Interface X509Certificate

All Superinterfaces:

Certificate

public interface X509Certificate
extends Certificate

The X509Certificate interface is the interface to represent X509 certificates as specified in RFC 5280.

In June of 1996, the basic X.509 v3 format was completed by ISO/IEC and ANSI X9, which is described below in ASN.1:

Certificate  ::=  SEQUENCE  {
   tbsCertificate       TBSCertificate,
   signatureAlgorithm   AlgorithmIdentifier,
   signature            BIT STRING  }

The ASN.1 definition of tbsCertificate is:

TBSCertificate  ::=  SEQUENCE  {
   version         [0]  EXPLICIT Version DEFAULT v1,
   serialNumber         CertificateSerialNumber,
   signature            AlgorithmIdentifier,
   issuer               Name,
   validity             Validity,
   subject              Name,
   subjectPublicKeyInfo SubjectPublicKeyInfo,
   issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                        -- If present, version must be v2 or v3
   subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                        -- If present, version must be v2 or v3
   extensions      [3]  EXPLICIT Extensions OPTIONAL
                        -- If present, version must be v3
   }

 Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }

 CertificateSerialNumber  ::=  INTEGER

 Validity ::= SEQUENCE {
      notBefore      Time,
      notAfter       Time }

 Time ::= CHOICE {
      utcTime        UTCTime,
      generalTime    GeneralizedTime }

 UniqueIdentifier  ::=  BIT STRING

 SubjectPublicKeyInfo  ::=  SEQUENCE  {
      algorithm            AlgorithmIdentifier,
      subjectPublicKey     BIT STRING  }

 Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension

 Extension  ::=  SEQUENCE  {
      extnID      OBJECT IDENTIFIER,
      critical    BOOLEAN DEFAULT FALSE,
      extnValue   OCTET STRING
                  -- contains the DER encoding of an ASN.1 value
                  -- corresponding to the extension type identified
                  -- by extnID
      }

Since:

3.1

See Also:

• Certificate

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static interface	X509Certificate.ExtensionHandler	ExtensionHandler is a specialized CertificateParser.ParserHandler that will be triggered by the CertificateParser each time a certificate extension is found.
static interface	X509Certificate.FieldHandler	FieldHandler is a specialized CertificateParser.ParserHandler that will be triggered by the CertificateParser each time a certificate field is found.

Field Summary

Fields

Modifier and Type	Field	Description
static final short	FIELD_CERTIFICATE_SIGNATURE	Field identifier for the DER-encoding of the certificate signature (signature BIT STRING of Certificate asn.1 SEQUENCE).
static final short	FIELD_CERTIFICATE_SIGNATURE_ALG	Field identifier for the DER-encoding of the certificate signature algorithm (signatureAlgorithm SEQUENCE of Certificate asn.1 SEQUENCE).
static final short	FIELD_CERTIFICATE_TBS	Field identifier for the DER-encoding of the certificate To Be Signed (TBSCertificate SEQUENCE of Certificate asn.1 SEQUENCE).
static final short	FIELD_TBS_ISSUER	Field identifier for the DER-encoding of the the To Be Signed certificate issuer (issuer CHOICE of TBSCertificate asn.1 SEQUENCE).
static final short	FIELD_TBS_ISSUER_UID	Field identifier for the DER-encoding of the the To Be Signed certificate issuer unique identifier (issuerUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).
static final short	FIELD_TBS_NOT_AFTER	Field identifier for the DER-encoding of the notAfter validity time (notAfter CHOICE of the Validity asn.1 SEQUENCE).
static final short	FIELD_TBS_NOT_BEFORE	Field identifier for the DER-encoding of the notBefore validity time (notBefore CHOICE of the Validity asn.1 SEQUENCE).
static final short	FIELD_TBS_PUBLIC_KEY_INFO	Field identifier for the DER-encoding of the the To Be Signed certificate public key info (subjectPublicKeyInfo SEQUENCE of TBSCertificate asn.1 SEQUENCE).
static final short	FIELD_TBS_SERIAL_NUMBER	Field identifier for the INTEGER DER-encoding of the To Be Signed certificate serial number (serialNumber INTEGER of TBSCertificate asn.1 SEQUENCE).
static final short	FIELD_TBS_SIGNATURE_ALG	Field identifier for the DER-encoding of the To Be Signed certificate signature (signature SEQUENCE of TBSCertificate asn.1 SEQUENCE).
static final short	FIELD_TBS_SUBJECT	Field identifier for the DER-encoding of the the To Be Signed certificate subject (subject CHOICE of TBSCertificate asn.1 SEQUENCE).
static final short	FIELD_TBS_SUBJECT_UID	Field identifier for the DER-encoding of the the To Be Signed certificate subject unique identifier (subjectUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).
static final short	FIELD_TBS_VERSION	Field identifier for the DER-encoding of the To Be Signed certificate version (version INTEGER of the TBSCertificate asn.1 SEQUENCE).

Method Summary

Modifier and Type	Method	Description
byte[]	getExtension(byte[] oid, short offset, short length)	Get the extension matching an OID or return null if not found.
void	getExtensions(X509Certificate.ExtensionHandler handler)	Allows to access extensions of this certificate and trigger the X509Certificate.ExtensionHandler interface for each extension.
byte[]	getField(short field)	Gets a field value or null if not found.
short	getVersion()	Gets the version (version number) value from the certificate.

Methods inherited from interface Certificate

getPublicKey, getType, verify

Modifier and Type	Method	Description
PublicKey	getPublicKey()	Gets the public key from this certificate.
short	getType()	Gets the type of this certificate
boolean	verify(PublicKey pubKey)	Verifies that this certificate was signed using the private key that corresponds to the specified public key.

Field Details

FIELD_TBS_VERSION

static final short FIELD_TBS_VERSION

Field identifier for the DER-encoding of the To Be Signed certificate version (version INTEGER of the TBSCertificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_TBS_SERIAL_NUMBER

static final short FIELD_TBS_SERIAL_NUMBER

Field identifier for the INTEGER DER-encoding of the To Be Signed certificate serial number (serialNumber INTEGER of TBSCertificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_TBS_SIGNATURE_ALG

static final short FIELD_TBS_SIGNATURE_ALG

Field identifier for the DER-encoding of the To Be Signed certificate signature (signature SEQUENCE of TBSCertificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_TBS_ISSUER

static final short FIELD_TBS_ISSUER

Field identifier for the DER-encoding of the the To Be Signed certificate issuer (issuer CHOICE of TBSCertificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_TBS_NOT_AFTER

static final short FIELD_TBS_NOT_AFTER

Field identifier for the DER-encoding of the notAfter validity time (notAfter CHOICE of the Validity asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_TBS_NOT_BEFORE

static final short FIELD_TBS_NOT_BEFORE

Field identifier for the DER-encoding of the notBefore validity time (notBefore CHOICE of the Validity asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_TBS_SUBJECT

static final short FIELD_TBS_SUBJECT

Field identifier for the DER-encoding of the the To Be Signed certificate subject (subject CHOICE of TBSCertificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_TBS_PUBLIC_KEY_INFO

static final short FIELD_TBS_PUBLIC_KEY_INFO

Field identifier for the DER-encoding of the the To Be Signed certificate public key info (subjectPublicKeyInfo SEQUENCE of TBSCertificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_TBS_ISSUER_UID

static final short FIELD_TBS_ISSUER_UID

Field identifier for the DER-encoding of the the To Be Signed certificate issuer unique identifier (issuerUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_TBS_SUBJECT_UID

static final short FIELD_TBS_SUBJECT_UID

Field identifier for the DER-encoding of the the To Be Signed certificate subject unique identifier (subjectUniqueID BIT STRING of TBSCertificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_CERTIFICATE_TBS

static final short FIELD_CERTIFICATE_TBS

Field identifier for the DER-encoding of the certificate To Be Signed (TBSCertificate SEQUENCE of Certificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_CERTIFICATE_SIGNATURE_ALG

static final short FIELD_CERTIFICATE_SIGNATURE_ALG

Field identifier for the DER-encoding of the certificate signature algorithm (signatureAlgorithm SEQUENCE of Certificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

FIELD_CERTIFICATE_SIGNATURE

static final short FIELD_CERTIFICATE_SIGNATURE

Field identifier for the DER-encoding of the certificate signature (signature BIT STRING of Certificate asn.1 SEQUENCE).

See Also:

• Constant Field Values

Method Details

getVersion

short getVersion()

Gets the version (version number) value from the certificate. The ASN.1 definition for this is:

version [0] EXPLICIT Version DEFAULT v1

Version ::= INTEGER { v1(0), v2(1), v3(2) }

Returns:

the version number, i.e. 1, 2 or 3.

getField

byte[] getField(short field)
         throws CertificateException

Gets a field value or null if not found.

Parameters:

field - the field identifier

Returns:

returns a temporary read-only array view on the specified field. May be null.

Throws:

CertificateException - - with INVALID_PARAM reason if the requested field constant is unknown

getExtension

byte[] getExtension(byte[] oid,
 short offset,
 short length)
             throws CertificateException

Get the extension matching an OID or return null if not found. The return value is the DER-encoded SEQUENCE of an extension (Extension asn.1 SEQUENCE) including the OID itself.

Parameters:

oid - input buffer of the extension OID which is the DER-encoded OBJECT IDENTIFIER of the extension ID (extnID of the Extension asn.1 SEQUENCE)

offset - offset of the OID within the input buffer

length - length of the OID within the input buffer

Returns:

returns a temporary read-only array view of the specified extension. May be null.

Throws:

CertificateException - with the following reason code:

• CertificateException.INVALID_ENCODING if the OID encoding is incorrect.

getExtensions

void getExtensions(X509Certificate.ExtensionHandler handler)

Allows to access extensions of this certificate and trigger the X509Certificate.ExtensionHandler interface for each extension.

Note that after a call to this method, the value returned by the implementation of X509Certificate.ExtensionHandler.onExtension(byte[], boolean, byte[]) each time the related handler is triggered is ignored.

Parameters:

handler - the handler to trigger for each extension

Throws:

CertificateException - with the following reason codes:

• CertificateException.PARSER_HANDLER_EXCEPTION if an exception has been thrown by the X509Certificate.ExtensionHandler handler.