2362N/A * Copyright (c) 1997, 2008, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * Abstract class for X.509 v1 certificates. This provides a standard 0N/A * way to access all the version 1 attributes of an X.509 certificate. 0N/A * Attributes that are specific to X.509 v2 or v3 are not available 0N/A * through this interface. Future API evolution will provide full access to 0N/A * complete X.509 v3 attributes. 0N/A * The basic X.509 format was defined by 0N/A * ISO/IEC and ANSI X9 and is described below in ASN.1: 0N/A * Certificate ::= SEQUENCE { 0N/A * tbsCertificate TBSCertificate, 0N/A * signatureAlgorithm AlgorithmIdentifier, 0N/A * signature BIT STRING } 0N/A * These certificates are widely used to support authentication and 0N/A * other functionality in Internet security systems. Common applications 0N/A * include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), 0N/A * code signing for trusted software distribution, and Secure Electronic 0N/A * Transactions (SET). 0N/A * These certificates are managed and vouched for by <em>Certificate 0N/A * Authorities</em> (CAs). CAs are services which create certificates by 0N/A * placing data in the X.509 standard format and then digitally signing 0N/A * that data. CAs act as trusted third parties, making introductions 0N/A * between principals who have no direct knowledge of each other. 0N/A * CA certificates are either signed by themselves, or by some other 0N/A * CA such as a "root" CA. 0N/A * The ASN.1 definition of <code>tbsCertificate</code> is: 0N/A * TBSCertificate ::= SEQUENCE { 0N/A * version [0] EXPLICIT Version DEFAULT v1, 0N/A * serialNumber CertificateSerialNumber, 0N/A * signature AlgorithmIdentifier, 0N/A * validity Validity, 0N/A * subjectPublicKeyInfo SubjectPublicKeyInfo, 0N/A * Here is sample code to instantiate an X.509 certificate: 0N/A * InputStream inStream = new FileInputStream("fileName-of-cert"); 0N/A * X509Certificate cert = X509Certificate.getInstance(inStream); 0N/A * byte[] certData = <certificate read from a file, say> 0N/A * X509Certificate cert = X509Certificate.getInstance(certData); 0N/A * In either case, the code that instantiates an X.509 certificate 0N/A * consults the Java security properties file to locate the actual 0N/A * implementation or instantiates a default implementation. 0N/A * The Java security properties file is located in the file named 0N/A * <JAVA_HOME> refers to the value of the java.home system property, 0N/A * and specifies the directory where the JRE is installed. 0N/A * In the Security properties file, a default implementation 0N/A * for X.509 v1 may be given such as: 0N/A * cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl 0N/A * The value of this <code>cert.provider.x509v1</code> property has to be 0N/A * changed to instatiate another implementation. If this security 0N/A * property is not set, a default implementation will be used. 0N/A * Currently, due to possible security restrictions on access to 0N/A * Security properties, this value is looked up and cached at class 0N/A * initialization time and will fallback on a default implementation if 0N/A * the Security property is not accessible. 0N/A * <p><em>Note: The classes in the package <code>javax.security.cert</code> 0N/A * exist for compatibility with earlier versions of the 0N/A * Java Secure Sockets Extension (JSSE). New applications should instead 0N/A * use the standard Java SE certificate classes located in 0N/A * <code>java.security.cert</code>.</em></p> 0N/A * @author Hemma Prafullchandra 0N/A * @see java.security.cert.X509Extension 0N/A * Constant to lookup in the Security properties file. 0N/A * In the Security properties file the default implementation 0N/A * for X.509 v3 is given as: 0N/A * cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl 0N/A * Instantiates an X509Certificate object, and initializes it with 0N/A * the data read from the input stream <code>inStream</code>. 0N/A * The implementation (X509Certificate is an abstract class) is 0N/A * provided by the class specified as the value of the 0N/A * <code>cert.provider.x509v1</code> 0N/A * property in the security properties file. 0N/A * <p>Note: Only one DER-encoded 0N/A * certificate is expected to be in the input stream. 0N/A * Also, all X509Certificate 0N/A * subclasses must provide a constructor of the form: 0N/A * public <subClass>(InputStream inStream) ... 0N/A * @param inStream an input stream with the data to be read to 0N/A * initialize the certificate. 0N/A * @return an X509Certificate object initialized with the data 0N/A * from the input stream. 0N/A * @exception CertificateException if a class initialization 0N/A * or certificate parsing error occurs. 0N/A * Instantiates an X509Certificate object, and initializes it with 0N/A * the specified byte array. 0N/A * The implementation (X509Certificate is an abstract class) is 0N/A * provided by the class specified as the value of the 0N/A * <code>cert.provider.x509v1</code> 0N/A * property in the security properties file. 0N/A * <p>Note: All X509Certificate 0N/A * subclasses must provide a constructor of the form: 0N/A * public <subClass>(InputStream inStream) ... 0N/A * @param certData a byte array containing the DER-encoded 0N/A * @return an X509Certificate object initialized with the data 0N/A * from <code>certData</code>. 0N/A * @exception CertificateException if a class initialization 0N/A * or certificate parsing error occurs. 0N/A * This turns out not to work for now. To run under JDK1.2 we would 0N/A * need to call beginPrivileged() but we can't do that and run 0N/A // shouldn't happen, but assume corrupted properties file 0N/A // provide access to sun implementation 0N/A className =
"com.sun.security.cert.internal.x509.X509V1CertImpl";
0N/A // get the appropriate constructor and instantiate it 0N/A // get a new instance 0N/A * Checks that the certificate is currently valid. It is if 0N/A * the current date and time are within the validity period given in the 0N/A * The validity period consists of two date/time values: 0N/A * the first and last dates (and times) on which the certificate 0N/A * is valid. It is defined in 0N/A * validity Validity<p> 0N/A * Validity ::= SEQUENCE { 0N/A * notBefore CertificateValidityDate, 0N/A * notAfter CertificateValidityDate }<p> 0N/A * CertificateValidityDate ::= CHOICE { 0N/A * generalTime GeneralizedTime } 0N/A * @exception CertificateExpiredException if the certificate has expired. 0N/A * @exception CertificateNotYetValidException if the certificate is not 0N/A * Checks that the specified date is within the certificate's 0N/A * validity period. In other words, this determines whether the 0N/A * certificate would be valid at the specified date/time. 0N/A * @param date the Date to check against to see if this certificate 0N/A * @exception CertificateExpiredException if the certificate has expired 0N/A * with respect to the <code>date</code> supplied. 0N/A * @exception CertificateNotYetValidException if the certificate is not 0N/A * yet valid with respect to the <code>date</code> supplied. 0N/A * @see #checkValidity() 0N/A * Gets the <code>version</code> (version number) value from the 0N/A * certificate. The ASN.1 definition for this is: 0N/A * version [0] EXPLICIT Version DEFAULT v1<p> 0N/A * Version ::= INTEGER { v1(0), v2(1), v3(2) } 0N/A * @return the version number from the ASN.1 encoding, i.e. 0, 1 or 2. 0N/A * Gets the <code>serialNumber</code> value from the certificate. 0N/A * The serial number is an integer assigned by the certification 0N/A * authority to each certificate. It must be unique for each 0N/A * certificate issued by a given CA (i.e., the issuer name and 0N/A * serial number identify a unique certificate). 0N/A * The ASN.1 definition for this is: 0N/A * serialNumber CertificateSerialNumber<p> 0N/A * CertificateSerialNumber ::= INTEGER 0N/A * @return the serial number. 0N/A * Gets the <code>issuer</code> (issuer distinguished name) value from 0N/A * the certificate. The issuer name identifies the entity that signed (and 0N/A * issued) the certificate. 0N/A * <p>The issuer name field contains an 0N/A * X.500 distinguished name (DN). 0N/A * The ASN.1 definition for this is: 0N/A * Name ::= CHOICE { RDNSequence } 0N/A * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 0N/A * RelativeDistinguishedName ::= 0N/A * SET OF AttributeValueAssertion 0N/A * AttributeValueAssertion ::= SEQUENCE { 0N/A * AttributeType ::= OBJECT IDENTIFIER 0N/A * AttributeValue ::= ANY 0N/A * The <code>Name</code> describes a hierarchical name composed of 0N/A * attributes, such as country name, and corresponding values, such as US. 0N/A * The type of the <code>AttributeValue</code> component is determined by 0N/A * the <code>AttributeType</code>; in general it will be a 0N/A * <code>directoryString</code>. A <code>directoryString</code> is usually 0N/A * one of <code>PrintableString</code>, 0N/A * <code>TeletexString</code> or <code>UniversalString</code>. 0N/A * @return a Principal whose name is the issuer distinguished name. 0N/A * Gets the <code>subject</code> (subject distinguished name) value 0N/A * from the certificate. 0N/A * The ASN.1 definition for this is: 67N/A * <p>See {@link #getIssuerDN() getIssuerDN} for <code>Name</code> 0N/A * and other relevant definitions. 0N/A * @return a Principal whose name is the subject name. 0N/A * @see #getIssuerDN() 0N/A * Gets the <code>notBefore</code> date from the validity period of 0N/A * The relevant ASN.1 definitions are: 0N/A * validity Validity<p> 0N/A * Validity ::= SEQUENCE { 0N/A * notBefore CertificateValidityDate, 0N/A * notAfter CertificateValidityDate }<p> 0N/A * CertificateValidityDate ::= CHOICE { 0N/A * generalTime GeneralizedTime } 0N/A * @return the start date of the validity period. 0N/A * @see #checkValidity() 0N/A * Gets the <code>notAfter</code> date from the validity period of 67N/A * the certificate. See {@link #getNotBefore() getNotBefore} 0N/A * for relevant ASN.1 definitions. 0N/A * @return the end date of the validity period. 0N/A * @see #checkValidity() 0N/A * Gets the signature algorithm name for the certificate 0N/A * signature algorithm. An example is the string "SHA-1/DSA". 0N/A * The ASN.1 definition for this is: 0N/A * signatureAlgorithm AlgorithmIdentifier<p> 0N/A * AlgorithmIdentifier ::= SEQUENCE { 0N/A * algorithm OBJECT IDENTIFIER, 0N/A * parameters ANY DEFINED BY algorithm OPTIONAL } 0N/A * -- contains a value of the type 0N/A * -- registered for use with the 0N/A * -- algorithm object identifier value 0N/A * <p>The algorithm name is determined from the <code>algorithm</code> 0N/A * @return the signature algorithm name. 0N/A * Gets the signature algorithm OID string from the certificate. 0N/A * An OID is represented by a set of positive whole numbers separated 0N/A * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 0N/A * with DSA signature algorithm, as per the PKIX part I. 67N/A * <p>See {@link #getSigAlgName() getSigAlgName} for 0N/A * relevant ASN.1 definitions. 0N/A * @return the signature algorithm OID string. 0N/A * Gets the DER-encoded signature algorithm parameters from this 0N/A * certificate's signature algorithm. In most cases, the signature 0N/A * algorithm parameters are null; the parameters are usually 0N/A * supplied with the certificate's public key. 67N/A * <p>See {@link #getSigAlgName() getSigAlgName} for 0N/A * relevant ASN.1 definitions. 0N/A * @return the DER-encoded signature algorithm parameters, or 0N/A * null if no parameters are present.