Package org.conscrypt

Class OpenSSLX509Certificate

java.lang.Object
java.security.cert.Certificate
java.security.cert.X509Certificate
org.conscrypt.OpenSSLX509Certificate
All Implemented Interfaces:
Serializable, X509Extension
public class OpenSSLX509Certificate
extends X509Certificate
See Also:
Serialized Form

  • Method Details

    • fromX509DerInputStream

      public static OpenSSLX509Certificate fromX509DerInputStream​(InputStream is) throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
      Throws:
      org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

    • fromX509Der

      public static OpenSSLX509Certificate fromX509Der​(byte[] encoded)

    • fromPkcs7DerInputStream

      public static List<OpenSSLX509Certificate> fromPkcs7DerInputStream​(InputStream is) throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
      Throws:
      org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

    • fromX509PemInputStream

      public static OpenSSLX509Certificate fromX509PemInputStream​(InputStream is) throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
      Throws:
      org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

    • fromPkcs7PemInputStream

      public static List<OpenSSLX509Certificate> fromPkcs7PemInputStream​(InputStream is) throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
      Throws:
      org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

    • getCriticalExtensionOIDs

      public Set<String> getCriticalExtensionOIDs()
      Description copied from interface: X509Extension
      Returns the set of OIDs of the extension(s) marked as CRITICAL, that this implementation manages.
      Returns:
      the set of extension OIDs marked as CRITIAL, an empty set if none are marked as CRITICAL, or null if no extensions are present.

    • getExtensionValue

      public byte[] getExtensionValue​(String oid)
      Description copied from interface: X509Extension
      Returns the extension value as DER-encoded OCTET string for the specified OID.
      Parameters:
      oid - the object identifier to get the extension value for.
      Returns:
      the extension value as DER-encoded OCTET string, or null if no extension for the specified OID can be found.

    • getNonCriticalExtensionOIDs

      public Set<String> getNonCriticalExtensionOIDs()
      Description copied from interface: X509Extension
      Returns the set of OIDs of the extension(s) marked as NON-CRITICAL, that this implementation manages.
      Returns:
      the set of extension OIDs marked as NON-CRITIAL, an empty set if none are marked as NON-.CRITICAL, or null if no extensions are present.

    • hasUnsupportedCriticalExtension

      public boolean hasUnsupportedCriticalExtension()
      Description copied from interface: X509Extension
      Returns whether this instance has an extension marked as CRITICAL that it cannot support.
      Returns:
      true if an unsupported CRITICAL extension is present, false otherwise.

    • checkValidity

      public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException
      Description copied from class: X509Certificate
      Checks whether the certificate is currently valid.

      The validity defined in ASN.1: 

       validity             Validity

 Validity ::= SEQUENCE {
      notBefore       CertificateValidityDate,
      notAfter        CertificateValidityDate }

 CertificateValidityDate ::= CHOICE {
      utcTime         UTCTime,
      generalTime     GeneralizedTime }
      Specified by:
      checkValidity in class X509Certificate
      Throws:
      CertificateExpiredException - if the certificate has expired.
      CertificateNotYetValidException - if the certificate is not yet valid.

    • checkValidity

      public void checkValidity​(Date date) throws CertificateExpiredException, CertificateNotYetValidException
      Description copied from class: X509Certificate
      Checks whether the certificate is valid at the specified date.
      Specified by:
      checkValidity in class X509Certificate
      Parameters:
      date - the date to check the validity against.
      Throws:
      CertificateExpiredException - if the certificate has expired.
      CertificateNotYetValidException - if the certificate is not yet valid.
      See Also:
      X509Certificate.checkValidity()

    • getVersion

      public int getVersion()
      Description copied from class: X509Certificate
      Returns the certificates version (version number).

      The version defined is ASN.1: 

       Version ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
      Specified by:
      getVersion in class X509Certificate
      Returns:
      the version number.

    • getSerialNumber

      public BigInteger getSerialNumber()
      Description copied from class: X509Certificate
      Returns the serialNumber of the certificate.

      The ASN.1 definition of serialNumber: 

       CertificateSerialNumber  ::=  INTEGER
      Specified by:
      getSerialNumber in class X509Certificate
      Returns:
      the serial number.

    • getIssuerDN

      public Principal getIssuerDN()
      Description copied from class: X509Certificate
      Returns the issuer (issuer distinguished name) as an implementation specific Principal object.

      The ASN.1 definition of issuer: 

        issuer      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType
      replaced by: X509Certificate.getIssuerX500Principal().
      Specified by:
      getIssuerDN in class X509Certificate
      Returns:
      the issuer as an implementation specific Principal.

    • getSubjectDN

      public Principal getSubjectDN()
      Description copied from class: X509Certificate
      Returns the subject (subject distinguished name) as an implementation specific Principal object.

      The ASN.1 definition of subject: 

       subject      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType

      replaced by: X509Certificate.getSubjectX500Principal().

      Specified by:
      getSubjectDN in class X509Certificate
      Returns:
      the subject (subject distinguished name).

    • getNotBefore

      public Date getNotBefore()
      Description copied from class: X509Certificate
      Returns the notBefore date from the validity period of the certificate.
      Specified by:
      getNotBefore in class X509Certificate
      Returns:
      the start of the validity period.

    • getNotAfter

      public Date getNotAfter()
      Description copied from class: X509Certificate
      Returns the notAfter date of the validity period of the certificate.
      Specified by:
      getNotAfter in class X509Certificate
      Returns:
      the end of the validity period.

    • getTBSCertificate

      public byte[] getTBSCertificate() throws CertificateEncodingException
      Description copied from class: X509Certificate
      Returns the tbsCertificate information from this certificate in DER-encoded format.
      Specified by:
      getTBSCertificate in class X509Certificate
      Returns:
      the DER-encoded certificate information.
      Throws:
      CertificateEncodingException - if an error occurs in encoding

    • getSignature

      public byte[] getSignature()
      Description copied from class: X509Certificate
      Returns the raw signature bits from the certificate.
      Specified by:
      getSignature in class X509Certificate
      Returns:
      the raw signature bits from the certificate.

    • getSigAlgName

      public String getSigAlgName()
      Description copied from class: X509Certificate
      Returns the name of the algorithm for the certificate signature.
      Specified by:
      getSigAlgName in class X509Certificate
      Returns:
      the signature algorithm name.

    • getSigAlgOID

      public String getSigAlgOID()
      Description copied from class: X509Certificate
      Returns the OID of the signature algorithm from the certificate.
      Specified by:
      getSigAlgOID in class X509Certificate
      Returns:
      the OID of the signature algorithm.

    • getSigAlgParams

      public byte[] getSigAlgParams()
      Description copied from class: X509Certificate
      Returns the parameters of the signature algorithm in DER-encoded format.
      Specified by:
      getSigAlgParams in class X509Certificate
      Returns:
      the parameters of the signature algorithm, or null if none are used.

    • getIssuerUniqueID

      public boolean[] getIssuerUniqueID()
      Description copied from class: X509Certificate
      Returns the issuerUniqueID from the certificate.
      Specified by:
      getIssuerUniqueID in class X509Certificate
      Returns:
      the issuerUniqueID or null if there's none in the certificate.

    • getSubjectUniqueID

      public boolean[] getSubjectUniqueID()
      Description copied from class: X509Certificate
      Returns the subjectUniqueID from the certificate.
      Specified by:
      getSubjectUniqueID in class X509Certificate
      Returns:
      the subjectUniqueID or null if there's none in the certificate.

    • getKeyUsage

      public boolean[] getKeyUsage()
      Description copied from class: X509Certificate
      Returns the KeyUsage extension as a boolean array.

      The ASN.1 definition of KeyUsage: 

       KeyUsage ::= BIT STRING {
      digitalSignature        (0),
      nonRepudiation          (1),
      keyEncipherment         (2),
      dataEncipherment        (3),
      keyAgreement            (4),
      keyCertSign             (5),
      cRLSign                 (6),
      encipherOnly            (7),
      decipherOnly            (8) }
      Specified by:
      getKeyUsage in class X509Certificate
      Returns:
      the KeyUsage extension or null if there's none in the certificate.

    • getBasicConstraints

      public int getBasicConstraints()
      Description copied from class: X509Certificate
      Returns the path length of the certificate constraints from the BasicContraints extension. If the certificate has no basic constraints or is not a certificate authority, -1 is returned. If the certificate is a certificate authority without a path length, Integer.MAX_VALUE is returned. Otherwise, the certificate authority's path length is returned.
      Specified by:
      getBasicConstraints in class X509Certificate

    • getEncoded

      public byte[] getEncoded() throws CertificateEncodingException
      Description copied from class: Certificate
      Returns the encoded representation for this certificate.
      Specified by:
      getEncoded in class Certificate
      Returns:
      the encoded representation for this certificate.
      Throws:
      CertificateEncodingException - if the encoding fails.

    • verify

      public void verify​(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
      Description copied from class: Certificate
      Verifies that this certificate was signed with the given public key.
      Specified by:
      verify in class Certificate
      Parameters:
      key - PublicKey public key for which verification should be performed.
      Throws:
      CertificateException - if encoding errors are detected.
      NoSuchAlgorithmException - if an unsupported algorithm is detected.
      InvalidKeyException - if an invalid key is detected.
      NoSuchProviderException - if there is no default provider.
      SignatureException - if signature errors are detected.

    • verify

      public void verify​(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
      Description copied from class: Certificate
      Verifies that this certificate was signed with the given public key. It Uses the signature algorithm given by the provider.
      Specified by:
      verify in class Certificate
      Parameters:
      key - PublicKey public key for which verification should be performed.
      sigProvider - String the name of the signature provider.
      Throws:
      CertificateException - if encoding errors are detected.
      NoSuchAlgorithmException - if an unsupported algorithm is detected.
      InvalidKeyException - if an invalid key is detected.
      NoSuchProviderException - if the specified provider does not exists.
      SignatureException - if signature errors are detected.

    • toString

      public String toString()
      Description copied from class: Certificate
      Returns a string containing a concise, human-readable description of the certificate.
      Specified by:
      toString in class Certificate
      Returns:
      a printable representation for the certificate.

    • getPublicKey

      public PublicKey getPublicKey()
      Description copied from class: Certificate
      Returns the public key corresponding to this certificate.
      Specified by:
      getPublicKey in class Certificate
      Returns:
      the public key corresponding to this certificate.

    • getIssuerX500Principal

      public X500Principal getIssuerX500Principal()
      Description copied from class: X509Certificate
      Returns the issuer (issuer distinguished name) as an X500Principal.
      Overrides:
      getIssuerX500Principal in class X509Certificate
      Returns:
      the issuer (issuer distinguished name).

    • getSubjectX500Principal

      public X500Principal getSubjectX500Principal()
      Description copied from class: X509Certificate
      Returns the subject (subject distinguished name) as an X500Principal.
      Overrides:
      getSubjectX500Principal in class X509Certificate
      Returns:
      the subject (subject distinguished name)

    • getExtendedKeyUsage

      public List<String> getExtendedKeyUsage() throws CertificateParsingException
      Description copied from class: X509Certificate
      Returns a read-only list of OID strings representing the ExtKeyUsageSyntax field of the extended key usage extension.
      Overrides:
      getExtendedKeyUsage in class X509Certificate
      Returns:
      the extended key usage extension, or null if there's none in the certificate.
      Throws:
      CertificateParsingException - if the extension decoding fails.

    • getSubjectAlternativeNames

      public Collection<List<?>> getSubjectAlternativeNames() throws CertificateParsingException
      Description copied from class: X509Certificate
      Returns a read-only list of the subject alternative names from the SubjectAltName extension.

      The ASN.1 definition of SubjectAltName: 

       SubjectAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }
      Overrides:
      getSubjectAlternativeNames in class X509Certificate
      Returns:
      the subject alternative names or null if there are none in the certificate.
      Throws:
      CertificateParsingException - if decoding of the extension fails.

    • getIssuerAlternativeNames

      public Collection<List<?>> getIssuerAlternativeNames() throws CertificateParsingException
      Description copied from class: X509Certificate
      Returns a read-only list of the issuer alternative names from the IssuerAltName extension.

      The ASN.1 definition of IssuerAltName: 

       IssuerAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }
      Overrides:
      getIssuerAlternativeNames in class X509Certificate
      Returns:
      the issuer alternative names of null if there are none in the certificate.
      Throws:
      CertificateParsingException - if decoding of the extension fails.

    • equals

      public boolean equals​(Object other)
      Description copied from class: Certificate
      Compares the argument to the certificate, and returns true if they represent the same object using a class specific comparison. The implementation in Object returns true only if the argument is the exact same object as the callee (==).
      Overrides:
      equals in class Certificate
      Parameters:
      other - the object to compare with this object.
      Returns:
      true if the object is the same as this object, false if it is different from this object.
      See Also:
      Certificate.hashCode()

    • hashCode

      public int hashCode()
      Description copied from class: Certificate
      Returns an integer hash code for the certificate. Any two objects which return true when passed to equals must return the same value for this method.
      Overrides:
      hashCode in class Certificate
      Returns:
      the certificate's hash
      See Also:
      Certificate.equals(java.lang.Object)

    • finalize

      protected void finalize() throws Throwable
      Description copied from class: Object
      Invoked when the garbage collector has detected that this instance is no longer reachable. The default implementation does nothing, but this method can be overridden to free resources.

      Note that objects that override finalize are significantly more expensive than objects that don't. Finalizers may be run a long time after the object is no longer reachable, depending on memory pressure, so it's a bad idea to rely on them for cleanup. Note also that finalizers are run on a single VM-wide finalizer thread, so doing blocking work in a finalizer is a bad idea. A finalizer is usually only necessary for a class that has a native peer and needs to call a native method to destroy that peer. Even then, it's better to provide an explicit close method (and implement Closeable), and insist that callers manually dispose of instances. This works well for something like files, but less well for something like a BigInteger where typical calling code would have to deal with lots of temporaries. Unfortunately, code that creates lots of temporaries is the worst kind of code from the point of view of the single finalizer thread.

      If you must use finalizers, consider at least providing your own ReferenceQueue and having your own thread process that queue.

      Unlike constructors, finalizers are not automatically chained. You are responsible for calling super.finalize() yourself.

      Uncaught exceptions thrown by finalizers are ignored and do not terminate the finalizer thread. See Effective Java Item 7, "Avoid finalizers" for more.

      Overrides:
      finalize in class Object
      Throws:
      Throwable