Package org.conscrypt

Class OpenSSLX509Certificate

    • Method Detail

      • fromX509DerInputStream

        public static OpenSSLX509Certificate fromX509DerInputStream​(InputStream is)
                                                     throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
        Throws:
        org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

      • fromPkcs7DerInputStream

        public static List<OpenSSLX509Certificate> fromPkcs7DerInputStream​(InputStream is)
                                                            throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
        Throws:
        org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

      • fromX509PemInputStream

        public static OpenSSLX509Certificate fromX509PemInputStream​(InputStream is)
                                                     throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
        Throws:
        org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

      • fromPkcs7PemInputStream

        public static List<OpenSSLX509Certificate> fromPkcs7PemInputStream​(InputStream is)
                                                            throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
        Throws:
        org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

      • getCriticalExtensionOIDs

        public Set<String> getCriticalExtensionOIDs()
        Description copied from interface: X509Extension
        Returns the set of OIDs of the extension(s) marked as CRITICAL, that this implementation manages.
        Returns:
        the set of extension OIDs marked as CRITIAL, an empty set if none are marked as CRITICAL, or null if no extensions are present.

      • getExtensionValue

        public byte[] getExtensionValue​(String oid)
        Description copied from interface: X509Extension
        Returns the extension value as DER-encoded OCTET string for the specified OID.
        Parameters:
        oid - the object identifier to get the extension value for.
        Returns:
        the extension value as DER-encoded OCTET string, or null if no extension for the specified OID can be found.

      • getNonCriticalExtensionOIDs

        public Set<String> getNonCriticalExtensionOIDs()
        Description copied from interface: X509Extension
        Returns the set of OIDs of the extension(s) marked as NON-CRITICAL, that this implementation manages.
        Returns:
        the set of extension OIDs marked as NON-CRITIAL, an empty set if none are marked as NON-.CRITICAL, or null if no extensions are present.

      • hasUnsupportedCriticalExtension

        public boolean hasUnsupportedCriticalExtension()
        Description copied from interface: X509Extension
        Returns whether this instance has an extension marked as CRITICAL that it cannot support.
        Returns:
        true if an unsupported CRITICAL extension is present, false otherwise.

      • getVersion

        public int getVersion()
        Description copied from class: X509Certificate
        Returns the certificates version (version number).

        The version defined is ASN.1: 

         Version ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
        Specified by:
        getVersion in class X509Certificate
        Returns:
        the version number.

      • getSerialNumber

        public BigInteger getSerialNumber()
        Description copied from class: X509Certificate
        Returns the serialNumber of the certificate.

        The ASN.1 definition of serialNumber: 

         CertificateSerialNumber  ::=  INTEGER
        Specified by:
        getSerialNumber in class X509Certificate
        Returns:
        the serial number.

      • getIssuerDN

        public Principal getIssuerDN()
        Description copied from class: X509Certificate
        Returns the issuer (issuer distinguished name) as an implementation specific Principal object.

        The ASN.1 definition of issuer: 

          issuer      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType
        replaced by: X509Certificate.getIssuerX500Principal().
        Specified by:
        getIssuerDN in class X509Certificate
        Returns:
        the issuer as an implementation specific Principal.

      • getSubjectDN

        public Principal getSubjectDN()
        Description copied from class: X509Certificate
        Returns the subject (subject distinguished name) as an implementation specific Principal object.

        The ASN.1 definition of subject: 

         subject      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType

        replaced by: X509Certificate.getSubjectX500Principal().

        Specified by:
        getSubjectDN in class X509Certificate
        Returns:
        the subject (subject distinguished name).

      • getNotBefore

        public Date getNotBefore()
        Description copied from class: X509Certificate
        Returns the notBefore date from the validity period of the certificate.
        Specified by:
        getNotBefore in class X509Certificate
        Returns:
        the start of the validity period.

      • getNotAfter

        public Date getNotAfter()
        Description copied from class: X509Certificate
        Returns the notAfter date of the validity period of the certificate.
        Specified by:
        getNotAfter in class X509Certificate
        Returns:
        the end of the validity period.

      • getSignature

        public byte[] getSignature()
        Description copied from class: X509Certificate
        Returns the raw signature bits from the certificate.
        Specified by:
        getSignature in class X509Certificate
        Returns:
        the raw signature bits from the certificate.

      • getSigAlgName

        public String getSigAlgName()
        Description copied from class: X509Certificate
        Returns the name of the algorithm for the certificate signature.
        Specified by:
        getSigAlgName in class X509Certificate
        Returns:
        the signature algorithm name.

      • getSigAlgOID

        public String getSigAlgOID()
        Description copied from class: X509Certificate
        Returns the OID of the signature algorithm from the certificate.
        Specified by:
        getSigAlgOID in class X509Certificate
        Returns:
        the OID of the signature algorithm.

      • getSigAlgParams

        public byte[] getSigAlgParams()
        Description copied from class: X509Certificate
        Returns the parameters of the signature algorithm in DER-encoded format.
        Specified by:
        getSigAlgParams in class X509Certificate
        Returns:
        the parameters of the signature algorithm, or null if none are used.

      • getIssuerUniqueID

        public boolean[] getIssuerUniqueID()
        Description copied from class: X509Certificate
        Returns the issuerUniqueID from the certificate.
        Specified by:
        getIssuerUniqueID in class X509Certificate
        Returns:
        the issuerUniqueID or null if there's none in the certificate.

      • getSubjectUniqueID

        public boolean[] getSubjectUniqueID()
        Description copied from class: X509Certificate
        Returns the subjectUniqueID from the certificate.
        Specified by:
        getSubjectUniqueID in class X509Certificate
        Returns:
        the subjectUniqueID or null if there's none in the certificate.

      • getKeyUsage

        public boolean[] getKeyUsage()
        Description copied from class: X509Certificate
        Returns the KeyUsage extension as a boolean array.

        The ASN.1 definition of KeyUsage: 

         KeyUsage ::= BIT STRING {
      digitalSignature        (0),
      nonRepudiation          (1),
      keyEncipherment         (2),
      dataEncipherment        (3),
      keyAgreement            (4),
      keyCertSign             (5),
      cRLSign                 (6),
      encipherOnly            (7),
      decipherOnly            (8) }
        Specified by:
        getKeyUsage in class X509Certificate
        Returns:
        the KeyUsage extension or null if there's none in the certificate.

      • getBasicConstraints

        public int getBasicConstraints()
        Description copied from class: X509Certificate
        Returns the path length of the certificate constraints from the BasicContraints extension. If the certificate has no basic constraints or is not a certificate authority, -1 is returned. If the certificate is a certificate authority without a path length, Integer.MAX_VALUE is returned. Otherwise, the certificate authority's path length is returned.
        Specified by:
        getBasicConstraints in class X509Certificate

      • toString

        public String toString()
        Description copied from class: Certificate
        Returns a string containing a concise, human-readable description of the certificate.
        Specified by:
        toString in class Certificate
        Returns:
        a printable representation for the certificate.

      • getPublicKey

        public PublicKey getPublicKey()
        Description copied from class: Certificate
        Returns the public key corresponding to this certificate.
        Specified by:
        getPublicKey in class Certificate
        Returns:
        the public key corresponding to this certificate.

      • getSubjectAlternativeNames

        public Collection<List<?>> getSubjectAlternativeNames()
                                               throws CertificateParsingException
        Description copied from class: X509Certificate
        Returns a read-only list of the subject alternative names from the SubjectAltName extension.

        The ASN.1 definition of SubjectAltName: 

         SubjectAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }
        Overrides:
        getSubjectAlternativeNames in class X509Certificate
        Returns:
        the subject alternative names or null if there are none in the certificate.
        Throws:
        CertificateParsingException - if decoding of the extension fails.

      • getIssuerAlternativeNames

        public Collection<List<?>> getIssuerAlternativeNames()
                                              throws CertificateParsingException
        Description copied from class: X509Certificate
        Returns a read-only list of the issuer alternative names from the IssuerAltName extension.

        The ASN.1 definition of IssuerAltName: 

         IssuerAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }
        Overrides:
        getIssuerAlternativeNames in class X509Certificate
        Returns:
        the issuer alternative names of null if there are none in the certificate.
        Throws:
        CertificateParsingException - if decoding of the extension fails.

      • equals

        public boolean equals​(Object other)
        Description copied from class: Certificate
        Compares the argument to the certificate, and returns true if they represent the same object using a class specific comparison. The implementation in Object returns true only if the argument is the exact same object as the callee (==).
        Overrides:
        equals in class Certificate
        Parameters:
        other - the object to compare with this object.
        Returns:
        true if the object is the same as this object, false if it is different from this object.
        See Also:
        Certificate.hashCode()

      • hashCode

        public int hashCode()
        Description copied from class: Certificate
        Returns an integer hash code for the certificate. Any two objects which return true when passed to equals must return the same value for this method.
        Overrides:
        hashCode in class Certificate
        Returns:
        the certificate's hash
        See Also:
        Certificate.equals(java.lang.Object)

      • getContext

        public long getContext()
        Returns the raw pointer to the X509 context for use in JNI calls. The life cycle of this native pointer is managed by the OpenSSLX509Certificate instance and must not be destroyed or freed by users of this API.

      • withDeletedExtension

        public OpenSSLX509Certificate withDeletedExtension​(String oid)
        Delete an extension. A modified copy of the certificate is returned. The original object is unchanged. If the extension is not present, an unmodified copy is returned.

      • finalize

        protected void finalize()
                 throws Throwable
        Description copied from class: Object
        Invoked when the garbage collector has detected that this instance is no longer reachable. The default implementation does nothing, but this method can be overridden to free resources.

        Note that objects that override finalize are significantly more expensive than objects that don't. Finalizers may be run a long time after the object is no longer reachable, depending on memory pressure, so it's a bad idea to rely on them for cleanup. Note also that finalizers are run on a single VM-wide finalizer thread, so doing blocking work in a finalizer is a bad idea. A finalizer is usually only necessary for a class that has a native peer and needs to call a native method to destroy that peer. Even then, it's better to provide an explicit close method (and implement Closeable), and insist that callers manually dispose of instances. This works well for something like files, but less well for something like a BigInteger where typical calling code would have to deal with lots of temporaries. Unfortunately, code that creates lots of temporaries is the worst kind of code from the point of view of the single finalizer thread.

        If you must use finalizers, consider at least providing your own ReferenceQueue and having your own thread process that queue.

        Unlike constructors, finalizers are not automatically chained. You are responsible for calling super.finalize() yourself.

        Uncaught exceptions thrown by finalizers are ignored and do not terminate the finalizer thread. See Effective Java Item 7, "Avoid finalizers" for more.

        Overrides:
        finalize in class Object
        Throws:
        Throwable