File Doc Category Size Date Package
X509CertImpl.java API Doc Android 1.5 API 22374 Wed May 06 22:41:06 BST 2009 org.apache.harmony.security.provider.cert

X509CertImpl

java.lang.Object
- java.security.cert.Certificate
  - java.security.cert.X509Certificate

public class X509CertImpl extends X509Certificate

This class is an implementation of X509Certificate. It wraps the instance of org.apache.harmony.security.x509.Certificate built on the base of provided ASN.1 DER encoded form of Certificate structure (as specified in RFC 3280 http://www.ietf.org/rfc/rfc3280.txt).

see: org.apache.harmony.security.x509.Certificate
see: java.security.cert.X509Certificate

Fields Summary
private static final long
serialVersionUID
private final org.apache.harmony.security.x509.Certificate
certificate
private final org.apache.harmony.security.x509.TBSCertificate
tbsCert
private final org.apache.harmony.security.x509.Extensions
extensions
private long
notBefore
private long
notAfter
private BigInteger
serialNumber
private X500Principal
issuer
private X500Principal
subject
private byte[]
tbsCertificate
private byte[]
signature
private String
sigAlgName
private String
sigAlgOID
private byte[]
sigAlgParams
private boolean
nullSigAlgParams
private PublicKey
publicKey
private byte[]
encoding
Constructors Summary
public X509CertImpl(InputStream in)
Constructs the instance on the base of ASN.1 encoded form of X.509 certificate provided via stream parameter.
param
in input stream containing ASN.1 encoded form of certificate.
throws
CertificateException if some decoding problems occur.
// // ---------------------- Constructors ------------------------------- // try { // decode the Certificate object this.certificate = (Certificate) Certificate.ASN1.decode(in); // cache the values of TBSCertificate and Extensions this.tbsCert = certificate.getTbsCertificate(); this.extensions = tbsCert.getExtensions(); } catch (IOException e) { throw new CertificateException(e); }
public X509CertImpl(org.apache.harmony.security.x509.Certificate certificate)
Constructs the instance on the base of existing Certificate object to be wrapped.
this.certificate = certificate; // cache the values of TBSCertificate and Extensions this.tbsCert = certificate.getTbsCertificate(); this.extensions = tbsCert.getExtensions();
public X509CertImpl(byte[] encoding)
Constructs the instance on the base of ASN.1 encoded form of X.509 certificate provided via array of bytes.
param
encoding byte array containing ASN.1 encoded form of certificate.
throws
IOException if some decoding problems occur.
this((Certificate) Certificate.ASN1.decode(encoding));
Methods Summary
public void checkValidity()
see
java.security.cert.X509Certificate#checkValidity() method documentation for more information.
if (notBefore == -1) { // retrieve and cache the value of validity period notBefore = tbsCert.getValidity().getNotBefore().getTime(); notAfter = tbsCert.getValidity().getNotAfter().getTime(); } long time = System.currentTimeMillis(); if (time < notBefore) { throw new CertificateNotYetValidException(); } if (time > notAfter) { throw new CertificateExpiredException(); }
public void checkValidity(java.util.Date date)
see
java.security.cert.X509Certificate#checkValidity(Date) method documentation for more information.
if (notBefore == -1) { // retrieve and cache the value of validity period notBefore = tbsCert.getValidity().getNotBefore().getTime(); notAfter = tbsCert.getValidity().getNotAfter().getTime(); } long time = date.getTime(); if (time < notBefore) { // BEGIN android-changed throw new CertificateNotYetValidException("current time: " + date + ", validation time: " + new Date(notBefore)); // END android-changed } if (time > notAfter) { // BEGIN android-changed throw new CertificateExpiredException("current time: " + date + ", expiration time: " + new Date(notAfter)); // END android-changed }
private void fastVerify(java.security.PublicKey key)
Implements a faster RSA verification method that delegates to OpenSSL native code. In all other aspects it behaves just like the ordinary {@link verify} method.
param
key The RSA public key to use
throws
SignatureException If the verification fails.
throws
InvalidKeyException
if (!(key instanceof RSAPublicKey)) { throw new InvalidKeyException(Messages.getString("security.15C1")); } RSAPublicKey rsaKey = (RSAPublicKey) key; String algorithm = getSigAlgName(); int i = algorithm.indexOf("with"); algorithm = algorithm.substring(i + 4) + "-" + algorithm.substring(0, i); if (tbsCertificate == null) { tbsCertificate = tbsCert.getEncoded(); } byte[] sig = certificate.getSignatureValue(); if (!OpenSSLSocketImpl.verifySignature(tbsCertificate, sig, algorithm, rsaKey)) { throw new SignatureException(Messages.getString("security.15C")); //$NON-NLS-1$ }
public int getBasicConstraints()
see
java.security.cert.X509Certificate#getBasicConstraints() method documentation for more information.
if (extensions == null) { return Integer.MAX_VALUE; } return extensions.valueOfBasicConstrains();
public java.util.Set getCriticalExtensionOIDs()
see
java.security.cert.X509Extension#getCriticalExtensionOIDs() method documentation for more information.
if (extensions == null) { return null; } // retrieve the info from the cached extensions object return extensions.getCriticalExtensions();
public byte[] getEncoded()
see
java.security.cert.Certificate#getEncoded() method documentation for more information.
if (encoding == null) { encoding = certificate.getEncoded(); } byte[] result = new byte[encoding.length]; System.arraycopy(encoding, 0, result, 0, encoding.length); return result;
public java.util.List getExtendedKeyUsage()
see
java.security.cert.X509Certificate#getExtendedKeyUsage() method documentation for more information.
if (extensions == null) { return null; } try { return extensions.valueOfExtendedKeyUsage(); } catch (IOException e) { throw new CertificateParsingException(e); }
public byte[] getExtensionValue(java.lang.String oid)
see
java.security.cert.X509Extension#getExtensionValue(String) method documentation for more information.
if (extensions == null) { return null; } // retrieve the info from the cached extensions object Extension ext = extensions.getExtensionByOID(oid); return (ext == null) ? null : ext.getRawExtnValue();
public java.util.Collection getIssuerAlternativeNames()
see
java.security.cert.X509Certificate#getIssuerAlternativeNames() method documentation for more information.
if (extensions == null) { return null; } try { // Retrieve the extension value from the cached extensions object // This extension is not checked for correctness during // certificate generation, so now it can throw exception return extensions.valueOfIssuerAlternativeName(); } catch (IOException e) { throw new CertificateParsingException(e); }
public java.security.Principal getIssuerDN()
see
java.security.cert.X509Certificate#getIssuerDN() method documentation for more information.
if (issuer == null) { // retrieve the issuer's principal issuer = tbsCert.getIssuer().getX500Principal(); } return issuer;
public boolean[] getIssuerUniqueID()
see
java.security.cert.X509Certificate#getIssuerUniqueID() method documentation for more information.
return tbsCert.getIssuerUniqueID();
public javax.security.auth.x500.X500Principal getIssuerX500Principal()
see
java.security.cert.X509Certificate#getIssuerX500Principal() method documentation for more information.
if (issuer == null) { // retrieve the issuer's principal issuer = tbsCert.getIssuer().getX500Principal(); } return issuer;
public boolean[] getKeyUsage()
see
java.security.cert.X509Certificate#getKeyUsage() method documentation for more information.
if (extensions == null) { return null; } return extensions.valueOfKeyUsage();
public java.util.Set getNonCriticalExtensionOIDs()
see
java.security.cert.X509Extension#getNonCriticalExtensionOIDs() method documentation for more information.
if (extensions == null) { return null; } // retrieve the info from the cached extensions object return extensions.getNonCriticalExtensions();
public java.util.Date getNotAfter()
see
java.security.cert.X509Certificate#getNotAfter() method documentation for more information.
if (notBefore == -1) { // the value was not retrieved from the certificate, do it: notBefore = tbsCert.getValidity().getNotBefore().getTime(); notAfter = tbsCert.getValidity().getNotAfter().getTime(); } return new Date(notAfter);
public java.util.Date getNotBefore()
see
java.security.cert.X509Certificate#getNotBefore() method documentation for more information.
if (notBefore == -1) { // the value was not retrieved from the certificate, do it: notBefore = tbsCert.getValidity().getNotBefore().getTime(); notAfter = tbsCert.getValidity().getNotAfter().getTime(); } return new Date(notBefore);
public java.security.PublicKey getPublicKey()
see
java.security.cert.Certificate#getPublicKey() method documentation for more information.
if (publicKey == null) { // retrieve the public key from SubjectPublicKeyInfo // substructure of X.509 certificate publicKey = tbsCert.getSubjectPublicKeyInfo().getPublicKey(); } return publicKey;
public java.math.BigInteger getSerialNumber()
see
java.security.cert.X509Certificate#getSerialNumber() method documentation for more information.
if (serialNumber == null) { serialNumber = tbsCert.getSerialNumber(); } return serialNumber;
public java.lang.String getSigAlgName()
see
java.security.cert.X509Certificate#getSigAlgName() method documentation for more information.
if (sigAlgOID == null) { // if info was not retrieved (and cached), do it: sigAlgOID = tbsCert.getSignature().getAlgorithm(); // retrieve the name of the signing algorithm sigAlgName = AlgNameMapper.map2AlgName(sigAlgOID); if (sigAlgName == null) { // if could not be found, use OID as a name sigAlgName = sigAlgOID; } } return sigAlgName;
public java.lang.String getSigAlgOID()
see
java.security.cert.X509Certificate#getSigAlgOID() method documentation for more information.
if (sigAlgOID == null) { // if info was not retrieved (and cached), do it: sigAlgOID = tbsCert.getSignature().getAlgorithm(); // retrieve the name of the signing algorithm sigAlgName = AlgNameMapper.map2AlgName(sigAlgOID); if (sigAlgName == null) { // if could not be found, use OID as a name sigAlgName = sigAlgOID; } } return sigAlgOID;
public byte[] getSigAlgParams()
see
java.security.cert.X509Certificate#getSigAlgParams() method documentation for more information.
if (nullSigAlgParams) { return null; } if (sigAlgParams == null) { sigAlgParams = tbsCert.getSignature().getParameters(); if (sigAlgParams == null) { nullSigAlgParams = true; return null; } } return sigAlgParams;
public byte[] getSignature()
see
java.security.cert.X509Certificate#getSignature() method documentation for more information.
if (signature == null) { // retrieve the value of the signature signature = certificate.getSignatureValue(); } byte[] result = new byte[signature.length]; System.arraycopy(signature, 0, result, 0, signature.length); return result;
public java.util.Collection getSubjectAlternativeNames()
see
java.security.cert.X509Certificate#getSubjectAlternativeNames() method documentation for more information.
if (extensions == null) { return null; } try { // Retrieve the extension value from the cached extensions object // This extension is not checked for correctness during // certificate generation, so now it can throw exception return extensions.valueOfSubjectAlternativeName(); } catch (IOException e) { throw new CertificateParsingException(e); }
public java.security.Principal getSubjectDN()
see
java.security.cert.X509Certificate#getSubjectDN() method documentation for more information.
if (subject == null) { // retrieve the subject's principal subject = tbsCert.getSubject().getX500Principal(); } return subject;
public boolean[] getSubjectUniqueID()
see
java.security.cert.X509Certificate#getSubjectUniqueID() method documentation for more information.
return tbsCert.getSubjectUniqueID();
public javax.security.auth.x500.X500Principal getSubjectX500Principal()
see
java.security.cert.X509Certificate#getSubjectX500Principal() method documentation for more information.
if (subject == null) { // retrieve the subject's principal subject = tbsCert.getSubject().getX500Principal(); } return subject;
public byte[] getTBSCertificate()
see
java.security.cert.X509Certificate#getTBSCertificate() method documentation for more information.
if (tbsCertificate == null) { // retrieve the encoded form of the TBSCertificate structure tbsCertificate = tbsCert.getEncoded(); } byte[] result = new byte[tbsCertificate.length]; System.arraycopy(tbsCertificate, 0, result, 0, tbsCertificate.length); return result;
public int getVersion()
see
java.security.cert.X509Certificate#getVersion() method documentation for more information.
return tbsCert.getVersion() + 1;
public boolean hasUnsupportedCriticalExtension()
see
java.security.cert.X509Extension#hasUnsupportedCriticalExtension() method documentation for more information.
if (extensions == null) { return false; } // retrieve the info from the cached extensions object return extensions.hasUnsupportedCritical();
public java.lang.String toString()
see
java.security.cert.Certificate#toString() method documentation for more information.
return certificate.toString();
public void verify(java.security.PublicKey key)
Verifies the signature of the certificate.
see
java.security.cert.Certificate#verify(PublicKey) method documentation for more information.
// BEGIN android-added if (getSigAlgName().endsWith("withRSA")) { fastVerify(key); return; } // END android-added Signature signature = Signature.getInstance(getSigAlgName()); signature.initVerify(key); // retrieve the encoding of the TBSCertificate structure if (tbsCertificate == null) { tbsCertificate = tbsCert.getEncoded(); } // compute and verify the signature signature.update(tbsCertificate, 0, tbsCertificate.length); if (!signature.verify(certificate.getSignatureValue())) { throw new SignatureException(Messages.getString("security.15C")); //$NON-NLS-1$ }
public void verify(java.security.PublicKey key, java.lang.String sigProvider)
Verifies the signature of the certificate.
see
java.security.cert.Certificate#verify(PublicKey,String) method documentation for more information.
// BEGIN android-added if (getSigAlgName().endsWith("withRSA")) { fastVerify(key); return; } // END android-added Signature signature = Signature.getInstance(getSigAlgName(), sigProvider); signature.initVerify(key); // retrieve the encoding of the TBSCertificate structure if (tbsCertificate == null) { tbsCertificate = tbsCert.getEncoded(); } // compute and verify the signature signature.update(tbsCertificate, 0, tbsCertificate.length); if (!signature.verify(certificate.getSignatureValue())) { throw new SignatureException(Messages.getString("security.15C")); //$NON-NLS-1$ }