Package java.security.cert

Class X509Certificate

  • All Implemented Interfaces:
    Serializable, X509Extension
    Direct Known Subclasses:
    OpenSSLX509Certificate, WrappedX509Certificate, X509CertificateObject
    public abstract class X509Certificate
extends Certificate
implements X509Extension
    Abstract base class for X.509 certificates.

    This represents a standard way for accessing the attributes of X.509 certificates.

    The basic X.509 v3 format described in ASN.1: 

     Certificate  ::=  SEQUENCE  {
     tbsCertificate       TBSCertificate,
     signatureAlgorithm   AlgorithmIdentifier,
     signature            BIT STRING  }

 TBSCertificate  ::=  SEQUENCE  {
      version         [0]  EXPLICIT Version DEFAULT v1,
      serialNumber         CertificateSerialNumber,
      signature            AlgorithmIdentifier,
      issuer               Name,
      validity             Validity,
      subject              Name,
      subjectPublicKeyInfo SubjectPublicKeyInfo,
      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                           -- If present, version must be v2 or v3
      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                           -- If present, version must be v2 or v3
      extensions      [3]  EXPLICIT Extensions OPTIONAL
                           -- If present, version must be v3
      }

    For more information consult RFC 2459 "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt .

    See Also:
    Serialized Form

    • Constructor Detail

      • X509Certificate

        protected X509Certificate()
        Creates a new X509Certificate.

    • Method Detail

      • getVersion

        public abstract int getVersion()
        Returns the certificates version (version number).

        The version defined is ASN.1: 

         Version ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
        Returns:
        the version number.

      • getSerialNumber

        public abstract BigInteger getSerialNumber()
        Returns the serialNumber of the certificate.

        The ASN.1 definition of serialNumber: 

         CertificateSerialNumber  ::=  INTEGER
        Returns:
        the serial number.

      • getIssuerDN

        public abstract Principal getIssuerDN()
        Returns the issuer (issuer distinguished name) as an implementation specific Principal object.

        The ASN.1 definition of issuer: 

          issuer      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType
        replaced by: getIssuerX500Principal().
        Returns:
        the issuer as an implementation specific Principal.

      • getIssuerX500Principal

        public X500Principal getIssuerX500Principal()
        Returns the issuer (issuer distinguished name) as an X500Principal.
        Returns:
        the issuer (issuer distinguished name).

      • getSubjectDN

        public abstract Principal getSubjectDN()
        Returns the subject (subject distinguished name) as an implementation specific Principal object.

        The ASN.1 definition of subject: 

         subject      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType

        replaced by: getSubjectX500Principal().

        Returns:
        the subject (subject distinguished name).

      • getSubjectX500Principal

        public X500Principal getSubjectX500Principal()
        Returns the subject (subject distinguished name) as an X500Principal.
        Returns:
        the subject (subject distinguished name)

      • getNotBefore

        public abstract Date getNotBefore()
        Returns the notBefore date from the validity period of the certificate.
        Returns:
        the start of the validity period.

      • getNotAfter

        public abstract Date getNotAfter()
        Returns the notAfter date of the validity period of the certificate.
        Returns:
        the end of the validity period.

      • getTBSCertificate

        public abstract byte[] getTBSCertificate()
                                  throws CertificateEncodingException
        Returns the tbsCertificate information from this certificate in DER-encoded format.
        Returns:
        the DER-encoded certificate information.
        Throws:
        CertificateEncodingException - if an error occurs in encoding

      • getSignature

        public abstract byte[] getSignature()
        Returns the raw signature bits from the certificate.
        Returns:
        the raw signature bits from the certificate.

      • getSigAlgName

        public abstract String getSigAlgName()
        Returns the name of the algorithm for the certificate signature.
        Returns:
        the signature algorithm name.

      • getSigAlgOID

        public abstract String getSigAlgOID()
        Returns the OID of the signature algorithm from the certificate.
        Returns:
        the OID of the signature algorithm.

      • getSigAlgParams

        public abstract byte[] getSigAlgParams()
        Returns the parameters of the signature algorithm in DER-encoded format.
        Returns:
        the parameters of the signature algorithm, or null if none are used.

      • getIssuerUniqueID

        public abstract boolean[] getIssuerUniqueID()
        Returns the issuerUniqueID from the certificate.
        Returns:
        the issuerUniqueID or null if there's none in the certificate.

      • getSubjectUniqueID

        public abstract boolean[] getSubjectUniqueID()
        Returns the subjectUniqueID from the certificate.
        Returns:
        the subjectUniqueID or null if there's none in the certificate.

      • getKeyUsage

        public abstract boolean[] getKeyUsage()
        Returns the KeyUsage extension as a boolean array.

        The ASN.1 definition of KeyUsage: 

         KeyUsage ::= BIT STRING {
      digitalSignature        (0),
      nonRepudiation          (1),
      keyEncipherment         (2),
      dataEncipherment        (3),
      keyAgreement            (4),
      keyCertSign             (5),
      cRLSign                 (6),
      encipherOnly            (7),
      decipherOnly            (8) }
        Returns:
        the KeyUsage extension or null if there's none in the certificate.

      • getExtendedKeyUsage

        public List<String> getExtendedKeyUsage()
                                 throws CertificateParsingException
        Returns a read-only list of OID strings representing the ExtKeyUsageSyntax field of the extended key usage extension.
        Returns:
        the extended key usage extension, or null if there's none in the certificate.
        Throws:
        CertificateParsingException - if the extension decoding fails.

      • getBasicConstraints

        public abstract int getBasicConstraints()
        Returns the path length of the certificate constraints from the BasicContraints extension. If the certificate has no basic constraints or is not a certificate authority, -1 is returned. If the certificate is a certificate authority without a path length, Integer.MAX_VALUE is returned. Otherwise, the certificate authority's path length is returned.

      • getSubjectAlternativeNames

        public Collection<List<?>> getSubjectAlternativeNames()
                                               throws CertificateParsingException
        Returns a read-only list of the subject alternative names from the SubjectAltName extension.

        The ASN.1 definition of SubjectAltName: 

         SubjectAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }
        Returns:
        the subject alternative names or null if there are none in the certificate.
        Throws:
        CertificateParsingException - if decoding of the extension fails.

      • getIssuerAlternativeNames

        public Collection<List<?>> getIssuerAlternativeNames()
                                              throws CertificateParsingException
        Returns a read-only list of the issuer alternative names from the IssuerAltName extension.

        The ASN.1 definition of IssuerAltName: 

         IssuerAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }
        Returns:
        the issuer alternative names of null if there are none in the certificate.
        Throws:
        CertificateParsingException - if decoding of the extension fails.