java.lang.Object | ||
↳ | java.security.cert.Certificate | |
↳ | java.security.cert.X509Certificate |
Abstract base class for X.509 certificates.
This represents a standard way for accessing the attributes of X.509 certificates.
The basic X.509 v3 format described in ASN.1:
Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL -- If present, version must be v3 }
For more information consult RFC 2459 "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt .
Protected Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Creates a new
X509Certificate . |
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Checks whether the certificate is currently valid.
| |||||||||||
Checks whether the certificate is valid at the specified date.
| |||||||||||
Returns the path length of the certificate constraints from the
BasicContraints extension. | |||||||||||
Returns a read-only list of OID strings representing the
ExtKeyUsageSyntax field of the extended key usage extension. | |||||||||||
Returns a read-only list of the issuer alternative names from the
IssuerAltName extension. | |||||||||||
Returns the
issuer (issuer distinguished name) as an
implementation specific Principal object. | |||||||||||
Returns the
issuerUniqueID from the certificate. | |||||||||||
Returns the
issuer (issuer distinguished name) as an X500Principal . | |||||||||||
Returns the
KeyUsage extension as a boolean array. | |||||||||||
Returns the
notAfter date of the validity period of the
certificate. | |||||||||||
Returns the
notBefore date from the validity period of the
certificate. | |||||||||||
Returns the
serialNumber of the certificate. | |||||||||||
Returns the name of the algorithm for the certificate signature.
| |||||||||||
Returns the OID of the signature algorithm from the certificate.
| |||||||||||
Returns the parameters of the signature algorithm in DER-encoded format.
| |||||||||||
Returns the raw signature bits from the certificate.
| |||||||||||
Returns a read-only list of the subject alternative names from the
SubjectAltName extension. | |||||||||||
Returns the
subject (subject distinguished name) as an
implementation specific Principal object. | |||||||||||
Returns the
subjectUniqueID from the certificate. | |||||||||||
Returns the
subject (subject distinguished name) as an X500Principal . | |||||||||||
Returns the
tbsCertificate information from this certificate in
DER-encoded format. | |||||||||||
Returns the certificates
version (version number). |
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class java.security.cert.Certificate
| |||||||||||
From class java.lang.Object
| |||||||||||
From interface java.security.cert.X509Extension
|
Creates a new X509Certificate
.
Checks whether the certificate is currently valid.
The validity defined in ASN.1:
validity Validity Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate } CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
CertificateExpiredException | if the certificate has expired. |
---|---|
CertificateNotYetValidException | if the certificate is not yet valid. |
Checks whether the certificate is valid at the specified date.
date | the date to check the validity against. |
---|
CertificateExpiredException | if the certificate has expired. |
---|---|
CertificateNotYetValidException | if the certificate is not yet valid. |
Returns the path length of the certificate constraints from the BasicContraints
extension.
-1
if the extension is not present. Integer.MAX_VALUE
if there's not limit.Returns a read-only list of OID strings representing the ExtKeyUsageSyntax
field of the extended key usage extension.
null
if there's none
in the certificate.CertificateParsingException | if the extension decoding fails. |
---|
Returns a read-only list of the issuer alternative names from the IssuerAltName
extension.
The ASN.1 definition of IssuerAltName
:
IssuerAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }
null
if there are none in
the certificate.CertificateParsingException | if decoding of the extension fails. |
---|
Returns the issuer
(issuer distinguished name) as an
implementation specific Principal
object.
The ASN.1 definition of issuer
:
issuer Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeTypereplaced by: getIssuerX500Principal().
issuer
as an implementation specific Principal
.Returns the issuerUniqueID
from the certificate.
issuerUniqueID
or null
if there's none in the
certificate.Returns the issuer
(issuer distinguished name) as an X500Principal
.
issuer
(issuer distinguished name).Returns the KeyUsage
extension as a boolean
array.
The ASN.1 definition of KeyUsage
:
KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }
KeyUsage
extension or null
if there's none in
the certificate.Returns the notAfter
date of the validity period of the
certificate.
Returns the notBefore
date from the validity period of the
certificate.
Returns the serialNumber
of the certificate.
The ASN.1 definition of serialNumber
:
CertificateSerialNumber ::= INTEGER
Returns the name of the algorithm for the certificate signature.
Returns the OID of the signature algorithm from the certificate.
Returns the parameters of the signature algorithm in DER-encoded format.
null
if
none are used.Returns the raw signature bits from the certificate.
Returns a read-only list of the subject alternative names from the
SubjectAltName
extension.
The ASN.1 definition of SubjectAltName
:
SubjectAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }
null
if there are none
in the certificate.CertificateParsingException | if decoding of the extension fails. |
---|
Returns the subject
(subject distinguished name) as an
implementation specific Principal
object.
The ASN.1 definition of subject
:
subject Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType
replaced by: getSubjectX500Principal().
subject
(subject distinguished name).Returns the subjectUniqueID
from the certificate.
subjectUniqueID
or null if there's none in the
certificate.Returns the subject
(subject distinguished name) as an X500Principal
.
subject
(subject distinguished name)Returns the tbsCertificate
information from this certificate in
DER-encoded format.
CertificateEncodingException | if an error occurs in encoding |
---|
Returns the certificates version
(version number).
The version defined is ASN.1:
Version ::= INTEGER { v1(0), v2(1), v3(2) }