gnu.java.security.x509

Class X509Certificate

Implemented Interfaces:
GnuPKIExtension, Serializable, X509Extension

public class X509Certificate
extends X509Certificate
implements Serializable, GnuPKIExtension

An implementation of X.509 certificates.
See Also:
Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class java.security.cert.Certificate

Certificate.CertificateRep

Field Summary

protected Map
Extension>extensions
protected static OID
ID_DSA
protected static OID
ID_DSA_WITH_SHA1
protected static OID
ID_ECDSA_WITH_SHA1
protected static OID
ID_RSA
protected static OID
ID_RSA_WITH_MD2
protected static OID
ID_RSA_WITH_MD5
protected static OID
ID_RSA_WITH_SHA1
protected OID
algId
protected byte[]
algVal
protected byte[]
encoded
protected X500DistinguishedName
issuer
protected BitString
issuerUniqueId
protected Date
notAfter
protected Date
notBefore
protected BigInteger
serialNo
protected OID
sigAlgId
protected byte[]
sigAlgVal
protected byte[]
signature
protected X500DistinguishedName
subject
protected PublicKey
subjectKey
protected BitString
subjectUniqueId
protected byte[]
tbsCertBytes
protected int
version

Constructor Summary

X509Certificate()
The basic constructor.
X509Certificate(InputStream encoded)
Create a new X.509 certificate from the encoded data.

Method Summary

void
checkValidity()
void
checkValidity(Date date)
boolean
equals(Object other)
Determine whether this Object is semantically equal to another Object.
int
getBasicConstraints()
Set
getCriticalExtensionOIDs()
byte[]
getEncoded()
List
getExtendedKeyUsage()
Extension
getExtension(OID oid)
Returns the extension object for the given object identifier.
byte[]
getExtensionValue(String oid)
Collection<E>
getExtensions()
Collection>
getIssuerAlternativeNames()
Principal
getIssuerDN()
boolean[]
getIssuerUniqueID()
X500Principal
getIssuerX500Principal()
boolean[]
getKeyUsage()
Set
getNonCriticalExtensionOIDs()
Date
getNotAfter()
Date
getNotBefore()
PublicKey
getPublicKey()
BigInteger
getSerialNumber()
String
getSigAlgName()
String
getSigAlgOID()
byte[]
getSigAlgParams()
byte[]
getSignature()
Collection>
getSubjectAlternativeNames()
Principal
getSubjectDN()
boolean[]
getSubjectUniqueID()
X500Principal
getSubjectX500Principal()
byte[]
getTBSCertificate()
int
getVersion()
boolean
hasUnsupportedCriticalExtension()
String
toString()
Convert this Object to a human-readable String.
void
verify(PublicKey key)
void
verify(PublicKey key, String provider)

Methods inherited from class java.security.cert.X509Certificate

checkValidity, checkValidity, getBasicConstraints, getExtendedKeyUsage, getIssuerAlternativeNames, getIssuerDN, getIssuerUniqueID, getIssuerX500Principal, getKeyUsage, getNotAfter, getNotBefore, getSerialNumber, getSigAlgName, getSigAlgOID, getSigAlgParams, getSignature, getSubjectAlternativeNames, getSubjectDN, getSubjectUniqueID, getSubjectX500Principal, getTBSCertificate, getVersion

Methods inherited from class java.security.cert.Certificate

equals, getEncoded, getPublicKey, getType, hashCode, toString, verify, verify, writeReplace

Methods inherited from class java.lang.Object

clone, equals, extends Object> getClass, finalize, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

Extension>extensions

protected MapExtension>extensions

ID_DSA

protected static final OID ID_DSA

ID_DSA_WITH_SHA1

protected static final OID ID_DSA_WITH_SHA1

ID_ECDSA_WITH_SHA1

protected static final OID ID_ECDSA_WITH_SHA1

ID_RSA

protected static final OID ID_RSA

ID_RSA_WITH_MD2

protected static final OID ID_RSA_WITH_MD2

ID_RSA_WITH_MD5

protected static final OID ID_RSA_WITH_MD5

ID_RSA_WITH_SHA1

protected static final OID ID_RSA_WITH_SHA1

algId

protected OID algId

algVal

protected byte[] algVal

encoded

protected byte[] encoded

issuer

protected X500DistinguishedName issuer

issuerUniqueId

protected BitString issuerUniqueId

notAfter

protected Date notAfter

notBefore

protected Date notBefore

serialNo

protected BigInteger serialNo

sigAlgId

protected OID sigAlgId

sigAlgVal

protected byte[] sigAlgVal

signature

protected byte[] signature

subject

protected X500DistinguishedName subject

subjectKey

protected PublicKey subjectKey

subjectUniqueId

protected BitString subjectUniqueId

tbsCertBytes

protected byte[] tbsCertBytes

version

protected int version

Constructor Details

X509Certificate

protected X509Certificate()
The basic constructor. Object is special, because it has no superclass, so there is no call to super().

X509Certificate

public X509Certificate(InputStream encoded)
            throws CertificateException,
                   IOException
Create a new X.509 certificate from the encoded data. The input data are expected to be the ASN.1 DER encoding of the certificate.
Parameters:
encoded - The encoded certificate data.
Throws:
IOException - If the certificate cannot be read, possibly from a formatting error.
CertificateException - If the data read is not an X.509 certificate.

Method Details

checkValidity

public void checkValidity()
            throws CertificateExpiredException,
                   CertificateNotYetValidException
Overrides:
checkValidity in interface X509Certificate

checkValidity

public void checkValidity(Date date)
            throws CertificateExpiredException,
                   CertificateNotYetValidException
Overrides:
checkValidity in interface X509Certificate

equals

public boolean equals(Object other)
Determine whether this Object is semantically equal to another Object.

There are some fairly strict requirements on this method which subclasses must follow:

  • It must be transitive. If a.equals(b) and b.equals(c), then a.equals(c) must be true as well.
  • It must be symmetric. a.equals(b) and b.equals(a) must have the same value.
  • It must be reflexive. a.equals(a) must always be true.
  • It must be consistent. Whichever value a.equals(b) returns on the first invocation must be the value returned on all later invocations.
  • a.equals(null) must be false.
  • It must be consistent with hashCode(). That is, a.equals(b) must imply a.hashCode() == b.hashCode(). The reverse is not true; two objects that are not equal may have the same hashcode, but that has the potential to harm hashing performance.

This is typically overridden to throw a ClassCastException if the argument is not comparable to the class performing the comparison, but that is not a requirement. It is legal for a.equals(b) to be true even though a.getClass() != b.getClass(). Also, it is typical to never cause a NullPointerException.

In general, the Collections API (java.util) use the equals method rather than the == operator to compare objects. However, IdentityHashMap is an exception to this rule, for its own good reasons.

The default implementation returns this == o.

Overrides:
equals in interface Certificate
Parameters:
Returns:
whether this Object is semantically equal to another

getBasicConstraints

public int getBasicConstraints()
Overrides:
getBasicConstraints in interface X509Certificate

getCriticalExtensionOIDs

public Set getCriticalExtensionOIDs()
Specified by:
getCriticalExtensionOIDs in interface X509Extension

getEncoded

public byte[] getEncoded()
            throws CertificateEncodingException
Overrides:
getEncoded in interface Certificate

getExtendedKeyUsage

public List getExtendedKeyUsage()
            throws CertificateParsingException
Overrides:
getExtendedKeyUsage in interface X509Certificate

getExtension

public Extension getExtension(OID oid)
Returns the extension object for the given object identifier.
Specified by:
getExtension in interface GnuPKIExtension
Parameters:
oid - The OID of the extension to get.
Returns:
The extension, or null if there is no such extension.

getExtensionValue

public byte[] getExtensionValue(String oid)
Specified by:
getExtensionValue in interface X509Extension

getExtensions

public Collection<E> getExtensions()
Specified by:
getExtensions in interface GnuPKIExtension

getIssuerAlternativeNames

public Collection> getIssuerAlternativeNames()
            throws CertificateParsingException
Overrides:
getIssuerAlternativeNames in interface X509Certificate

getIssuerDN

public Principal getIssuerDN()
Overrides:
getIssuerDN in interface X509Certificate

getIssuerUniqueID

public boolean[] getIssuerUniqueID()
Overrides:
getIssuerUniqueID in interface X509Certificate

getIssuerX500Principal

public X500Principal getIssuerX500Principal()
Overrides:
getIssuerX500Principal in interface X509Certificate

getKeyUsage

public boolean[] getKeyUsage()
Overrides:
getKeyUsage in interface X509Certificate

getNonCriticalExtensionOIDs

public Set getNonCriticalExtensionOIDs()
Specified by:
getNonCriticalExtensionOIDs in interface X509Extension

getNotAfter

public Date getNotAfter()
Overrides:
getNotAfter in interface X509Certificate

getNotBefore

public Date getNotBefore()
Overrides:
getNotBefore in interface X509Certificate

getPublicKey

public PublicKey getPublicKey()
Overrides:
getPublicKey in interface Certificate

getSerialNumber

public BigInteger getSerialNumber()
Overrides:
getSerialNumber in interface X509Certificate

getSigAlgName

public String getSigAlgName()
Overrides:
getSigAlgName in interface X509Certificate

getSigAlgOID

public String getSigAlgOID()
Overrides:
getSigAlgOID in interface X509Certificate

getSigAlgParams

public byte[] getSigAlgParams()
Overrides:
getSigAlgParams in interface X509Certificate

getSignature

public byte[] getSignature()
Overrides:
getSignature in interface X509Certificate

getSubjectAlternativeNames

public Collection> getSubjectAlternativeNames()
            throws CertificateParsingException
Overrides:
getSubjectAlternativeNames in interface X509Certificate

getSubjectDN

public Principal getSubjectDN()
Overrides:
getSubjectDN in interface X509Certificate

getSubjectUniqueID

public boolean[] getSubjectUniqueID()
Overrides:
getSubjectUniqueID in interface X509Certificate

getSubjectX500Principal

public X500Principal getSubjectX500Principal()
Overrides:
getSubjectX500Principal in interface X509Certificate

getTBSCertificate

public byte[] getTBSCertificate()
            throws CertificateEncodingException
Overrides:
getTBSCertificate in interface X509Certificate

getVersion

public int getVersion()
Overrides:
getVersion in interface X509Certificate

hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()
Specified by:
hasUnsupportedCriticalExtension in interface X509Extension

toString

public String toString()
Convert this Object to a human-readable String. There are no limits placed on how long this String should be or what it should contain. We suggest you make it as intuitive as possible to be able to place it into System.out.println() and such.

It is typical, but not required, to ensure that this method never completes abruptly with a RuntimeException.

This method will be called when performing string concatenation with this object. If the result is null, string concatenation will instead use "null".

The default implementation returns getClass().getName() + "@" + Integer.toHexString(hashCode()).

Overrides:
toString in interface Certificate
Returns:
the String representing this Object, which may be null

verify

public void verify(PublicKey key)
            throws CertificateException,
                   NoSuchAlgorithmException,
                   InvalidKeyException,
                   NoSuchProviderException,
                   SignatureException
Overrides:
verify in interface Certificate

verify

public void verify(PublicKey key,
                   String provider)
            throws CertificateException,
                   NoSuchAlgorithmException,
                   InvalidKeyException,
                   NoSuchProviderException,
                   SignatureException
Overrides:
verify in interface Certificate

X509Certificate.java -- X.509 certificate. Copyright (C) 2003, 2004, 2006 Free Software Foundation, Inc. This file is part of GNU Classpath. GNU Classpath is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. GNU Classpath is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Classpath; see the file COPYING. If not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Linking this library statically or dynamically with other modules is making a combined work based on this library. Thus, the terms and conditions of the GNU General Public License cover the whole combination. As a special exception, the copyright holders of this library give you permission to link this library with independent modules to produce an executable, regardless of the license terms of these independent modules, and to copy and distribute the resulting executable under terms of your choice, provided that you also meet, for each linked independent module, the terms and conditions of the license of that module. An independent module is a module which is not derived from or based on this library. If you modify this library, you may extend this exception to your version of the library, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version.