X509 (Oracle Security Developer Tools Security Engine Java API Reference)

Overview

Package

Class

Tree

Deprecated

Index

Help

Oracle Security Developer Tools Security Engine Java API Reference
10g (10.1.4.0.1)
B28175-01

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

oracle.security.crypto.cert
Class X509

java.lang.Object oracle.security.crypto.cert.Certificate oracle.security.crypto.cert.X509

All Implemented Interfaces:: oracle.security.crypto.asn1.ASN1Object, java.io.Externalizable, java.io.Serializable, oracle.security.crypto.util.Streamable

public class X509
extends Certificate
implements oracle.security.crypto.asn1.ASN1Object, java.io.Externalizable

This class encapsulates X.509 Version 3 certificates.

Both RSA and DSA certificates are supported. This class provides the methods for reading and writing X509 Version 1 fields of the certificate.

Any X509 v3 extension can be handled through X509Extension. A subset of the standard extensions defined in RFC 2459 are conveniently implemented as subclasses of X509Extension, in the oracle.security.crypto.cert.extension package.

See Also:: X509Attributes, X509Extension, X509ExtensionSet, Serialized Form

Field Summary
`protected boolean`	`isDecoded`

Fields inherited from class oracle.security.crypto.cert.Certificate

holder, key

Constructor Summary
`X509()`
`X509(byte[] data)` Constructs an X.509 certificate from the given DER encoding.
`X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)` Construct new, signed certificate using the given PKCS #10 certificate request.
`X509(java.io.File file)` Construct from the specified file.
`X509(java.io.InputStream is)` Construct from the specified input stream.
`X509(java.net.URL url)` Construct from the specified URL.
`X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter)` Creates a new, signed certificate with the given name and public key, having the given validity dates.
`X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)` Creates a new, signed certificate with the given name and public key.
`X509(X500Name subject, SPKAC spkac, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)` Creates a new, signed certificate using the given SPKAC object.

Method Summary
`void`	`addExtension(X509Extension ext)` Add an extension.
`protected void`	`decode()`
`boolean`	`equals(java.lang.Object o)` Compare this certificate to the specified object.
`X509Attributes`	`getAttributes()` Deprecated. Use `getExtensionSet()` instead.
`byte[]`	`getCertID(oracle.security.crypto.core.MessageDigest md)` Compute the ID of this certificate.
`static byte[]`	`getCertID(X500Name issuer, java.math.BigInteger serial, oracle.security.crypto.core.MessageDigest md)` Compute the ID of a certificate.
`byte[]`	`getEncoded()` Returns the ASN.1 encoding.
`X509Extension`	`getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid)` Return the first extension with the specified ID, or null if it was not present.
`java.util.Vector`	`getExtensions()` Deprecated. use `getExtensionSet()` instead.
`X509ExtensionSet`	`getExtensionSet()` Returns the set of `X509Extension`s.
`byte[]`	`getFingerprint()` Compute and return MD5 fingerprint of the certificate.
`Entity`	`getHolder()` Get the holder of the certificate.
`X500Name`	`getIssuer()` Returns the name of the issuer.
`oracle.security.crypto.core.PublicKey`	`getKey()` Deprecated. Replaced by `getPublicKey()`.
`java.util.Date`	`getNotAfterDate()` Get the not after date.
`java.util.Date`	`getNotBeforeDate()` Get the not before date.
`oracle.security.crypto.core.PublicKey`	`getPublicKey()` Gets the public key.
`java.math.BigInteger`	`getSerialNo()` Get the serial number.
`oracle.security.crypto.asn1.ASN1ObjectID`	`getSigAlgOID()` Get the signature algorithm OID used for signing this certificate.
`java.lang.String`	`getSigAlgString()` Get the string representation of the signature algorithm used to sign this certificate.
`byte[]`	`getSigBytes()` Returns the signature bytes, signing the certificate first if needed.
`X500Name`	`getSubject()` Returns the name of the subject of this certificate (same as `getHolder`, except the return type is `X500Name`).
`int`	`hashCode()`
`boolean`	`hasUnrecognizedCriticalExtension()` Indicates whether this certificate contains an unrecognized critical extesion.
`void`	`initialize(java.io.InputStream is)` Deprecated. Replaced by `input(java.io.InputStream)`.
`void`	`input(oracle.security.crypto.asn1.ASN1Sequence s)` Deprecated. use `input(InputStream)` instead.
`void`	`input(java.io.InputStream is)`
`int`	`length()` Returns length of DER encoding of this certificate.
`void`	`output(java.io.OutputStream os)` Output to the specified output stream.
`void`	`readExternal(java.io.ObjectInput is)`
`void`	`save(java.io.OutputStream os)` Deprecated. Replaced by `output(java.io.OutputStream)`.
`void`	`setAttributes(X509Attributes attr)` Deprecated. Use `setExtensions(X509ExtensionSet)` instead.
`void`	`setExtensions(java.util.Vector exts)` Deprecated. use `setExtensions(X509ExtensionSet)` instead
`void`	`setExtensions(X509ExtensionSet exts)` Set the `X509Extensions`s.
`void`	`setHolder(X500Name holder)` Set the holder of the certificate.
`void`	`setIssuer(X500Name issuer)` Sets the issuer name which will be used to sign this certificate.
`void`	`setIssuerCertificate(X509 ic)` Specifies the issuer certificate that will be used to verify this certificate.
`void`	`setIssuerCRL(CRL crl)` Set the issuer CRL.
`void`	`setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik)` Specifies the private key that will be used to sign this certificate.
`void`	`setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)`
`void`	`setKey(oracle.security.crypto.core.PublicKey key)` Deprecated. Replaced by `setPublicKey(oracle.security.crypto.core.PublicKey)`.
`void`	`setNotAfterDate(java.util.Date nad)` Set the not after date.
`void`	`setNotBeforeDate(java.util.Date nbd)` Set the not before date.
`void`	`setPublicKey(oracle.security.crypto.core.PublicKey key)` Sets the public key.
`void`	`setSerialNo(java.math.BigInteger sn)` Set the serial number.
`void`	`setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)`
`void`	`setSubject(X500Name subject)` Sets the name of the subject of this certificate.
`void`	`setValidity(int days)` Set validity period for the specified number of days.
`void`	`sign()` Generate the contents of this certificate and sign it.
`void`	`sign(oracle.security.crypto.core.RandomBitsSource rbs)` Generate the contents of this certificate and sign it.
`java.lang.String`	`toString()` Returns a verbose humanly readable representation of this certificate.
`boolean`	`verify()` Verifies this certificate.
`boolean`	`verifyCertCRL()` Verify certificate against the issuer CRL.
`boolean`	`verifyCertDate()` Verify the date of the certificate.
`boolean`	`verifyCertSignature()` Verify the signature of the certificate.
`boolean`	`verifySignature(byte[] docBytes, byte[] sigBytes)` Deprecated. Use `verifySignature(byte[], byte[], AlgorithmIdentifier)` instead. This method may not use the correct message digest algorithm for verifying RSA signatures.
`boolean`	`verifySignature(byte[] docBytes, byte[] sigBytes, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)` Verify a signature made with this certificate's public key.
`void`	`writeExternal(java.io.ObjectOutput os)`

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

isDecoded

protected boolean isDecoded

Constructor Detail

X509

public X509()

X509

public X509(java.io.InputStream is)
     throws java.io.IOException

Construct from the specified input stream.

X509

public X509(java.io.File file)
     throws java.io.IOException

Construct from the specified file.

X509

public X509(java.net.URL url)
     throws java.io.IOException

Construct from the specified URL.

X509

public X509(byte[] data)
     throws java.io.IOException

Constructs an X.509 certificate from the given DER encoding.

X509

public X509(CertificateRequest cr,
            X509 issuerCertificate,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws oracle.security.crypto.core.SignatureException

Construct new, signed certificate using the given PKCS #10 certificate request.
Parameters:: cr - the certificate request; issuerPrivateKey - the issuer's private key; serial - the serial number of the new certificate; days - number of days for which the certificate shall be valid
Throws:: oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            SPKAC spkac,
            X509 issuerCertificate,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws oracle.security.crypto.core.SignatureException

Creates a new, signed certificate using the given SPKAC object.
Parameters:: subject - the subject's name; spkac - the subject's Signed PublicKey And Chanllenge; issuerCertificate - the issuer's certificate; serial - the serial number of the new certificate; days - number of days for which the certificate shall be valid
Throws:: oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            oracle.security.crypto.core.PublicKey subjectKey,
            X500Name issuer,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws oracle.security.crypto.core.SignatureException

Creates a new, signed certificate with the given name and public key.
Parameters:: subject - the subject's name; subjectKey - the subject's public key; issuer - the issuer's certificate; issuerPrivateKey - the issuer's private key; serial - the serial number of the new certificate; days - number of days for which the certificate shall be valid
Throws:: oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            oracle.security.crypto.core.PublicKey subjectKey,
            X500Name issuer,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            java.util.Date notBefore,
            java.util.Date notAfter)
     throws oracle.security.crypto.core.SignatureException

Creates a new, signed certificate with the given name and public key, having the given validity dates.
Parameters:: subject - the subject's name; subjectKey - the subject's public key; issuer - the issuer's certificate; issuerPrivateKey - the issuer's private key; serial - the serial number of the new certificate; notBefore - the first day for which the certificate shall be valid; notAfter - the last day for which the certificate shall be valid
Throws:: oracle.security.crypto.core.SignatureException - if there is an error in the signature process

Method Detail

decode

protected void decode()

sign

public void sign()
          throws oracle.security.crypto.core.SignatureException

Generate the contents of this certificate and sign it.

Throws:: oracle.security.crypto.core.SignatureException - if there is an error during signing

sign

public void sign(oracle.security.crypto.core.RandomBitsSource rbs)
          throws oracle.security.crypto.core.SignatureException

Generate the contents of this certificate and sign it.

Parameters:: rbs - the random number generator to be used for signing, if needed
Throws:: oracle.security.crypto.core.SignatureException - if there is an error during signing

getSigBytes

public byte[] getSigBytes()
                   throws oracle.security.crypto.core.SignatureException

Returns the signature bytes, signing the certificate first if needed.

Throws:: oracle.security.crypto.core.SignatureException

initialize

public void initialize(java.io.InputStream is)
                throws java.io.IOException

Deprecated. Replaced by input(java.io.InputStream).

Initialize the certificate from the specified input stream.

Throws:: java.io.IOException

save

public void save(java.io.OutputStream os)
          throws java.io.IOException

Deprecated. Replaced by output(java.io.OutputStream).

Output the bytes needed for initialize(InputStream) to regenerate the certificate.

Throws:: java.io.IOException

input

public void input(java.io.InputStream is)
           throws java.io.IOException

Specified by:: input in interface oracle.security.crypto.util.Streamable

Throws:: java.io.IOException

input

public void input(oracle.security.crypto.asn1.ASN1Sequence s)
           throws java.io.IOException

Deprecated. use input(InputStream) instead.

Throws:: java.io.IOException

output

public void output(java.io.OutputStream os)
            throws java.io.IOException

Output to the specified output stream.

Specified by:: output in interface oracle.security.crypto.util.Streamable

Throws:: java.io.IOException

length

public int length()

Returns length of DER encoding of this certificate.

Throws a StreamableOutputException if an error occurs while generating the DER encoding.

Specified by:: length in interface oracle.security.crypto.util.Streamable

getEncoded

public byte[] getEncoded()

Returns the ASN.1 encoding.

Throws a StreamableOutputException if an error occurs while generating the encoded bytes.

verify

public boolean verify()
               throws oracle.security.crypto.core.AuthenticationException

Verifies this certificate.

More precisely:

Verifies that the current VM date/time is within the validity period of the certificate.
If an unrecognized critical extension is present, the certificate is rejected. See the class description for a list of recognized critical extensions.
If the issuer certificate has been set, verifies that the signing certificate is a CA certificate, and that the signature is correct. The signing certificate is considered to be a CA certificate unless one of the following two conditions hold: The signing certificate contains a basicConstraints extension, and the CA flag is false; or the signing certificate contains a keyUsage extension, the keyUsage extension is marked critical, and the keyCertSign bit is false.
If the issuer CRL has been set, verifies that the certificate has not been revoked.

Specified by:: verify in class Certificate

Returns:: true if the certificate is valid, and false otherwise
Throws:: oracle.security.crypto.core.AuthenticationException - If the verification operation could not be performed for some reason (for example, a necessary credential or token has the wrong format)
See Also:: setIssuerCertificate(oracle.security.crypto.cert.X509), setIssuerCRL(oracle.security.crypto.cert.CRL)

verifyCertDate

public boolean verifyCertDate()

Verify the date of the certificate.

verifyCertSignature

public boolean verifyCertSignature()
                            throws oracle.security.crypto.core.AuthenticationException

Verify the signature of the certificate. To use this method, the issuer certificate must be set.

Throws:: oracle.security.crypto.core.AuthenticationException
See Also:: setIssuerCertificate(oracle.security.crypto.cert.X509)

verifyCertCRL

public boolean verifyCertCRL()

Verify certificate against the issuer CRL. To use this method, the issuer CRL must be set.

See Also:: setIssuerCRL(oracle.security.crypto.cert.CRL)

getHolder

public Entity getHolder()

Get the holder of the certificate.

Overrides:: getHolder in class Certificate

Returns:: the holder

setHolder

public void setHolder(X500Name holder)

Set the holder of the certificate.

getKey

public oracle.security.crypto.core.PublicKey getKey()

Deprecated. Replaced by getPublicKey().

Gets the public key.

Overrides:: getKey in class Certificate

Returns:: the public key

setKey

public void setKey(oracle.security.crypto.core.PublicKey key)

Deprecated. Replaced by setPublicKey(oracle.security.crypto.core.PublicKey).

Sets the public key.

getPublicKey

public oracle.security.crypto.core.PublicKey getPublicKey()

Gets the public key.

Overrides:: getPublicKey in class Certificate

Returns:: the public key

setPublicKey

public void setPublicKey(oracle.security.crypto.core.PublicKey key)

Sets the public key.

getNotBeforeDate

public java.util.Date getNotBeforeDate()

Get the not before date.

setNotBeforeDate

public void setNotBeforeDate(java.util.Date nbd)

Set the not before date.

getNotAfterDate

public java.util.Date getNotAfterDate()

Get the not after date.

setNotAfterDate

public void setNotAfterDate(java.util.Date nad)

Set the not after date.

setValidity

public void setValidity(int days)

Set validity period for the specified number of days.

getSubject

public X500Name getSubject()

Returns the name of the subject of this certificate (same as getHolder, except the return type is X500Name).

setSubject

public void setSubject(X500Name subject)

Sets the name of the subject of this certificate. Does the same things as setHolder.

getIssuer

public X500Name getIssuer()

Returns the name of the issuer.

setIssuer

public void setIssuer(X500Name issuer)

Sets the issuer name which will be used to sign this certificate.

setIssuerCertificate

public void setIssuerCertificate(X509 ic)

Specifies the issuer certificate that will be used to verify this certificate. This also sets the issuer name if none was previously set.

The certificate specified here will not be part of this certificate's persistent state.

Parameters:: ic - The certificate of the entity which issued this certificate

setIssuerPrivateKey

public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik)

Specifies the private key that will be used to sign this certificate.

The value specified here will not be contained in this certificate's persistent state.

Parameters:: ik - The private key of the entity which is issuing this certificate.

setIssuerPrivateKey

public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik,
                                oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)

setSigAlgID

public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)

setIssuerCRL

public void setIssuerCRL(CRL crl)

Set the issuer CRL.

getSerialNo

public java.math.BigInteger getSerialNo()

Get the serial number.

setSerialNo

public void setSerialNo(java.math.BigInteger sn)

Set the serial number.

hasUnrecognizedCriticalExtension

public boolean hasUnrecognizedCriticalExtension()

Indicates whether this certificate contains an unrecognized critical extesion. If so, the certificate will necessarily be rejected.

Returns:: true if this certificate contains at least one unrecognized critical extension, and false if it has none.

getExtensions

public java.util.Vector getExtensions()

Deprecated. use getExtensionSet() instead.

Returns a vector of X509Extensions.

getExtensionSet

public X509ExtensionSet getExtensionSet()

Returns the set of X509Extensions.

Returns:: A X509ExtensionSet, or null if no extensions are defined.

getExtension

public X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid)

Return the first extension with the specified ID, or null if it was not present.

setExtensions

public void setExtensions(java.util.Vector exts)

Deprecated. use setExtensions(X509ExtensionSet) instead

Set the vector of X509Extensions.

setExtensions

public void setExtensions(X509ExtensionSet exts)

Set the X509Extensionss.

addExtension

public void addExtension(X509Extension ext)

Add an extension.

getAttributes

public X509Attributes getAttributes()

Deprecated. Use getExtensionSet() instead.

Get the X.509 attributes.

setAttributes

public void setAttributes(X509Attributes attr)

Deprecated. Use setExtensions(X509ExtensionSet) instead.

Set the X.509 attributes. The attributes object is converted to a list of extensions, which is then prepended to the current list of extensions.

getFingerprint

public byte[] getFingerprint()

Compute and return MD5 fingerprint of the certificate.

getCertID

public static byte[] getCertID(X500Name issuer,
                               java.math.BigInteger serial,
                               oracle.security.crypto.core.MessageDigest md)

Compute the ID of a certificate. The ID is computed as the hash of the issuer's name and serial number.

Parameters:: issuer - the issuer's name; serial - the serial number; md - the hash function to use

getCertID

public byte[] getCertID(oracle.security.crypto.core.MessageDigest md)

Compute the ID of this certificate. The ID is computed as the hash of the issuer's name and serial number.

Parameters:: md - the hash function to use

getSigAlgOID

public oracle.security.crypto.asn1.ASN1ObjectID getSigAlgOID()

Get the signature algorithm OID used for signing this certificate.

getSigAlgString

public java.lang.String getSigAlgString()

Get the string representation of the signature algorithm used to sign this certificate. Returns one of: "RSA/MD2", "RSA/MD5", "RSA/SHA", "DSA", "DSAold", "DSAold2", or the numeric representation of the OID, if it is not recognized.

verifySignature

public boolean verifySignature(byte[] docBytes,
                               byte[] sigBytes)
                        throws oracle.security.crypto.core.AuthenticationException

Deprecated. Use verifySignature(byte[], byte[], AlgorithmIdentifier) instead. This method may not use the correct message digest algorithm for verifying RSA signatures.

Verify a signature made with this certificate's public key.

Parameters:: docBytes - document; sigBytes - signature
Throws:: oracle.security.crypto.core.AuthenticationException - if there was an error during verification

verifySignature

public boolean verifySignature(byte[] docBytes,
                               byte[] sigBytes,
                               oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
                        throws oracle.security.crypto.core.AuthenticationException

Verify a signature made with this certificate's public key.

Parameters:: docBytes - The signed document.; sigBytes - The signature.; sigAlgID - The algorithm ID used for the signature.
Throws:: oracle.security.crypto.core.AuthenticationException - if an error ocurrs during verification.

equals

public boolean equals(java.lang.Object o)

Compare this certificate to the specified object. Returns true if and only if the argument is not null and is an X509 object which has the same DER encoding as this object.

hashCode

public int hashCode()

toString

public java.lang.String toString()

Returns a verbose humanly readable representation of this certificate. This method is recommended to be used only for debugging.

writeExternal

public void writeExternal(java.io.ObjectOutput os)
                   throws java.io.IOException

Specified by:: writeExternal in interface java.io.Externalizable

Throws:: java.io.IOException

readExternal

public void readExternal(java.io.ObjectInput is)
                  throws java.io.IOException,
                         java.lang.ClassNotFoundException

Specified by:: readExternal in interface java.io.Externalizable

Throws:: java.io.IOException; java.lang.ClassNotFoundException

Overview

Package

Class

Tree

Deprecated

Index

Help

Oracle Security Developer Tools Security Engine Java API Reference
10g (10.1.4.0.1)
B28175-01

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

oracle.security.crypto.cert Class X509

isDecoded

X509

X509

X509

X509

X509

X509

X509

X509

X509

decode

sign

sign

getSigBytes

initialize

save

input

input

output

length

getEncoded

verify

verifyCertDate

verifyCertSignature

verifyCertCRL

getHolder

setHolder

getKey

setKey

getPublicKey

setPublicKey

getNotBeforeDate

setNotBeforeDate

getNotAfterDate

setNotAfterDate

setValidity

getSubject

setSubject

getIssuer

setIssuer

setIssuerCertificate

setIssuerPrivateKey

setIssuerPrivateKey

setSigAlgID

setIssuerCRL

getSerialNo

setSerialNo

hasUnrecognizedCriticalExtension

getExtensions

getExtensionSet

getExtension

setExtensions

setExtensions

addExtension

getAttributes

setAttributes

getFingerprint

getCertID

getCertID

getSigAlgOID

getSigAlgString

verifySignature

verifySignature

equals

hashCode

toString

writeExternal

readExternal

oracle.security.crypto.cert
Class X509