| Method from sun.security.x509.X509CertImpl Detail: |
|---|
 public void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException {
Date date = new Date();
checkValidity(date);
}
Checks that the certificate is currently valid, i.e. the current
time is within the specified validity period. |
public void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException {
CertificateValidity interval = null;
try {
interval = (CertificateValidity)info.get(CertificateValidity.NAME);
} catch (Exception e) {
throw new CertificateNotYetValidException("Incorrect validity period");
}
if (interval == null)
throw new CertificateNotYetValidException("Null validity period");
interval.valid(date);
} Checks that the specified date is within the certificate's
validity period, or basically if the certificate would be
valid at the specified date/time. |
public void delete(String name) throws IOException, CertificateException {
// check if immutable
if (readOnly)
throw new CertificateException("cannot over-write existing"
+ " certificate");
X509AttributeName attr = new X509AttributeName(name);
String id = attr.getPrefix();
if (!(id.equalsIgnoreCase(NAME))) {
throw new CertificateException("Invalid root of attribute name,"
+ " expected ["
+ NAME + "], received " + id);
}
attr = new X509AttributeName(attr.getSuffix());
id = attr.getPrefix();
if (id.equalsIgnoreCase(INFO)) {
if (attr.getSuffix() != null) {
info = null;
} else {
info.delete(attr.getSuffix());
}
} else if (id.equalsIgnoreCase(ALG_ID)) {
algId = null;
} else if (id.equalsIgnoreCase(SIGNATURE)) {
signature = null;
} else if (id.equalsIgnoreCase(SIGNED_CERT)) {
signedCert = null;
} else {
throw new CertificateException("Attribute name not recognized or " +
"delete() not allowed for the same: " + id);
}
} Delete the requested attribute from the certificate. |
public void derEncode(OutputStream out) throws IOException {
if (signedCert == null)
throw new IOException("Null certificate to encode");
out.write(signedCert.clone());
} DER encode this object onto an output stream.
Implements the DerEncoder interface. |
public void encode(OutputStream out) throws CertificateEncodingException {
if (signedCert == null)
throw new CertificateEncodingException(
"Null certificate to encode");
try {
out.write(signedCert.clone());
} catch (IOException e) {
throw new CertificateEncodingException(e.toString());
}
} Appends the certificate to an output stream. |
public Object get(String name) throws CertificateParsingException {
X509AttributeName attr = new X509AttributeName(name);
String id = attr.getPrefix();
if (!(id.equalsIgnoreCase(NAME))) {
throw new CertificateParsingException("Invalid root of "
+ "attribute name, expected [" + NAME +
"], received " + "[" + id + "]");
}
attr = new X509AttributeName(attr.getSuffix());
id = attr.getPrefix();
if (id.equalsIgnoreCase(INFO)) {
if (info == null) {
return null;
}
if (attr.getSuffix() != null) {
try {
return info.get(attr.getSuffix());
} catch (IOException e) {
throw new CertificateParsingException(e.toString());
} catch (CertificateException e) {
throw new CertificateParsingException(e.toString());
}
} else {
return info;
}
} else if (id.equalsIgnoreCase(ALG_ID)) {
return(algId);
} else if (id.equalsIgnoreCase(SIGNATURE)) {
if (signature != null)
return signature.clone();
else
return null;
} else if (id.equalsIgnoreCase(SIGNED_CERT)) {
if (signedCert != null)
return signedCert.clone();
else
return null;
} else {
throw new CertificateParsingException("Attribute name not "
+ "recognized or get() not allowed for the same: " + id);
}
} Return the requested attribute from the certificate.
Note that the X509CertInfo is not cloned for performance reasons.
Callers must ensure that they do not modify it. All other
attributes are cloned. |
public AuthorityInfoAccessExtension getAuthorityInfoAccessExtension() {
return (AuthorityInfoAccessExtension)
getExtension(PKIXExtensions.AuthInfoAccess_Id);
} |
public AuthorityKeyIdentifierExtension getAuthorityKeyIdentifierExtension() {
return (AuthorityKeyIdentifierExtension)
getExtension(PKIXExtensions.AuthorityKey_Id);
} Get AuthorityKeyIdentifier extension |
public int getBasicConstraints() {
try {
String extAlias = OIDMap.getName(PKIXExtensions.BasicConstraints_Id);
if (extAlias == null)
return -1;
BasicConstraintsExtension certExt =
(BasicConstraintsExtension)this.get(extAlias);
if (certExt == null)
return -1;
if (((Boolean)certExt.get(BasicConstraintsExtension.IS_CA)
).booleanValue() == true)
return ((Integer)certExt.get(
BasicConstraintsExtension.PATH_LEN)).intValue();
else
return -1;
} catch (Exception e) {
return -1;
}
} Get the certificate constraints path length from the
the critical BasicConstraints extension, (oid = 2.5.29.19). |
public BasicConstraintsExtension getBasicConstraintsExtension() {
return (BasicConstraintsExtension)
getExtension(PKIXExtensions.BasicConstraints_Id);
} Get BasicConstraints extension |
public CRLDistributionPointsExtension getCRLDistributionPointsExtension() {
return (CRLDistributionPointsExtension)
getExtension(PKIXExtensions.CRLDistributionPoints_Id);
} Get CRLDistributionPoints extension |
public CertificatePoliciesExtension getCertificatePoliciesExtension() {
return (CertificatePoliciesExtension)
getExtension(PKIXExtensions.CertificatePolicies_Id);
} Get CertificatePoliciesExtension |
public Set getCriticalExtensionOIDs() {
if (info == null) {
return null;
}
try {
CertificateExtensions exts = (CertificateExtensions)info.get(
CertificateExtensions.NAME);
if (exts == null) {
return null;
}
Set< String > extSet = new HashSet< String >();
for (Extension ex : exts.getAllExtensions()) {
if (ex.isCritical()) {
extSet.add(ex.getExtensionId().toString());
}
}
return extSet;
} catch (Exception e) {
return null;
}
} Gets a Set of the extension(s) marked CRITICAL in the
certificate. In the returned set, each extension is
represented by its OID string. |
public Enumeration getElements() {
AttributeNameEnumeration elements = new AttributeNameEnumeration();
elements.addElement(NAME + DOT + INFO);
elements.addElement(NAME + DOT + ALG_ID);
elements.addElement(NAME + DOT + SIGNATURE);
elements.addElement(NAME + DOT + SIGNED_CERT);
return elements.elements();
} Return an enumeration of names of attributes existing within this
attribute. |
public byte[] getEncoded() throws CertificateEncodingException {
return getEncodedInternal().clone();
} Returns the encoded form of this certificate. It is
assumed that each certificate type would have only a single
form of encoding; for example, X.509 certificates would
be encoded as ASN.1 DER. |
public byte[] getEncodedInternal() throws CertificateEncodingException {
if (signedCert == null) {
throw new CertificateEncodingException(
"Null certificate to encode");
}
return signedCert;
} Returned the encoding as an uncloned byte array. Callers must
guarantee that they neither modify it nor expose it to untrusted
code. |
public static byte[] getEncodedInternal(Certificate cert) throws CertificateEncodingException {
if (cert instanceof X509CertImpl) {
return ((X509CertImpl)cert).getEncodedInternal();
} else {
return cert.getEncoded();
}
} Returned the encoding of the given certificate for internal use.
Callers must guarantee that they neither modify it nor expose it
to untrusted code. Uses getEncodedInternal() if the certificate
is instance of X509CertImpl, getEncoded() otherwise. |
public synchronized List getExtendedKeyUsage() throws CertificateParsingException {
if (readOnly && extKeyUsage != null) {
return extKeyUsage;
} else {
ExtendedKeyUsageExtension ext = getExtendedKeyUsageExtension();
if (ext == null) {
return null;
}
extKeyUsage =
Collections.unmodifiableList(ext.getExtendedKeyUsage());
return extKeyUsage;
}
} This method are the overridden implementation of
getExtendedKeyUsage method in X509Certificate in the Sun
provider. It is better performance-wise since it returns cached
values. |
public static List getExtendedKeyUsage(X509Certificate cert) throws CertificateParsingException {
try {
byte[] ext = cert.getExtensionValue(EXTENDED_KEY_USAGE_OID);
if (ext == null)
return null;
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
ExtendedKeyUsageExtension ekuExt =
new ExtendedKeyUsageExtension(Boolean.FALSE, data);
return Collections.unmodifiableList(ekuExt.getExtendedKeyUsage());
} catch (IOException ioe) {
CertificateParsingException cpe =
new CertificateParsingException();
cpe.initCause(ioe);
throw cpe;
}
} This static method is the default implementation of the
getExtendedKeyUsage method in X509Certificate. A
X509Certificate provider generally should overwrite this to
provide among other things caching for better performance. |
public ExtendedKeyUsageExtension getExtendedKeyUsageExtension() {
return (ExtendedKeyUsageExtension)
getExtension(PKIXExtensions.ExtendedKeyUsage_Id);
} Get ExtendedKeyUsage extension |
public Extension getExtension(ObjectIdentifier oid) {
if (info == null) {
return null;
}
try {
CertificateExtensions extensions;
try {
extensions = (CertificateExtensions)info.get(CertificateExtensions.NAME);
} catch (CertificateException ce) {
return null;
}
if (extensions == null) {
return null;
} else {
for (Extension ex : extensions.getAllExtensions()) {
if (ex.getExtensionId().equals(oid)) {
//XXXX May want to consider cloning this
return ex;
}
}
/* no such extension in this certificate */
return null;
}
} catch (IOException ioe) {
return null;
}
} Gets the extension identified by the given ObjectIdentifier |
public byte[] getExtensionValue(String oid) {
try {
ObjectIdentifier findOID = new ObjectIdentifier(oid);
String extAlias = OIDMap.getName(findOID);
Extension certExt = null;
CertificateExtensions exts = (CertificateExtensions)info.get(
CertificateExtensions.NAME);
if (extAlias == null) { // may be unknown
// get the extensions, search thru' for this oid
if (exts == null) {
return null;
}
for (Extension ex : exts.getAllExtensions()) {
ObjectIdentifier inCertOID = ex.getExtensionId();
if (inCertOID.equals(findOID)) {
certExt = ex;
break;
}
}
} else { // there's sub-class that can handle this extension
try {
certExt = (Extension)this.get(extAlias);
} catch (CertificateException e) {
// get() throws an Exception instead of returning null, ignore
}
}
if (certExt == null) {
if (exts != null) {
certExt = exts.getUnparseableExtensions().get(oid);
}
if (certExt == null) {
return null;
}
}
byte[] extData = certExt.getExtensionValue();
if (extData == null) {
return null;
}
DerOutputStream out = new DerOutputStream();
out.putOctetString(extData);
return out.toByteArray();
} catch (Exception e) {
return null;
}
} Gets the DER encoded extension identified by the given
oid String. |
public IssuerAlternativeNameExtension getIssuerAlternativeNameExtension() {
return (IssuerAlternativeNameExtension)
getExtension(PKIXExtensions.IssuerAlternativeName_Id);
} Get IssuerAlternativeName extension |
public synchronized Collection getIssuerAlternativeNames() throws CertificateParsingException {
// return cached value if we can
if (readOnly && issuerAlternativeNames != null) {
return cloneAltNames(issuerAlternativeNames);
}
IssuerAlternativeNameExtension issuerAltNameExt =
getIssuerAlternativeNameExtension();
if (issuerAltNameExt == null) {
return null;
}
GeneralNames names;
try {
names = (GeneralNames) issuerAltNameExt.get
(IssuerAlternativeNameExtension.ISSUER_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.< List< ? > >emptySet();
}
issuerAlternativeNames = makeAltNames(names);
return issuerAlternativeNames;
} This method are the overridden implementation of
getIssuerAlternativeNames method in X509Certificate in the Sun
provider. It is better performance-wise since it returns cached
values. |
public static Collection getIssuerAlternativeNames(X509Certificate cert) throws CertificateParsingException {
try {
byte[] ext = cert.getExtensionValue(ISSUER_ALT_NAME_OID);
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
IssuerAlternativeNameExtension issuerAltNameExt =
new IssuerAlternativeNameExtension(Boolean.FALSE,
data);
GeneralNames names;
try {
names = (GeneralNames) issuerAltNameExt.get
(IssuerAlternativeNameExtension.ISSUER_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.< List< ? > >emptySet();
}
return makeAltNames(names);
} catch (IOException ioe) {
CertificateParsingException cpe =
new CertificateParsingException();
cpe.initCause(ioe);
throw cpe;
}
} This static method is the default implementation of the
getIssuerAlternaitveNames method in X509Certificate. A
X509Certificate provider generally should overwrite this to
provide among other things caching for better performance. |
public Principal getIssuerDN() {
if (info == null)
return null;
try {
Principal issuer = (Principal)info.get(
CertificateIssuerName.NAME + DOT +
CertificateIssuerName.DN_NAME);
return issuer;
} catch (Exception e) {
return null;
}
} Gets the issuer distinguished name from the certificate. |
public boolean[] getIssuerUniqueID() {
if (info == null)
return null;
try {
UniqueIdentity id = (UniqueIdentity)info.get(
CertificateIssuerUniqueIdentity.NAME
+ DOT + CertificateIssuerUniqueIdentity.ID);
if (id == null)
return null;
else
return (id.getId());
} catch (Exception e) {
return null;
}
} Gets the Issuer Unique Identity from the certificate. |
public X500Principal getIssuerX500Principal() {
if (info == null) {
return null;
}
try {
X500Principal issuer = (X500Principal)info.get(
CertificateIssuerName.NAME + DOT +
CertificateIssuerName.DN_PRINCIPAL);
return issuer;
} catch (Exception e) {
return null;
}
} Get issuer name as X500Principal. Overrides implementation in
X509Certificate with a slightly more efficient version that is
also aware of X509CertImpl mutability. |
public static X500Principal getIssuerX500Principal(X509Certificate cert) {
try {
return getX500Principal(cert, true);
} catch (Exception e) {
throw new RuntimeException("Could not parse issuer", e);
}
} Extract the issuer X500Principal from an X509Certificate.
Called from java.security.cert.X509Certificate.getIssuerX500Principal(). |
public boolean[] getKeyUsage() {
try {
String extAlias = OIDMap.getName(PKIXExtensions.KeyUsage_Id);
if (extAlias == null)
return null;
KeyUsageExtension certExt = (KeyUsageExtension)this.get(extAlias);
if (certExt == null)
return null;
boolean[] ret = certExt.getBits();
if (ret.length < NUM_STANDARD_KEY_USAGE) {
boolean[] usageBits = new boolean[NUM_STANDARD_KEY_USAGE];
System.arraycopy(ret, 0, usageBits, 0, ret.length);
ret = usageBits;
}
return ret;
} catch (Exception e) {
return null;
}
} Get a boolean array representing the bits of the KeyUsage extension,
(oid = 2.5.29.15). |
public String getName() {
return(NAME);
} Return the name of this attribute. |
public NameConstraintsExtension getNameConstraintsExtension() {
return (NameConstraintsExtension)
getExtension(PKIXExtensions.NameConstraints_Id);
} Get NameConstraints extension |
public Set getNonCriticalExtensionOIDs() {
if (info == null) {
return null;
}
try {
CertificateExtensions exts = (CertificateExtensions)info.get(
CertificateExtensions.NAME);
if (exts == null) {
return null;
}
Set< String > extSet = new HashSet< String >();
for (Extension ex : exts.getAllExtensions()) {
if (!ex.isCritical()) {
extSet.add(ex.getExtensionId().toString());
}
}
extSet.addAll(exts.getUnparseableExtensions().keySet());
return extSet;
} catch (Exception e) {
return null;
}
} Gets a Set of the extension(s) marked NON-CRITICAL in the
certificate. In the returned set, each extension is
represented by its OID string. |
public Date getNotAfter() {
if (info == null)
return null;
try {
Date d = (Date) info.get(CertificateValidity.NAME + DOT +
CertificateValidity.NOT_AFTER);
return d;
} catch (Exception e) {
return null;
}
} Gets the notAfter date from the validity period of the certificate. |
public Date getNotBefore() {
if (info == null)
return null;
try {
Date d = (Date) info.get(CertificateValidity.NAME + DOT +
CertificateValidity.NOT_BEFORE);
return d;
} catch (Exception e) {
return null;
}
} Gets the notBefore date from the validity period of the certificate. |
public PolicyConstraintsExtension getPolicyConstraintsExtension() {
return (PolicyConstraintsExtension)
getExtension(PKIXExtensions.PolicyConstraints_Id);
} Get PolicyConstraints extension |
public PolicyMappingsExtension getPolicyMappingsExtension() {
return (PolicyMappingsExtension)
getExtension(PKIXExtensions.PolicyMappings_Id);
} Get PolicyMappingsExtension extension |
public PrivateKeyUsageExtension getPrivateKeyUsageExtension() {
return (PrivateKeyUsageExtension)
getExtension(PKIXExtensions.PrivateKeyUsage_Id);
} Get PrivateKeyUsage extension |
public PublicKey getPublicKey() {
if (info == null)
return null;
try {
PublicKey key = (PublicKey)info.get(CertificateX509Key.NAME
+ DOT + CertificateX509Key.KEY);
return key;
} catch (Exception e) {
return null;
}
} Gets the publickey from this certificate. |
public BigInteger getSerialNumber() {
SerialNumber ser = getSerialNumberObject();
return ser != null ? ser.getNumber() : null;
} Gets the serial number from the certificate. |
public SerialNumber getSerialNumberObject() {
if (info == null)
return null;
try {
SerialNumber ser = (SerialNumber)info.get(
CertificateSerialNumber.NAME + DOT +
CertificateSerialNumber.NUMBER);
return ser;
} catch (Exception e) {
return null;
}
} Gets the serial number from the certificate as
a SerialNumber object. |
public String getSigAlgName() {
if (algId == null)
return null;
return (algId.getName());
} Gets the signature algorithm name for the certificate
signature algorithm.
For example, the string "SHA-1/DSA" or "DSS". |
public String getSigAlgOID() {
if (algId == null)
return null;
ObjectIdentifier oid = algId.getOID();
return (oid.toString());
} Gets the signature algorithm OID string from the certificate.
For example, the string "1.2.840.10040.4.3" |
public byte[] getSigAlgParams() {
if (algId == null)
return null;
try {
return algId.getEncodedParams();
} catch (IOException e) {
return null;
}
} Gets the DER encoded signature algorithm parameters from this
certificate's signature algorithm. |
public byte[] getSignature() {
if (signature == null)
return null;
byte[] dup = new byte[signature.length];
System.arraycopy(signature, 0, dup, 0, dup.length);
return dup;
} Gets the raw Signature bits from the certificate. |
public SubjectAlternativeNameExtension getSubjectAlternativeNameExtension() {
return (SubjectAlternativeNameExtension)
getExtension(PKIXExtensions.SubjectAlternativeName_Id);
} Get SubjectAlternativeName extension |
public synchronized Collection getSubjectAlternativeNames() throws CertificateParsingException {
// return cached value if we can
if (readOnly && subjectAlternativeNames != null) {
return cloneAltNames(subjectAlternativeNames);
}
SubjectAlternativeNameExtension subjectAltNameExt =
getSubjectAlternativeNameExtension();
if (subjectAltNameExt == null) {
return null;
}
GeneralNames names;
try {
names = (GeneralNames) subjectAltNameExt.get
(SubjectAlternativeNameExtension.SUBJECT_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.< List< ? > >emptySet();
}
subjectAlternativeNames = makeAltNames(names);
return subjectAlternativeNames;
} This method are the overridden implementation of
getSubjectAlternativeNames method in X509Certificate in the Sun
provider. It is better performance-wise since it returns cached
values. |
public static Collection getSubjectAlternativeNames(X509Certificate cert) throws CertificateParsingException {
try {
byte[] ext = cert.getExtensionValue(SUBJECT_ALT_NAME_OID);
if (ext == null) {
return null;
}
DerValue val = new DerValue(ext);
byte[] data = val.getOctetString();
SubjectAlternativeNameExtension subjectAltNameExt =
new SubjectAlternativeNameExtension(Boolean.FALSE,
data);
GeneralNames names;
try {
names = (GeneralNames) subjectAltNameExt.get
(SubjectAlternativeNameExtension.SUBJECT_NAME);
} catch (IOException ioe) {
// should not occur
return Collections.< List< ? > >emptySet();
}
return makeAltNames(names);
} catch (IOException ioe) {
CertificateParsingException cpe =
new CertificateParsingException();
cpe.initCause(ioe);
throw cpe;
}
} This static method is the default implementation of the
getSubjectAlternaitveNames method in X509Certificate. A
X509Certificate provider generally should overwrite this to
provide among other things caching for better performance. |
public Principal getSubjectDN() {
if (info == null)
return null;
try {
Principal subject = (Principal)info.get(
CertificateSubjectName.NAME + DOT +
CertificateSubjectName.DN_NAME);
return subject;
} catch (Exception e) {
return null;
}
} Gets the subject distinguished name from the certificate. |
public SubjectKeyIdentifierExtension getSubjectKeyIdentifierExtension() {
return (SubjectKeyIdentifierExtension)
getExtension(PKIXExtensions.SubjectKey_Id);
} Get SubjectKeyIdentifier extension |
public boolean[] getSubjectUniqueID() {
if (info == null)
return null;
try {
UniqueIdentity id = (UniqueIdentity)info.get(
CertificateSubjectUniqueIdentity.NAME
+ DOT + CertificateSubjectUniqueIdentity.ID);
if (id == null)
return null;
else
return (id.getId());
} catch (Exception e) {
return null;
}
} Gets the Subject Unique Identity from the certificate. |
public X500Principal getSubjectX500Principal() {
if (info == null) {
return null;
}
try {
X500Principal subject = (X500Principal)info.get(
CertificateSubjectName.NAME + DOT +
CertificateSubjectName.DN_PRINCIPAL);
return subject;
} catch (Exception e) {
return null;
}
} Get subject name as X500Principal. Overrides implementation in
X509Certificate with a slightly more efficient version that is
also aware of X509CertImpl mutability. |
public static X500Principal getSubjectX500Principal(X509Certificate cert) {
try {
return getX500Principal(cert, false);
} catch (Exception e) {
throw new RuntimeException("Could not parse subject", e);
}
} Extract the subject X500Principal from an X509Certificate.
Called from java.security.cert.X509Certificate.getSubjectX500Principal(). |
public byte[] getTBSCertificate() throws CertificateEncodingException {
if (info != null) {
return info.getEncodedInfo();
} else
throw new CertificateEncodingException("Uninitialized certificate");
} Gets the DER encoded certificate informations, the
tbsCertificate from this certificate.
This can be used to verify the signature independently. |
public Extension getUnparseableExtension(ObjectIdentifier oid) {
if (info == null) {
return null;
}
try {
CertificateExtensions extensions;
try {
extensions = (CertificateExtensions)info.get(CertificateExtensions.NAME);
} catch (CertificateException ce) {
return null;
}
if (extensions == null) {
return null;
} else {
return extensions.getUnparseableExtensions().get(oid.toString());
}
} catch (IOException ioe) {
return null;
}
} |
public int getVersion() {
if (info == null)
return -1;
try {
int vers = ((Integer)info.get(CertificateVersion.NAME
+ DOT + CertificateVersion.VERSION)).intValue();
return vers+1;
} catch (Exception e) {
return -1;
}
} Gets the version number from the certificate. |
public boolean hasUnsupportedCriticalExtension() {
if (info == null)
return false;
try {
CertificateExtensions exts = (CertificateExtensions)info.get(
CertificateExtensions.NAME);
if (exts == null)
return false;
return exts.hasUnsupportedCriticalExtension();
} catch (Exception e) {
return false;
}
} Return true if a critical extension is found that is
not supported, otherwise return false. |
public static boolean isSelfIssued(X509Certificate cert) {
X500Principal subject = cert.getSubjectX500Principal();
X500Principal issuer = cert.getIssuerX500Principal();
return subject.equals(issuer);
} Utility method to test if a certificate is self-issued. This is
the case iff the subject and issuer X500Principals are equal. |
public static boolean isSelfSigned(X509Certificate cert,
String sigProvider) {
if (isSelfIssued(cert)) {
try {
if (sigProvider == null) {
cert.verify(cert.getPublicKey());
} else {
cert.verify(cert.getPublicKey(), sigProvider);
}
return true;
} catch (Exception e) {
// In case of exception, return false
}
}
return false;
} Utility method to test if a certificate is self-signed. This is
the case iff the subject and issuer X500Principals are equal
AND the certificate's subject public key can be used to verify
the certificate. In case of exception, returns false. |
public void set(String name,
Object obj) throws IOException, CertificateException {
// check if immutable
if (readOnly)
throw new CertificateException("cannot over-write existing"
+ " certificate");
X509AttributeName attr = new X509AttributeName(name);
String id = attr.getPrefix();
if (!(id.equalsIgnoreCase(NAME))) {
throw new CertificateException("Invalid root of attribute name,"
+ " expected [" + NAME + "], received " + id);
}
attr = new X509AttributeName(attr.getSuffix());
id = attr.getPrefix();
if (id.equalsIgnoreCase(INFO)) {
if (attr.getSuffix() == null) {
if (!(obj instanceof X509CertInfo)) {
throw new CertificateException("Attribute value should"
+ " be of type X509CertInfo.");
}
info = (X509CertInfo)obj;
signedCert = null; //reset this as certificate data has changed
} else {
info.set(attr.getSuffix(), obj);
signedCert = null; //reset this as certificate data has changed
}
} else {
throw new CertificateException("Attribute name not recognized or " +
"set() not allowed for the same: " + id);
}
} Set the requested attribute in the certificate. |
public void sign(PrivateKey key,
String algorithm) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CertificateException {
sign(key, algorithm, null);
} Creates an X.509 certificate, and signs it using the given key
(associating a signature algorithm and an X.500 name).
This operation is used to implement the certificate generation
functionality of a certificate authority. |
public void sign(PrivateKey key,
String algorithm,
String provider) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CertificateException {
try {
if (readOnly)
throw new CertificateEncodingException(
"cannot over-write existing certificate");
Signature sigEngine = null;
if ((provider == null) || (provider.length() == 0))
sigEngine = Signature.getInstance(algorithm);
else
sigEngine = Signature.getInstance(algorithm, provider);
sigEngine.initSign(key);
// in case the name is reset
algId = AlgorithmId.get(sigEngine.getAlgorithm());
DerOutputStream out = new DerOutputStream();
DerOutputStream tmp = new DerOutputStream();
// encode certificate info
info.encode(tmp);
byte[] rawCert = tmp.toByteArray();
// encode algorithm identifier
algId.encode(tmp);
// Create and encode the signature itself.
sigEngine.update(rawCert, 0, rawCert.length);
signature = sigEngine.sign();
tmp.putBitString(signature);
// Wrap the signed data in a SEQUENCE { data, algorithm, sig }
out.write(DerValue.tag_Sequence, tmp);
signedCert = out.toByteArray();
readOnly = true;
} catch (IOException e) {
throw new CertificateEncodingException(e.toString());
}
} Creates an X.509 certificate, and signs it using the given key
(associating a signature algorithm and an X.500 name).
This operation is used to implement the certificate generation
functionality of a certificate authority. |
public static X509CertImpl toImpl(X509Certificate cert) throws CertificateException {
if (cert instanceof X509CertImpl) {
return (X509CertImpl)cert;
} else {
return X509Factory.intern(cert);
}
} Utility method to convert an arbitrary instance of X509Certificate
to a X509CertImpl. Does a cast if possible, otherwise reparses
the encoding. |
public String toString() {
if (info == null || algId == null || signature == null)
return "";
StringBuilder sb = new StringBuilder();
sb.append("[\n");
sb.append(info.toString() + "\n");
sb.append(" Algorithm: [" + algId.toString() + "]\n");
HexDumpEncoder encoder = new HexDumpEncoder();
sb.append(" Signature:\n" + encoder.encodeBuffer(signature));
sb.append("\n]");
return sb.toString();
} Returns a printable representation of the certificate. This does not
contain all the information available to distinguish this from any
other certificate. The certificate must be fully constructed
before this function may be called. |
public void verify(PublicKey key) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CertificateException {
verify(key, "");
} Throws an exception if the certificate was not signed using the
verification key provided. Successfully verifying a certificate
does not indicate that one should trust the entity which
it represents. |
public synchronized void verify(PublicKey key,
String sigProvider) throws SignatureException, NoSuchProviderException, InvalidKeyException, NoSuchAlgorithmException, CertificateException {
if (sigProvider == null) {
sigProvider = "";
}
if ((verifiedPublicKey != null) && verifiedPublicKey.equals(key)) {
// this certificate has already been verified using
// this public key. Make sure providers match, too.
if (sigProvider.equals(verifiedProvider)) {
if (verificationResult) {
return;
} else {
throw new SignatureException("Signature does not match.");
}
}
}
if (signedCert == null) {
throw new CertificateEncodingException("Uninitialized certificate");
}
// Verify the signature ...
Signature sigVerf = null;
if (sigProvider.length() == 0) {
sigVerf = Signature.getInstance(algId.getName());
} else {
sigVerf = Signature.getInstance(algId.getName(), sigProvider);
}
sigVerf.initVerify(key);
byte[] rawCert = info.getEncodedInfo();
sigVerf.update(rawCert, 0, rawCert.length);
// verify may throw SignatureException for invalid encodings, etc.
verificationResult = sigVerf.verify(signature);
verifiedPublicKey = key;
verifiedProvider = sigProvider;
if (verificationResult == false) {
throw new SignatureException("Signature does not match.");
}
} Throws an exception if the certificate was not signed using the
verification key provided. Successfully verifying a certificate
does not indicate that one should trust the entity which
it represents. |
java.security.cert.Certificate
Save This Page