Java Doc for X509Certificate.java in  » Portal » Open-Portal » com » sun » portal » kssl » Java Source Code / Java DocumentationJava Source Code and Java Documentation

Java Source Code / Java Documentation
1. 6.0 JDK Core
2. 6.0 JDK Modules
3. 6.0 JDK Modules com.sun
4. 6.0 JDK Modules com.sun.java
5. 6.0 JDK Modules sun
6. 6.0 JDK Platform
7. Ajax
8. Apache Harmony Java SE
9. Aspect oriented
10. Authentication Authorization
11. Blogger System
12. Build
13. Byte Code
14. Cache
15. Chart
16. Chat
17. Code Analyzer
18. Collaboration
19. Content Management System
20. Database Client
21. Database DBMS
22. Database JDBC Connection Pool
23. Database ORM
24. Development
25. EJB Server geronimo
26. EJB Server GlassFish
27. EJB Server JBoss 4.2.1
28. EJB Server resin 3.1.5
29. ERP CRM Financial
30. ESB
31. Forum
32. GIS
33. Graphic Library
34. Groupware
35. HTML Parser
36. IDE
37. IDE Eclipse
38. IDE Netbeans
39. Installer
40. Internationalization Localization
41. Inversion of Control
42. Issue Tracking
43. J2EE
44. JBoss
45. JMS
46. JMX
47. Library
48. Mail Clients
49. Net
50. Parser
51. PDF
52. Portal
53. Profiler
54. Project Management
55. Report
56. RSS RDF
57. Rule Engine
58. Science
59. Scripting
60. Search Engine
61. Security
62. Sevlet Container
63. Source Control
64. Swing Library
65. Template Engine
66. Test Coverage
67. Testing
68. UML
69. Web Crawler
70. Web Framework
71. Web Mail
72. Web Server
73. Web Services
74. Web Services apache cxf 2.0.1
75. Web Services AXIS2
76. Wiki Engine
77. Workflow Engines
78. XML
79. XML UI
Java
Java Tutorial
Java Open Source
Jar File Download
Java Articles
Java Products
Java by API
Photoshop Tutorials
Maya Tutorials
Flash Tutorials
3ds-Max Tutorials
Illustrator Tutorials
GIMP Tutorials
C# / C Sharp
C# / CSharp Tutorial
C# / CSharp Open Source
ASP.Net
ASP.NET Tutorial
JavaScript DHTML
JavaScript Tutorial
JavaScript Reference
HTML / CSS
HTML CSS Reference
C / ANSI-C
C Tutorial
C++
C++ Tutorial
Ruby
PHP
Python
Python Tutorial
Python Open Source
SQL Server / T-SQL
SQL Server / T-SQL Tutorial
Oracle PL / SQL
Oracle PL/SQL Tutorial
PostgreSQL
SQL / MySQL
MySQL Tutorial
VB.Net
VB.Net Tutorial
Flash / Flex / ActionScript
VBA / Excel / Access / Word
XML
XML Tutorial
Microsoft Office PowerPoint 2007 Tutorial
Microsoft Office Excel 2007 Tutorial
Microsoft Office Word 2007 Tutorial
Java Source Code / Java Documentation » Portal » Open Portal » com.sun.portal.kssl 
Source Cross Reference  Class Diagram Java Document (Java Doc) 


java.lang.Object
   com.sun.portal.kssl.X509Certificate

X509Certificate
public class X509Certificate implements Certificate(Code)
This class implements methods for creating X.509 certificates and accessing their attributes such as subject/issuer names, public keys and validity information. Publicly visible methods methods are modeled after those in the X509Certificate classes from J2SE (standard edition) but there are some differences and these are documented below.

NOTE: For now, only X.509 certificates containing RSA public keys and signed either using md5WithRSA or sha-1WithRSA are supported. This version of the implementation is unable to parse certificates containing DSA keys or signed using DSA. Certificates containing RSA keys but signed using an unsupported algorithm (e.g. RSA_MD2) can be parsed but cannot be verified. Not all version 3 extensions are supported (only subjectAltName, basicConstraints, keyUsage and extendedKeyUsage are recognized) but if an unrecognized extension is marked critical, an error notification is generated.


See Also:   com.sun.kssl.HandshakeListener



Field Summary
final public static  intMISSING_PATH_LENGTH_CONSTRAINT
     Indicates that no information is available on the pathLengthConstraint associated with this certificate (this could happen if the certifiate is a v1 or v2 cert or a v3 cert without basicConstraints or a non-CA v3 certificate).
final public static  byteNO_ERROR
     Indicates a no error condition.
final public static  byteTYPE_DNS_NAME
     DNS name alternative name type code.
final public static  byteTYPE_EMAIL_ADDRESS
     Email address (rfc 822) alternative name type code.
final public static  byteTYPE_URI
     URI alternative name type code.
final public static  intUNLIMITED_CERT_CHAIN_LENGTH
     Indicates there is no limit to the server certificate chain length.

Constructor Summary
public  X509Certificate(byte ver, byte[] rawSerialNumber, String sub, String iss, long notBefore, long notAfter, byte[] mod, byte[] exp, byte[] chash, int pLen)
     Creates an X.509 certificate with the specified attributes. This constructor is only used for creating trusted certificates.

Method Summary
public  voidcheckExtensions()
     Checks if a certificate has any (version 3) extensions that were not properly processed and continued use of this certificate may be inconsistent with the issuer's intent.
public  voidcheckValidity()
     Checks if the certificate is currently valid.
public  voidcheckValidity(long time)
     Checks if the certificate is valid on the specified time.
public static  X509CertificategenerateCertificate(byte[] buf, int off, int len)
     Creates a certificate by parsing the ASN.1 DER X.509 certificate encoding in the specified buffer.
NOTE: In the standard edition, equivalent functionality is provided by CertificateFactory.generateCertificate(InputStream).
public  intgetBasicConstraints()
     Gets the certificate constraints path length from the BasicConstraints extension.
public  byte[]getFingerprint()
     Gets the MD5 fingerprint of this certificate.
NOTE: this implementation returns a byte array filled with zeros if there is no fingerprint associated with this certificate.
public  StringgetIssuer()
     Gets the name of this certificate's issuer.
public  intgetKeyUsage()
     Gets a 32-bit bit vector (in the form of an integer) in which each position represents a purpose for which the public key in the certificate may be used (iff that bit is set).
public  longgetNotAfter()
     Gets the NotAfter date from the certificate's validity period.
public  longgetNotBefore()
     Gets the NotBefore date from the certificate's validity period.
public  PublicKeygetPublicKey()
     Gets the public key from this certificate.
public  StringgetSerialNumber()
     Gets the printable form of the serial number of this Certificate.
public  StringgetSigAlgName()
     Gets the name of the algorithm used to sign the certificate.
public  StringgetSubject()
     Gets the name of this certificate's subject.
public  ObjectgetSubjectAltName()
     Gets the subject alternative name or null if it was not in the certificate.
public  intgetSubjectAltNameType()
     Gets the type of subject alternative name.
public  StringgetType()
     Get the type of the Certificate.
public  StringgetVersion()
     Gets the raw X.509 version number of this certificate.
public  StringtoString()
     Returns a string representation of this certificate.
public  voidverify(PublicKey pk)
     Checks if this certificate was signed using the private key corresponding to the specified public key.

Field Detail
MISSING_PATH_LENGTH_CONSTRAINT
final public static int MISSING_PATH_LENGTH_CONSTRAINT(Code)
Indicates that no information is available on the pathLengthConstraint associated with this certificate (this could happen if the certifiate is a v1 or v2 cert or a v3 cert without basicConstraints or a non-CA v3 certificate).



NO_ERROR
final public static byte NO_ERROR(Code)
Indicates a no error condition.



TYPE_DNS_NAME
final public static byte TYPE_DNS_NAME(Code)
DNS name alternative name type code.



TYPE_EMAIL_ADDRESS
final public static byte TYPE_EMAIL_ADDRESS(Code)
Email address (rfc 822) alternative name type code.



TYPE_URI
final public static byte TYPE_URI(Code)
URI alternative name type code.



UNLIMITED_CERT_CHAIN_LENGTH
final public static int UNLIMITED_CERT_CHAIN_LENGTH(Code)
Indicates there is no limit to the server certificate chain length.




Constructor Detail
X509Certificate
public X509Certificate(byte ver, byte[] rawSerialNumber, String sub, String iss, long notBefore, long notAfter, byte[] mod, byte[] exp, byte[] chash, int pLen) throws Exception(Code)
Creates an X.509 certificate with the specified attributes. This constructor is only used for creating trusted certificates.
NOTE: All signature related values in these certificates (such as the signing algorithm and signature) are set to null and invoking methods that access signature information, e.g. verify() and getSigAlgName() can produce unexpected errors.


Parameters:
  ver - byte containing X.509 version
Parameters:
  rawSerialNumber - byte array containing the serial number
Parameters:
  sub - subject name
Parameters:
  iss - issuer name
Parameters:
  notBefore - start of validity period expressed in millisecondssince midnight Jan 1, 1970 UTC
Parameters:
  notAfter - end of validity period expressed as above
Parameters:
  mod - modulus associated with the RSA Public Key
Parameters:
  exp - exponent associated with the RSA Public Key
Parameters:
  chash - 16-byte MD5 hash of the certificate's ASN.1 DER encoding
Parameters:
  pLen - Is the pathLenConstraint associated with a version 3certificate. This parameter is ignored for v1 andv2 certificates. If a v3 certificate does nothave basicConstraints or is not a CA cert, callersshould pass MISSING_PATH_LENGTH_CONSTRAINT. If thev3 certificate has basicConstraints, CA is set butpathLenConstraint is missing (indicating no limiton the certificate chain), callers should passUNLIMITED_CERT_CHAIN_LENGTH.
exception:
  Exception - in case of a problem with RSA public key parameters





Method Detail
checkExtensions
public void checkExtensions() throws CertificateException(Code)
Checks if a certificate has any (version 3) extensions that were not properly processed and continued use of this certificate may be inconsistent with the issuer's intent. This may happen, for example, if the certificate has unrecognized critical extensions.
exception:
  CertificateException - with a reason ofr BAD_EXTENSIONS ifthere are any bad extensions



checkValidity
public void checkValidity() throws CertificateException(Code)
Checks if the certificate is currently valid. It is if the current date and time are within the certificate's validity period.
exception:
  CertificateException - with a reason of EXPIRED or NOT_YET_VALID



checkValidity
public void checkValidity(long time) throws CertificateException(Code)
Checks if the certificate is valid on the specified time. It is if the specified time is within the certificate's validity period.
NOTE: The standard edition provides a method with this name but it throws different types of exceptions rather than returning error codes.


Parameters:
  time - the time in milliseconds for which a certificate'svalidity is to be checked
exception:
  CertificateException - with a reason of EXPIRED or NOT_YET_VALID




generateCertificate
public static X509Certificate generateCertificate(byte[] buf, int off, int len) throws IOException(Code)
Creates a certificate by parsing the ASN.1 DER X.509 certificate encoding in the specified buffer.
NOTE: In the standard edition, equivalent functionality is provided by CertificateFactory.generateCertificate(InputStream).


Parameters:
  buf - byte array to be read
Parameters:
  off - offset within the byte array
Parameters:
  len - number of bytes to be read a certificate object corresponding to the DER encodingor null (in case of an encoding problem)
exception:
  IOException - if there is a parsing error




getBasicConstraints
public int getBasicConstraints()(Code)
Gets the certificate constraints path length from the BasicConstraints extension.

The BasicConstraints extension identifies whether the subject of the certificate is a Certificate Authority (CA) and how deep a certification path may exist through the CA. The pathLenConstraint field (see below) is meaningful only if cA is set to TRUE. In this case, it gives the maximum number of CA certificates that may follow this certificate in a certification path. A value of zero indicates that only an end-entity certificate may follow in the path.

Note that for RFC 2459 this extension is always marked critical if cA is TRUE, meaning this certificate belongs to a Certificate Authority.

The ASN.1 definition for this is:

 BasicConstraints ::= SEQUENCE {
 cA                  BOOLEAN DEFAULT FALSE,
 pathLenConstraint   INTEGER (0..MAX) OPTIONAL 
 }
 
MISSING_PATH_LENGTH_CONSTRAINT if theBasicConstraints extension is absent or the subjectof the certificate is not a CA. If the subject of the certificateis a CA and pathLenConstraint does not appear, UNLIMITED_CERT_CHAIN_LENGTH is returned to indicate thatthere is no limit to the allowed length of the certification path.In all other situations, the actual value of the pathLenConstraint is returned.



getFingerprint
public byte[] getFingerprint()(Code)
Gets the MD5 fingerprint of this certificate.
NOTE: this implementation returns a byte array filled with zeros if there is no fingerprint associated with this certificate. This may happen if a null was passed to the X509Certificate constructor.

a byte array containing this certificate's MD5 hash




getIssuer
public String getIssuer()(Code)
Gets the name of this certificate's issuer.
NOTE: The corresponding method in the standard edition is getIssuerDN() and returns a Principal.

a string containing this certificate's issuer inuser-friendly form




getKeyUsage
public int getKeyUsage()(Code)
Gets a 32-bit bit vector (in the form of an integer) in which each position represents a purpose for which the public key in the certificate may be used (iff that bit is set). The correspondence between bit positions and purposes is as follows:
digitalSignature 0
nonRepudiation 1
keyEncipherment 2
dataEncipherment 3
keyAgreement 4
keyCertSign 5
cRLSign 6
encipherOnly 7
decipherOnly 8
serverAuth 17
clientAuth 18
codeSigning 19
emailProtection 20
ipsecEndSystem 21
ipsecTunnel 22
ipsecUser 23
timeStamping 24

a bitvector indicating approved usage of the certificatepublic key, -1 if neither a KeyUsage nor a critical extendedKeyUsageextension is present.




getNotAfter
public long getNotAfter()(Code)
Gets the NotAfter date from the certificate's validity period. a date after which the certificate is not valid (expirationdate)



getNotBefore
public long getNotBefore()(Code)
Gets the NotBefore date from the certificate's validity period.

a date before which the certificate is not valid




getPublicKey
public PublicKey getPublicKey() throws CertificateException(Code)
Gets the public key from this certificate.

the public key contained in the certificate
exception:
  CertificateException - if public key is not a supported type(could not be parsed).




getSerialNumber
public String getSerialNumber()(Code)
Gets the printable form of the serial number of this Certificate. If the serial number within the certificate is binary is should be formatted as a string using hexadecimal notation with each byte represented as two hex digits separated byte ":" (Unicode x3A). For example, 27:56:FA:80. A string containing the serial numberin user-friendly form; NULL is returnedif there is no serial number.



getSigAlgName
public String getSigAlgName()(Code)
Gets the name of the algorithm used to sign the certificate.

the name of signature algorithm




getSubject
public String getSubject()(Code)
Gets the name of this certificate's subject.
NOTE: The corresponding method in the standard edition is getSubjectDN() and returns a Principal.

a string containing this certificate's subject inuser-friendly form




getSubjectAltName
public Object getSubjectAltName()(Code)
Gets the subject alternative name or null if it was not in the certificate. type of subject alternative name or null



getSubjectAltNameType
public int getSubjectAltNameType()(Code)
Gets the type of subject alternative name. type of subject alternative name



getType
public String getType()(Code)
Get the type of the Certificate. The type of the Certificate;the value MUST NOT be NULL.



getVersion
public String getVersion()(Code)
Gets the raw X.509 version number of this certificate. Version 1 is 0. the X.509 logic version number (1, 2, 3) of the certificate



toString
public String toString()(Code)
Returns a string representation of this certificate.

a human readable string repesentation of this certificate




verify
public void verify(PublicKey pk) throws CertificateException(Code)
Checks if this certificate was signed using the private key corresponding to the specified public key.
Parameters:
  pk - public key to be used for verifying certificate signature
exception:
  CertificateException - if there is an error



Methods inherited from java.lang.Object
native protected Object clone() throws CloneNotSupportedException(Code)(Java Doc)
public boolean equals(Object obj)(Code)(Java Doc)
protected void finalize() throws Throwable(Code)(Java Doc)
final native public Class getClass()(Code)(Java Doc)
native public int hashCode()(Code)(Java Doc)
final native public void notify()(Code)(Java Doc)
final native public void notifyAll()(Code)(Java Doc)
public String toString()(Code)(Java Doc)
final native public void wait(long timeout) throws InterruptedException(Code)(Java Doc)
final public void wait(long timeout, int nanos) throws InterruptedException(Code)(Java Doc)
final public void wait() throws InterruptedException(Code)(Java Doc)

www.java2java.com | Contact Us
Copyright 2009 - 12 Demo Source and Support. All rights reserved.
All other trademarks are property of their respective owners.