2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 package javax.security.cert;
20 import java.io.ByteArrayInputStream;
21 import java.io.InputStream;
22 import java.lang.reflect.Constructor;
23 import java.math.BigInteger;
24 import java.security.AccessController;
25 import java.security.InvalidKeyException;
26 import java.security.NoSuchAlgorithmException;
27 import java.security.NoSuchProviderException;
28 import java.security.Principal;
29 import java.security.PublicKey;
30 import java.security.Security;
31 import java.security.SignatureException;
32 import java.security.cert.CertificateFactory;
33 import java.util.Date;
36 * Abstract base class for X.509 certificates.
38 * This represents a standard way for accessing the attributes of X.509 v1
41 * Note: This package is provided only for compatibility reasons.
42 * It contains a simplified version of the java.security.cert package that was
43 * previously used by JSSE (Java SSL package). All applications that do not have
44 * to be compatible with older versions of JSSE (that is before Java SDK 1.5)
45 * should only use java.security.cert.
47 public abstract class X509Certificate extends Certificate {
49 private static Constructor constructor;
53 String classname = (String) AccessController.doPrivileged(
54 new java.security.PrivilegedAction() {
56 return Security.getProperty("cert.provider.x509v1");
60 Class cl = Class.forName(classname);
62 cl.getConstructor(new Class[] {InputStream.class});
63 } catch (Throwable e) {
68 * Creates a new {@code X509Certificate}.
70 public X509Certificate() {
75 * Creates a new {@code X509Certificate} and initializes it from the
76 * specified input stream.
79 * input stream containing data to initialize the certificate.
80 * @return the certificate initialized from the specified input stream
81 * @throws CertificateException
82 * if the certificate cannot be created or initialized.
84 public static final X509Certificate getInstance(InputStream inStream)
85 throws CertificateException {
86 if (inStream == null) {
87 throw new CertificateException("inStream == null");
89 if (constructor != null) {
91 return (X509Certificate)
92 constructor.newInstance(new Object[] {inStream});
93 } catch (Throwable e) {
94 throw new CertificateException(e.getMessage());
98 final java.security.cert.X509Certificate cert;
100 CertificateFactory cf = CertificateFactory.getInstance("X.509");
101 cert = (java.security.cert.X509Certificate)
102 cf.generateCertificate(inStream);
103 } catch (java.security.cert.CertificateException e) {
104 throw new CertificateException(e.getMessage());
107 return new X509Certificate() {
109 public byte[] getEncoded() throws CertificateEncodingException {
111 return cert.getEncoded();
112 } catch (java.security.cert.CertificateEncodingException e) {
113 throw new CertificateEncodingException(e.getMessage());
117 public void verify(PublicKey key) throws CertificateException,
118 NoSuchAlgorithmException, InvalidKeyException,
119 NoSuchProviderException, SignatureException {
122 } catch (java.security.cert.CertificateException e) {
123 throw new CertificateException(e.getMessage());
127 public void verify(PublicKey key, String sigProvider)
128 throws CertificateException,
129 NoSuchAlgorithmException, InvalidKeyException,
130 NoSuchProviderException, SignatureException {
132 cert.verify(key, sigProvider);
133 } catch (java.security.cert.CertificateException e) {
134 throw new CertificateException(e.getMessage());
138 public String toString() {
139 return cert.toString();
142 public PublicKey getPublicKey() {
143 return cert.getPublicKey();
146 public void checkValidity() throws CertificateExpiredException,
147 CertificateNotYetValidException {
149 cert.checkValidity();
150 } catch (java.security.cert.CertificateNotYetValidException e) {
151 throw new CertificateNotYetValidException(e.getMessage());
152 } catch (java.security.cert.CertificateExpiredException e) {
153 throw new CertificateExpiredException(e.getMessage());
157 public void checkValidity(Date date)
158 throws CertificateExpiredException,
159 CertificateNotYetValidException {
161 cert.checkValidity(date);
162 } catch (java.security.cert.CertificateNotYetValidException e) {
163 throw new CertificateNotYetValidException(e.getMessage());
164 } catch (java.security.cert.CertificateExpiredException e) {
165 throw new CertificateExpiredException(e.getMessage());
169 public int getVersion() {
173 public BigInteger getSerialNumber() {
174 return cert.getSerialNumber();
177 public Principal getIssuerDN() {
178 return cert.getIssuerDN();
181 public Principal getSubjectDN() {
182 return cert.getSubjectDN();
185 public Date getNotBefore() {
186 return cert.getNotBefore();
189 public Date getNotAfter() {
190 return cert.getNotAfter();
193 public String getSigAlgName() {
194 return cert.getSigAlgName();
197 public String getSigAlgOID() {
198 return cert.getSigAlgOID();
201 public byte[] getSigAlgParams() {
202 return cert.getSigAlgParams();
208 * Creates a new {@code X509Certificate} and initializes it from the
209 * specified byte array.
212 * byte array containing data to initialize the certificate.
213 * @return the certificate initialized from the specified byte array
214 * @throws CertificateException
215 * if the certificate cannot be created or initialized.
217 public static final X509Certificate getInstance(byte[] certData)
218 throws CertificateException {
219 if (certData == null) {
220 throw new CertificateException("certData == null");
222 ByteArrayInputStream bais = new ByteArrayInputStream(certData);
223 return getInstance(bais);
227 * Checks whether the certificate is currently valid.
229 * The validity defined in ASN.1:
234 * Validity ::= SEQUENCE {
235 * notBefore CertificateValidityDate,
236 * notAfter CertificateValidityDate }
238 * CertificateValidityDate ::= CHOICE {
240 * generalTime GeneralizedTime }
243 * @throws CertificateExpiredException
244 * if the certificate has expired.
245 * @throws CertificateNotYetValidException
246 * if the certificate is not yet valid.
248 public abstract void checkValidity()
249 throws CertificateExpiredException, CertificateNotYetValidException;
253 * Checks whether the certificate is valid at the specified date.
256 * the date to check the validity against.
257 * @throws CertificateExpiredException
258 * if the certificate has expired.
259 * @throws CertificateNotYetValidException
260 * if the certificate is not yet valid.
261 * @see #checkValidity()
263 public abstract void checkValidity(Date date)
264 throws CertificateExpiredException, CertificateNotYetValidException;
267 * Returns the certificates {@code version} (version number).
269 * The version defined is ASN.1:
272 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
275 * @return the version number.
277 public abstract int getVersion();
280 * Returns the {@code serialNumber} of the certificate.
282 * The ASN.1 definition of {@code serialNumber}:
285 * CertificateSerialNumber ::= INTEGER
288 * @return the serial number.
290 public abstract BigInteger getSerialNumber();
293 * Returns the {@code issuer} (issuer distinguished name) as an
294 * implementation specific {@code Principal} object.
296 * The ASN.1 definition of {@code issuer}:
304 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
306 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
308 * AttributeTypeAndValue ::= SEQUENCE {
309 * type AttributeType,
310 * value AttributeValue }
312 * AttributeType ::= OBJECT IDENTIFIER
314 * AttributeValue ::= ANY DEFINED BY AttributeType
317 * @return the {@code issuer} as an implementation specific {@code
320 public abstract Principal getIssuerDN();
323 * Returns the {@code subject} (subject distinguished name) as an
324 * implementation specific {@code Principal} object.
326 * The ASN.1 definition of {@code subject}:
334 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
336 * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
338 * AttributeTypeAndValue ::= SEQUENCE {
339 * type AttributeType,
340 * value AttributeValue }
342 * AttributeType ::= OBJECT IDENTIFIER
344 * AttributeValue ::= ANY DEFINED BY AttributeType
347 * @return the {@code subject} (subject distinguished name).
349 public abstract Principal getSubjectDN();
352 * Returns the {@code notBefore} date from the validity period of the
355 * @return the start of the validity period.
357 public abstract Date getNotBefore();
360 * Returns the {@code notAfter} date of the validity period of the
363 * @return the end of the validity period.
365 public abstract Date getNotAfter();
368 * Returns the name of the algorithm for the certificate signature.
370 * @return the signature algorithm name.
372 public abstract String getSigAlgName();
375 * Returns the OID of the signature algorithm from the certificate.
377 * @return the OID of the signature algorithm.
379 public abstract String getSigAlgOID();
382 * Returns the parameters of the signature algorithm in DER-encoded format.
384 * @return the parameters of the signature algorithm, or null if none are
387 public abstract byte[] getSigAlgParams();