Package org.bouncycastle.jce.provider

Class X509CertificateObject

java.lang.Object
java.security.cert.Certificate
java.security.cert.X509Certificate
org.bouncycastle.jce.provider.X509CertificateObject
All Implemented Interfaces:
Serializable, X509Extension, PKCS12BagAttributeCarrier
public class X509CertificateObject
extends X509Certificate
implements PKCS12BagAttributeCarrier
See Also:
Serialized Form

  • Constructor Details

  • Method Details

    • checkValidity

      public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException
      Description copied from class: X509Certificate
      Checks whether the certificate is currently valid.

      The validity defined in ASN.1: 

       validity             Validity

 Validity ::= SEQUENCE {
      notBefore       CertificateValidityDate,
      notAfter        CertificateValidityDate }

 CertificateValidityDate ::= CHOICE {
      utcTime         UTCTime,
      generalTime     GeneralizedTime }
      Specified by:
      checkValidity in class X509Certificate
      Throws:
      CertificateExpiredException - if the certificate has expired.
      CertificateNotYetValidException - if the certificate is not yet valid.

    • checkValidity

      public void checkValidity​(Date date) throws CertificateExpiredException, CertificateNotYetValidException
      Description copied from class: X509Certificate
      Checks whether the certificate is valid at the specified date.
      Specified by:
      checkValidity in class X509Certificate
      Parameters:
      date - the date to check the validity against.
      Throws:
      CertificateExpiredException - if the certificate has expired.
      CertificateNotYetValidException - if the certificate is not yet valid.
      See Also:
      X509Certificate.checkValidity()

    • getVersion

      public int getVersion()
      Description copied from class: X509Certificate
      Returns the certificates version (version number).

      The version defined is ASN.1: 

       Version ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
      Specified by:
      getVersion in class X509Certificate
      Returns:
      the version number.

    • getSerialNumber

      public BigInteger getSerialNumber()
      Description copied from class: X509Certificate
      Returns the serialNumber of the certificate.

      The ASN.1 definition of serialNumber: 

       CertificateSerialNumber  ::=  INTEGER
      Specified by:
      getSerialNumber in class X509Certificate
      Returns:
      the serial number.

    • getIssuerDN

      public Principal getIssuerDN()
      Description copied from class: X509Certificate
      Returns the issuer (issuer distinguished name) as an implementation specific Principal object.

      The ASN.1 definition of issuer: 

        issuer      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType
      replaced by: X509Certificate.getIssuerX500Principal().
      Specified by:
      getIssuerDN in class X509Certificate
      Returns:
      the issuer as an implementation specific Principal.

    • getIssuerX500Principal

      public X500Principal getIssuerX500Principal()
      Description copied from class: X509Certificate
      Returns the issuer (issuer distinguished name) as an X500Principal.
      Overrides:
      getIssuerX500Principal in class X509Certificate
      Returns:
      the issuer (issuer distinguished name).

    • getSubjectDN

      public Principal getSubjectDN()
      Description copied from class: X509Certificate
      Returns the subject (subject distinguished name) as an implementation specific Principal object.

      The ASN.1 definition of subject: 

       subject      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType

      replaced by: X509Certificate.getSubjectX500Principal().

      Specified by:
      getSubjectDN in class X509Certificate
      Returns:
      the subject (subject distinguished name).

    • getSubjectX500Principal

      public X500Principal getSubjectX500Principal()
      Description copied from class: X509Certificate
      Returns the subject (subject distinguished name) as an X500Principal.
      Overrides:
      getSubjectX500Principal in class X509Certificate
      Returns:
      the subject (subject distinguished name)

    • getNotBefore

      public Date getNotBefore()
      Description copied from class: X509Certificate
      Returns the notBefore date from the validity period of the certificate.
      Specified by:
      getNotBefore in class X509Certificate
      Returns:
      the start of the validity period.

    • getNotAfter

      public Date getNotAfter()
      Description copied from class: X509Certificate
      Returns the notAfter date of the validity period of the certificate.
      Specified by:
      getNotAfter in class X509Certificate
      Returns:
      the end of the validity period.

    • getTBSCertificate

      public byte[] getTBSCertificate() throws CertificateEncodingException
      Description copied from class: X509Certificate
      Returns the tbsCertificate information from this certificate in DER-encoded format.
      Specified by:
      getTBSCertificate in class X509Certificate
      Returns:
      the DER-encoded certificate information.
      Throws:
      CertificateEncodingException - if an error occurs in encoding

    • getSignature

      public byte[] getSignature()
      Description copied from class: X509Certificate
      Returns the raw signature bits from the certificate.
      Specified by:
      getSignature in class X509Certificate
      Returns:
      the raw signature bits from the certificate.

    • getSigAlgName

      public String getSigAlgName()
      return a more "meaningful" representation for the signature algorithm used in the certficate.
      Specified by:
      getSigAlgName in class X509Certificate
      Returns:
      the signature algorithm name.

    • getSigAlgOID

      public String getSigAlgOID()
      return the object identifier for the signature.
      Specified by:
      getSigAlgOID in class X509Certificate
      Returns:
      the OID of the signature algorithm.

    • getSigAlgParams

      public byte[] getSigAlgParams()
      return the signature parameters, or null if there aren't any.
      Specified by:
      getSigAlgParams in class X509Certificate
      Returns:
      the parameters of the signature algorithm, or null if none are used.

    • getIssuerUniqueID

      public boolean[] getIssuerUniqueID()
      Description copied from class: X509Certificate
      Returns the issuerUniqueID from the certificate.
      Specified by:
      getIssuerUniqueID in class X509Certificate
      Returns:
      the issuerUniqueID or null if there's none in the certificate.

    • getSubjectUniqueID

      public boolean[] getSubjectUniqueID()
      Description copied from class: X509Certificate
      Returns the subjectUniqueID from the certificate.
      Specified by:
      getSubjectUniqueID in class X509Certificate
      Returns:
      the subjectUniqueID or null if there's none in the certificate.

    • getKeyUsage

      public boolean[] getKeyUsage()
      Description copied from class: X509Certificate
      Returns the KeyUsage extension as a boolean array.

      The ASN.1 definition of KeyUsage: 

       KeyUsage ::= BIT STRING {
      digitalSignature        (0),
      nonRepudiation          (1),
      keyEncipherment         (2),
      dataEncipherment        (3),
      keyAgreement            (4),
      keyCertSign             (5),
      cRLSign                 (6),
      encipherOnly            (7),
      decipherOnly            (8) }
      Specified by:
      getKeyUsage in class X509Certificate
      Returns:
      the KeyUsage extension or null if there's none in the certificate.

    • getExtendedKeyUsage

      public List getExtendedKeyUsage() throws CertificateParsingException
      Description copied from class: X509Certificate
      Returns a read-only list of OID strings representing the ExtKeyUsageSyntax field of the extended key usage extension.
      Overrides:
      getExtendedKeyUsage in class X509Certificate
      Returns:
      the extended key usage extension, or null if there's none in the certificate.
      Throws:
      CertificateParsingException - if the extension decoding fails.

    • getBasicConstraints

      public int getBasicConstraints()
      Description copied from class: X509Certificate
      Returns the path length of the certificate constraints from the BasicContraints extension. If the certificate has no basic constraints or is not a certificate authority, -1 is returned. If the certificate is a certificate authority without a path length, Integer.MAX_VALUE is returned. Otherwise, the certificate authority's path length is returned.
      Specified by:
      getBasicConstraints in class X509Certificate

    • getSubjectAlternativeNames

      public Collection getSubjectAlternativeNames() throws CertificateParsingException
      Description copied from class: X509Certificate
      Returns a read-only list of the subject alternative names from the SubjectAltName extension.

      The ASN.1 definition of SubjectAltName: 

       SubjectAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }
      Overrides:
      getSubjectAlternativeNames in class X509Certificate
      Returns:
      the subject alternative names or null if there are none in the certificate.
      Throws:
      CertificateParsingException - if decoding of the extension fails.

    • getIssuerAlternativeNames

      public Collection getIssuerAlternativeNames() throws CertificateParsingException
      Description copied from class: X509Certificate
      Returns a read-only list of the issuer alternative names from the IssuerAltName extension.

      The ASN.1 definition of IssuerAltName: 

       IssuerAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }
      Overrides:
      getIssuerAlternativeNames in class X509Certificate
      Returns:
      the issuer alternative names of null if there are none in the certificate.
      Throws:
      CertificateParsingException - if decoding of the extension fails.

    • getCriticalExtensionOIDs

      public Set getCriticalExtensionOIDs()
      Description copied from interface: X509Extension
      Returns the set of OIDs of the extension(s) marked as CRITICAL, that this implementation manages.
      Specified by:
      getCriticalExtensionOIDs in interface X509Extension
      Returns:
      the set of extension OIDs marked as CRITIAL, an empty set if none are marked as CRITICAL, or null if no extensions are present.

    • getExtensionValue

      public byte[] getExtensionValue​(String oid)
      Description copied from interface: X509Extension
      Returns the extension value as DER-encoded OCTET string for the specified OID.
      Specified by:
      getExtensionValue in interface X509Extension
      Parameters:
      oid - the object identifier to get the extension value for.
      Returns:
      the extension value as DER-encoded OCTET string, or null if no extension for the specified OID can be found.

    • getNonCriticalExtensionOIDs

      public Set getNonCriticalExtensionOIDs()
      Description copied from interface: X509Extension
      Returns the set of OIDs of the extension(s) marked as NON-CRITICAL, that this implementation manages.
      Specified by:
      getNonCriticalExtensionOIDs in interface X509Extension
      Returns:
      the set of extension OIDs marked as NON-CRITIAL, an empty set if none are marked as NON-.CRITICAL, or null if no extensions are present.

    • hasUnsupportedCriticalExtension

      public boolean hasUnsupportedCriticalExtension()
      Description copied from interface: X509Extension
      Returns whether this instance has an extension marked as CRITICAL that it cannot support.
      Specified by:
      hasUnsupportedCriticalExtension in interface X509Extension
      Returns:
      true if an unsupported CRITICAL extension is present, false otherwise.

    • getPublicKey

      public PublicKey getPublicKey()
      Description copied from class: Certificate
      Returns the public key corresponding to this certificate.
      Specified by:
      getPublicKey in class Certificate
      Returns:
      the public key corresponding to this certificate.

    • getEncoded

      public byte[] getEncoded() throws CertificateEncodingException
      Description copied from class: Certificate
      Returns the encoded representation for this certificate.
      Specified by:
      getEncoded in class Certificate
      Returns:
      the encoded representation for this certificate.
      Throws:
      CertificateEncodingException - if the encoding fails.

    • equals

      public boolean equals​(Object o)
      Description copied from class: Certificate
      Compares the argument to the certificate, and returns true if they represent the same object using a class specific comparison. The implementation in Object returns true only if the argument is the exact same object as the callee (==).
      Overrides:
      equals in class Certificate
      Parameters:
      o - the object to compare with this object.
      Returns:
      true if the object is the same as this object, false if it is different from this object.
      See Also:
      Certificate.hashCode()

    • hashCode

      public int hashCode()
      Description copied from class: Certificate
      Returns an integer hash code for the certificate. Any two objects which return true when passed to equals must return the same value for this method.
      Overrides:
      hashCode in class Certificate
      Returns:
      the certificate's hash
      See Also:
      Certificate.equals(java.lang.Object)

    • setBagAttribute

      public void setBagAttribute​(ASN1ObjectIdentifier oid, ASN1Encodable attribute)
      Specified by:
      setBagAttribute in interface PKCS12BagAttributeCarrier

    • getBagAttribute

      public ASN1Encodable getBagAttribute​(ASN1ObjectIdentifier oid)
      Specified by:
      getBagAttribute in interface PKCS12BagAttributeCarrier

    • getBagAttributeKeys

      public Enumeration getBagAttributeKeys()
      Specified by:
      getBagAttributeKeys in interface PKCS12BagAttributeCarrier

    • toString

      public String toString()
      Description copied from class: Certificate
      Returns a string containing a concise, human-readable description of the certificate.
      Specified by:
      toString in class Certificate
      Returns:
      a printable representation for the certificate.

    • verify

      public final void verify​(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
      Description copied from class: Certificate
      Verifies that this certificate was signed with the given public key.
      Specified by:
      verify in class Certificate
      Parameters:
      key - PublicKey public key for which verification should be performed.
      Throws:
      CertificateException - if encoding errors are detected.
      NoSuchAlgorithmException - if an unsupported algorithm is detected.
      InvalidKeyException - if an invalid key is detected.
      NoSuchProviderException - if there is no default provider.
      SignatureException - if signature errors are detected.

    • verify

      public final void verify​(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
      Description copied from class: Certificate
      Verifies that this certificate was signed with the given public key. It Uses the signature algorithm given by the provider.
      Specified by:
      verify in class Certificate
      Parameters:
      key - PublicKey public key for which verification should be performed.
      sigProvider - String the name of the signature provider.
      Throws:
      CertificateException - if encoding errors are detected.
      NoSuchAlgorithmException - if an unsupported algorithm is detected.
      InvalidKeyException - if an invalid key is detected.
      NoSuchProviderException - if the specified provider does not exists.
      SignatureException - if signature errors are detected.