oracle.security.crypto.cert

Class X509

java.lang.Object

oracle.security.crypto.cert.Certificate

oracle.security.crypto.cert.X509

All Implemented Interfaces:

java.io.Externalizable, java.io.Serializable

Direct Known Subclasses:

CkiX509

public class X509
extends Certificate

This class encapsulates X.509 Version 3 certificates.

Both RSA and DSA certificates are supported. This class provides the methods for reading and writing X509 Version 1 fields of the certificate.

Any X509 v3 extension can be handled through X509Extension. A subset of the standard extensions defined in RFC 2459 are conveniently implemented as subclasses of X509Extension, in the oracle.security.crypto.cert.ext package.

In the future this class will be made to extend X509Certificate Currently it can't be done because of these methods getEncoded(), getSigAlgOID(). which have incompatible signatures. For now can get the X509Certificate version of this class by calling toX509Certificate()

See Also:

X509Extension, X509ExtensionSet, Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	isDecoded

Fields inherited from class oracle.security.crypto.cert.Certificate

holder, key

Constructor Summary

Constructors

Constructor and Description
X509() Creates a new empty instance.
X509(byte[] data) Constructs an X.509 certificate from the given DER encoding.
X509(CertificateRequest cr, X509 issuerCertificate, PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) Deprecated. Use the individual methods X509(), setSubject(X500Name) from CertificateRequest.getSubject() #setPublicKey(java.security.PublicKey) from CertificateRequest.getPublicKey(), setIssuerCertificate(X509Certificate), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
X509(CertificateRequest cr, X509 issuerCertificate, PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, AlgorithmIdentifier signAlg) Deprecated. Use the individual methods X509(), setSubject(X500Name) from CertificateRequest.getSubject() #setPublicKey(java.security.PublicKey) from CertificateRequest.getPublicKey(), setIssuerCertificate(X509Certificate), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
X509(java.io.File file) Construct from the specified file.
X509(java.io.InputStream is) Construct from the specified input stream.
X509(java.net.URL url) Construct from the specified URL.
X509(X500Name subject, PublicKey subjectKey, X500Name issuer, PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter) Deprecated. Use the individual methods X509(), setSubject(X500Name), #setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setNotAfterDate(Date), setNotBeforeDate(Date), setSerialNo(BigInteger), then finally call sign()
X509(X500Name subject, PublicKey subjectKey, X500Name issuer, PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, AlgorithmIdentifier signAlg) Deprecated. Use the individual methods X509(), setSubject(X500Name), #setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setNotAfterDate(Date), setNotBeforeDate(Date) setSerialNo(BigInteger) then finally call sign()
X509(X500Name subject, java.security.PublicKey subjectKey, X500Name issuer, java.security.PrivateKey issuerPrivateKey, java.math.BigInteger serial, java.util.Date notBefore, java.util.Date notAfter, AlgorithmIdentifier signAlg)
X509(X500Name subject, PublicKey subjectKey, X500Name issuer, PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) Deprecated. Use the individual methods X509(), setSubject(X500Name), #setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
X509(X500Name subject, PublicKey subjectKey, X500Name issuer, PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, AlgorithmIdentifier signAlg) Deprecated. Use the individual methods X509(), setSubject(X500Name), #setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()
X509(X500Name subject, java.security.PublicKey subjectKey, X500Name issuer, java.security.PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days, AlgorithmIdentifier signAlg)
X509(X500Name subject, SPKAC spkac, X509 issuerCertificate, PrivateKey issuerPrivateKey, java.math.BigInteger serial, int days) Creates a new, signed certificate using the given SPKAC object.

Method Summary

Modifier and Type	Method and Description
void	addExtension(X509Extension ext) Add an extension.
void	checkValidity() X509Certificate.checkValidity()
void	checkValidity(java.util.Date date) X509Certificate.checkValidity(Date)
protected void	decode()
boolean	equals(java.lang.Object o) Compare this certificate to the specified object.
int	getBasicConstraints() X509Certificate.getBasicConstraints()
byte[]	getCertID(MessageDigest md) Deprecated. Use #getCertID(String)
static byte[]	getCertID(X500Name issuer, java.math.BigInteger serial, MessageDigest md) Compute the ID of a certificate.
java.util.Set<java.lang.String>	getCriticalExtensionOIDs() X509Extension.getCriticalExtensionOIDs()
byte[]	getEncoded() Returns the ASN.1 encoding.
java.util.List<java.lang.String>	getExtendedKeyUsage() X509Certificate.getExtendedKeyUsage()
X509Extension	getExtension(ASN1ObjectID oid) Return the first extension with the specified ID, or null if it was not present.
X509ExtensionSet	getExtensionSet() Returns the set of X509Extensions.
byte[]	getExtensionValue(java.lang.String oid) X509Extension.getExtensionValue(String)
byte[]	getFingerprint() Compute and return MD5 fingerprint of the certificate.
Entity	getHolder() Get the holder of the certificate.
X500Name	getIssuer() Returns the name of the issuer.
java.util.Collection<java.util.List<?>>	getIssuerAlternativeNames() X509Certificate.getIssuerAlternativeNames()
java.security.Principal	getIssuerDN() X509Certificate.getIssuerDN()
boolean[]	getIssuerUniqueID() X509Certificate.getIssuerUniqueID()
javax.security.auth.x500.X500Principal	getIssuerX500Principal() X509Certificate.getIssuerX500Principal()
boolean[]	getKeyUsage() X509Certificate.getKeyUsage()
java.util.Set<java.lang.String>	getNonCriticalExtensionOIDs() X509Extension.getCriticalExtensionOIDs()
java.util.Date	getNotAfter() X509Certificate.getNotAfter()
java.util.Date	getNotAfterDate() Get the not after date.
java.util.Date	getNotBefore() X509Certificate.getNotBefore()
java.util.Date	getNotBeforeDate() Get the not before date.
PublicKey	getPublicKey() Gets the public key.
java.math.BigInteger	getSerialNo() Get the serial number.
java.math.BigInteger	getSerialNumber() X509Certificate.getSerialNumber()
java.lang.String	getSigAlgName() X509Certificate.getSigAlgName()
ASN1ObjectID	getSigAlgOID() Get the signature algorithm OID used for signing this certificate.
byte[]	getSigAlgParams() X509Certificate.getSigAlgParams()
java.lang.String	getSigAlgString() Get the string representation of the signature algorithm used to sign this certificate.
byte[]	getSigBytes() Returns the signature bytes, signing the certificate first if needed.
byte[]	getSignature() X509Certificate.getSignature()
X500Name	getSubject() Returns the name of the subject of this certificate (same as getHolder, except the return type is X500Name).
java.util.Collection<java.util.List<?>>	getSubjectAlternativeNames() X509Certificate.getSubjectAlternativeNames()
java.security.Principal	getSubjectDN() X509Certificate.getSubjectDN()
boolean[]	getSubjectUniqueID() X509Certificate.getSubjectUniqueID()
javax.security.auth.x500.X500Principal	getSubjectX500Principal() X509Certificate.getSubjectX500Principal()
byte[]	getTBSCertificate() X509Certificate.getTBSCertificate()
int	getVersion() X509Certificate.getVersion()
int	hashCode()
boolean	hasUnrecognizedCriticalExtension() Indicates whether this certificate contains an unrecognized critical extesion.
boolean	hasUnsupportedCriticalExtension() X509Extension.hasUnsupportedCriticalExtension()
void	input(java.io.InputStream is)
int	length() Returns length of DER encoding of this certificate.
void	output(java.io.OutputStream os) Output to the specified output stream.
void	readExternal(java.io.ObjectInput is)
void	setExtensions(X509ExtensionSet exts) Set the X509Extensionss.
void	setHolder(X500Name holder) Set the holder of the certificate.
void	setIssuer(X500Name issuer) Sets the issuer name which will be used to sign this certificate.
void	setIssuerCertificate(X509 ic) Deprecated. Use setIssuerCertificate(X509Certificate)
void	setIssuerCertificate(java.security.cert.X509Certificate ic) Specifies the issuer certificate that will be used to verify this certificate.
void	setIssuerCRL(CRL crl) Set the issuer CRL.
void	setIssuerPrivateKey(PrivateKey ik) Deprecated. Use setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
void	setIssuerPrivateKey(PrivateKey ik, AlgorithmIdentifier sigAlgID) Deprecated. Use setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
void	setIssuerPrivateKey(java.security.PrivateKey ik, AlgorithmIdentifier sigAlgID) Specifies the private key that will be used to sign this certificate.
void	setNotAfterDate(java.util.Date nad) Set the not after date.
void	setNotBeforeDate(java.util.Date nbd) Set the not before date.
void	setPublicKey(PublicKey key) Deprecated. Use #setPublicKey(java.security.PublicKey)
void	setSerialNo(java.math.BigInteger sn) Set the serial number.
void	setSigAlgID(AlgorithmIdentifier sigAlgID) Set the signing algorithm.
void	setSubject(X500Name subject) Sets the name of the subject of this certificate.
void	setValidity(int days) Set validity period for the specified number of days.
void	sign() Generate the contents of this certificate and sign it.
void	sign(RandomBitsSource rbs) Deprecated. Use sign()
java.lang.String	toString() Returns a verbose humanly readable representation of this certificate.
static X509	toX509(java.security.cert.X509Certificate cert) Converts an X509Certificate to X509.
java.security.cert.X509Certificate	toX509Certificate() Get the X509Certificate.
boolean	verify() Verifies this certificate.
void	verify(java.security.PublicKey key) Certificate.verify(java.security.PublicKey)
void	verify(java.security.PublicKey key, java.lang.String sigProvider) Certificate.verify(java.security.PublicKey, String)
boolean	verifyCertCRL() Verify certificate against the issuer CRL.
boolean	verifyCertDate() Verify the date of the certificate.
boolean	verifyCertSignature() Verify the signature of the certificate.
boolean	verifySignature(byte[] docBytes, byte[] sigBytes, AlgorithmIdentifier sigAlgID) Verify a signature made with this certificate's public key.
void	writeExternal(java.io.ObjectOutput os)

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

isDecoded

protected boolean isDecoded

Constructor Detail

X509

public X509()

Creates a new empty instance.

X509

public X509(java.io.InputStream is)
     throws java.io.IOException

Construct from the specified input stream.

Throws:

java.io.IOException

X509

public X509(java.io.File file)
     throws java.io.IOException

Construct from the specified file.

Throws:

java.io.IOException

X509

public X509(java.net.URL url)
     throws java.io.IOException

Construct from the specified URL.

Throws:

java.io.IOException

X509

public X509(byte[] data)
     throws java.io.IOException

Constructs an X.509 certificate from the given DER encoding.

Throws:

java.io.IOException

X509

public X509(CertificateRequest cr,
            X509 issuerCertificate,
            PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws SignatureException

Deprecated. Use the individual methods X509(), setSubject(X500Name) from CertificateRequest.getSubject() #setPublicKey(java.security.PublicKey) from CertificateRequest.getPublicKey(), setIssuerCertificate(X509Certificate), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()

Construct new, signed certificate using the given PKCS #10 certificate request.

Parameters:

cr - the certificate request

issuerCertificate - the issuer's certificate

issuerPrivateKey - the issuer's private key

serial - the serial number of the new certificate

days - number of days for which the certificate shall be valid

Throws:

SignatureException - if there is an error in the signature process

X509

public X509(CertificateRequest cr,
            X509 issuerCertificate,
            PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days,
            AlgorithmIdentifier signAlg)
     throws SignatureException

Deprecated. Use the individual methods X509(), setSubject(X500Name) from CertificateRequest.getSubject() #setPublicKey(java.security.PublicKey) from CertificateRequest.getPublicKey(), setIssuerCertificate(X509Certificate), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()

Construct new, signed certificate using the given PKCS #10 certificate request.

Parameters:

cr - the certificate request

issuerCertificate - the issuer's certificate

issuerPrivateKey - the issuer's private key

serial - the serial number of the new certificate

days - number of days for which the certificate shall be valid

signAlg - the signature algorithm to use

Throws:

SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            SPKAC spkac,
            X509 issuerCertificate,
            PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws SignatureException

Creates a new, signed certificate using the given SPKAC object.

Parameters:

subject - the subject's name

spkac - the subject's Signed PublicKey And Chanllenge

issuerCertificate - the issuer's certificate

serial - the serial number of the new certificate

days - number of days for which the certificate shall be valid

Throws:

SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            PublicKey subjectKey,
            X500Name issuer,
            PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days)
     throws SignatureException

Deprecated. Use the individual methods X509(), setSubject(X500Name), #setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()

Creates a new, signed certificate with the given name and public key.

Parameters:

subject - the subject's name

subjectKey - the subject's public key

issuer - the issuer's certificate

issuerPrivateKey - the issuer's private key

serial - the serial number of the new certificate

days - number of days for which the certificate shall be valid

Throws:

SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            PublicKey subjectKey,
            X500Name issuer,
            PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days,
            AlgorithmIdentifier signAlg)
     throws SignatureException

Deprecated. Use the individual methods X509(), setSubject(X500Name), #setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setValidity(int) setSerialNo(BigInteger), then finally call sign()

Creates a new, signed certificate with the given name and public key.

Parameters:

subject - the subject's name

subjectKey - the subject's public key

issuer - the issuer's certificate

issuerPrivateKey - the issuer's private key

serial - the serial number of the new certificate

days - number of days for which the certificate shall be valid

signAlg - the signature algorithm to use

Throws:

SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            java.security.PublicKey subjectKey,
            X500Name issuer,
            java.security.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            int days,
            AlgorithmIdentifier signAlg)
     throws SignatureException

Throws:

SignatureException

X509

public X509(X500Name subject,
            PublicKey subjectKey,
            X500Name issuer,
            PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            java.util.Date notBefore,
            java.util.Date notAfter)
     throws SignatureException

Deprecated. Use the individual methods X509(), setSubject(X500Name), #setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setNotAfterDate(Date), setNotBeforeDate(Date), setSerialNo(BigInteger), then finally call sign()

Creates a new, signed certificate with the given name and public key, having the given validity dates.

Parameters:

subject - the subject's name

subjectKey - the subject's public key

issuer - the issuer's certificate

issuerPrivateKey - the issuer's private key

serial - the serial number of the new certificate

notBefore - the first day for which the certificate shall be valid

notAfter - the last day for which the certificate shall be valid

Throws:

SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            PublicKey subjectKey,
            X500Name issuer,
            PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            java.util.Date notBefore,
            java.util.Date notAfter,
            AlgorithmIdentifier signAlg)
     throws SignatureException

Deprecated. Use the individual methods X509(), setSubject(X500Name), #setPublicKey(java.security.PublicKey), setIssuer(X500Name), setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier), setNotAfterDate(Date), setNotBeforeDate(Date) setSerialNo(BigInteger) then finally call sign()

Creates a new, signed certificate with the given name and public key, having the given validity dates.

Parameters:

subject - the subject's name

subjectKey - the subject's public key

issuer - the issuer's certificate

issuerPrivateKey - the issuer's private key

serial - the serial number of the new certificate

notBefore - the first day for which the certificate shall be valid

notAfter - the last day for which the certificate shall be valid

signAlg - the signature algorithm to use

Throws:

SignatureException - if there is an error in the signature process

X509

public X509(X500Name subject,
            java.security.PublicKey subjectKey,
            X500Name issuer,
            java.security.PrivateKey issuerPrivateKey,
            java.math.BigInteger serial,
            java.util.Date notBefore,
            java.util.Date notAfter,
            AlgorithmIdentifier signAlg)
     throws SignatureException

Throws:

SignatureException

Method Detail

toX509

public static X509 toX509(java.security.cert.X509Certificate cert)

Converts an X509Certificate to X509.

If the X509Certificate was wrapper object obtained by toX509Certificate() then this method simply returns the underlying X509 object.

Parameters:

cert -

Returns:

decode

protected void decode()

sign

public void sign()
          throws SignatureException

Generate the contents of this certificate and sign it.

Throws:

SignatureException - if there is an error during signing

sign

public void sign(RandomBitsSource rbs)
          throws SignatureException

Deprecated. Use sign()

Generate the contents of this certificate and sign it.

Parameters:

rbs - the random number generator to be used for signing, it is ignored.

Throws:

SignatureException - if there is an error during signing

getSigBytes

public byte[] getSigBytes()
                   throws SignatureException

Returns the signature bytes, signing the certificate first if needed.

Throws:

SignatureException

input

public void input(java.io.InputStream is)
           throws java.io.IOException

Throws:

java.io.IOException

output

public void output(java.io.OutputStream os)
            throws java.io.IOException

Output to the specified output stream.

Throws:

java.io.IOException

length

public int length()

Returns length of DER encoding of this certificate.

Throws a StreamableOutputException if an error occurs while generating the DER encoding.

getEncoded

public byte[] getEncoded()

Returns the ASN.1 encoding.

Throws a StreamableOutputException if an error occurs while generating the encoded bytes.

verify

public boolean verify()
               throws AuthenticationException

Verifies this certificate.

More precisely:

• Verifies that the current VM date/time is within the validity period of the certificate.
• If an unrecognized critical extension is present, the certificate is rejected. See the class description for a list of recognized critical extensions.
• If the issuer certificate has been set, verifies that the signing certificate is a CA certificate, and that the signature is correct. The signing certificate is considered to be a CA certificate unless one of the following two conditions hold: The signing certificate contains a basicConstraints extension, and the CA flag is false; or the signing certificate contains a keyUsage extension, the keyUsage extension is marked critical, and the keyCertSign bit is false.
• If the issuer CRL has been set, verifies that the certificate has not been revoked.

Specified by:

verify in class Certificate

Returns:

true if the certificate is valid, and false otherwise

Throws:

AuthenticationException - If the verification operation could not be performed for some reason (for example, a necessary credential or token has the wrong format)

See Also:

setIssuerCertificate(oracle.security.crypto.cert.X509), setIssuerCRL(oracle.security.crypto.cert.CRL)

verifyCertDate

public boolean verifyCertDate()

Verify the date of the certificate.

verifyCertSignature

public boolean verifyCertSignature()
                            throws AuthenticationException

Verify the signature of the certificate. To use this method, the issuer certificate must be set.

Throws:

AuthenticationException

See Also:

setIssuerCertificate(oracle.security.crypto.cert.X509)

verifyCertCRL

public boolean verifyCertCRL()

Verify certificate against the issuer CRL. To use this method, the issuer CRL must be set.

See Also:

setIssuerCRL(oracle.security.crypto.cert.CRL)

getHolder

public Entity getHolder()

Get the holder of the certificate.

Overrides:

getHolder in class Certificate

Returns:

the holder

setHolder

public void setHolder(X500Name holder)

Set the holder of the certificate.

getPublicKey

public PublicKey getPublicKey()

Gets the public key.

Overrides:

getPublicKey in class Certificate

Returns:

the public key

setPublicKey

public void setPublicKey(PublicKey key)

Deprecated. Use #setPublicKey(java.security.PublicKey)

Sets the public key.

getNotBeforeDate

public java.util.Date getNotBeforeDate()

Get the not before date.

setNotBeforeDate

public void setNotBeforeDate(java.util.Date nbd)

Set the not before date.

getNotAfterDate

public java.util.Date getNotAfterDate()

Get the not after date.

setNotAfterDate

public void setNotAfterDate(java.util.Date nad)

Set the not after date.

setValidity

public void setValidity(int days)

Set validity period for the specified number of days.

getSubject

public X500Name getSubject()

Returns the name of the subject of this certificate (same as getHolder, except the return type is X500Name).

setSubject

public void setSubject(X500Name subject)

Sets the name of the subject of this certificate. Does the same things as setHolder.

getIssuer

public X500Name getIssuer()

Returns the name of the issuer.

setIssuer

public void setIssuer(X500Name issuer)

Sets the issuer name which will be used to sign this certificate.

setIssuerCertificate

public void setIssuerCertificate(X509 ic)

Deprecated. Use setIssuerCertificate(X509Certificate)

Specifies the issuer certificate that will be used to verify this certificate. This also sets the issuer name if none was previously set.

The certificate specified here will not be part of this certificate's persistent state.

Parameters:

ic - The certificate of the entity which issued this certificate

setIssuerCertificate

public void setIssuerCertificate(java.security.cert.X509Certificate ic)

Specifies the issuer certificate that will be used to verify this certificate. This also sets the issuer name if none was previously set.

The certificate specified here will not be part of this certificate's persistent state.

Parameters:

ic - The certificate of the entity which issued this certificate

setIssuerPrivateKey

public void setIssuerPrivateKey(PrivateKey ik)

Deprecated. Use setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)

Specifies the private key that will be used to sign this certificate.

The value specified here will not be contained in this certificate's persistent state.

Parameters:

ik - The private key of the entity which is issuing this certificate.

setIssuerPrivateKey

public void setIssuerPrivateKey(PrivateKey ik,
                                AlgorithmIdentifier sigAlgID)

Deprecated. Use setIssuerPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)

Specifies the private key that will be used to sign this certificate.

The value specified here will not be contained in this certificate's persistent state.

Parameters:

ik - The private key of the entity which is issuing this certificate.

sigAlgID -

setIssuerPrivateKey

public void setIssuerPrivateKey(java.security.PrivateKey ik,
                                AlgorithmIdentifier sigAlgID)

Specifies the private key that will be used to sign this certificate.

The value specified here will not be contained in this certificate's persistent state.

Parameters:

ik - The private key of the entity which is issuing this certificate.

sigAlgID - Signing algorithm

setSigAlgID

public void setSigAlgID(AlgorithmIdentifier sigAlgID)

Set the signing algorithm. For example AlgID.sha_1WithRSAEncryption AlgID.sha224WithRSAEncryption AlgID.sha256WithRSAEncryption AlgID.sha384WithRSAEncryption AlgID.sha512WithRSAEncryption AlgID.dsaWithSHA1

Parameters:

sigAlgID -

setIssuerCRL

public void setIssuerCRL(CRL crl)

Set the issuer CRL.

getSerialNo

public java.math.BigInteger getSerialNo()

Get the serial number.

setSerialNo

public void setSerialNo(java.math.BigInteger sn)

Set the serial number.

hasUnrecognizedCriticalExtension

public boolean hasUnrecognizedCriticalExtension()

Indicates whether this certificate contains an unrecognized critical extesion. If so, the certificate will necessarily be rejected.

Returns:

true if this certificate contains at least one unrecognized critical extension, and false if it has none.

getExtensionSet

public X509ExtensionSet getExtensionSet()

Returns the set of X509Extensions.

Returns:

A X509ExtensionSet, or null if no extensions are defined.

getExtension

public X509Extension getExtension(ASN1ObjectID oid)

Return the first extension with the specified ID, or null if it was not present.

setExtensions

public void setExtensions(X509ExtensionSet exts)

Set the X509Extensionss.

addExtension

public void addExtension(X509Extension ext)

Add an extension.

getFingerprint

public byte[] getFingerprint()

Compute and return MD5 fingerprint of the certificate.

getCertID

public static byte[] getCertID(X500Name issuer,
                               java.math.BigInteger serial,
                               MessageDigest md)

Compute the ID of a certificate. The ID is computed as the hash of the issuer's name and serial number.

Parameters:

issuer - the issuer's name

serial - the serial number

md - the hash function to use

getCertID

public byte[] getCertID(MessageDigest md)

Deprecated. Use #getCertID(String)

Compute the ID of this certificate. The ID is computed as the hash of the issuer's name and serial number.

Parameters:

md - the hash function to use

getSigAlgOID

public ASN1ObjectID getSigAlgOID()

Get the signature algorithm OID used for signing this certificate.

getSigAlgString

public java.lang.String getSigAlgString()

Get the string representation of the signature algorithm used to sign this certificate. Returns one of: "RSA/MD2", "RSA/MD5", "RSA/SHA", "DSA", "DSAold", "DSAold2", or the numeric representation of the OID, if it is not recognized.

verifySignature

public boolean verifySignature(byte[] docBytes,
                               byte[] sigBytes,
                               AlgorithmIdentifier sigAlgID)
                        throws AuthenticationException

Verify a signature made with this certificate's public key.

Parameters:

docBytes - The signed document.

sigBytes - The signature.

sigAlgID - The algorithm ID used for the signature.

Throws:

AuthenticationException - if an error ocurrs during verification.

equals

public boolean equals(java.lang.Object o)

Compare this certificate to the specified object. Returns true if and only if the argument is not null and is an X509 or X509certificateobject which has the same DER encoding as this object.

Overrides:

equals in class java.lang.Object

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object

toString

public java.lang.String toString()

Returns a verbose humanly readable representation of this certificate. This method is recommended to be used only for debugging.

Overrides:

toString in class java.lang.Object

writeExternal

public void writeExternal(java.io.ObjectOutput os)
                   throws java.io.IOException

Throws:

java.io.IOException

readExternal

public void readExternal(java.io.ObjectInput is)
                  throws java.io.IOException,
                         java.lang.ClassNotFoundException

Throws:

java.io.IOException

java.lang.ClassNotFoundException

toX509Certificate

public java.security.cert.X509Certificate toX509Certificate()

Get the X509Certificate. This does not actually convert the certificate, rather it just returns a wrapper class which adapts the X509 class to the X509Certificate interface.

If you want to convert to an X509Certificate of the different implementation do not use this method, Instead use CertificateFactory.generateCertificate

Returns:

checkValidity

public void checkValidity()
                   throws java.security.cert.CertificateExpiredException,
                          java.security.cert.CertificateNotYetValidException

X509Certificate.checkValidity()

Throws:

java.security.cert.CertificateExpiredException

java.security.cert.CertificateNotYetValidException

checkValidity

public void checkValidity(java.util.Date date)
                   throws java.security.cert.CertificateExpiredException,
                          java.security.cert.CertificateNotYetValidException

X509Certificate.checkValidity(Date)

Parameters:

date -

Throws:

java.security.cert.CertificateExpiredException

java.security.cert.CertificateNotYetValidException

getBasicConstraints

public int getBasicConstraints()

X509Certificate.getBasicConstraints()

Returns:

getIssuerDN

public java.security.Principal getIssuerDN()

X509Certificate.getIssuerDN()

Returns:

getIssuerX500Principal

public javax.security.auth.x500.X500Principal getIssuerX500Principal()

X509Certificate.getIssuerX500Principal()

Returns:

getSubjectX500Principal

public javax.security.auth.x500.X500Principal getSubjectX500Principal()

X509Certificate.getSubjectX500Principal()

Returns:

getIssuerUniqueID

public boolean[] getIssuerUniqueID()

X509Certificate.getIssuerUniqueID()

Returns:

getKeyUsage

public boolean[] getKeyUsage()

X509Certificate.getKeyUsage()

Returns:

getNotAfter

public java.util.Date getNotAfter()

X509Certificate.getNotAfter()

Returns:

getNotBefore

public java.util.Date getNotBefore()

X509Certificate.getNotBefore()

Returns:

getSerialNumber

public java.math.BigInteger getSerialNumber()

X509Certificate.getSerialNumber()

Returns:

getSigAlgName

public java.lang.String getSigAlgName()

X509Certificate.getSigAlgName()

Returns:

getSigAlgParams

public byte[] getSigAlgParams()

X509Certificate.getSigAlgParams()

Returns:

getSignature

public byte[] getSignature()

X509Certificate.getSignature()

Returns:

getSubjectDN

public java.security.Principal getSubjectDN()

X509Certificate.getSubjectDN()

Returns:

getSubjectUniqueID

public boolean[] getSubjectUniqueID()

X509Certificate.getSubjectUniqueID()

Returns:

getTBSCertificate

public byte[] getTBSCertificate()
                         throws java.security.cert.CertificateEncodingException

X509Certificate.getTBSCertificate()

Returns:

Throws:

java.security.cert.CertificateEncodingException

getVersion

public int getVersion()

X509Certificate.getVersion()

Returns:

verify

public void verify(java.security.PublicKey key,
                   java.lang.String sigProvider)
            throws java.security.cert.CertificateException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   java.security.NoSuchProviderException,
                   java.security.SignatureException

Certificate.verify(java.security.PublicKey, String)

Parameters:

key -

sigProvider -

Throws:

java.security.cert.CertificateException

java.security.NoSuchAlgorithmException

java.security.InvalidKeyException

java.security.NoSuchProviderException

java.security.SignatureException

verify

public void verify(java.security.PublicKey key)
            throws java.security.cert.CertificateException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   java.security.NoSuchProviderException,
                   java.security.SignatureException

Certificate.verify(java.security.PublicKey)

Parameters:

key -

Throws:

java.security.cert.CertificateException

java.security.NoSuchAlgorithmException

java.security.InvalidKeyException

java.security.NoSuchProviderException

java.security.SignatureException

getCriticalExtensionOIDs

public java.util.Set<java.lang.String> getCriticalExtensionOIDs()

X509Extension.getCriticalExtensionOIDs()

Returns:

getExtensionValue

public byte[] getExtensionValue(java.lang.String oid)

X509Extension.getExtensionValue(String)

Parameters:

oid - getExtension(ASN1ObjectID)

Returns:

getNonCriticalExtensionOIDs

public java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()

X509Extension.getCriticalExtensionOIDs()

Returns:

hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()

X509Extension.hasUnsupportedCriticalExtension()

Returns:

getExtendedKeyUsage

public java.util.List<java.lang.String> getExtendedKeyUsage()
                                                     throws java.security.cert.CertificateParsingException

X509Certificate.getExtendedKeyUsage()

Returns:

Throws:

java.security.cert.CertificateParsingException

getIssuerAlternativeNames

public java.util.Collection<java.util.List<?>> getIssuerAlternativeNames()
                                                                  throws java.security.cert.CertificateParsingException

X509Certificate.getIssuerAlternativeNames()

Returns:

Throws:

java.security.cert.CertificateParsingException

getSubjectAlternativeNames

public java.util.Collection<java.util.List<?>> getSubjectAlternativeNames()
                                                                   throws java.security.cert.CertificateParsingException

X509Certificate.getSubjectAlternativeNames()

Returns:

Throws:

java.security.cert.CertificateParsingException