|
Oracle Security Developer Tools Security Engine Java API Reference 11g (11.1.1) E10674-02 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.crypto.cert.Certificate
oracle.security.crypto.cert.X509
public class X509
This class encapsulates X.509 Version 3 certificates.
Both RSA and DSA certificates are supported. This class provides the methods for reading and writing X509 Version 1 fields of the certificate.
Any X509 v3 extension can be handled through X509Extension
. A subset of the standard extensions defined in RFC 2459 are conveniently implemented as subclasses of X509Extension
, in the oracle.security.crypto.cert.ext
package.
X509Extension
, X509ExtensionSet
, Serialized FormField Summary | |
---|---|
protected boolean |
isDecoded |
Fields inherited from class oracle.security.crypto.cert.Certificate |
---|
holder, key |
Constructor Summary | |
---|---|
X509() Creates a new empty instance. |
|
X509(byte[] data) Constructs an X.509 certificate from the given DER encoding. |
|
X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) Construct new, signed certificate using the given PKCS #10 certificate request. |
|
X509(java.io.File file) Construct from the specified file. |
|
X509(java.io.InputStream is) Construct from the specified input stream. |
|
X509(java.net.URL url) Construct from the specified URL. |
|
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter) Creates a new, signed certificate with the given name and public key, having the given validity dates. |
|
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) Creates a new, signed certificate with the given name and public key. |
|
X509(X500Name subject, SPKAC spkac, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) Creates a new, signed certificate using the given SPKAC object. |
Method Summary | |
---|---|
void |
addExtension(X509Extension ext) Add an extension. |
protected void |
decode() |
boolean |
equals(java.lang.Object o) Compare this certificate to the specified object. |
byte[] |
getCertID(oracle.security.crypto.core.MessageDigest md) Compute the ID of this certificate. |
static byte[] |
getCertID(X500Name issuer, java.math.BigInteger serial, oracle.security.crypto.core.MessageDigest md) Compute the ID of a certificate. |
byte[] |
getEncoded() Returns the ASN.1 encoding. |
X509Extension |
getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid) Return the first extension with the specified ID, or null if it was not present. |
X509ExtensionSet |
getExtensionSet() Returns the set of X509Extension s. |
byte[] |
getFingerprint() Compute and return MD5 fingerprint of the certificate. |
Entity |
getHolder() Get the holder of the certificate. |
X500Name |
getIssuer() Returns the name of the issuer. |
java.util.Date |
getNotAfterDate() Get the not after date. |
java.util.Date |
getNotBeforeDate() Get the not before date. |
oracle.security.crypto.core.PublicKey |
getPublicKey() Gets the public key. |
java.math.BigInteger |
getSerialNo() Get the serial number. |
oracle.security.crypto.asn1.ASN1ObjectID |
getSigAlgOID() Get the signature algorithm OID used for signing this certificate. |
java.lang.String |
getSigAlgString() Get the string representation of the signature algorithm used to sign this certificate. |
byte[] |
getSigBytes() Returns the signature bytes, signing the certificate first if needed. |
X500Name |
getSubject() Returns the name of the subject of this certificate (same as getHolder , except the return type is X500Name ). |
int |
hashCode() |
boolean |
hasUnrecognizedCriticalExtension() Indicates whether this certificate contains an unrecognized critical extesion. |
void |
input(java.io.InputStream is) |
int |
length() Returns length of DER encoding of this certificate. |
void |
output(java.io.OutputStream os) Output to the specified output stream. |
void |
readExternal(java.io.ObjectInput is) |
void |
setExtensions(X509ExtensionSet exts) Set the X509Extensions s. |
void |
setHolder(X500Name holder) Set the holder of the certificate. |
void |
setIssuer(X500Name issuer) Sets the issuer name which will be used to sign this certificate. |
void |
setIssuerCertificate(X509 ic) Specifies the issuer certificate that will be used to verify this certificate. |
void |
setIssuerCRL(CRL crl) Set the issuer CRL. |
void |
setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik) Specifies the private key that will be used to sign this certificate. |
void |
setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) |
void |
setNotAfterDate(java.util.Date nad) Set the not after date. |
void |
setNotBeforeDate(java.util.Date nbd) Set the not before date. |
void |
setPublicKey(oracle.security.crypto.core.PublicKey key) Sets the public key. |
void |
setSerialNo(java.math.BigInteger sn) Set the serial number. |
void |
setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) |
void |
setSubject(X500Name subject) Sets the name of the subject of this certificate. |
void |
setValidity(int days) Set validity period for the specified number of days. |
void |
sign() Generate the contents of this certificate and sign it. |
void |
sign(oracle.security.crypto.core.RandomBitsSource rbs) Generate the contents of this certificate and sign it. |
java.lang.String |
toString() Returns a verbose humanly readable representation of this certificate. |
boolean |
verify() Verifies this certificate. |
boolean |
verifyCertCRL() Verify certificate against the issuer CRL. |
boolean |
verifyCertDate() Verify the date of the certificate. |
boolean |
verifyCertSignature() Verify the signature of the certificate. |
boolean |
verifySignature(byte[] docBytes, byte[] sigBytes, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) Verify a signature made with this certificate's public key. |
void |
writeExternal(java.io.ObjectOutput os) |
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
protected boolean isDecoded
Constructor Detail |
---|
public X509()
public X509(java.io.InputStream is) throws java.io.IOException
java.io.IOException
public X509(java.io.File file) throws java.io.IOException
java.io.IOException
public X509(java.net.URL url) throws java.io.IOException
java.io.IOException
public X509(byte[] data) throws java.io.IOException
java.io.IOException
public X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) throws oracle.security.crypto.core.SignatureException
cr
- the certificate requestissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, SPKAC spkac, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) throws oracle.security.crypto.core.SignatureException
subject
- the subject's namespkac
- the subject's Signed PublicKey And ChanllengeissuerCertificate
- the issuer's certificateserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) throws oracle.security.crypto.core.SignatureException
subject
- the subject's namesubjectKey
- the subject's public keyissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatedays
- number of days for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processpublic X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter) throws oracle.security.crypto.core.SignatureException
subject
- the subject's namesubjectKey
- the subject's public keyissuer
- the issuer's certificateissuerPrivateKey
- the issuer's private keyserial
- the serial number of the new certificatenotBefore
- the first day for which the certificate shall be validnotAfter
- the last day for which the certificate shall be validoracle.security.crypto.core.SignatureException
- if there is an error in the signature processMethod Detail |
---|
protected void decode()
public void sign() throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
- if there is an error during signingpublic void sign(oracle.security.crypto.core.RandomBitsSource rbs) throws oracle.security.crypto.core.SignatureException
rbs
- the random number generator to be used for signing, if neededoracle.security.crypto.core.SignatureException
- if there is an error during signingpublic byte[] getSigBytes() throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
public void input(java.io.InputStream is) throws java.io.IOException
input
in interface oracle.security.crypto.util.Streamable
java.io.IOException
public void output(java.io.OutputStream os) throws java.io.IOException
output
in interface oracle.security.crypto.util.Streamable
java.io.IOException
public int length()
Throws a StreamableOutputException
if an error occurs while generating the DER encoding.
length
in interface oracle.security.crypto.util.Streamable
public byte[] getEncoded()
Throws a StreamableOutputException
if an error occurs while generating the encoded bytes.
public boolean verify() throws oracle.security.crypto.core.AuthenticationException
More precisely:
verify
in class Certificate
true
if the certificate is valid, and false
otherwiseoracle.security.crypto.core.AuthenticationException
- If the verification operation could not be performed for some reason (for example, a necessary credential or token has the wrong format)setIssuerCertificate(oracle.security.crypto.cert.X509)
, setIssuerCRL(oracle.security.crypto.cert.CRL)
public boolean verifyCertDate()
public boolean verifyCertSignature() throws oracle.security.crypto.core.AuthenticationException
oracle.security.crypto.core.AuthenticationException
setIssuerCertificate(oracle.security.crypto.cert.X509)
public boolean verifyCertCRL()
setIssuerCRL(oracle.security.crypto.cert.CRL)
public Entity getHolder()
getHolder
in class Certificate
public void setHolder(X500Name holder)
public oracle.security.crypto.core.PublicKey getPublicKey()
getPublicKey
in class Certificate
public void setPublicKey(oracle.security.crypto.core.PublicKey key)
public java.util.Date getNotBeforeDate()
public void setNotBeforeDate(java.util.Date nbd)
public java.util.Date getNotAfterDate()
public void setNotAfterDate(java.util.Date nad)
public void setValidity(int days)
public X500Name getSubject()
getHolder
, except the return type is X500Name
).public void setSubject(X500Name subject)
setHolder
.public X500Name getIssuer()
public void setIssuer(X500Name issuer)
public void setIssuerCertificate(X509 ic)
The certificate specified here will not be part of this certificate's persistent state.
ic
- The certificate of the entity which issued this certificatepublic void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik)
The value specified here will not be contained in this certificate's persistent state.
ik
- The private key of the entity which is issuing this certificate.public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
public void setIssuerCRL(CRL crl)
public java.math.BigInteger getSerialNo()
public void setSerialNo(java.math.BigInteger sn)
public boolean hasUnrecognizedCriticalExtension()
true
if this certificate contains at least one unrecognized critical extension, and false
if it has none.public X509ExtensionSet getExtensionSet()
X509Extension
s.X509ExtensionSet
, or null if no extensions are defined.public X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid)
public void setExtensions(X509ExtensionSet exts)
X509Extensions
s.public void addExtension(X509Extension ext)
public byte[] getFingerprint()
public static byte[] getCertID(X500Name issuer, java.math.BigInteger serial, oracle.security.crypto.core.MessageDigest md)
issuer
- the issuer's nameserial
- the serial numbermd
- the hash function to usepublic byte[] getCertID(oracle.security.crypto.core.MessageDigest md)
md
- the hash function to usepublic oracle.security.crypto.asn1.ASN1ObjectID getSigAlgOID()
public java.lang.String getSigAlgString()
"RSA/MD2", "RSA/MD5", "RSA/SHA", "DSA", "DSAold", "DSAold2"
, or the numeric representation of the OID, if it is not recognized.public boolean verifySignature(byte[] docBytes, byte[] sigBytes, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) throws oracle.security.crypto.core.AuthenticationException
docBytes
- The signed document.sigBytes
- The signature.sigAlgID
- The algorithm ID used for the signature.oracle.security.crypto.core.AuthenticationException
- if an error ocurrs during verification.public boolean equals(java.lang.Object o)
null
and is an X509
object which has the same DER encoding as this object.equals
in class java.lang.Object
public int hashCode()
hashCode
in class java.lang.Object
public java.lang.String toString()
toString
in class java.lang.Object
public void writeExternal(java.io.ObjectOutput os) throws java.io.IOException
writeExternal
in interface java.io.Externalizable
java.io.IOException
public void readExternal(java.io.ObjectInput is) throws java.io.IOException, java.lang.ClassNotFoundException
readExternal
in interface java.io.Externalizable
java.io.IOException
java.lang.ClassNotFoundException
|
Oracle Security Developer Tools Security Engine Java API Reference 11g (11.1.1) E10674-02 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |