All Superinterfaces:: Certificate

public interface X509Certificate
extends Certificate

The X509Certificate interface is the interface to represent X509 certificates as specified in RFC 5280.

In June of 1996, the basic X.509 v3 format was completed by ISO/IEC and ANSI X9, which is described below in ASN.1:

 Certificate  ::=  SEQUENCE  {
    tbsCertificate       TBSCertificate,
    signatureAlgorithm   AlgorithmIdentifier,
    signature            BIT STRING  }

The ASN.1 definition of tbsCertificate is:

 TBSCertificate  ::=  SEQUENCE  {
    version         [0]  EXPLICIT Version DEFAULT v1,
    serialNumber         CertificateSerialNumber,
    signature            AlgorithmIdentifier,
    issuer               Name,
    validity             Validity,
    subject              Name,
    subjectPublicKeyInfo SubjectPublicKeyInfo,
    issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version must be v2 or v3
    subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version must be v2 or v3
    extensions      [3]  EXPLICIT Extensions OPTIONAL
                         -- If present, version must be v3
    }

  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }

  CertificateSerialNumber  ::=  INTEGER

  Validity ::= SEQUENCE {
       notBefore      Time,
       notAfter       Time }

  Time ::= CHOICE {
       utcTime        UTCTime,
       generalTime    GeneralizedTime }

  UniqueIdentifier  ::=  BIT STRING

  SubjectPublicKeyInfo  ::=  SEQUENCE  {
       algorithm            AlgorithmIdentifier,
       subjectPublicKey     BIT STRING  }

  Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension

  Extension  ::=  SEQUENCE  {
       extnID      OBJECT IDENTIFIER,
       critical    BOOLEAN DEFAULT FALSE,
       extnValue   OCTET STRING
                   -- contains the DER encoding of an ASN.1 value
                   -- corresponding to the extension type identified
                   -- by extnID
       }

Since:: 3.1
See Also:: Certificate

Nested Class Summary

Nested Classes
Modifier and Type	Interface	Description
`static interface`	`X509Certificate.ExtensionHandler`	`ExtensionHandler` is a specialized `CertificateParser.ParserHandler` that will be triggered by the `CertificateParser` each time a certificate extension is found.
`static interface`	`X509Certificate.FieldHandler`	`FieldHandler` is a specialized `CertificateParser.ParserHandler` that will be triggered by the `CertificateParser` each time a certificate field is found.

Field Summary

Fields
Modifier and Type	Field	Description
`static short`	`FIELD_CERTIFICATE_SIGNATURE`	Field identifier for the DER-encoding of the certificate signature (signature BIT STRING of Certificate asn.1 SEQUENCE).
`static short`	`FIELD_CERTIFICATE_SIGNATURE_ALG`	Field identifier for the DER-encoding of the certificate signature algorithm (signatureAlgorithm SEQUENCE of Certificate asn.1 SEQUENCE).
`static short`	`FIELD_CERTIFICATE_TBS`	Field identifier for the DER-encoding of the certificate To Be Signed (TBSCertificate SEQUENCE of Certificate asn.1 SEQUENCE).
`static short`	`FIELD_TBS_ISSUER`	Field identifier for the DER-encoding of the the To Be Signed certificate issuer (issuer CHOICE of TBSCertificate asn.1 SEQUENCE).
`static short`	`FIELD_TBS_ISSUER_UID`	Field identifier for the DER-encoding of the the To Be Signed certificate issuer unique identifier (issuerUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).
`static short`	`FIELD_TBS_NOT_AFTER`	Field identifier for the DER-encoding of the notAfter validity time (notAfter CHOICE of the Validity asn.1 SEQUENCE).
`static short`	`FIELD_TBS_NOT_BEFORE`	Field identifier for the DER-encoding of the notBefore validity time (notBefore CHOICE of the Validity asn.1 SEQUENCE).
`static short`	`FIELD_TBS_PUBLIC_KEY_INFO`	Field identifier for the DER-encoding of the the To Be Signed certificate public key info (subjectPublicKeyInfo SEQUENCE of TBSCertificate asn.1 SEQUENCE).
`static short`	`FIELD_TBS_SERIAL_NUMBER`	Field identifier for the INTEGER DER-encoding of the To Be Signed certificate serial number (serialNumber INTEGER of TBSCertificate asn.1 SEQUENCE).
`static short`	`FIELD_TBS_SIGNATURE_ALG`	Field identifier for the DER-encoding of the To Be Signed certificate signature (signature SEQUENCE of TBSCertificate asn.1 SEQUENCE).
`static short`	`FIELD_TBS_SUBJECT`	Field identifier for the DER-encoding of the the To Be Signed certificate subject (subject CHOICE of TBSCertificate asn.1 SEQUENCE).
`static short`	`FIELD_TBS_SUBJECT_UID`	Field identifier for the DER-encoding of the the To Be Signed certificate subject unique identifier (subjectUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).
`static short`	`FIELD_TBS_VERSION`	Field identifier for the DER-encoding of the To Be Signed certificate version (version INTEGER of the TBSCertificate asn.1 SEQUENCE).

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method	Description
`byte[]`	`getExtension(byte[] oid, short offset, short length)`	Get the extension matching an OID or return null if not found.
`void`	`getExtensions(X509Certificate.ExtensionHandler handler)`	Allows to access extensions of this certificate and trigger the `X509Certificate.ExtensionHandler` interface for each extension.
`byte[]`	`getField(short field)`	Gets a field value or null if not found.
`short`	`getVersion()`	Gets the version (version number) value from the certificate.

Methods inherited from interface javacardx.security.cert.Certificate
getPublicKey, getType, verify

- Field Detail
  - FIELD_TBS_VERSION
```
static final short FIELD_TBS_VERSION
```
    Field identifier for the DER-encoding of the To Be Signed certificate version (version INTEGER of the TBSCertificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_TBS_SERIAL_NUMBER
```
static final short FIELD_TBS_SERIAL_NUMBER
```
    Field identifier for the INTEGER DER-encoding of the To Be Signed certificate serial number (serialNumber INTEGER of TBSCertificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_TBS_SIGNATURE_ALG
```
static final short FIELD_TBS_SIGNATURE_ALG
```
    Field identifier for the DER-encoding of the To Be Signed certificate signature (signature SEQUENCE of TBSCertificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_TBS_ISSUER
```
static final short FIELD_TBS_ISSUER
```
    Field identifier for the DER-encoding of the the To Be Signed certificate issuer (issuer CHOICE of TBSCertificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_TBS_NOT_AFTER
```
static final short FIELD_TBS_NOT_AFTER
```
    Field identifier for the DER-encoding of the notAfter validity time (notAfter CHOICE of the Validity asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_TBS_NOT_BEFORE
```
static final short FIELD_TBS_NOT_BEFORE
```
    Field identifier for the DER-encoding of the notBefore validity time (notBefore CHOICE of the Validity asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_TBS_SUBJECT
```
static final short FIELD_TBS_SUBJECT
```
    Field identifier for the DER-encoding of the the To Be Signed certificate subject (subject CHOICE of TBSCertificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_TBS_PUBLIC_KEY_INFO
```
static final short FIELD_TBS_PUBLIC_KEY_INFO
```
    Field identifier for the DER-encoding of the the To Be Signed certificate public key info (subjectPublicKeyInfo SEQUENCE of TBSCertificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_TBS_ISSUER_UID
```
static final short FIELD_TBS_ISSUER_UID
```
    Field identifier for the DER-encoding of the the To Be Signed certificate issuer unique identifier (issuerUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_TBS_SUBJECT_UID
```
static final short FIELD_TBS_SUBJECT_UID
```
    Field identifier for the DER-encoding of the the To Be Signed certificate subject unique identifier (subjectUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_CERTIFICATE_TBS
```
static final short FIELD_CERTIFICATE_TBS
```
    Field identifier for the DER-encoding of the certificate To Be Signed (TBSCertificate SEQUENCE of Certificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_CERTIFICATE_SIGNATURE_ALG
```
static final short FIELD_CERTIFICATE_SIGNATURE_ALG
```
    Field identifier for the DER-encoding of the certificate signature algorithm (signatureAlgorithm SEQUENCE of Certificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
  - FIELD_CERTIFICATE_SIGNATURE
```
static final short FIELD_CERTIFICATE_SIGNATURE
```
    Field identifier for the DER-encoding of the certificate signature (signature BIT STRING of Certificate asn.1 SEQUENCE).
    
    See Also:
    
    Constant Field Values
- Method Detail
  - getVersion
```
short getVersion()
```
    Gets the version (version number) value from the certificate. The ASN.1 definition for this is:
    version [0] EXPLICIT Version DEFAULT v1
    Version ::= INTEGER { v1(0), v2(1), v3(2) }
    
    Returns:
    
    the version number, i.e. 1, 2 or 3.
  - getField
```
byte[] getField(short field)
         throws CertificateException
```
    Gets a field value or null if not found.
    
    Parameters:
    
    field - the field identifier
    
    Returns:
    
    returns a temporary read-only array view on the specified field. May be null.
    
    Throws:
    
    CertificateException - - with INVALID_PARAM reason if the requested field constant is unknown
  - getExtension
```
byte[] getExtension(byte[] oid,
                    short offset,
                    short length)
             throws CertificateException
```
    Get the extension matching an OID or return null if not found. The return value is the DER-encoded SEQUENCE of an extension (Extension asn.1 SEQUENCE) including the OID itself.
    Parameters:
    
    oid - input buffer of the extension OID which is the DER-encoded OBJECT IDENTIFIER of the extension ID (extnID of the Extension asn.1 SEQUENCE)
    
    offset - offset of the OID within the input buffer
    
    length - length of the OID within the input buffer
    
    Returns:
    
    returns a temporary read-only array view of the specified extension. May be null.
    
    Throws:
    
    CertificateException - with the following reason code:
    
    CertificateException.INVALID_ENCODING if the OID encoding is incorrect.
  - getExtensions
```
void getExtensions(X509Certificate.ExtensionHandler handler)
```
    Allows to access extensions of this certificate and trigger the X509Certificate.ExtensionHandler interface for each extension.
    Note that after a call to this method, the value returned by the implementation of X509Certificate.ExtensionHandler.onExtension(byte[], boolean, byte[]) each time the related handler is triggered is ignored.
    Parameters:
    
    handler - the handler to trigger for each extension
    
    Throws:
    
    CertificateException - with the following reason codes:
    
    CertificateException.PARSER_HANDLER_EXCEPTION if an exception has been thrown by the X509Certificate.ExtensionHandler handler.

Interface X509Certificate

Nested Class Summary

Field Summary

Method Summary

Methods inherited from interface javacardx.security.cert.Certificate

Field Detail

FIELD_TBS_VERSION

FIELD_TBS_SERIAL_NUMBER

FIELD_TBS_SIGNATURE_ALG

FIELD_TBS_ISSUER

FIELD_TBS_NOT_AFTER

FIELD_TBS_NOT_BEFORE

FIELD_TBS_SUBJECT

FIELD_TBS_PUBLIC_KEY_INFO

FIELD_TBS_ISSUER_UID

FIELD_TBS_SUBJECT_UID

FIELD_CERTIFICATE_TBS

FIELD_CERTIFICATE_SIGNATURE_ALG

FIELD_CERTIFICATE_SIGNATURE

Method Detail

getVersion

getField

getExtension

getExtensions