|
Oracle Security Developer Tools Security Engine Java API Reference 10g (10.1.4.0.1) B28175-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.crypto.cert.Certificate
oracle.security.crypto.cert.X509
This class encapsulates X.509 Version 3 certificates.
Both RSA and DSA certificates are supported. This class provides the methods for reading and writing X509 Version 1 fields of the certificate.
Any X509 v3 extension can be handled through X509Extension
. A subset of the standard extensions defined in RFC 2459 are conveniently implemented as subclasses of X509Extension
, in the oracle.security.crypto.cert.extension
package.
X509Attributes
, X509Extension
, X509ExtensionSet
, Serialized FormField Summary | |
protected boolean |
isDecoded |
Fields inherited from class oracle.security.crypto.cert.Certificate |
holder, key |
Constructor Summary | |
X509() |
|
X509(byte[] data) Constructs an X.509 certificate from the given DER encoding. |
|
X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) Construct new, signed certificate using the given PKCS #10 certificate request. |
|
X509(java.io.File file) Construct from the specified file. |
|
X509(java.io.InputStream is) Construct from the specified input stream. |
|
X509(java.net.URL url) Construct from the specified URL. |
|
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter) Creates a new, signed certificate with the given name and public key, having the given validity dates. |
|
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) Creates a new, signed certificate with the given name and public key. |
|
X509(X500Name subject, SPKAC spkac, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) Creates a new, signed certificate using the given SPKAC object. |
Method Summary | |
void |
addExtension(X509Extension ext) Add an extension. |
protected void |
decode() |
boolean |
equals(java.lang.Object o) Compare this certificate to the specified object. |
X509Attributes |
getAttributes() Deprecated. Use getExtensionSet() instead. |
byte[] |
getCertID(oracle.security.crypto.core.MessageDigest md) Compute the ID of this certificate. |
static byte[] |
getCertID(X500Name issuer, java.math.BigInteger serial, oracle.security.crypto.core.MessageDigest md) Compute the ID of a certificate. |
byte[] |
getEncoded() Returns the ASN.1 encoding. |
X509Extension |
getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid) Return the first extension with the specified ID, or null if it was not present. |
java.util.Vector |
getExtensions() Deprecated. use getExtensionSet() instead. |
X509ExtensionSet |
getExtensionSet() Returns the set of X509Extension s. |
byte[] |
getFingerprint() Compute and return MD5 fingerprint of the certificate. |
Entity |
getHolder() Get the holder of the certificate. |
X500Name |
getIssuer() Returns the name of the issuer. |
oracle.security.crypto.core.PublicKey |
getKey() Deprecated. Replaced by getPublicKey() . |
java.util.Date |
getNotAfterDate() Get the not after date. |
java.util.Date |
getNotBeforeDate() Get the not before date. |
oracle.security.crypto.core.PublicKey |
getPublicKey() Gets the public key. |
java.math.BigInteger |
getSerialNo() Get the serial number. |
oracle.security.crypto.asn1.ASN1ObjectID |
getSigAlgOID() Get the signature algorithm OID used for signing this certificate. |
java.lang.String |
getSigAlgString() Get the string representation of the signature algorithm used to sign this certificate. |
byte[] |
getSigBytes() Returns the signature bytes, signing the certificate first if needed. |
X500Name |
getSubject() Returns the name of the subject of this certificate (same as getHolder , except the return type is X500Name ). |
int |
hashCode() |
boolean |
hasUnrecognizedCriticalExtension() Indicates whether this certificate contains an unrecognized critical extesion. |
void |
initialize(java.io.InputStream is) Deprecated. Replaced by input(java.io.InputStream) . |
void |
input(oracle.security.crypto.asn1.ASN1Sequence s) Deprecated. use input(InputStream) instead. |
void |
input(java.io.InputStream is) |
int |
length() Returns length of DER encoding of this certificate. |
void |
output(java.io.OutputStream os) Output to the specified output stream. |
void |
readExternal(java.io.ObjectInput is) |
void |
save(java.io.OutputStream os) Deprecated. Replaced by output(java.io.OutputStream) . |
void |
setAttributes(X509Attributes attr) Deprecated. Use setExtensions(X509ExtensionSet) instead. |
void |
setExtensions(java.util.Vector exts) Deprecated. use setExtensions(X509ExtensionSet) instead |
void |
setExtensions(X509ExtensionSet exts) Set the X509Extensions s. |
void |
setHolder(X500Name holder) Set the holder of the certificate. |
void |
setIssuer(X500Name issuer) Sets the issuer name which will be used to sign this certificate. |
void |
setIssuerCertificate(X509 ic) Specifies the issuer certificate that will be used to verify this certificate. |
void |
setIssuerCRL(CRL crl) Set the issuer CRL. |
void |
setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik) Specifies the private key that will be used to sign this certificate. |
void |
setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) |
void |
setKey(oracle.security.crypto.core.PublicKey key) Deprecated. Replaced by setPublicKey(oracle.security.crypto.core.PublicKey) . |
void |
setNotAfterDate(java.util.Date nad) Set the not after date. |
void |
setNotBeforeDate(java.util.Date nbd) Set the not before date. |
void |
setPublicKey(oracle.security.crypto.core.PublicKey key) Sets the public key. |
void |
setSerialNo(java.math.BigInteger sn) Set the serial number. |
void |
setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) |
void |
setSubject(X500Name subject) Sets the name of the subject of this certificate. |
void |
setValidity(int days) Set validity period for the specified number of days. |
void |
sign() Generate the contents of this certificate and sign it. |
void |
sign(oracle.security.crypto.core.RandomBitsSource rbs) Generate the contents of this certificate and sign it. |
java.lang.String |
toString() Returns a verbose humanly readable representation of this certificate. |
boolean |
verify() Verifies this certificate. |
boolean |
verifyCertCRL() Verify certificate against the issuer CRL. |
boolean |
verifyCertDate() Verify the date of the certificate. |
boolean |
verifyCertSignature() Verify the signature of the certificate. |
boolean |
verifySignature(byte[] docBytes, byte[] sigBytes) Deprecated. Use verifySignature(byte[], byte[], AlgorithmIdentifier) instead. This method may not use the correct message digest algorithm for verifying RSA signatures. |
boolean |
verifySignature(byte[] docBytes, byte[] sigBytes, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) Verify a signature made with this certificate's public key. |
void |
writeExternal(java.io.ObjectOutput os) |
Methods inherited from class java.lang.Object |
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
protected boolean isDecoded
Constructor Detail |
public X509()
public X509(java.io.InputStream is) throws java.io.IOException
public X509(java.io.File file) throws java.io.IOException
public X509(java.net.URL url) throws java.io.IOException
public X509(byte[] data) throws java.io.IOException
public X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) throws oracle.security.crypto.core.SignatureException
cr
- the certificate requestissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, SPKAC spkac, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) throws oracle.security.crypto.core.SignatureException
subject
- the subject's namespkac
- the subject's Signed PublicKey And ChanllengeissuerCertificate
- the issuer's certificateserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) throws oracle.security.crypto.core.SignatureException
subject
- the subject's namesubjectKey
- the subject's public keyissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter) throws oracle.security.crypto.core.SignatureException
subject
- the subject's namesubjectKey
- the subject's public keyissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatenotBefore
- the first day for which the certificate shall be validnotAfter
- the last day for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processMethod Detail |
protected void decode()
public void sign() throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
- if there is an error during signingpublic void sign(oracle.security.crypto.core.RandomBitsSource rbs) throws oracle.security.crypto.core.SignatureException
rbs
- the random number generator to be used for signing, if neededoracle.security.crypto.core.SignatureException
- if there is an error during signingpublic byte[] getSigBytes() throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
public void initialize(java.io.InputStream is) throws java.io.IOException
input(java.io.InputStream)
.java.io.IOException
public void save(java.io.OutputStream os) throws java.io.IOException
output(java.io.OutputStream)
.java.io.IOException
public void input(java.io.InputStream is) throws java.io.IOException
input
in interface oracle.security.crypto.util.Streamable
java.io.IOException
public void input(oracle.security.crypto.asn1.ASN1Sequence s) throws java.io.IOException
input(InputStream)
instead.java.io.IOException
public void output(java.io.OutputStream os) throws java.io.IOException
output
in interface oracle.security.crypto.util.Streamable
java.io.IOException
public int length()
Throws a StreamableOutputException
if an error occurs while generating the DER encoding.
length
in interface oracle.security.crypto.util.Streamable
public byte[] getEncoded()
Throws a StreamableOutputException
if an error occurs while generating the encoded bytes.
public boolean verify() throws oracle.security.crypto.core.AuthenticationException
More precisely:
verify
in class Certificate
true
if the certificate is valid, and false
otherwiseoracle.security.crypto.core.AuthenticationException
- If the verification operation could not be performed for some reason (for example, a necessary credential or token has the wrong format)setIssuerCertificate(oracle.security.crypto.cert.X509)
, setIssuerCRL(oracle.security.crypto.cert.CRL)
public boolean verifyCertDate()
public boolean verifyCertSignature() throws oracle.security.crypto.core.AuthenticationException
oracle.security.crypto.core.AuthenticationException
setIssuerCertificate(oracle.security.crypto.cert.X509)
public boolean verifyCertCRL()
setIssuerCRL(oracle.security.crypto.cert.CRL)
public Entity getHolder()
getHolder
in class Certificate
public void setHolder(X500Name holder)
public oracle.security.crypto.core.PublicKey getKey()
getPublicKey()
.getKey
in class Certificate
public void setKey(oracle.security.crypto.core.PublicKey key)
setPublicKey(oracle.security.crypto.core.PublicKey)
.public oracle.security.crypto.core.PublicKey getPublicKey()
getPublicKey
in class Certificate
public void setPublicKey(oracle.security.crypto.core.PublicKey key)
public java.util.Date getNotBeforeDate()
public void setNotBeforeDate(java.util.Date nbd)
public java.util.Date getNotAfterDate()
public void setNotAfterDate(java.util.Date nad)
public void setValidity(int days)
public X500Name getSubject()
getHolder
, except the return type is X500Name
).public void setSubject(X500Name subject)
setHolder
.public X500Name getIssuer()
public void setIssuer(X500Name issuer)
public void setIssuerCertificate(X509 ic)
The certificate specified here will not be part of this certificate's persistent state.
ic
- The certificate of the entity which issued this certificatepublic void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik)
The value specified here will not be contained in this certificate's persistent state.
ik
- The private key of the entity which is issuing this certificate.public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
public void setIssuerCRL(CRL crl)
public java.math.BigInteger getSerialNo()
public void setSerialNo(java.math.BigInteger sn)
public boolean hasUnrecognizedCriticalExtension()
true
if this certificate contains at least one unrecognized critical extension, and false
if it has none.public java.util.Vector getExtensions()
getExtensionSet()
instead.X509Extension
s.public X509ExtensionSet getExtensionSet()
X509Extension
s.X509ExtensionSet
, or null if no extensions are defined.public X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid)
public void setExtensions(java.util.Vector exts)
setExtensions(X509ExtensionSet)
insteadX509Extension
s.public void setExtensions(X509ExtensionSet exts)
X509Extensions
s.public void addExtension(X509Extension ext)
public X509Attributes getAttributes()
getExtensionSet()
instead.public void setAttributes(X509Attributes attr)
setExtensions(X509ExtensionSet)
instead.public byte[] getFingerprint()
public static byte[] getCertID(X500Name issuer, java.math.BigInteger serial, oracle.security.crypto.core.MessageDigest md)
issuer
- the issuer's nameserial
- the serial numbermd
- the hash function to usepublic byte[] getCertID(oracle.security.crypto.core.MessageDigest md)
md
- the hash function to usepublic oracle.security.crypto.asn1.ASN1ObjectID getSigAlgOID()
public java.lang.String getSigAlgString()
"RSA/MD2", "RSA/MD5", "RSA/SHA", "DSA", "DSAold", "DSAold2"
, or the numeric representation of the OID, if it is not recognized.public boolean verifySignature(byte[] docBytes, byte[] sigBytes) throws oracle.security.crypto.core.AuthenticationException
verifySignature(byte[], byte[], AlgorithmIdentifier)
instead. This method may not use the correct message digest algorithm for verifying RSA signatures.docBytes
- documentsigBytes
- signatureoracle.security.crypto.core.AuthenticationException
- if there was an error during verificationpublic boolean verifySignature(byte[] docBytes, byte[] sigBytes, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) throws oracle.security.crypto.core.AuthenticationException
docBytes
- The signed document.sigBytes
- The signature.sigAlgID
- The algorithm ID used for the signature.oracle.security.crypto.core.AuthenticationException
- if an error ocurrs during verification.public boolean equals(java.lang.Object o)
null
and is an X509
object which has the same DER encoding as this object.public int hashCode()
public java.lang.String toString()
public void writeExternal(java.io.ObjectOutput os) throws java.io.IOException
writeExternal
in interface java.io.Externalizable
java.io.IOException
public void readExternal(java.io.ObjectInput is) throws java.io.IOException, java.lang.ClassNotFoundException
readExternal
in interface java.io.Externalizable
java.io.IOException
java.lang.ClassNotFoundException
|
Oracle Security Developer Tools Security Engine Java API Reference 10g (10.1.4.0.1) B28175-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |