Skip navigation links

Oracle Fusion Middleware Security Engine Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1)

E10674-04


oracle.security.crypto.cert
Class X509

java.lang.Object
  extended by oracle.security.crypto.cert.Certificate
      extended by oracle.security.crypto.cert.X509

All Implemented Interfaces:
java.io.Externalizable, java.io.Serializable, oracle.security.crypto.asn1.ASN1Object, oracle.security.crypto.util.Streamable

public class X509
extends Certificate
implements oracle.security.crypto.asn1.ASN1Object

This class encapsulates X.509 Version 3 certificates.

Both RSA and DSA certificates are supported. This class provides the methods for reading and writing X509 Version 1 fields of the certificate.

Any X509 v3 extension can be handled through X509Extension. A subset of the standard extensions defined in RFC 2459 are conveniently implemented as subclasses of X509Extension, in the oracle.security.crypto.cert.ext package.

In the future this class will be made to extend X509Certificate Currently it can't be done because of these methods getEncoded(), getSigAlgOID(). which have incompatible signatures. For now can get the X509Certificate version of this class by calling toX509Certificate()

See Also:
X509Extension, X509ExtensionSet, Serialized Form

Field Summary
protected  boolean isDecoded
           

 

Fields inherited from class oracle.security.crypto.cert.Certificate
holder, key

 

Constructor Summary
X509()
          Creates a new empty instance.
X509(byte[] data)
          Constructs an X.509 certificate from the given DER encoding.
X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)
          Deprecated. Use the individual methods X509(), setSubject(X500Name) from CertificateRequest.getSubject() setPublicKey(java.security.PublicKey) from CertificateRequest.getPublicKey(), setIssuerCertificate(X509Certificate), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
X509(CertificateRequest cr, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, oracle.security.crypto.core.AlgorithmIdentifier signAlg)
          Deprecated. Use the individual methods X509(), setSubject(X500Name) from CertificateRequest.getSubject() setPublicKey(java.security.PublicKey) from CertificateRequest.getPublicKey(), setIssuerCertificate(X509Certificate), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
X509(java.io.File file)
          Construct from the specified file.
X509(java.io.InputStream is)
          Construct from the specified input stream.
X509(java.net.URL url)
          Construct from the specified URL.
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter)
          Deprecated. Use the individual methods X509(), setSubject(X500Name), setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setNotAfterDate(Date), setNotBeforeDate(Date), setSerialNo(BigInteger), then finally call sign()
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, oracle.security.crypto.core.AlgorithmIdentifier signAlg)
          Deprecated. Use the individual methods X509(), setSubject(X500Name), setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setNotAfterDate(Date), setNotBeforeDate(Date) setSerialNo(BigInteger) then finally call sign()
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)
          Deprecated. Use the individual methods X509(), setSubject(X500Name), setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
X509(X500Name subject, oracle.security.crypto.core.PublicKey subjectKey, X500Name issuer, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, oracle.security.crypto.core.AlgorithmIdentifier signAlg)
          Deprecated. Use the individual methods X509(), setSubject(X500Name), setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
X509(X500Name subject, SPKAC spkac, X509 issuerCertificate, oracle.security.crypto.core.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days)
          Creates a new, signed certificate using the given SPKAC object.

 

Method Summary
 void addExtension(X509Extension ext)
          Add an extension.
 void checkValidity()
          X509Certificate.checkValidity()
 void checkValidity(java.util.Date date)
          X509Certificate.checkValidity(Date)
protected  void decode()
           
 boolean equals(java.lang.Object o)
          Compare this certificate to the specified object.
 int getBasicConstraints()
          X509Certificate.getBasicConstraints()
 byte[] getCertID(oracle.security.crypto.core.MessageDigest md)
          Deprecated. Use getCertID(String)
 byte[] getCertID(java.lang.String messageDigestAlg)
          Compute the ID of this certificate.
static byte[] getCertID(X500Name issuer, java.math.BigInteger serial, oracle.security.crypto.core.MessageDigest md)
          Compute the ID of a certificate.
 java.util.Set<java.lang.String> getCriticalExtensionOIDs()
          X509Extension.getCriticalExtensionOIDs()
 byte[] getEncoded()
          Returns the ASN.1 encoding.
 java.util.List<java.lang.String> getExtendedKeyUsage()
          X509Certificate.getExtendedKeyUsage()
 X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid)
          Return the first extension with the specified ID, or null if it was not present.
 X509ExtensionSet getExtensionSet()
          Returns the set of X509Extensions.
 byte[] getExtensionValue(java.lang.String oid)
          X509Extension.getExtensionValue(String)
 byte[] getFingerprint()
          Compute and return MD5 fingerprint of the certificate.
 Entity getHolder()
          Get the holder of the certificate.
 X500Name getIssuer()
          Returns the name of the issuer.
 java.util.Collection<java.util.List<?>> getIssuerAlternativeNames()
          X509Certificate.getIssuerAlternativeNames()
 java.security.Principal getIssuerDN()
          X509Certificate.getIssuerDN()
 boolean[] getIssuerUniqueID()
          X509Certificate.getIssuerUniqueID()
 javax.security.auth.x500.X500Principal getIssuerX500Principal()
          X509Certificate.getIssuerX500Principal()
 boolean[] getKeyUsage()
          X509Certificate.getKeyUsage()
 java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()
          X509Extension.getCriticalExtensionOIDs()
 java.util.Date getNotAfter()
          X509Certificate.getNotAfter()
 java.util.Date getNotAfterDate()
          Get the not after date.
 java.util.Date getNotBefore()
          X509Certificate.getNotBefore()
 java.util.Date getNotBeforeDate()
          Get the not before date.
 oracle.security.crypto.core.PublicKey getPublicKey()
          Gets the public key.
 java.math.BigInteger getSerialNo()
          Get the serial number.
 java.math.BigInteger getSerialNumber()
          X509Certificate.getSerialNumber()
 java.lang.String getSigAlgName()
          X509Certificate.getSigAlgName()
 oracle.security.crypto.asn1.ASN1ObjectID getSigAlgOID()
          Get the signature algorithm OID used for signing this certificate.
 byte[] getSigAlgParams()
          X509Certificate.getSigAlgParams()
 java.lang.String getSigAlgString()
          Get the string representation of the signature algorithm used to sign this certificate.
 byte[] getSigBytes()
          Returns the signature bytes, signing the certificate first if needed.
 byte[] getSignature()
          X509Certificate.getSignature()
 X500Name getSubject()
          Returns the name of the subject of this certificate (same as getHolder, except the return type is X500Name).
 java.util.Collection<java.util.List<?>> getSubjectAlternativeNames()
          X509Certificate.getSubjectAlternativeNames()
 java.security.Principal getSubjectDN()
          X509Certificate.getSubjectDN()
 boolean[] getSubjectUniqueID()
          X509Certificate.getSubjectUniqueID()
 javax.security.auth.x500.X500Principal getSubjectX500Principal()
          X509Certificate.getSubjectX500Principal()
 byte[] getTBSCertificate()
          X509Certificate.getTBSCertificate()
 int getVersion()
          X509Certificate.getVersion()
 int hashCode()
           
 boolean hasUnrecognizedCriticalExtension()
          Indicates whether this certificate contains an unrecognized critical extesion.
 boolean hasUnsupportedCriticalExtension()
          X509Extension.hasUnsupportedCriticalExtension()
 void input(java.io.InputStream is)
           
 int length()
          Returns length of DER encoding of this certificate.
 void output(java.io.OutputStream os)
          Output to the specified output stream.
 void readExternal(java.io.ObjectInput is)
           
 void setExtensions(X509ExtensionSet exts)
          Set the X509Extensionss.
 void setHolder(X500Name holder)
          Set the holder of the certificate.
 void setIssuer(X500Name issuer)
          Sets the issuer name which will be used to sign this certificate.
 void setIssuerCertificate(X509 ic)
          Deprecated. Use setIssuerCertificate(X509Certificate)
 void setIssuerCertificate(java.security.cert.X509Certificate ic)
          Specifies the issuer certificate that will be used to verify this certificate.
 void setIssuerCRL(CRL crl)
          Set the issuer CRL.
 void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik)
          Deprecated. Use setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
 void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
          Deprecated. Use setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
 void setIssuerPrivateKey(java.security.PrivateKey ik, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
          Specifies the private key that will be used to sign this certificate.
 void setNotAfterDate(java.util.Date nad)
          Set the not after date.
 void setNotBeforeDate(java.util.Date nbd)
          Set the not before date.
 void setPublicKey(oracle.security.crypto.core.PublicKey key)
          Deprecated. Use setPublicKey(java.security.PublicKey)
 void setPublicKey(java.security.PublicKey key)
          Sets the public key.
 void setSerialNo(java.math.BigInteger sn)
          Set the serial number.
 void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
          Set the signing algorithm.
 void setSubject(X500Name subject)
          Sets the name of the subject of this certificate.
 void setValidity(int days)
          Set validity period for the specified number of days.
 void sign()
          Generate the contents of this certificate and sign it.
 void sign(oracle.security.crypto.core.RandomBitsSource rbs)
          Deprecated. Use sign()
 java.lang.String toString()
          Returns a verbose humanly readable representation of this certificate.
static X509 toX509(java.security.cert.X509Certificate cert)
          Converts an X509Certificate to X509.
 java.security.cert.X509Certificate toX509Certificate()
          Get the X509Certificate.
 boolean verify()
          Verifies this certificate.
 void verify(java.security.PublicKey key)
          Certificate.verify(java.security.PublicKey)
 void verify(java.security.PublicKey key, java.lang.String sigProvider)
          Certificate.verify(java.security.PublicKey, String)
 boolean verifyCertCRL()
          Verify certificate against the issuer CRL.
 boolean verifyCertDate()
          Verify the date of the certificate.
 boolean verifyCertSignature()
          Verify the signature of the certificate.
 boolean verifySignature(byte[] docBytes, byte[] sigBytes, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
          Verify a signature made with this certificate's public key.
 void writeExternal(java.io.ObjectOutput os)
           

 

Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait

 

Field Detail

isDecoded

protected boolean isDecoded

Constructor Detail

X509

public X509()
Creates a new empty instance.

X509

public X509(java.io.InputStream is)
     throws java.io.IOException
Construct from the specified input stream.
Throws:
java.io.IOException

X509

public X509(java.io.File file)
     throws java.io.IOException
Construct from the specified file.
Throws:
java.io.IOException

X509

public X509(java.net.URL url)
     throws java.io.IOException
Construct from the specified URL.
Throws:
java.io.IOException

X509

public X509(byte[] data)
     throws java.io.IOException
Constructs an X.509 certificate from the given DER encoding.
Throws:
java.io.IOException

X509

public X509(CertificateRequest cr,
            X509 issuerCertificate,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws oracle.security.crypto.core.SignatureException
Deprecated. Use the individual methods X509(), setSubject(X500Name) from CertificateRequest.getSubject() setPublicKey(java.security.PublicKey) from CertificateRequest.getPublicKey(), setIssuerCertificate(X509Certificate), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
Construct new, signed certificate using the given PKCS #10 certificate request.
Parameters:
cr - the certificate request
issuer - the issuer's certificate
issuerPrivateKey - the issuer's private key
serial - the serial number of the new certificate
days - number of days for which the certificate shall be valid
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(CertificateRequest cr,
            X509 issuerCertificate,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days,
            oracle.security.crypto.core.AlgorithmIdentifier signAlg)
     throws oracle.security.crypto.core.SignatureException
Deprecated. Use the individual methods X509(), setSubject(X500Name) from CertificateRequest.getSubject() setPublicKey(java.security.PublicKey) from CertificateRequest.getPublicKey(), setIssuerCertificate(X509Certificate), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
Construct new, signed certificate using the given PKCS #10 certificate request.
Parameters:
cr - the certificate request
issuer - the issuer's certificate
issuerPrivateKey - the issuer's private key
serial - the serial number of the new certificate
days - number of days for which the certificate shall be valid
signAlg - the signature algorithm to use
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            SPKAC spkac,
            X509 issuerCertificate,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws oracle.security.crypto.core.SignatureException
Creates a new, signed certificate using the given SPKAC object.
Parameters:
subject - the subject's name
spkac - the subject's Signed PublicKey And Chanllenge
issuerCertificate - the issuer's certificate
serial - the serial number of the new certificate
days - number of days for which the certificate shall be valid
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            oracle.security.crypto.core.PublicKey subjectKey,
            X500Name issuer,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws oracle.security.crypto.core.SignatureException
Deprecated. Use the individual methods X509(), setSubject(X500Name), setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
Creates a new, signed certificate with the given name and public key.
Parameters:
subject - the subject's name
subjectKey - the subject's public key
issuer - the issuer's certificate
issuerPrivateKey - the issuer's private key
serial - the serial number of the new certificate
days - number of days for which the certificate shall be valid
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            oracle.security.crypto.core.PublicKey subjectKey,
            X500Name issuer,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days,
            oracle.security.crypto.core.AlgorithmIdentifier signAlg)
     throws oracle.security.crypto.core.SignatureException
Deprecated. Use the individual methods X509(), setSubject(X500Name), setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
Creates a new, signed certificate with the given name and public key.
Parameters:
subject - the subject's name
subjectKey - the subject's public key
issuer - the issuer's certificate
issuerPrivateKey - the issuer's private key
serial - the serial number of the new certificate
days - number of days for which the certificate shall be valid
signAlg - the signature algorithm to use
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            oracle.security.crypto.core.PublicKey subjectKey,
            X500Name issuer,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            java.util.Date notBefore,
            java.util.Date notAfter)
     throws oracle.security.crypto.core.SignatureException
Deprecated. Use the individual methods X509(), setSubject(X500Name), setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setNotAfterDate(Date), setNotBeforeDate(Date), setSerialNo(BigInteger), then finally call sign()
Creates a new, signed certificate with the given name and public key, having the given validity dates.
Parameters:
subject - the subject's name
subjectKey - the subject's public key
issuer - the issuer's certificate
issuerPrivateKey - the issuer's private key
serial - the serial number of the new certificate
notBefore - the first day for which the certificate shall be valid
notAfter - the last day for which the certificate shall be valid
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            oracle.security.crypto.core.PublicKey subjectKey,
            X500Name issuer,
            oracle.security.crypto.core.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            java.util.Date notBefore,
            java.util.Date notAfter,
            oracle.security.crypto.core.AlgorithmIdentifier signAlg)
     throws oracle.security.crypto.core.SignatureException
Deprecated. Use the individual methods X509(), setSubject(X500Name), setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setNotAfterDate(Date), setNotBeforeDate(Date) setSerialNo(BigInteger) then finally call sign()
Creates a new, signed certificate with the given name and public key, having the given validity dates.
Parameters:
subject - the subject's name
subjectKey - the subject's public key
issuer - the issuer's certificate
issuerPrivateKey - the issuer's private key
serial - the serial number of the new certificate
notBefore - the first day for which the certificate shall be valid
notAfter - the last day for which the certificate shall be valid
signAlg - the signature algorithm to use
Throws:
oracle.security.crypto.core.SignatureException - if there is an error in the signature process

Method Detail

toX509

public static X509 toX509(java.security.cert.X509Certificate cert)
Converts an X509Certificate to X509.

If the X509Certificate was wrapper object obtained by toX509Certificate() then this method simply returns the underlying X509 object.

Parameters:
cert -
Returns:

decode

protected void decode()

sign

public void sign()
          throws oracle.security.crypto.core.SignatureException
Generate the contents of this certificate and sign it.
Throws:
oracle.security.crypto.core.SignatureException - if there is an error during signing

sign

public void sign(oracle.security.crypto.core.RandomBitsSource rbs)
          throws oracle.security.crypto.core.SignatureException
Deprecated. Use sign()
Generate the contents of this certificate and sign it.
Parameters:
rbs - the random number generator to be used for signing, it is ignored.
Throws:
oracle.security.crypto.core.SignatureException - if there is an error during signing

getSigBytes

public byte[] getSigBytes()
                   throws oracle.security.crypto.core.SignatureException
Returns the signature bytes, signing the certificate first if needed.
Throws:
oracle.security.crypto.core.SignatureException

input

public void input(java.io.InputStream is)
           throws java.io.IOException
Specified by:
input in interface oracle.security.crypto.util.Streamable
Throws:
java.io.IOException

output

public void output(java.io.OutputStream os)
            throws java.io.IOException
Output to the specified output stream.
Specified by:
output in interface oracle.security.crypto.util.Streamable
Throws:
java.io.IOException

length

public int length()
Returns length of DER encoding of this certificate.

Throws a StreamableOutputException if an error occurs while generating the DER encoding.

Specified by:
length in interface oracle.security.crypto.util.Streamable

getEncoded

public byte[] getEncoded()
Returns the ASN.1 encoding.

Throws a StreamableOutputException if an error occurs while generating the encoded bytes.


verify

public boolean verify()
               throws oracle.security.crypto.core.AuthenticationException
Verifies this certificate.

More precisely:

Specified by:
verify in class Certificate
Returns:
true if the certificate is valid, and false otherwise
Throws:
oracle.security.crypto.core.AuthenticationException - If the verification operation could not be performed for some reason (for example, a necessary credential or token has the wrong format)
See Also:
setIssuerCertificate(oracle.security.crypto.cert.X509), setIssuerCRL(oracle.security.crypto.cert.CRL)

verifyCertDate

public boolean verifyCertDate()
Verify the date of the certificate.

verifyCertSignature

public boolean verifyCertSignature()
                            throws oracle.security.crypto.core.AuthenticationException
Verify the signature of the certificate. To use this method, the issuer certificate must be set.
Throws:
oracle.security.crypto.core.AuthenticationException
See Also:
setIssuerCertificate(oracle.security.crypto.cert.X509)

verifyCertCRL

public boolean verifyCertCRL()
Verify certificate against the issuer CRL. To use this method, the issuer CRL must be set.
See Also:
setIssuerCRL(oracle.security.crypto.cert.CRL)

getHolder

public Entity getHolder()
Get the holder of the certificate.
Overrides:
getHolder in class Certificate
Returns:
the holder

setHolder

public void setHolder(X500Name holder)
Set the holder of the certificate.

getPublicKey

public oracle.security.crypto.core.PublicKey getPublicKey()
Gets the public key.
Overrides:
getPublicKey in class Certificate
Returns:
the public key

setPublicKey

public void setPublicKey(oracle.security.crypto.core.PublicKey key)
Deprecated. Use setPublicKey(java.security.PublicKey)
Sets the public key.

setPublicKey

public void setPublicKey(java.security.PublicKey key)
Sets the public key.

getNotBeforeDate

public java.util.Date getNotBeforeDate()
Get the not before date.

setNotBeforeDate

public void setNotBeforeDate(java.util.Date nbd)
Set the not before date.

getNotAfterDate

public java.util.Date getNotAfterDate()
Get the not after date.

setNotAfterDate

public void setNotAfterDate(java.util.Date nad)
Set the not after date.

setValidity

public void setValidity(int days)
Set validity period for the specified number of days.

getSubject

public X500Name getSubject()
Returns the name of the subject of this certificate (same as getHolder, except the return type is X500Name).

setSubject

public void setSubject(X500Name subject)
Sets the name of the subject of this certificate. Does the same things as setHolder.

getIssuer

public X500Name getIssuer()
Returns the name of the issuer.

setIssuer

public void setIssuer(X500Name issuer)
Sets the issuer name which will be used to sign this certificate.

setIssuerCertificate

public void setIssuerCertificate(X509 ic)
Deprecated. Use setIssuerCertificate(X509Certificate)
Specifies the issuer certificate that will be used to verify this certificate. This also sets the issuer name if none was previously set.

The certificate specified here will not be part of this certificate's persistent state.

Parameters:
ic - The certificate of the entity which issued this certificate

setIssuerCertificate

public void setIssuerCertificate(java.security.cert.X509Certificate ic)
Specifies the issuer certificate that will be used to verify this certificate. This also sets the issuer name if none was previously set.

The certificate specified here will not be part of this certificate's persistent state.

Parameters:
ic - The certificate of the entity which issued this certificate

setIssuerPrivateKey

public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik)
Deprecated. Use setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
Specifies the private key that will be used to sign this certificate.

The value specified here will not be contained in this certificate's persistent state.

Parameters:
ik - The private key of the entity which is issuing this certificate.

setIssuerPrivateKey

public void setIssuerPrivateKey(oracle.security.crypto.core.PrivateKey ik,
                                oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Deprecated. Use setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
Specifies the private key that will be used to sign this certificate.

The value specified here will not be contained in this certificate's persistent state.

Parameters:
ik - The private key of the entity which is issuing this certificate.
sigAlgID -

setIssuerPrivateKey

public void setIssuerPrivateKey(java.security.PrivateKey ik,
                                oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Specifies the private key that will be used to sign this certificate.

The value specified here will not be contained in this certificate's persistent state.

Parameters:
ik - The private key of the entity which is issuing this certificate.
sigAlgID - Signing algorithm

setSigAlgID

public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Set the signing algorithm. For example AlgID.sha_1WithRSAEncryption AlgID.sha224WithRSAEncryption AlgID.sha256WithRSAEncryption AlgID.sha384WithRSAEncryption AlgID.sha512WithRSAEncryption AlgID.dsaWithSHA1
Parameters:
sigAlgID -

setIssuerCRL

public void setIssuerCRL(CRL crl)
Set the issuer CRL.

getSerialNo

public java.math.BigInteger getSerialNo()
Get the serial number.

setSerialNo

public void setSerialNo(java.math.BigInteger sn)
Set the serial number.

hasUnrecognizedCriticalExtension

public boolean hasUnrecognizedCriticalExtension()
Indicates whether this certificate contains an unrecognized critical extesion. If so, the certificate will necessarily be rejected.
Returns:
true if this certificate contains at least one unrecognized critical extension, and false if it has none.

getExtensionSet

public X509ExtensionSet getExtensionSet()
Returns the set of X509Extensions.
Returns:
A X509ExtensionSet, or null if no extensions are defined.

getExtension

public X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID oid)
Return the first extension with the specified ID, or null if it was not present.

setExtensions

public void setExtensions(X509ExtensionSet exts)
Set the X509Extensionss.

addExtension

public void addExtension(X509Extension ext)
Add an extension.

getFingerprint

public byte[] getFingerprint()
Compute and return MD5 fingerprint of the certificate.

getCertID

public static byte[] getCertID(X500Name issuer,
                               java.math.BigInteger serial,
                               oracle.security.crypto.core.MessageDigest md)
Compute the ID of a certificate. The ID is computed as the hash of the issuer's name and serial number.
Parameters:
issuer - the issuer's name
serial - the serial number
md - the hash function to use

getCertID

public byte[] getCertID(oracle.security.crypto.core.MessageDigest md)
Deprecated. Use getCertID(String)
Compute the ID of this certificate. The ID is computed as the hash of the issuer's name and serial number.
Parameters:
md - the hash function to use

getCertID

public byte[] getCertID(java.lang.String messageDigestAlg)
Compute the ID of this certificate. The ID is computed as the hash of the issuer's name and serial number.
Parameters:
md - the hash function to use

getSigAlgOID

public oracle.security.crypto.asn1.ASN1ObjectID getSigAlgOID()
Get the signature algorithm OID used for signing this certificate.

getSigAlgString

public java.lang.String getSigAlgString()
Get the string representation of the signature algorithm used to sign this certificate. Returns one of: "RSA/MD2", "RSA/MD5", "RSA/SHA", "DSA", "DSAold", "DSAold2", or the numeric representation of the OID, if it is not recognized.

verifySignature

public boolean verifySignature(byte[] docBytes,
                               byte[] sigBytes,
                               oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
                        throws oracle.security.crypto.core.AuthenticationException
Verify a signature made with this certificate's public key.
Parameters:
docBytes - The signed document.
sigBytes - The signature.
sigAlgID - The algorithm ID used for the signature.
Throws:
oracle.security.crypto.core.AuthenticationException - if an error ocurrs during verification.

equals

public boolean equals(java.lang.Object o)
Compare this certificate to the specified object. Returns true if and only if the argument is not null and is an X509 or X509certificateobject which has the same DER encoding as this object.
Overrides:
equals in class java.lang.Object

hashCode

public int hashCode()
Overrides:
hashCode in class java.lang.Object

toString

public java.lang.String toString()
Returns a verbose humanly readable representation of this certificate. This method is recommended to be used only for debugging.
Overrides:
toString in class java.lang.Object

writeExternal

public void writeExternal(java.io.ObjectOutput os)
                   throws java.io.IOException
Specified by:
writeExternal in interface java.io.Externalizable
Throws:
java.io.IOException

readExternal

public void readExternal(java.io.ObjectInput is)
                  throws java.io.IOException,
                         java.lang.ClassNotFoundException
Specified by:
readExternal in interface java.io.Externalizable
Throws:
java.io.IOException
java.lang.ClassNotFoundException

toX509Certificate

public java.security.cert.X509Certificate toX509Certificate()
Get the X509Certificate. This does not actually convert the certificate, rather it just returns a wrapper class which adapts the X509 class to the X509Certificate interface.

If you want to convert to an X509Certificate of the different implementation do not use this method, Instead use CertificateFactory.generateCertificate

Returns:

checkValidity

public void checkValidity()
                   throws java.security.cert.CertificateExpiredException,
                          java.security.cert.CertificateNotYetValidException
X509Certificate.checkValidity()
Throws:
java.security.cert.CertificateExpiredException
java.security.cert.CertificateNotYetValidException

checkValidity

public void checkValidity(java.util.Date date)
                   throws java.security.cert.CertificateExpiredException,
                          java.security.cert.CertificateNotYetValidException
X509Certificate.checkValidity(Date)
Parameters:
date -
Throws:
java.security.cert.CertificateExpiredException
java.security.cert.CertificateNotYetValidException

getBasicConstraints

public int getBasicConstraints()
X509Certificate.getBasicConstraints()
Returns:

getIssuerDN

public java.security.Principal getIssuerDN()
X509Certificate.getIssuerDN()
Returns:

getIssuerX500Principal

public javax.security.auth.x500.X500Principal getIssuerX500Principal()
X509Certificate.getIssuerX500Principal()
Returns:

getSubjectX500Principal

public javax.security.auth.x500.X500Principal getSubjectX500Principal()
X509Certificate.getSubjectX500Principal()
Returns:

getIssuerUniqueID

public boolean[] getIssuerUniqueID()
X509Certificate.getIssuerUniqueID()
Returns:

getKeyUsage

public boolean[] getKeyUsage()
X509Certificate.getKeyUsage()
Returns:

getNotAfter

public java.util.Date getNotAfter()
X509Certificate.getNotAfter()
Returns:

getNotBefore

public java.util.Date getNotBefore()
X509Certificate.getNotBefore()
Returns:

getSerialNumber

public java.math.BigInteger getSerialNumber()
X509Certificate.getSerialNumber()
Returns:

getSigAlgName

public java.lang.String getSigAlgName()
X509Certificate.getSigAlgName()
Returns:

getSigAlgParams

public byte[] getSigAlgParams()
X509Certificate.getSigAlgParams()
Returns:

getSignature

public byte[] getSignature()
X509Certificate.getSignature()
Returns:

getSubjectDN

public java.security.Principal getSubjectDN()
X509Certificate.getSubjectDN()
Returns:

getSubjectUniqueID

public boolean[] getSubjectUniqueID()
X509Certificate.getSubjectUniqueID()
Returns:

getTBSCertificate

public byte[] getTBSCertificate()
                         throws java.security.cert.CertificateEncodingException
X509Certificate.getTBSCertificate()
Returns:
Throws:
java.security.cert.CertificateEncodingException

getVersion

public int getVersion()
X509Certificate.getVersion()
Returns:
Throws:
java.security.cert.CertificateEncodingException

verify

public void verify(java.security.PublicKey key,
                   java.lang.String sigProvider)
            throws java.security.cert.CertificateException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   java.security.NoSuchProviderException,
                   java.security.SignatureException
Certificate.verify(java.security.PublicKey, String)
Parameters:
key -
sigProvider -
Throws:
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.SignatureException

verify

public void verify(java.security.PublicKey key)
            throws java.security.cert.CertificateException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   java.security.NoSuchProviderException,
                   java.security.SignatureException
Certificate.verify(java.security.PublicKey)
Parameters:
key -
Throws:
java.security.cert.CertificateException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.SignatureException

getCriticalExtensionOIDs

public java.util.Set<java.lang.String> getCriticalExtensionOIDs()
X509Extension.getCriticalExtensionOIDs()
Returns:

getExtensionValue

public byte[] getExtensionValue(java.lang.String oid)
X509Extension.getExtensionValue(String)
Parameters:
oid -
Returns:
See Also:
#getExtension(ASN1ObjectID)}

getNonCriticalExtensionOIDs

public java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()
X509Extension.getCriticalExtensionOIDs()
Returns:

hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()
X509Extension.hasUnsupportedCriticalExtension()
Returns:

getExtendedKeyUsage

public java.util.List<java.lang.String> getExtendedKeyUsage()
                                                     throws java.security.cert.CertificateParsingException
X509Certificate.getExtendedKeyUsage()
Returns:
Throws:
java.security.cert.CertificateParsingException

getIssuerAlternativeNames

public java.util.Collection<java.util.List<?>> getIssuerAlternativeNames()
                                                                  throws java.security.cert.CertificateParsingException
X509Certificate.getIssuerAlternativeNames()
Returns:
Throws:
java.security.cert.CertificateParsingException

getSubjectAlternativeNames

public java.util.Collection<java.util.List<?>> getSubjectAlternativeNames()
                                                                   throws java.security.cert.CertificateParsingException
X509Certificate.getSubjectAlternativeNames()
Returns:
Throws:
java.security.cert.CertificateParsingException

Skip navigation links

Oracle Fusion Middleware Security Engine Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1)

E10674-04


Copyright © 2005, 2011 , Oracle. All rights reserved.