Package javacardx.security.cert
Interface X509Certificate
-
- All Superinterfaces:
Certificate
public interface X509Certificate extends Certificate
TheX509Certificate
interface is the interface to represent X509 certificates as specified in RFC 5280.In June of 1996, the basic X.509 v3 format was completed by ISO/IEC and ANSI X9, which is described below in ASN.1:
Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }
The ASN.1 definition of tbsCertificate is:
TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL -- If present, version must be v3 }
Version ::= INTEGER { v1(0), v2(1), v3(2) }
CertificateSerialNumber ::= INTEGER
Validity ::= SEQUENCE { notBefore Time, notAfter Time }
Time ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
UniqueIdentifier ::= BIT STRING
SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING }
Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
Extension ::= SEQUENCE { extnID OBJECT IDENTIFIER, critical BOOLEAN DEFAULT FALSE, extnValue OCTET STRING -- contains the DER encoding of an ASN.1 value -- corresponding to the extension type identified -- by extnID }
- Since:
- 3.1
- See Also:
Certificate
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interface
X509Certificate.ExtensionHandler
ExtensionHandler
is a specializedCertificateParser.ParserHandler
that will be triggered by theCertificateParser
each time a certificate extension is found.static interface
X509Certificate.FieldHandler
FieldHandler
is a specializedCertificateParser.ParserHandler
that will be triggered by theCertificateParser
each time a certificate field is found.
-
Field Summary
Fields Modifier and Type Field Description static short
FIELD_CERTIFICATE_SIGNATURE
Field identifier for the DER-encoding of the certificate signature (signature BIT STRING of Certificate asn.1 SEQUENCE).static short
FIELD_CERTIFICATE_SIGNATURE_ALG
Field identifier for the DER-encoding of the certificate signature algorithm (signatureAlgorithm SEQUENCE of Certificate asn.1 SEQUENCE).static short
FIELD_CERTIFICATE_TBS
Field identifier for the DER-encoding of the certificate To Be Signed (TBSCertificate SEQUENCE of Certificate asn.1 SEQUENCE).static short
FIELD_TBS_ISSUER
Field identifier for the DER-encoding of the the To Be Signed certificate issuer (issuer CHOICE of TBSCertificate asn.1 SEQUENCE).static short
FIELD_TBS_ISSUER_UID
Field identifier for the DER-encoding of the the To Be Signed certificate issuer unique identifier (issuerUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).static short
FIELD_TBS_NOT_AFTER
Field identifier for the DER-encoding of the notAfter validity time (notAfter CHOICE of the Validity asn.1 SEQUENCE).static short
FIELD_TBS_NOT_BEFORE
Field identifier for the DER-encoding of the notBefore validity time (notBefore CHOICE of the Validity asn.1 SEQUENCE).static short
FIELD_TBS_PUBLIC_KEY_INFO
Field identifier for the DER-encoding of the the To Be Signed certificate public key info (subjectPublicKeyInfo SEQUENCE of TBSCertificate asn.1 SEQUENCE).static short
FIELD_TBS_SERIAL_NUMBER
Field identifier for the INTEGER DER-encoding of the To Be Signed certificate serial number (serialNumber INTEGER of TBSCertificate asn.1 SEQUENCE).static short
FIELD_TBS_SIGNATURE_ALG
Field identifier for the DER-encoding of the To Be Signed certificate signature (signature SEQUENCE of TBSCertificate asn.1 SEQUENCE).static short
FIELD_TBS_SUBJECT
Field identifier for the DER-encoding of the the To Be Signed certificate subject (subject CHOICE of TBSCertificate asn.1 SEQUENCE).static short
FIELD_TBS_SUBJECT_UID
Field identifier for the DER-encoding of the the To Be Signed certificate subject unique identifier (subjectUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).static short
FIELD_TBS_VERSION
Field identifier for the DER-encoding of the To Be Signed certificate version (version INTEGER of the TBSCertificate asn.1 SEQUENCE).
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description byte[]
getExtension(byte[] oid, short offset, short length)
Get the extension matching an OID or return null if not found.void
getExtensions(X509Certificate.ExtensionHandler handler)
Allows to access extensions of this certificate and trigger theX509Certificate.ExtensionHandler
interface for each extension.byte[]
getField(short field)
Gets a field value or null if not found.short
getVersion()
Gets the version (version number) value from the certificate.-
Methods inherited from interface javacardx.security.cert.Certificate
getPublicKey, getType, verify
-
-
-
-
Field Detail
-
FIELD_TBS_VERSION
static final short FIELD_TBS_VERSION
Field identifier for the DER-encoding of the To Be Signed certificate version (version INTEGER of the TBSCertificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_TBS_SERIAL_NUMBER
static final short FIELD_TBS_SERIAL_NUMBER
Field identifier for the INTEGER DER-encoding of the To Be Signed certificate serial number (serialNumber INTEGER of TBSCertificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_TBS_SIGNATURE_ALG
static final short FIELD_TBS_SIGNATURE_ALG
Field identifier for the DER-encoding of the To Be Signed certificate signature (signature SEQUENCE of TBSCertificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_TBS_ISSUER
static final short FIELD_TBS_ISSUER
Field identifier for the DER-encoding of the the To Be Signed certificate issuer (issuer CHOICE of TBSCertificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_TBS_NOT_AFTER
static final short FIELD_TBS_NOT_AFTER
Field identifier for the DER-encoding of the notAfter validity time (notAfter CHOICE of the Validity asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_TBS_NOT_BEFORE
static final short FIELD_TBS_NOT_BEFORE
Field identifier for the DER-encoding of the notBefore validity time (notBefore CHOICE of the Validity asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_TBS_SUBJECT
static final short FIELD_TBS_SUBJECT
Field identifier for the DER-encoding of the the To Be Signed certificate subject (subject CHOICE of TBSCertificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_TBS_PUBLIC_KEY_INFO
static final short FIELD_TBS_PUBLIC_KEY_INFO
Field identifier for the DER-encoding of the the To Be Signed certificate public key info (subjectPublicKeyInfo SEQUENCE of TBSCertificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_TBS_ISSUER_UID
static final short FIELD_TBS_ISSUER_UID
Field identifier for the DER-encoding of the the To Be Signed certificate issuer unique identifier (issuerUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_TBS_SUBJECT_UID
static final short FIELD_TBS_SUBJECT_UID
Field identifier for the DER-encoding of the the To Be Signed certificate subject unique identifier (subjectUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_CERTIFICATE_TBS
static final short FIELD_CERTIFICATE_TBS
Field identifier for the DER-encoding of the certificate To Be Signed (TBSCertificate SEQUENCE of Certificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_CERTIFICATE_SIGNATURE_ALG
static final short FIELD_CERTIFICATE_SIGNATURE_ALG
Field identifier for the DER-encoding of the certificate signature algorithm (signatureAlgorithm SEQUENCE of Certificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
FIELD_CERTIFICATE_SIGNATURE
static final short FIELD_CERTIFICATE_SIGNATURE
Field identifier for the DER-encoding of the certificate signature (signature BIT STRING of Certificate asn.1 SEQUENCE).- See Also:
- Constant Field Values
-
-
Method Detail
-
getVersion
short getVersion()
Gets the version (version number) value from the certificate. The ASN.1 definition for this is:version [0] EXPLICIT Version DEFAULT v1
Version ::= INTEGER { v1(0), v2(1), v3(2) }
- Returns:
- the version number, i.e. 1, 2 or 3.
-
getField
byte[] getField(short field) throws CertificateException
Gets a field value or null if not found.- Parameters:
field
- the field identifier- Returns:
- returns a temporary read-only array view on the specified field. May be null.
- Throws:
CertificateException
- - with INVALID_PARAM reason if the requested field constant is unknown
-
getExtension
byte[] getExtension(byte[] oid, short offset, short length) throws CertificateException
Get the extension matching an OID or return null if not found. The return value is the DER-encoded SEQUENCE of an extension (Extension asn.1 SEQUENCE) including the OID itself.- Parameters:
oid
- input buffer of the extension OID which is the DER-encoded OBJECT IDENTIFIER of the extension ID (extnID of the Extension asn.1 SEQUENCE)offset
- offset of the OID within the input bufferlength
- length of the OID within the input buffer- Returns:
- returns a temporary read-only array view of the specified extension. May be
null
. - Throws:
CertificateException
- with the following reason code:- CertificateException.INVALID_ENCODING if the OID encoding is incorrect.
-
getExtensions
void getExtensions(X509Certificate.ExtensionHandler handler)
Allows to access extensions of this certificate and trigger theX509Certificate.ExtensionHandler
interface for each extension.Note that after a call to this method, the value returned by the implementation of
X509Certificate.ExtensionHandler.onExtension(byte[], boolean, byte[])
each time the related handler is triggered is ignored.- Parameters:
handler
- the handler to trigger for each extension- Throws:
CertificateException
- with the following reason codes:- CertificateException.PARSER_HANDLER_EXCEPTION if an exception has been thrown by the
X509Certificate.ExtensionHandler
handler.
- CertificateException.PARSER_HANDLER_EXCEPTION if an exception has been thrown by the
-
-