Class X509Certificate
- java.lang.Object
-
- java.security.cert.Certificate
-
- java.security.cert.X509Certificate
-
- All Implemented Interfaces:
java.io.Serializable,X509Extension
public abstract class X509Certificate extends Certificate implements X509Extension
Abstract class for X.509 certificates. This provides a standard way to access all the attributes of an X.509 certificate.
In June of 1996, the basic X.509 v3 format was completed by ISO/IEC and ANSI X9, which is described below in ASN.1:
Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }These certificates are widely used to support authentication and other functionality in Internet security systems. Common applications include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), code signing for trusted software distribution, and Secure Electronic Transactions (SET).
These certificates are managed and vouched for by Certificate Authorities (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. CAs act as trusted third parties, making introductions between principals who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.
More information can be found in RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile.
The ASN.1 definition of
tbsCertificateis:TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL -- If present, version must be v3 }Certificates are instantiated using a certificate factory. The following is an example of how to instantiate an X.509 certificate:
try (InputStream inStream = new FileInputStream("fileName-of-cert")) { CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream); }- See Also:
Certificate,CertificateFactory,X509Extension, Serialized Form
-
-
Constructor Summary
Constructors Modifier Constructor Description protectedX509Certificate()Constructor for X.509 certificates.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description abstract voidcheckValidity()Checks that the certificate is currently valid.X500PrincipalgetIssuerX500Principal()Returns the issuer (issuer distinguished name) value from the certificate as anX500Principal.X500PrincipalgetSubjectX500Principal()Returns the subject (subject distinguished name) value from the certificate as anX500Principal.-
Methods inherited from class java.security.cert.Certificate
equals, getEncoded, getPublicKey, getType, hashCode, toString, verify, verify
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface java.security.cert.X509Extension
getCriticalExtensionOIDs, getExtensionValue, getNonCriticalExtensionOIDs, hasUnsupportedCriticalExtension
-
-
-
-
Method Detail
-
checkValidity
public abstract void checkValidity() throws CertificateExpiredException, CertificateNotYetValidExceptionChecks that the certificate is currently valid. It is if the current date and time are within the validity period given in the certificate.The validity period consists of two date/time values: the first and last dates (and times) on which the certificate is valid. It is defined in ASN.1 as:
validity Validity Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate } CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }- Throws:
CertificateExpiredException- if the certificate has expired.CertificateNotYetValidException- if the certificate is not yet valid.
-
getIssuerX500Principal
public X500Principal getIssuerX500Principal()
Returns the issuer (issuer distinguished name) value from the certificate as anX500Principal.It is recommended that subclasses override this method.
- Returns:
- an
X500Principalrepresenting the issuer distinguished name - Since:
- 1.4
-
getSubjectX500Principal
public X500Principal getSubjectX500Principal()
Returns the subject (subject distinguished name) value from the certificate as anX500Principal. If the subject value is empty, then thegetName()method of the returnedX500Principalobject returns an empty string ("").It is recommended that subclasses override this method.
- Returns:
- an
X500Principalrepresenting the subject distinguished name - Since:
- 1.4
-
-