|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.ibm.security12.java.security.cert.Certificate | +--com.ibm.security12.java.security.cert.X509Certificate | +--com.ibm.security12.sun.security.x509.X509CertImpl
The X509CertImpl class represents an X.509 certificate. These certificates are widely used to support authentication and other functionality in Internet security systems. Common applications include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), code signing for trusted software distribution, and Secure Electronic Transactions (SET). There is a commercial infrastructure ready to manage large scale deployments of X.509 identity certificates.
These certificates are managed and vouched for by Certificate Authorities (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties, making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.
RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates. That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions.
More recent work includes the IETF PKIX Working Group efforts, especially part 1.
X509CertInfo
Field Summary | |
static String |
ALG_ID
|
protected AlgorithmId |
algId
|
protected X509CertInfo |
info
|
static String |
INFO
|
static String |
ISSUER_DN
|
static String |
NAME
Public attribute names. |
static String |
PUBLIC_KEY
|
static String |
SERIAL_ID
|
static String |
SIG
|
static String |
SIG_ALG
|
protected byte[] |
signature
|
static String |
SIGNATURE
|
static String |
SIGNED_CERT
|
static String |
SUBJECT_DN
The following are defined for ease-of-use. |
Constructor Summary | |
X509CertImpl()
Default constructor. |
|
X509CertImpl(byte[] certData)
Unmarshals a certificate from its encoded form, parsing the encoded bytes. |
|
X509CertImpl(DerValue derVal)
Unmarshal a certificate from its encoded form, parsing a DER value. |
|
X509CertImpl(InputStream in)
unmarshals an X.509 certificate from an input stream. |
|
X509CertImpl(X509CertInfo certInfo)
Construct an initialized X509 Certificate. |
Method Summary | |
void |
checkValidity()
Checks that the certificate is currently valid, i.e. |
void |
checkValidity(Date date)
Checks that the specified date is within the certificate's validity period, or basically if the certificate would be valid at the specified date/time. |
void |
delete(String name)
Delete the requested attribute from the certificate. |
void |
derEncode(OutputStream out)
DER encode this object onto an output stream. |
void |
encode(OutputStream out)
Appends the certificate to an output stream. |
Object |
get(String name)
Return the requested attribute from the certificate. |
int |
getBasicConstraints()
Get the certificate constraints path length from the the critical BasicConstraints extension, (oid = 2.5.29.19). |
Set |
getCriticalExtensionOIDs()
Gets a Set of the extension(s) marked CRITICAL in the certificate. |
Enumeration |
getElements()
Return an enumeration of names of attributes existing within this attribute. |
byte[] |
getEncoded()
Returns the encoded form of this certificate. |
byte[] |
getExtensionValue(String oid)
Gets the DER encoded extension identified by the given oid String. |
Principal |
getIssuerDN()
Gets the issuer distinguished name from the certificate. |
boolean[] |
getIssuerUniqueID()
Gets the Issuer Unique Identity from the certificate. |
boolean[] |
getKeyUsage()
Get a boolean array representing the bits of the KeyUsage extension, (oid = 2.5.29.15). |
String |
getName()
Return the name of this attribute. |
Set |
getNonCriticalExtensionOIDs()
Gets a Set of the extension(s) marked NON-CRITICAL in the certificate. |
Date |
getNotAfter()
Gets the notAfter date from the validity period of the certificate. |
Date |
getNotBefore()
Gets the notBefore date from the validity period of the certificate. |
PublicKey |
getPublicKey()
Gets the publickey from this certificate. |
java.math.BigInteger |
getSerialNumber()
Gets the serial number from the certificate. |
String |
getSigAlgName()
Gets the signature algorithm name for the certificate signature algorithm. |
String |
getSigAlgOID()
Gets the signature algorithm OID string from the certificate. |
byte[] |
getSigAlgParams()
Gets the DER encoded signature algorithm parameters from this certificate's signature algorithm. |
byte[] |
getSignature()
Gets the raw Signature bits from the certificate. |
Principal |
getSubjectDN()
Gets the subject distinguished name from the certificate. |
boolean[] |
getSubjectUniqueID()
Gets the Subject Unique Identity from the certificate. |
byte[] |
getTBSCertificate()
Gets the DER encoded certificate informations, the tbsCertificate from this certificate. |
int |
getVersion()
Gets the version number from the certificate. |
boolean |
hasUnsupportedCriticalExtension()
Return true if a critical extension is found that is not supported, otherwise return false. |
void |
set(String name,
Object obj)
Set the requested attribute in the certificate. |
void |
sign(PrivateKey key,
String algorithm)
Creates an X.509 certificate, and signs it using the given key (associating a signature algorithm and an X.500 name). |
void |
sign(PrivateKey key,
String algorithm,
String provider)
Creates an X.509 certificate, and signs it using the given key (associating a signature algorithm and an X.500 name). |
String |
toString()
Returns a printable representation of the certificate. |
void |
verify(PublicKey key)
Throws an exception if the certificate was not signed using the verification key provided. |
void |
verify(PublicKey key,
String sigProvider)
Throws an exception if the certificate was not signed using the verification key provided. |
Methods inherited from class com.ibm.security12.java.security.cert.Certificate |
equals,
getType,
hashCode |
Methods inherited from class java.lang.Object |
clone,
finalize,
getClass,
notify,
notifyAll,
wait,
wait,
wait |
Field Detail |
public static final String NAME
public static final String INFO
public static final String ALG_ID
public static final String SIGNATURE
public static final String SIGNED_CERT
public static final String SUBJECT_DN
public static final String ISSUER_DN
public static final String SERIAL_ID
public static final String PUBLIC_KEY
public static final String SIG_ALG
public static final String SIG
protected X509CertInfo info
protected AlgorithmId algId
protected byte[] signature
Constructor Detail |
public X509CertImpl()
public X509CertImpl(byte[] certData) throws CertificateException
certData
- the encoded bytes, with no trailing padding.public X509CertImpl(InputStream in) throws CertificateException
in
- an input stream holding at least one certificatepublic X509CertImpl(X509CertInfo certInfo)
public X509CertImpl(DerValue derVal) throws CertificateException
derVal
- the der value containing the encoded cert.Method Detail |
public void encode(OutputStream out) throws CertificateEncodingException
out
- an input stream to which the certificate is appended.public void derEncode(OutputStream out) throws IOException
DerEncoder
interface.out
- the output stream on which to write the DER encoding.public byte[] getEncoded() throws CertificateEncodingException
public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
key
- the public key used for verification.public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
key
- the public key used for verification.sigProvider
- the name of the provider.public void sign(PrivateKey key, String algorithm) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
key
- the private key used for signing.algorithm
- the name of the signature algorithm used.public void sign(PrivateKey key, String algorithm, String provider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
key
- the private key used for signing.algorithm
- the name of the signature algorithm used.provider
- the name of the provider.public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException
public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException
date
- the Date to check against to see if this certificate
is valid at that date/time.date
supplied.date
supplied.public Object get(String name) throws CertificateParsingException
name
- the name of the attribute.public void set(String name, Object obj) throws CertificateException, IOException
name
- the name of the attribute.obj
- the value of the attribute.public void delete(String name) throws CertificateException, IOException
name
- the name of the attribute.public Enumeration getElements()
public String getName()
public String toString()
public PublicKey getPublicKey()
public int getVersion()
public java.math.BigInteger getSerialNumber()
public Principal getSubjectDN()
public Principal getIssuerDN()
public Date getNotBefore()
public Date getNotAfter()
public byte[] getTBSCertificate() throws CertificateEncodingException
tbsCertificate
from this certificate.
This can be used to verify the signature independently.public byte[] getSignature()
public String getSigAlgName()
public String getSigAlgOID()
public byte[] getSigAlgParams()
public boolean[] getIssuerUniqueID()
public boolean[] getSubjectUniqueID()
public boolean hasUnsupportedCriticalExtension()
public Set getCriticalExtensionOIDs()
public Set getNonCriticalExtensionOIDs()
public byte[] getExtensionValue(String oid)
oid
- the Object Identifier value for the extension.public boolean[] getKeyUsage()
public int getBasicConstraints()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |