File Doc Category Size Date Package
X509Certificate.java API Doc Android 1.5 API 15658 Wed May 06 22:41:06 BST 2009 java.security.cert

X509Certificate

java.lang.Object
- java.security.cert.Certificate

public abstract class X509Certificate extends Certificate implements X509Extension

Abstract base class for X.509 certificates.

This represents a standard way for accessing the attributes of X.509 certificates.

The basic X.509 v3 format described in ASN.1:

Certificate ::= SEQUENCE {
tbsCertificate TBSCertificate,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING }

TBSCertificate ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
serialNumber CertificateSerialNumber,
signature AlgorithmIdentifier,
issuer Name,
validity Validity,
subject Name,
subjectPublicKeyInfo SubjectPublicKeyInfo,
issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version must be v2 or v3
subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
-- If present, version must be v2 or v3
extensions [3] EXPLICIT Extensions OPTIONAL
-- If present, version must be v3
}

For more information consult RFC 2459 "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt .

since: Android 1.0

Fields Summary
private static final long
serialVersionUID
Constructors Summary
protected X509Certificate()
Creates a new {@code X509Certificate}.
since
Android 1.0
super("X.509"); //$NON-NLS-1$
Methods Summary
public abstract void checkValidity()
Checks whether the certificate is currently valid.
The validity defined in ASN.1:
validity Validity Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate } CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }

throws
CertificateExpiredException if the certificate has expired.
throws
CertificateNotYetValidException if the certificate is not yet valid.
since
Android 1.0
public abstract void checkValidity(java.util.Date date)
Checks whether the certificate is valid at the specified date.
param
date the date to check the validity against.
throws
CertificateExpiredException if the certificate has expired.
throws
CertificateNotYetValidException if the certificate is not yet valid.
see
#checkValidity()
since
Android 1.0
public abstract int getBasicConstraints()
Returns the path length of the certificate constraints from the {@code BasicContraints} extension.
return
the path length of the certificate constraints if the extension is present or {@code -1} if the extension is not present. {@code Integer.MAX_VALUE} if there's not limit.
since
Android 1.0
public java.util.List getExtendedKeyUsage()
Returns a read-only list of OID strings representing the {@code ExtKeyUsageSyntax} field of the extended key usage extension.
return
the extended key usage extension, or {@code null} if there's none in the certificate.
throws
CertificateParsingException if the extension decoding fails.
since
Android 1.0
return null;
public java.util.Collection getIssuerAlternativeNames()
Returns a read-only list of the issuer alternative names from the {@code IssuerAltName} extension.
The ASN.1 definition of {@code IssuerAltName}:
IssuerAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }

return
the issuer alternative names of {@code null} if there are none in the certificate.
throws
CertificateParsingException if decoding of the extension fails.
since
Android 1.0
return null;
public abstract java.security.Principal getIssuerDN()
Returns the {@code issuer} (issuer distinguished name) as an implementation specific {@code Principal} object.
The ASN.1 definition of {@code issuer}:
issuer Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType

replaced by: {@link #getIssuerX500Principal()}.
return
the {@code issuer} as an implementation specific {@code Principal}.
since
Android 1.0
public abstract boolean[] getIssuerUniqueID()
Returns the {@code issuerUniqueID} from the certificate.
return
the {@code issuerUniqueID} or {@code null} if there's none in the certificate.
since
Android 1.0
public javax.security.auth.x500.X500Principal getIssuerX500Principal()
Returns the {@code issuer} (issuer distinguished name) as an {@code X500Principal}.
return
the {@code issuer} (issuer distinguished name).
since
Android 1.0
try { // TODO if there is no X.509 certificate provider installed // should we try to access Harmony X509CertImpl via classForName? CertificateFactory factory = CertificateFactory .getInstance("X.509"); //$NON-NLS-1$ X509Certificate cert = (X509Certificate) factory .generateCertificate(new ByteArrayInputStream(getEncoded())); return cert.getIssuerX500Principal(); } catch (Exception e) { throw new RuntimeException(Messages.getString("security.59"), e); //$NON-NLS-1$ }
public abstract boolean[] getKeyUsage()
Returns the {@code KeyUsage} extension as a {@code boolean} array.
The ASN.1 definition of {@code KeyUsage}:
KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }

return
the {@code KeyUsage} extension or {@code null} if there's none in the certificate.
since
Android 1.0
public abstract java.util.Date getNotAfter()
Returns the {@code notAfter} date of the validity period of the certificate.
return
the end of the validity period.
since
Android 1.0
public abstract java.util.Date getNotBefore()
Returns the {@code notBefore} date from the validity period of the certificate.
return
the start of the validity period.
since
Android 1.0
public abstract java.math.BigInteger getSerialNumber()
Returns the {@code serialNumber} of the certificate.
The ASN.1 definition of {@code serialNumber}:
CertificateSerialNumber ::= INTEGER

return
the serial number.
since
Android 1.0
public abstract java.lang.String getSigAlgName()
Returns the name of the algorithm for the certificate signature.
return
the signature algorithm name.
since
Android 1.0
public abstract java.lang.String getSigAlgOID()
Returns the OID of the signature algorithm from the certificate.
return
the OID of the signature algorithm.
since
Android 1.0
public abstract byte[] getSigAlgParams()
Returns the parameters of the signature algorithm in DER-encoded format.
return
the parameters of the signature algorithm, or {@code null} if none are used.
since
Android 1.0
public abstract byte[] getSignature()
Returns the raw signature bits from the certificate.
return
the raw signature bits from the certificate.
since
Android 1.0
public java.util.Collection getSubjectAlternativeNames()
Returns a read-only list of the subject alternative names from the {@code SubjectAltName} extension.
The ASN.1 definition of {@code SubjectAltName}:
SubjectAltName ::= GeneralNames GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName GeneralName ::= CHOICE { otherName [0] AnotherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER }

return
the subject alternative names or {@code null} if there are none in the certificate.
throws
CertificateParsingException if decoding of the extension fails.
since
Android 1.0
return null;
public abstract java.security.Principal getSubjectDN()
Returns the {@code subject} (subject distinguished name) as an implementation specific {@code Principal} object.
The ASN.1 definition of {@code subject}:
subject Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType

replaced by: {@link #getSubjectX500Principal()}.
return
the {@code subject} (subject distinguished name).
since
Android 1.0
public abstract boolean[] getSubjectUniqueID()
Returns the {@code subjectUniqueID} from the certificate.
return
the {@code subjectUniqueID} or null if there's none in the certificate.
since
Android 1.0
public javax.security.auth.x500.X500Principal getSubjectX500Principal()
Returns the {@code subject} (subject distinguished name) as an {@code X500Principal}.
return
the {@code subject} (subject distinguished name)
since
Android 1.0
try { // TODO if there is no X.509 certificate provider installed // should we try to access Harmony X509CertImpl via classForName? CertificateFactory factory = CertificateFactory .getInstance("X.509"); //$NON-NLS-1$ X509Certificate cert = (X509Certificate) factory .generateCertificate(new ByteArrayInputStream(getEncoded())); return cert.getSubjectX500Principal(); } catch (Exception e) { throw new RuntimeException(Messages.getString("security.5A"), e); //$NON-NLS-1$ }
public abstract byte[] getTBSCertificate()
Returns the {@code tbsCertificate} information from this certificate in DER-encoded format.
return
the DER-encoded certificate information.
throws
CertificateEncodingException if an error occurs in encoding
since
Android 1.0
public abstract int getVersion()
Returns the certificates {@code version} (version number).
The version defined is ASN.1:
Version ::= INTEGER { v1(0), v2(1), v3(2) }

return
the version number.
since
Android 1.0