X509CertInfo.java revision 2362
2362N/A * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * The X509CertInfo class represents X.509 certificate information. 0N/A * <P>X.509 certificates have several base data elements, including:<UL> 0N/A * <LI>The <em>Subject Name</em>, an X.500 Distinguished Name for 0N/A * the entity (subject) for which the certificate was issued. 0N/A * <LI>The <em>Subject Public Key</em>, the public key of the subject. 0N/A * This is one of the most important parts of the certificate. 0N/A * <LI>The <em>Validity Period</em>, a time period (e.g. six months) 0N/A * within which the certificate is valid (unless revoked). 0N/A * <LI>The <em>Issuer Name</em>, an X.500 Distinguished Name for the 0N/A * Certificate Authority (CA) which issued the certificate. 0N/A * <LI>A <em>Serial Number</em> assigned by the CA, for use in 0N/A * certificate revocation and other applications. 0N/A * @author Amit Kapoor 0N/A * @author Hemma Prafullchandra 0N/A * Identifier for this attribute, to be used with the 0N/A * get, set, delete methods of Certificate, x509 type. 0N/A // Certificate attribute names 0N/A // X509.v2 & v3 extensions 0N/A // X509.v3 extensions 0N/A // Attribute numbers for internal manipulation 0N/A // DER encoded CertificateInfo data 0N/A // The certificate attribute name to integer mapping stored here 0N/A * Construct an uninitialized X509CertInfo on which <a href="#decode"> 0N/A * decode</a> must later be called (or which may be deserialized). 0N/A * Unmarshals a certificate from its encoded form, parsing the 0N/A * encoded bytes. This form of constructor is used by agents which 0N/A * need to examine and use certificate contents. That is, this is 0N/A * one of the more commonly used constructors. Note that the buffer 0N/A * must include only a certificate, and no "garbage" may be left at 0N/A * the end. If you need to ignore data at the end of a certificate, 0N/A * use another constructor. 0N/A * @param cert the encoded bytes, with no trailing data. 0N/A * @exception CertificateParsingException on parsing errors. 0N/A * Unmarshal a certificate from its encoded form, parsing a DER value. 0N/A * This form of constructor is used by agents which need to examine 0N/A * and use certificate contents. 0N/A * @param derVal the der value containing the encoded cert. 0N/A * @exception CertificateParsingException on parsing errors. 0N/A * Appends the certificate to an output stream. 0N/A * @param out an output stream to which the certificate is appended. 0N/A * @exception CertificateException on encoding errors. 0N/A * @exception IOException on other errors. 0N/A * Return an enumeration of names of attributes existing within this 0N/A * Return the name of this attribute. 0N/A * Returns the encoded certificate info. 0N/A * @exception CertificateEncodingException on encoding information errors. 0N/A * Compares two X509CertInfo objects. This is false if the 0N/A * certificates are not both X.509 certs, otherwise it 0N/A * compares them as binary data. 0N/A * @param other the object being compared with this one 0N/A * @return true iff the certificates are equivalent 0N/A * Compares two certificates, returning false if any data 0N/A * differs between the two. 0N/A * @param other the object being compared with this one 0N/A * @return true iff the certificates are equivalent 0N/A * Calculates a hash code value for the object. Objects 0N/A * which are equal will also have the same hashcode. 0N/A * Returns a printable representation of the certificate. 0N/A // optional v2, v3 extras 0N/A +
"DER encoded OCTET string =\n" 0N/A * Set the certificate attribute. 0N/A * @params name the name of the Certificate attribute. 0N/A * @params val the value of the Certificate attribute. 0N/A * @exception CertificateException on invalid attributes. 0N/A * @exception IOException on other errors. 0N/A // set rawCertInfo to null, so that we are forced to re-encode 0N/A * Delete the certificate attribute. 0N/A * @params name the name of the Certificate attribute. 0N/A * @exception CertificateException on invalid attributes. 0N/A * @exception IOException on other errors. 0N/A // set rawCertInfo to null, so that we are forced to re-encode 0N/A * Get the certificate attribute. 0N/A * @params name the name of the Certificate attribute. 0N/A * @exception CertificateException on invalid attributes. 0N/A * @exception IOException on other errors. 0N/A "Attribute name not recognized: " +
name);
0N/A switch (
attr) {
// frequently used attributes first 0N/A * This routine unmarshals the certificate information. 0N/A // Serial number ... an integer 0N/A // Algorithm Identifier 0N/A "Empty issuer DN not allowed in X509Certificates");
0N/A // validity: SEQUENCE { start date, end date } 0N/A "Empty subject DN not allowed in v1 certificate");
0N/A // If more data available, make sure version is not v1. 0N/A "no more data allowed for version 1 certificate");
0N/A // Get the issuerUniqueId if present 0N/A // Get the subjectUniqueId if present. 0N/A // Get the extensions. 0N/A "Extensions not allowed in v2 certificate");
0N/A // verify X.509 V3 Certificate 0N/A * Verify if X.509 V3 Certificate is compliant with RFC 3280. 0N/A // if SubjectName is empty, check for SubjectAlternativeNameExtension 0N/A "incomplete: subject field is empty, and certificate " +
0N/A "has no extensions");
0N/A "incomplete: subject field is empty, and " +
0N/A "SubjectAlternativeName extension is absent");
0N/A // SubjectAlternativeName extension is empty or not marked critical 0N/A "incomplete: subject field is empty, and " +
0N/A "SubjectAlternativeName extension is empty");
0N/A "incomplete: SubjectAlternativeName extension MUST " +
0N/A "be marked critical when subject field is empty");
0N/A * Marshal the contents of a "raw" certificate into a DER sequence. 0N/A // version number, iff not V1 0N/A // Encode serial number, issuer signing algorithm, issuer name 0N/A "Null issuer DN not allowed in v1 certificate");
0N/A // Encode subject (principal) and associated key 0N/A "Null subject DN not allowed in v1 certificate");
0N/A // Encode issuerUniqueId & subjectUniqueId. 0N/A // Write all the extensions. 0N/A // Wrap the data; encoding of the "raw" cert is now complete. 0N/A * Returns the integer attribute number for the passed attribute name. 0N/A * Set the version number of the certificate. 0N/A * @params val the Object class value for the Extensions 0N/A * @exception CertificateException on invalid data. 0N/A * Set the serial number of the certificate. 0N/A * @params val the Object class value for the CertificateSerialNumber 0N/A * @exception CertificateException on invalid data. 0N/A * Set the algorithm id of the certificate. 0N/A * @params val the Object class value for the AlgorithmId 0N/A * @exception CertificateException on invalid data. 0N/A "AlgorithmId class type invalid.");
0N/A * Set the issuer name of the certificate. 0N/A * @params val the Object class value for the issuer 0N/A * @exception CertificateException on invalid data. 0N/A "Issuer class type invalid.");
0N/A * Set the validity interval of the certificate. 0N/A * @params val the Object class value for the CertificateValidity 0N/A * @exception CertificateException on invalid data. 0N/A "CertificateValidity class type invalid.");
0N/A * Set the subject name of the certificate. 0N/A * @params val the Object class value for the Subject 0N/A * @exception CertificateException on invalid data. 0N/A "Subject class type invalid.");
0N/A * Set the public key in the certificate. 0N/A * @params val the Object class value for the PublicKey 0N/A * @exception CertificateException on invalid data. 0N/A "Key class type invalid.");
0N/A * Set the Issuer Unique Identity in the certificate. 0N/A * @params val the Object class value for the IssuerUniqueId 0N/A * @exception CertificateException 0N/A "IssuerUniqueId class type invalid.");
0N/A * Set the Subject Unique Identity in the certificate. 0N/A * @params val the Object class value for the SubjectUniqueId 0N/A * @exception CertificateException 0N/A "SubjectUniqueId class type invalid.");
0N/A * Set the extensions in the certificate. 0N/A * @params val the Object class value for the Extensions 0N/A * @exception CertificateException 0N/A "Extensions class type invalid.");