sun.security.x509

Class X509CertImpl

java.lang.Object

java.security.cert.Certificate

java.security.cert.X509Certificate

sun.security.x509.X509CertImpl

All Implemented Interfaces:

java.io.Serializable, java.security.cert.X509Extension, DerEncoder

public class X509CertImpl
extends java.security.cert.X509Certificate
implements DerEncoder

The X509CertImpl class represents an X.509 certificate. These certificates are widely used to support authentication and other functionality in Internet security systems. Common applications include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), code signing for trusted software distribution, and Secure Electronic Transactions (SET). There is a commercial infrastructure ready to manage large scale deployments of X.509 identity certificates.

These certificates are managed and vouched for by Certificate Authorities (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties, making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.

RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates. That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions.

More recent work includes the IETF PKIX Working Group efforts, especially RFC2459.

Author:

Dave Brownell, Amit Kapoor, Hemma Prafullchandra

See Also:

X509CertInfo, Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class java.security.cert.Certificate

java.security.cert.Certificate.CertificateRep

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	ALG_ID
protected AlgorithmId	algId
protected X509CertInfo	info
static java.lang.String	INFO
static java.lang.String	ISSUER_DN
static java.lang.String	NAME Public attribute names.
static java.lang.String	PUBLIC_KEY
static java.lang.String	SERIAL_ID
static java.lang.String	SIG
static java.lang.String	SIG_ALG
protected byte[]	signature
static java.lang.String	SIGNATURE
static java.lang.String	SIGNED_CERT
static java.lang.String	SUBJECT_DN The following are defined for ease-of-use.
static java.lang.String	VERSION

Constructor Summary

Constructors

Constructor and Description
X509CertImpl() Default constructor.
X509CertImpl(byte[] certData) Unmarshals a certificate from its encoded form, parsing the encoded bytes.
X509CertImpl(DerValue derVal) Unmarshal a certificate from its encoded form, parsing a DER value.
X509CertImpl(java.io.InputStream in) unmarshals an X.509 certificate from an input stream.
X509CertImpl(X509CertInfo certInfo) Construct an initialized X509 Certificate.

Method Summary

Methods

Modifier and Type	Method and Description
void	checkValidity() Checks that the certificate is currently valid, i.e.
void	checkValidity(java.util.Date date) Checks that the specified date is within the certificate's validity period, or basically if the certificate would be valid at the specified date/time.
void	delete(java.lang.String name) Delete the requested attribute from the certificate.
void	derEncode(java.io.OutputStream out) DER encode this object onto an output stream.
void	encode(java.io.OutputStream out) Appends the certificate to an output stream.
java.lang.Object	get(java.lang.String name) Return the requested attribute from the certificate.
AuthorityInfoAccessExtension	getAuthorityInfoAccessExtension()
AuthorityKeyIdentifierExtension	getAuthorityKeyIdentifierExtension() Get AuthorityKeyIdentifier extension
int	getBasicConstraints() Get the certificate constraints path length from the the critical BasicConstraints extension, (oid = 2.5.29.19).
BasicConstraintsExtension	getBasicConstraintsExtension() Get BasicConstraints extension
CertificatePoliciesExtension	getCertificatePoliciesExtension() Get CertificatePoliciesExtension
java.util.Set<java.lang.String>	getCriticalExtensionOIDs() Gets a Set of the extension(s) marked CRITICAL in the certificate.
CRLDistributionPointsExtension	getCRLDistributionPointsExtension() Get CRLDistributionPoints extension
java.util.Enumeration<java.lang.String>	getElements() Return an enumeration of names of attributes existing within this attribute.
byte[]	getEncoded() Returns the encoded form of this certificate.
byte[]	getEncodedInternal() Returned the encoding as an uncloned byte array.
static byte[]	getEncodedInternal(java.security.cert.Certificate cert) Returned the encoding of the given certificate for internal use.
java.util.List<java.lang.String>	getExtendedKeyUsage() This method are the overridden implementation of getExtendedKeyUsage method in X509Certificate in the Sun provider.
static java.util.List<java.lang.String>	getExtendedKeyUsage(java.security.cert.X509Certificate cert) This static method is the default implementation of the getExtendedKeyUsage method in X509Certificate.
ExtendedKeyUsageExtension	getExtendedKeyUsageExtension() Get ExtendedKeyUsage extension
Extension	getExtension(ObjectIdentifier oid) Gets the extension identified by the given ObjectIdentifier
byte[]	getExtensionValue(java.lang.String oid) Gets the DER encoded extension identified by the given oid String.
IssuerAlternativeNameExtension	getIssuerAlternativeNameExtension() Get IssuerAlternativeName extension
java.util.Collection<java.util.List<?>>	getIssuerAlternativeNames() This method are the overridden implementation of getIssuerAlternativeNames method in X509Certificate in the Sun provider.
static java.util.Collection<java.util.List<?>>	getIssuerAlternativeNames(java.security.cert.X509Certificate cert) This static method is the default implementation of the getIssuerAlternaitveNames method in X509Certificate.
java.security.Principal	getIssuerDN() Gets the issuer distinguished name from the certificate.
boolean[]	getIssuerUniqueID() Gets the Issuer Unique Identity from the certificate.
javax.security.auth.x500.X500Principal	getIssuerX500Principal() Get issuer name as X500Principal.
static javax.security.auth.x500.X500Principal	getIssuerX500Principal(java.security.cert.X509Certificate cert) Extract the issuer X500Principal from an X509Certificate.
boolean[]	getKeyUsage() Get a boolean array representing the bits of the KeyUsage extension, (oid = 2.5.29.15).
java.lang.String	getName() Return the name of this attribute.
NameConstraintsExtension	getNameConstraintsExtension() Get NameConstraints extension
java.util.Set<java.lang.String>	getNonCriticalExtensionOIDs() Gets a Set of the extension(s) marked NON-CRITICAL in the certificate.
java.util.Date	getNotAfter() Gets the notAfter date from the validity period of the certificate.
java.util.Date	getNotBefore() Gets the notBefore date from the validity period of the certificate.
PolicyConstraintsExtension	getPolicyConstraintsExtension() Get PolicyConstraints extension
PolicyMappingsExtension	getPolicyMappingsExtension() Get PolicyMappingsExtension extension
PrivateKeyUsageExtension	getPrivateKeyUsageExtension() Get PrivateKeyUsage extension
java.security.PublicKey	getPublicKey() Gets the publickey from this certificate.
java.math.BigInteger	getSerialNumber() Gets the serial number from the certificate.
SerialNumber	getSerialNumberObject() Gets the serial number from the certificate as a SerialNumber object.
java.lang.String	getSigAlgName() Gets the signature algorithm name for the certificate signature algorithm.
java.lang.String	getSigAlgOID() Gets the signature algorithm OID string from the certificate.
byte[]	getSigAlgParams() Gets the DER encoded signature algorithm parameters from this certificate's signature algorithm.
byte[]	getSignature() Gets the raw Signature bits from the certificate.
SubjectAlternativeNameExtension	getSubjectAlternativeNameExtension() Get SubjectAlternativeName extension
java.util.Collection<java.util.List<?>>	getSubjectAlternativeNames() This method are the overridden implementation of getSubjectAlternativeNames method in X509Certificate in the Sun provider.
static java.util.Collection<java.util.List<?>>	getSubjectAlternativeNames(java.security.cert.X509Certificate cert) This static method is the default implementation of the getSubjectAlternaitveNames method in X509Certificate.
java.security.Principal	getSubjectDN() Gets the subject distinguished name from the certificate.
SubjectKeyIdentifierExtension	getSubjectKeyIdentifierExtension() Get SubjectKeyIdentifier extension
boolean[]	getSubjectUniqueID() Gets the Subject Unique Identity from the certificate.
javax.security.auth.x500.X500Principal	getSubjectX500Principal() Get subject name as X500Principal.
static javax.security.auth.x500.X500Principal	getSubjectX500Principal(java.security.cert.X509Certificate cert) Extract the subject X500Principal from an X509Certificate.
byte[]	getTBSCertificate() Gets the DER encoded certificate informations, the tbsCertificate from this certificate.
Extension	getUnparseableExtension(ObjectIdentifier oid)
int	getVersion() Gets the version number from the certificate.
boolean	hasUnsupportedCriticalExtension() Return true if a critical extension is found that is not supported, otherwise return false.
static boolean	isSelfIssued(java.security.cert.X509Certificate cert) Utility method to test if a certificate is self-issued.
static boolean	isSelfSigned(java.security.cert.X509Certificate cert, java.lang.String sigProvider) Utility method to test if a certificate is self-signed.
void	set(java.lang.String name, java.lang.Object obj) Set the requested attribute in the certificate.
void	sign(java.security.PrivateKey key, java.lang.String algorithm) Creates an X.509 certificate, and signs it using the given key (associating a signature algorithm and an X.500 name).
void	sign(java.security.PrivateKey key, java.lang.String algorithm, java.lang.String provider) Creates an X.509 certificate, and signs it using the given key (associating a signature algorithm and an X.500 name).
static X509CertImpl	toImpl(java.security.cert.X509Certificate cert) Utility method to convert an arbitrary instance of X509Certificate to a X509CertImpl.
java.lang.String	toString() Returns a printable representation of the certificate.
void	verify(java.security.PublicKey key) Throws an exception if the certificate was not signed using the verification key provided.
void	verify(java.security.PublicKey key, java.lang.String sigProvider) Throws an exception if the certificate was not signed using the verification key provided.

Methods inherited from class java.security.cert.Certificate

equals, getType, hashCode, writeReplace

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

NAME

public static final java.lang.String NAME

Public attribute names.

See Also:

Constant Field Values

INFO

public static final java.lang.String INFO

See Also:

Constant Field Values

ALG_ID

public static final java.lang.String ALG_ID

See Also:

Constant Field Values

SIGNATURE

public static final java.lang.String SIGNATURE

See Also:

Constant Field Values

SIGNED_CERT

public static final java.lang.String SIGNED_CERT

See Also:

Constant Field Values

SUBJECT_DN

public static final java.lang.String SUBJECT_DN

The following are defined for ease-of-use. These are the most frequently retrieved attributes.

See Also:

Constant Field Values

ISSUER_DN

public static final java.lang.String ISSUER_DN

See Also:

Constant Field Values

SERIAL_ID

public static final java.lang.String SERIAL_ID

See Also:

Constant Field Values

PUBLIC_KEY

public static final java.lang.String PUBLIC_KEY

See Also:

Constant Field Values

VERSION

public static final java.lang.String VERSION

See Also:

Constant Field Values

SIG_ALG

public static final java.lang.String SIG_ALG

See Also:

Constant Field Values

SIG

public static final java.lang.String SIG

See Also:

Constant Field Values

info

protected X509CertInfo info

algId

protected AlgorithmId algId

signature

protected byte[] signature

Constructor Detail

X509CertImpl

public X509CertImpl()

Default constructor.

X509CertImpl

public X509CertImpl(byte[] certData)
             throws java.security.cert.CertificateException

Unmarshals a certificate from its encoded form, parsing the encoded bytes. This form of constructor is used by agents which need to examine and use certificate contents. That is, this is one of the more commonly used constructors. Note that the buffer must include only a certificate, and no "garbage" may be left at the end. If you need to ignore data at the end of a certificate, use another constructor.

Parameters:

certData - the encoded bytes, with no trailing padding.

Throws:

java.security.cert.CertificateException - on parsing and initialization errors.

X509CertImpl

public X509CertImpl(java.io.InputStream in)
             throws java.security.cert.CertificateException

unmarshals an X.509 certificate from an input stream. If the certificate is RFC1421 hex-encoded, then it must begin with the line X509Factory.BEGIN_CERT and end with the line X509Factory.END_CERT.

Parameters:

in - an input stream holding at least one certificate that may be either DER-encoded or RFC1421 hex-encoded version of the DER-encoded certificate.

Throws:

java.security.cert.CertificateException - on parsing and initialization errors.

X509CertImpl

public X509CertImpl(X509CertInfo certInfo)

Construct an initialized X509 Certificate. The certificate is stored in raw form and has to be signed to be useful.

X509CertImpl

public X509CertImpl(DerValue derVal)
             throws java.security.cert.CertificateException

Unmarshal a certificate from its encoded form, parsing a DER value. This form of constructor is used by agents which need to examine and use certificate contents.

Parameters:

derVal - the der value containing the encoded cert.

Throws:

java.security.cert.CertificateException - on parsing and initialization errors.

Method Detail

encode

public void encode(java.io.OutputStream out)
            throws java.security.cert.CertificateEncodingException

Appends the certificate to an output stream.

Parameters:

out - an input stream to which the certificate is appended.

Throws:

java.security.cert.CertificateEncodingException - on encoding errors.

derEncode

public void derEncode(java.io.OutputStream out)
               throws java.io.IOException

DER encode this object onto an output stream. Implements the DerEncoder interface.

Specified by:

derEncode in interface DerEncoder

Parameters:

out - the output stream on which to write the DER encoding.

Throws:

java.io.IOException - on encoding error.

getEncoded

public byte[] getEncoded()
                  throws java.security.cert.CertificateEncodingException

Returns the encoded form of this certificate. It is assumed that each certificate type would have only a single form of encoding; for example, X.509 certificates would be encoded as ASN.1 DER.

Specified by:

getEncoded in class java.security.cert.Certificate

Throws:

java.security.cert.CertificateEncodingException - if an encoding error occurs.

getEncodedInternal

public byte[] getEncodedInternal()
                          throws java.security.cert.CertificateEncodingException

Returned the encoding as an uncloned byte array. Callers must guarantee that they neither modify it nor expose it to untrusted code.

Throws:

java.security.cert.CertificateEncodingException

verify

public void verify(java.security.PublicKey key)
            throws java.security.cert.CertificateException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   java.security.NoSuchProviderException,
                   java.security.SignatureException

Throws an exception if the certificate was not signed using the verification key provided. Successfully verifying a certificate does not indicate that one should trust the entity which it represents.

Specified by:

verify in class java.security.cert.Certificate

Parameters:

key - the public key used for verification.

Throws:

java.security.InvalidKeyException - on incorrect key.

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.NoSuchProviderException - if there's no default provider.

java.security.SignatureException - on signature errors.

java.security.cert.CertificateException - on encoding errors.

verify

public void verify(java.security.PublicKey key,
          java.lang.String sigProvider)
            throws java.security.cert.CertificateException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   java.security.NoSuchProviderException,
                   java.security.SignatureException

Throws an exception if the certificate was not signed using the verification key provided. Successfully verifying a certificate does not indicate that one should trust the entity which it represents.

Specified by:

verify in class java.security.cert.Certificate

Parameters:

key - the public key used for verification.

sigProvider - the name of the provider.

Throws:

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.InvalidKeyException - on incorrect key.

java.security.NoSuchProviderException - on incorrect provider.

java.security.SignatureException - on signature errors.

java.security.cert.CertificateException - on encoding errors.

sign

public void sign(java.security.PrivateKey key,
        java.lang.String algorithm)
          throws java.security.cert.CertificateException,
                 java.security.NoSuchAlgorithmException,
                 java.security.InvalidKeyException,
                 java.security.NoSuchProviderException,
                 java.security.SignatureException

Creates an X.509 certificate, and signs it using the given key (associating a signature algorithm and an X.500 name). This operation is used to implement the certificate generation functionality of a certificate authority.

Parameters:

key - the private key used for signing.

algorithm - the name of the signature algorithm used.

Throws:

java.security.InvalidKeyException - on incorrect key.

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.NoSuchProviderException - if there's no default provider.

java.security.SignatureException - on signature errors.

java.security.cert.CertificateException - on encoding errors.

sign

public void sign(java.security.PrivateKey key,
        java.lang.String algorithm,
        java.lang.String provider)
          throws java.security.cert.CertificateException,
                 java.security.NoSuchAlgorithmException,
                 java.security.InvalidKeyException,
                 java.security.NoSuchProviderException,
                 java.security.SignatureException

Creates an X.509 certificate, and signs it using the given key (associating a signature algorithm and an X.500 name). This operation is used to implement the certificate generation functionality of a certificate authority.

Parameters:

key - the private key used for signing.

algorithm - the name of the signature algorithm used.

provider - the name of the provider.

Throws:

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.InvalidKeyException - on incorrect key.

java.security.NoSuchProviderException - on incorrect provider.

java.security.SignatureException - on signature errors.

java.security.cert.CertificateException - on encoding errors.

checkValidity

public void checkValidity()
                   throws java.security.cert.CertificateExpiredException,
                          java.security.cert.CertificateNotYetValidException

Checks that the certificate is currently valid, i.e. the current time is within the specified validity period.

Specified by:

checkValidity in class java.security.cert.X509Certificate

Throws:

java.security.cert.CertificateExpiredException - if the certificate has expired.

java.security.cert.CertificateNotYetValidException - if the certificate is not yet valid.

checkValidity

public void checkValidity(java.util.Date date)
                   throws java.security.cert.CertificateExpiredException,
                          java.security.cert.CertificateNotYetValidException

Checks that the specified date is within the certificate's validity period, or basically if the certificate would be valid at the specified date/time.

Specified by:

checkValidity in class java.security.cert.X509Certificate

Parameters:

date - the Date to check against to see if this certificate is valid at that date/time.

Throws:

java.security.cert.CertificateExpiredException - if the certificate has expired with respect to the date supplied.

java.security.cert.CertificateNotYetValidException - if the certificate is not yet valid with respect to the date supplied.

get

public java.lang.Object get(java.lang.String name)
                     throws java.security.cert.CertificateParsingException

Return the requested attribute from the certificate. Note that the X509CertInfo is not cloned for performance reasons. Callers must ensure that they do not modify it. All other attributes are cloned.

Parameters:

name - the name of the attribute.

Throws:

java.security.cert.CertificateParsingException - on invalid attribute identifier.

set

public void set(java.lang.String name,
       java.lang.Object obj)
         throws java.security.cert.CertificateException,
                java.io.IOException

Set the requested attribute in the certificate.

Parameters:

name - the name of the attribute.

obj - the value of the attribute.

Throws:

java.security.cert.CertificateException - on invalid attribute identifier.

java.io.IOException - on encoding error of attribute.

delete

public void delete(java.lang.String name)
            throws java.security.cert.CertificateException,
                   java.io.IOException

Delete the requested attribute from the certificate.

Parameters:

name - the name of the attribute.

Throws:

java.security.cert.CertificateException - on invalid attribute identifier.

java.io.IOException - on other errors.

getElements

public java.util.Enumeration<java.lang.String> getElements()

Return an enumeration of names of attributes existing within this attribute.

getName

public java.lang.String getName()

Return the name of this attribute.

toString

public java.lang.String toString()

Returns a printable representation of the certificate. This does not contain all the information available to distinguish this from any other certificate. The certificate must be fully constructed before this function may be called.

Specified by:

toString in class java.security.cert.Certificate

getPublicKey

public java.security.PublicKey getPublicKey()

Gets the publickey from this certificate.

Specified by:

getPublicKey in class java.security.cert.Certificate

Returns:

the publickey.

getVersion

public int getVersion()

Gets the version number from the certificate.

Specified by:

getVersion in class java.security.cert.X509Certificate

Returns:

the version number, i.e. 1, 2 or 3.

getSerialNumber

public java.math.BigInteger getSerialNumber()

Gets the serial number from the certificate.

Specified by:

getSerialNumber in class java.security.cert.X509Certificate

Returns:

the serial number.

getSerialNumberObject

public SerialNumber getSerialNumberObject()

Gets the serial number from the certificate as a SerialNumber object.

Returns:

the serial number.

getSubjectDN

public java.security.Principal getSubjectDN()

Gets the subject distinguished name from the certificate.

Specified by:

getSubjectDN in class java.security.cert.X509Certificate

Returns:

the subject name.

getSubjectX500Principal

public javax.security.auth.x500.X500Principal getSubjectX500Principal()

Get subject name as X500Principal. Overrides implementation in X509Certificate with a slightly more efficient version that is also aware of X509CertImpl mutability.

Overrides:

getSubjectX500Principal in class java.security.cert.X509Certificate

getIssuerDN

public java.security.Principal getIssuerDN()

Gets the issuer distinguished name from the certificate.

Specified by:

getIssuerDN in class java.security.cert.X509Certificate

Returns:

the issuer name.

getIssuerX500Principal

public javax.security.auth.x500.X500Principal getIssuerX500Principal()

Get issuer name as X500Principal. Overrides implementation in X509Certificate with a slightly more efficient version that is also aware of X509CertImpl mutability.

Overrides:

getIssuerX500Principal in class java.security.cert.X509Certificate

getNotBefore

public java.util.Date getNotBefore()

Gets the notBefore date from the validity period of the certificate.

Specified by:

getNotBefore in class java.security.cert.X509Certificate

Returns:

the start date of the validity period.

getNotAfter

public java.util.Date getNotAfter()

Gets the notAfter date from the validity period of the certificate.

Specified by:

getNotAfter in class java.security.cert.X509Certificate

Returns:

the end date of the validity period.

getTBSCertificate

public byte[] getTBSCertificate()
                         throws java.security.cert.CertificateEncodingException

Gets the DER encoded certificate informations, the tbsCertificate from this certificate. This can be used to verify the signature independently.

Specified by:

getTBSCertificate in class java.security.cert.X509Certificate

Returns:

the DER encoded certificate information.

Throws:

java.security.cert.CertificateEncodingException - if an encoding error occurs.

getSignature

public byte[] getSignature()

Gets the raw Signature bits from the certificate.

Specified by:

getSignature in class java.security.cert.X509Certificate

Returns:

the signature.

getSigAlgName

public java.lang.String getSigAlgName()

Gets the signature algorithm name for the certificate signature algorithm. For example, the string "SHA-1/DSA" or "DSS".

Specified by:

getSigAlgName in class java.security.cert.X509Certificate

Returns:

the signature algorithm name.

getSigAlgOID

public java.lang.String getSigAlgOID()

Gets the signature algorithm OID string from the certificate. For example, the string "1.2.840.10040.4.3"

Specified by:

getSigAlgOID in class java.security.cert.X509Certificate

Returns:

the signature algorithm oid string.

getSigAlgParams

public byte[] getSigAlgParams()

Gets the DER encoded signature algorithm parameters from this certificate's signature algorithm.

Specified by:

getSigAlgParams in class java.security.cert.X509Certificate

Returns:

the DER encoded signature algorithm parameters, or null if no parameters are present.

getIssuerUniqueID

public boolean[] getIssuerUniqueID()

Gets the Issuer Unique Identity from the certificate.

Specified by:

getIssuerUniqueID in class java.security.cert.X509Certificate

Returns:

the Issuer Unique Identity.

getSubjectUniqueID

public boolean[] getSubjectUniqueID()

Gets the Subject Unique Identity from the certificate.

Specified by:

getSubjectUniqueID in class java.security.cert.X509Certificate

Returns:

the Subject Unique Identity.

getAuthorityKeyIdentifierExtension

public AuthorityKeyIdentifierExtension getAuthorityKeyIdentifierExtension()

Get AuthorityKeyIdentifier extension

Returns:

AuthorityKeyIdentifier object or null (if no such object in certificate)

getBasicConstraintsExtension

public BasicConstraintsExtension getBasicConstraintsExtension()

Get BasicConstraints extension

Returns:

BasicConstraints object or null (if no such object in certificate)

getCertificatePoliciesExtension

public CertificatePoliciesExtension getCertificatePoliciesExtension()

Get CertificatePoliciesExtension

Returns:

CertificatePoliciesExtension or null (if no such object in certificate)

getExtendedKeyUsageExtension

public ExtendedKeyUsageExtension getExtendedKeyUsageExtension()

Get ExtendedKeyUsage extension

Returns:

ExtendedKeyUsage extension object or null (if no such object in certificate)

getIssuerAlternativeNameExtension

public IssuerAlternativeNameExtension getIssuerAlternativeNameExtension()

Get IssuerAlternativeName extension

Returns:

IssuerAlternativeName object or null (if no such object in certificate)

getNameConstraintsExtension

public NameConstraintsExtension getNameConstraintsExtension()

Get NameConstraints extension

Returns:

NameConstraints object or null (if no such object in certificate)

getPolicyConstraintsExtension

public PolicyConstraintsExtension getPolicyConstraintsExtension()

Get PolicyConstraints extension

Returns:

PolicyConstraints object or null (if no such object in certificate)

getPolicyMappingsExtension

public PolicyMappingsExtension getPolicyMappingsExtension()

Get PolicyMappingsExtension extension

Returns:

PolicyMappingsExtension object or null (if no such object in certificate)

getPrivateKeyUsageExtension

public PrivateKeyUsageExtension getPrivateKeyUsageExtension()

Get PrivateKeyUsage extension

Returns:

PrivateKeyUsage object or null (if no such object in certificate)

getSubjectAlternativeNameExtension

public SubjectAlternativeNameExtension getSubjectAlternativeNameExtension()

Get SubjectAlternativeName extension

Returns:

SubjectAlternativeName object or null (if no such object in certificate)

getSubjectKeyIdentifierExtension

public SubjectKeyIdentifierExtension getSubjectKeyIdentifierExtension()

Get SubjectKeyIdentifier extension

Returns:

SubjectKeyIdentifier object or null (if no such object in certificate)

getCRLDistributionPointsExtension

public CRLDistributionPointsExtension getCRLDistributionPointsExtension()

Get CRLDistributionPoints extension

Returns:

CRLDistributionPoints object or null (if no such object in certificate)

hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()

Return true if a critical extension is found that is not supported, otherwise return false.

Specified by:

hasUnsupportedCriticalExtension in interface java.security.cert.X509Extension

getCriticalExtensionOIDs

public java.util.Set<java.lang.String> getCriticalExtensionOIDs()

Gets a Set of the extension(s) marked CRITICAL in the certificate. In the returned set, each extension is represented by its OID string.

Specified by:

getCriticalExtensionOIDs in interface java.security.cert.X509Extension

Returns:

a set of the extension oid strings in the certificate that are marked critical.

getNonCriticalExtensionOIDs

public java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()

Gets a Set of the extension(s) marked NON-CRITICAL in the certificate. In the returned set, each extension is represented by its OID string.

Specified by:

getNonCriticalExtensionOIDs in interface java.security.cert.X509Extension

Returns:

a set of the extension oid strings in the certificate that are NOT marked critical.

getExtension

public Extension getExtension(ObjectIdentifier oid)

Gets the extension identified by the given ObjectIdentifier

Parameters:

oid - the Object Identifier value for the extension.

Returns:

Extension or null if certificate does not contain this extension

getUnparseableExtension

public Extension getUnparseableExtension(ObjectIdentifier oid)

getExtensionValue

public byte[] getExtensionValue(java.lang.String oid)

Gets the DER encoded extension identified by the given oid String.

Specified by:

getExtensionValue in interface java.security.cert.X509Extension

Parameters:

oid - the Object Identifier value for the extension.

getKeyUsage

public boolean[] getKeyUsage()

Get a boolean array representing the bits of the KeyUsage extension, (oid = 2.5.29.15).

Specified by:

getKeyUsage in class java.security.cert.X509Certificate

Returns:

the bit values of this extension as an array of booleans.

getExtendedKeyUsage

public java.util.List<java.lang.String> getExtendedKeyUsage()
                                                     throws java.security.cert.CertificateParsingException

This method are the overridden implementation of getExtendedKeyUsage method in X509Certificate in the Sun provider. It is better performance-wise since it returns cached values.

Overrides:

getExtendedKeyUsage in class java.security.cert.X509Certificate

Throws:

java.security.cert.CertificateParsingException

getExtendedKeyUsage

public static java.util.List<java.lang.String> getExtendedKeyUsage(java.security.cert.X509Certificate cert)
                                                            throws java.security.cert.CertificateParsingException

This static method is the default implementation of the getExtendedKeyUsage method in X509Certificate. A X509Certificate provider generally should overwrite this to provide among other things caching for better performance.

Throws:

java.security.cert.CertificateParsingException

getBasicConstraints

public int getBasicConstraints()

Get the certificate constraints path length from the the critical BasicConstraints extension, (oid = 2.5.29.19).

Specified by:

getBasicConstraints in class java.security.cert.X509Certificate

Returns:

the length of the constraint.

getSubjectAlternativeNames

public java.util.Collection<java.util.List<?>> getSubjectAlternativeNames()
                                                                   throws java.security.cert.CertificateParsingException

This method are the overridden implementation of getSubjectAlternativeNames method in X509Certificate in the Sun provider. It is better performance-wise since it returns cached values.

Overrides:

getSubjectAlternativeNames in class java.security.cert.X509Certificate

Throws:

java.security.cert.CertificateParsingException

getSubjectAlternativeNames

public static java.util.Collection<java.util.List<?>> getSubjectAlternativeNames(java.security.cert.X509Certificate cert)
                                                                          throws java.security.cert.CertificateParsingException

This static method is the default implementation of the getSubjectAlternaitveNames method in X509Certificate. A X509Certificate provider generally should overwrite this to provide among other things caching for better performance.

Throws:

java.security.cert.CertificateParsingException

getIssuerAlternativeNames

public java.util.Collection<java.util.List<?>> getIssuerAlternativeNames()
                                                                  throws java.security.cert.CertificateParsingException

This method are the overridden implementation of getIssuerAlternativeNames method in X509Certificate in the Sun provider. It is better performance-wise since it returns cached values.

Overrides:

getIssuerAlternativeNames in class java.security.cert.X509Certificate

Throws:

java.security.cert.CertificateParsingException

getIssuerAlternativeNames

public static java.util.Collection<java.util.List<?>> getIssuerAlternativeNames(java.security.cert.X509Certificate cert)
                                                                         throws java.security.cert.CertificateParsingException

This static method is the default implementation of the getIssuerAlternaitveNames method in X509Certificate. A X509Certificate provider generally should overwrite this to provide among other things caching for better performance.

Throws:

java.security.cert.CertificateParsingException

getAuthorityInfoAccessExtension

public AuthorityInfoAccessExtension getAuthorityInfoAccessExtension()

getSubjectX500Principal

public static javax.security.auth.x500.X500Principal getSubjectX500Principal(java.security.cert.X509Certificate cert)

Extract the subject X500Principal from an X509Certificate. Called from java.security.cert.X509Certificate.getSubjectX500Principal().

getIssuerX500Principal

public static javax.security.auth.x500.X500Principal getIssuerX500Principal(java.security.cert.X509Certificate cert)

Extract the issuer X500Principal from an X509Certificate. Called from java.security.cert.X509Certificate.getIssuerX500Principal().

getEncodedInternal

public static byte[] getEncodedInternal(java.security.cert.Certificate cert)
                                 throws java.security.cert.CertificateEncodingException

Returned the encoding of the given certificate for internal use. Callers must guarantee that they neither modify it nor expose it to untrusted code. Uses getEncodedInternal() if the certificate is instance of X509CertImpl, getEncoded() otherwise.

Throws:

java.security.cert.CertificateEncodingException

toImpl

public static X509CertImpl toImpl(java.security.cert.X509Certificate cert)
                           throws java.security.cert.CertificateException

Utility method to convert an arbitrary instance of X509Certificate to a X509CertImpl. Does a cast if possible, otherwise reparses the encoding.

Throws:

java.security.cert.CertificateException

isSelfIssued

public static boolean isSelfIssued(java.security.cert.X509Certificate cert)

Utility method to test if a certificate is self-issued. This is the case iff the subject and issuer X500Principals are equal.

isSelfSigned

public static boolean isSelfSigned(java.security.cert.X509Certificate cert,
                   java.lang.String sigProvider)

Utility method to test if a certificate is self-signed. This is the case iff the subject and issuer X500Principals are equal AND the certificate's subject public key can be used to verify the certificate. In case of exception, returns false.