key)
Sets the public key.

getNotBeforeDate

public java.util.Date getNotBeforeDate()
Get the not before date.

setNotBeforeDate

public void setNotBeforeDate(java.util.Date nbd)
Set the not before date.

getNotAfterDate

public java.util.Date getNotAfterDate()
Get the not after date.

setNotAfterDate

public void setNotAfterDate(java.util.Date nad)
Set the not after date.

setValidity

public void setValidity(int days)
Set validity period for the specified number of days.

getSubject

public X500Name getSubject()
Returns the name of the subject of this certificate (same as getHolder, except the return type is X500Name).

setSubject

public void setSubject(X500Name subject)
Sets the name of the subject of this certificate. Does the same things as setHolder.

getIssuer

public X500Name getIssuer()
Returns the name of the issuer.

setIssuer

public void setIssuer(X500Name issuer)
Sets the issuer name which will be used to sign this certificate.

setIssuerCertificate

public void setIssuerCertificate(X509 ic)
Specifies the issuer certificate that will be used to verify this certificate. This also sets the issuer name if none was previously set.

The certificate specified here will not be part of this certificate's persistent state.

Parameters:
ic - The certificate of the entity which issued this certificate

setIssuerPrivateKey

public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik)
Specifies the private key that will be used to sign this certificate.

The value specified here will not be contained in this certificate's persistent state.

Parameters:
ik - The private key of the entity which is issuing this certificate.

setIssuerPrivateKey

public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik,
                                oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)

setSigAlgID

public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)

setIssuerCRL

public void setIssuerCRL(CRL crl)
Set the issuer CRL.

getSerialNo

public java.math.BigInteger getSerialNo()
Get the serial number.

setSerialNo

public void setSerialNo(java.math.BigInteger sn)
Set the serial number.

hasUnrecognizedCriticalExtension

public boolean hasUnrecognizedCriticalExtension()
Indicates whether this certificate contains an unrecognized critical extesion. If so, the certificate will necessarily be rejected.
Returns:
true if this certificate contains at least one unrecognized critical extension, and false if it has none.

getExtensionSet

public X509ExtensionSet getExtensionSet()
Returns the set of X509Extensions.
Returns:
A X509ExtensionSet, or null if no extensions are defined.

getExtension

public X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid)
Return the first extension with the specified ID, or null if it was not present.

setExtensions

public void setExtensions(X509ExtensionSet exts)
Set the X509Extensionss.

addExtension

public void addExtension(X509Extension ext)
Add an extension.

getFingerprint

public byte[] getFingerprint()
Compute and return MD5 fingerprint of the certificate.

getCertID

public static byte[] getCertID(X500Name issuer,
                               java.math.BigInteger serial,
                               oracle.security.crypto.core.MessageDigest md)
Compute the ID of a certificate. The ID is computed as the hash of the issuer's name and serial number.
Parameters:
issuer - the issuer's name
serial - the serial number
md - the hash function to use

getCertID

public byte[] getCertID(oracle.security.crypto.core.MessageDigest md)
Compute the ID of this certificate. The ID is computed as the hash of the issuer's name and serial number.
Parameters:
md - the hash function to use

getSigAlgOID

public oracle.security.crypto.asn1.ASN1ObjectID getSigAlgOID()
Get the signature algorithm OID used for signing this certificate.

getSigAlgString

public java.lang.String getSigAlgString()
Get the string representation of the signature algorithm used to sign this certificate. Returns one of: "RSA/MD2", "RSA/MD5", "RSA/SHA", "DSA", "DSAold", "DSAold2", or the numeric representation of the OID, if it is not recognized.

verifySignature

public boolean verifySignature(byte[] docBytes,
                               byte[] sigBytes,
                               oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
                        throws oracle.security.crypto.core.AuthenticationException
Verify a signature made with this certificate's public key.
Parameters:
docBytes - The signed document.
sigBytes - The signature.
sigAlgID - The algorithm ID used for the signature.
Throws:
oracle.security.crypto.core.AuthenticationException - if an error ocurrs during verification.

equals

public boolean equals(java.lang.Object o)
Compare this certificate to the specified object. Returns true if and only if the argument is not null and is an X509 object which has the same DER encoding as this object.
Overrides:
equals in class java.lang.Object

hashCode

public int hashCode()
Overrides:
hashCode in class java.lang.Object

toString

public java.lang.String toString()
Returns a verbose humanly readable representation of this certificate. This method is recommended to be used only for debugging.
Overrides:
toString in class java.lang.Object

writeExternal

public void writeExternal(java.io.ObjectOutput os)
                   throws java.io.IOException
Specified by:
writeExternal in interface java.io.Externalizable
Throws:
java.io.IOException

readExternal

public void readExternal(java.io.ObjectInput is)
                  throws java.io.IOException,
                         java.lang.ClassNotFoundException
Specified by:
readExternal in interface java.io.Externalizable
Throws:
java.io.IOException
java.lang.ClassNotFoundException

Skip navigation links

Oracle Security Developer Tools Security Engine Java API Reference
11g (11.1.1)

E10674-02


Copyright © 2005, 2009, Oracle. All rights reserved.