Package org.apache.harmony.security.provider.cert

Class X509CertImpl

java.lang.Object
java.security.cert.Certificate
java.security.cert.X509Certificate
org.apache.harmony.security.provider.cert.X509CertImpl
All Implemented Interfaces:
Serializable, X509Extension
public final class X509CertImpl
extends X509Certificate
This class is an implementation of X509Certificate. It wraps the instance of org.apache.harmony.security.x509.Certificate built on the base of provided ASN.1 DER encoded form of Certificate structure (as specified in RFC 3280 http://www.ietf.org/rfc/rfc3280.txt).
See Also:
Certificate, X509Certificate, Serialized Form

  • Constructor Details

    • X509CertImpl

      public X509CertImpl​(InputStream in) throws CertificateException
      Constructs the instance on the base of ASN.1 encoded form of X.509 certificate provided via stream parameter.
      Parameters:
      in - input stream containing ASN.1 encoded form of certificate.
      Throws:
      CertificateException - if some decoding problems occur.

    • X509CertImpl

      public X509CertImpl​(Certificate certificate)
      Constructs the instance on the base of existing Certificate object to be wrapped.

    • X509CertImpl

      public X509CertImpl​(byte[] encoding) throws IOException
      Constructs the instance on the base of ASN.1 encoded form of X.509 certificate provided via array of bytes.
      Parameters:
      encoding - byte array containing ASN.1 encoded form of certificate.
      Throws:
      IOException - if some decoding problems occur.

  • Method Details

    • checkValidity

      public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException
      Description copied from class: X509Certificate
      Checks whether the certificate is currently valid.

      The validity defined in ASN.1: 

       validity             Validity

 Validity ::= SEQUENCE {
      notBefore       CertificateValidityDate,
      notAfter        CertificateValidityDate }

 CertificateValidityDate ::= CHOICE {
      utcTime         UTCTime,
      generalTime     GeneralizedTime }
      Specified by:
      checkValidity in class X509Certificate
      Throws:
      CertificateExpiredException - if the certificate has expired.
      CertificateNotYetValidException - if the certificate is not yet valid.

    • checkValidity

      public void checkValidity​(Date date) throws CertificateExpiredException, CertificateNotYetValidException
      Description copied from class: X509Certificate
      Checks whether the certificate is valid at the specified date.
      Specified by:
      checkValidity in class X509Certificate
      Parameters:
      date - the date to check the validity against.
      Throws:
      CertificateExpiredException - if the certificate has expired.
      CertificateNotYetValidException - if the certificate is not yet valid.
      See Also:
      X509Certificate.checkValidity()

    • getVersion

      public int getVersion()
      Description copied from class: X509Certificate
      Returns the certificates version (version number).

      The version defined is ASN.1: 

       Version ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
      Specified by:
      getVersion in class X509Certificate
      Returns:
      the version number.

    • getSerialNumber

      public BigInteger getSerialNumber()
      Description copied from class: X509Certificate
      Returns the serialNumber of the certificate.

      The ASN.1 definition of serialNumber: 

       CertificateSerialNumber  ::=  INTEGER
      Specified by:
      getSerialNumber in class X509Certificate
      Returns:
      the serial number.

    • getIssuerDN

      public Principal getIssuerDN()
      Description copied from class: X509Certificate
      Returns the issuer (issuer distinguished name) as an implementation specific Principal object.

      The ASN.1 definition of issuer: 

        issuer      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType
      replaced by: X509Certificate.getIssuerX500Principal().
      Specified by:
      getIssuerDN in class X509Certificate
      Returns:
      the issuer as an implementation specific Principal.

    • getIssuerX500Principal

      public X500Principal getIssuerX500Principal()
      Description copied from class: X509Certificate
      Returns the issuer (issuer distinguished name) as an X500Principal.
      Overrides:
      getIssuerX500Principal in class X509Certificate
      Returns:
      the issuer (issuer distinguished name).

    • getSubjectDN

      public Principal getSubjectDN()
      Description copied from class: X509Certificate
      Returns the subject (subject distinguished name) as an implementation specific Principal object.

      The ASN.1 definition of subject: 

       subject      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType

      replaced by: X509Certificate.getSubjectX500Principal().

      Specified by:
      getSubjectDN in class X509Certificate
      Returns:
      the subject (subject distinguished name).

    • getSubjectX500Principal

      public X500Principal getSubjectX500Principal()
      Description copied from class: X509Certificate
      Returns the subject (subject distinguished name) as an X500Principal.
      Overrides:
      getSubjectX500Principal in class X509Certificate
      Returns:
      the subject (subject distinguished name)

    • getNotBefore

      public Date getNotBefore()
      Description copied from class: X509Certificate
      Returns the notBefore date from the validity period of the certificate.
      Specified by:
      getNotBefore in class X509Certificate
      Returns:
      the start of the validity period.

    • getNotAfter

      public Date getNotAfter()
      Description copied from class: X509Certificate
      Returns the notAfter date of the validity period of the certificate.
      Specified by:
      getNotAfter in class X509Certificate
      Returns:
      the end of the validity period.

    • getTBSCertificate

      public byte[] getTBSCertificate() throws CertificateEncodingException
      Description copied from class: X509Certificate
      Returns the tbsCertificate information from this certificate in DER-encoded format.
      Specified by:
      getTBSCertificate in class X509Certificate
      Returns:
      the DER-encoded certificate information.
      Throws:
      CertificateEncodingException - if an error occurs in encoding

    • getSignature

      public byte[] getSignature()
      Description copied from class: X509Certificate
      Returns the raw signature bits from the certificate.
      Specified by:
      getSignature in class X509Certificate
      Returns:
      the raw signature bits from the certificate.

    • getSigAlgName

      public String getSigAlgName()
      Description copied from class: X509Certificate
      Returns the name of the algorithm for the certificate signature.
      Specified by:
      getSigAlgName in class X509Certificate
      Returns:
      the signature algorithm name.

    • getSigAlgOID

      public String getSigAlgOID()
      Description copied from class: X509Certificate
      Returns the OID of the signature algorithm from the certificate.
      Specified by:
      getSigAlgOID in class X509Certificate
      Returns:
      the OID of the signature algorithm.

    • getSigAlgParams

      public byte[] getSigAlgParams()
      Description copied from class: X509Certificate
      Returns the parameters of the signature algorithm in DER-encoded format.
      Specified by:
      getSigAlgParams in class X509Certificate
      Returns:
      the parameters of the signature algorithm, or null if none are used.

    • getIssuerUniqueID

      public boolean[] getIssuerUniqueID()
      Description copied from class: X509Certificate
      Returns the issuerUniqueID from the certificate.
      Specified by:
      getIssuerUniqueID in class X509Certificate
      Returns:
      the issuerUniqueID or null if there's none in the certificate.

    • getSubjectUniqueID

      public boolean[] getSubjectUniqueID()
      Description copied from class: X509Certificate
      Returns the subjectUniqueID from the certificate.
      Specified by:
      getSubjectUniqueID in class X509Certificate
      Returns:
      the subjectUniqueID or null if there's none in the certificate.

    • getKeyUsage

      public boolean[] getKeyUsage()
      Description copied from class: X509Certificate
      Returns the KeyUsage extension as a boolean array.

      The ASN.1 definition of KeyUsage: 

       KeyUsage ::= BIT STRING {
      digitalSignature        (0),
      nonRepudiation          (1),
      keyEncipherment         (2),
      dataEncipherment        (3),
      keyAgreement            (4),
      keyCertSign             (5),
      cRLSign                 (6),
      encipherOnly            (7),
      decipherOnly            (8) }
      Specified by:
      getKeyUsage in class X509Certificate
      Returns:
      the KeyUsage extension or null if there's none in the certificate.

    • getExtendedKeyUsage

      public List<String> getExtendedKeyUsage() throws CertificateParsingException
      Description copied from class: X509Certificate
      Returns a read-only list of OID strings representing the ExtKeyUsageSyntax field of the extended key usage extension.
      Overrides:
      getExtendedKeyUsage in class X509Certificate
      Returns:
      the extended key usage extension, or null if there's none in the certificate.
      Throws:
      CertificateParsingException - if the extension decoding fails.

    • getBasicConstraints

      public int getBasicConstraints()
      Description copied from class: X509Certificate
      Returns the path length of the certificate constraints from the BasicContraints extension. If the certificate has no basic constraints or is not a certificate authority, -1 is returned. If the certificate is a certificate authority without a path length, Integer.MAX_VALUE is returned. Otherwise, the certificate authority's path length is returned.
      Specified by:
      getBasicConstraints in class X509Certificate

    • getSubjectAlternativeNames

      public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException
      Description copied from class: X509Certificate
      Returns a read-only list of the subject alternative names from the SubjectAltName extension.

      The ASN.1 definition of SubjectAltName: 

       SubjectAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }
      Overrides:
      getSubjectAlternativeNames in class X509Certificate
      Returns:
      the subject alternative names or null if there are none in the certificate.
      Throws:
      CertificateParsingException - if decoding of the extension fails.

    • getIssuerAlternativeNames

      public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException
      Description copied from class: X509Certificate
      Returns a read-only list of the issuer alternative names from the IssuerAltName extension.

      The ASN.1 definition of IssuerAltName: 

       IssuerAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }
      Overrides:
      getIssuerAlternativeNames in class X509Certificate
      Returns:
      the issuer alternative names of null if there are none in the certificate.
      Throws:
      CertificateParsingException - if decoding of the extension fails.
      See Also:
      method documentation for more information.

    • getEncoded

      public byte[] getEncoded() throws CertificateEncodingException
      Description copied from class: Certificate
      Returns the encoded representation for this certificate.
      Specified by:
      getEncoded in class Certificate
      Returns:
      the encoded representation for this certificate.
      Throws:
      CertificateEncodingException - if the encoding fails.

    • getPublicKey

      public PublicKey getPublicKey()
      Description copied from class: Certificate
      Returns the public key corresponding to this certificate.
      Specified by:
      getPublicKey in class Certificate
      Returns:
      the public key corresponding to this certificate.

    • toString

      public String toString()
      Description copied from class: Certificate
      Returns a string containing a concise, human-readable description of the certificate.
      Specified by:
      toString in class Certificate
      Returns:
      a printable representation for the certificate.

    • verify

      public void verify​(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
      Description copied from class: Certificate
      Verifies that this certificate was signed with the given public key.
      Specified by:
      verify in class Certificate
      Parameters:
      key - PublicKey public key for which verification should be performed.
      Throws:
      CertificateException - if encoding errors are detected.
      NoSuchAlgorithmException - if an unsupported algorithm is detected.
      InvalidKeyException - if an invalid key is detected.
      NoSuchProviderException - if there is no default provider.
      SignatureException - if signature errors are detected.

    • verify

      public void verify​(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
      Description copied from class: Certificate
      Verifies that this certificate was signed with the given public key. It Uses the signature algorithm given by the provider.
      Specified by:
      verify in class Certificate
      Parameters:
      key - PublicKey public key for which verification should be performed.
      sigProvider - String the name of the signature provider.
      Throws:
      CertificateException - if encoding errors are detected.
      NoSuchAlgorithmException - if an unsupported algorithm is detected.
      InvalidKeyException - if an invalid key is detected.
      NoSuchProviderException - if the specified provider does not exists.
      SignatureException - if signature errors are detected.

    • getNonCriticalExtensionOIDs

      public Set<String> getNonCriticalExtensionOIDs()
      Description copied from interface: X509Extension
      Returns the set of OIDs of the extension(s) marked as NON-CRITICAL, that this implementation manages.
      Returns:
      the set of extension OIDs marked as NON-CRITIAL, an empty set if none are marked as NON-.CRITICAL, or null if no extensions are present.

    • getCriticalExtensionOIDs

      public Set<String> getCriticalExtensionOIDs()
      Description copied from interface: X509Extension
      Returns the set of OIDs of the extension(s) marked as CRITICAL, that this implementation manages.
      Returns:
      the set of extension OIDs marked as CRITIAL, an empty set if none are marked as CRITICAL, or null if no extensions are present.

    • getExtensionValue

      public byte[] getExtensionValue​(String oid)
      Description copied from interface: X509Extension
      Returns the extension value as DER-encoded OCTET string for the specified OID.
      Parameters:
      oid - the object identifier to get the extension value for.
      Returns:
      the extension value as DER-encoded OCTET string, or null if no extension for the specified OID can be found.

    • hasUnsupportedCriticalExtension

      public boolean hasUnsupportedCriticalExtension()
      Description copied from interface: X509Extension
      Returns whether this instance has an extension marked as CRITICAL that it cannot support.
      Returns:
      true if an unsupported CRITICAL extension is present, false otherwise.