Class X509Cert
- java.lang.Object
-
- netscape.security.x509.X509Cert
-
- All Implemented Interfaces:
java.io.Serializable
,java.security.Certificate
public class X509Cert extends java.lang.Object implements java.security.Certificate, java.io.Serializable
Deprecated.Use the new X509Certificate class. This class is only restored for backwards compatibility.- Version:
- 1.5
- Author:
- David Brownell
- See Also:
CertAndKeyGen
, Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description protected AlgorithmId
algid
Deprecated.
-
Constructor Summary
Constructors Constructor Description X509Cert()
Deprecated.Construct a uninitialized X509 Cert on which decode must later be called (or which may be deserialized).X509Cert(byte[] cert)
Deprecated.Unmarshals a certificate from its encoded form, parsing the encoded bytes.X509Cert(byte[] buf, int offset, int len)
Deprecated.Unmarshals a certificate from its encoded form, parsing the encoded bytes.X509Cert(DerValue derVal)
Deprecated.Unmarshal a certificate from its encoded form, parsing a DER value.X509Cert(X500Name subjectName, X509Key subjectPublicKey, java.util.Date notBefore, java.util.Date notAfter)
Deprecated.Partially constructs a certificate from descriptive parameters.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description void
decode(java.io.InputStream in)
Deprecated.Decode an X.509 certificate from an input stream.void
encode(java.io.OutputStream out)
Deprecated.Appends the certificate to an output stream.byte[]
encodeAndSign(BigInt serial, X500Signer issuer)
Deprecated.Creates an X.509 certificate, and signs it using the issuer passed (associating a signature algorithm and an X.500 name).boolean
equals(java.lang.Object other)
Deprecated.Compares two certificates.boolean
equals(X509Cert src)
Deprecated.Compares two certificates, returning false if any data differs between the two.java.lang.String
getFormat()
Deprecated.Returns the "X.509" format identifier.java.security.Principal
getGuarantor()
Deprecated.Returns getIssuerNameAlgorithmId
getIssuerAlgorithmId()
Deprecated.Returns the algorithm used by the issuer to sign the certificate.X500Name
getIssuerName()
Deprecated.Returns the certificate issuer's X.500 distinguished name.java.util.Date
getNotAfter()
Deprecated.Returns the last time the certificate is valid.java.util.Date
getNotBefore()
Deprecated.Returns the first time the certificate is valid.java.security.Principal
getPrincipal()
Deprecated.Returns getSubjectNamejava.security.PublicKey
getPublicKey()
Deprecated.Returns the subject's public key.BigInt
getSerialNumber()
Deprecated.Returns the certificate's serial number.byte[]
getSignedCert()
Deprecated.Return the signed X.509 certificate as a byte array.X500Signer
getSigner(AlgorithmId algorithmId, java.security.PrivateKey privateKey)
Deprecated.Returns an X500Signer that may be used to create signatures.X500Name
getSubjectName()
Deprecated.Returns the subject's X.500 distinguished name.java.security.Signature
getVerifier(java.lang.String algorithm)
Deprecated.Returns a signature object that may be used to verify signatures created using a specified signature algorithm and the public key contained in this certificate.int
getVersion()
Deprecated.Returns the X.509 version number of this certificate, zero based.int
hashCode()
Deprecated.Calculates a hash code value for the object.java.lang.String
toString()
Deprecated.Returns a printable representation of the certificate.java.lang.String
toString(boolean detailed)
Deprecated.Returns a printable representation of the certificate.void
verify(java.security.PublicKey issuerPublicKey)
Deprecated.Throws an exception if the certificate is invalid because it is now outside of the certificate's validity period, or because it was not signed using the verification key provided.
-
-
-
Field Detail
-
algid
protected AlgorithmId algid
Deprecated.
-
-
Constructor Detail
-
X509Cert
public X509Cert()
Deprecated.Construct a uninitialized X509 Cert on which decode must later be called (or which may be deserialized).
-
X509Cert
public X509Cert(byte[] cert) throws java.io.IOException
Deprecated.Unmarshals a certificate from its encoded form, parsing the encoded bytes. This form of constructor is used by agents which need to examine and use certificate contents. That is, this is one of the more commonly used constructors. Note that the buffer must include only a certificate, and no "garbage" may be left at the end. If you need to ignore data at the end of a certificate, use another constructor.- Parameters:
cert
- the encoded bytes, with no terminatu (CONSUMED)- Throws:
java.io.IOException
- when the certificate is improperly encoded.
-
X509Cert
public X509Cert(byte[] buf, int offset, int len) throws java.io.IOException
Deprecated.Unmarshals a certificate from its encoded form, parsing the encoded bytes. This form of constructor is used by agents which need to examine and use certificate contents. That is, this is one of the most commonly used constructors.- Parameters:
buf
- the buffer holding the encoded bytesoffset
- the offset in the buffer where the bytes beginlen
- how many bytes of certificate exist- Throws:
java.io.IOException
- when the certificate is improperly encoded.
-
X509Cert
public X509Cert(DerValue derVal) throws java.io.IOException
Deprecated.Unmarshal a certificate from its encoded form, parsing a DER value. This form of constructor is used by agents which need to examine and use certificate contents.- Parameters:
derVal
- the der value containing the encoded cert.- Throws:
java.io.IOException
- when the certificate is improperly encoded.
-
X509Cert
public X509Cert(X500Name subjectName, X509Key subjectPublicKey, java.util.Date notBefore, java.util.Date notAfter) throws CertException
Deprecated.Partially constructs a certificate from descriptive parameters. This constructor may be used by Certificate Authority (CA) code, which later signs and encodes the certificate. Also, self-signed certificates serve as CA certificates, and are sometimes used as certificate requests.Until the certificate has been signed and encoded, some of the mandatory fields in the certificate will not be available via accessor functions: the serial number, issuer name and signing algorithm, and of course the signed certificate. The fields passed to this constructor are available, and must be non-null.
Note that the public key being signed is generally independent of the signature algorithm being used. So for example Diffie-Hellman keys (which do not support signatures) can be placed in X.509 certificates when some other signature algorithm (e.g. DSS/DSA, or one of the RSA based algorithms) is used.
- Parameters:
subjectName
- the X.500 distinguished name being certifiedsubjectPublicKey
- the public key being certified. This must be an "X509Key" implementing the "PublicKey" interface.notBefore
- the first time the certificate is validnotAfter
- the last time the certificate is valid- Throws:
CertException
- if the public key is inappropriate- See Also:
CertAndKeyGen
-
-
Method Detail
-
decode
public void decode(java.io.InputStream in) throws java.io.IOException
Deprecated.Decode an X.509 certificate from an input stream.- Specified by:
decode
in interfacejava.security.Certificate
- Parameters:
in
- an input stream holding at least one certificate- Throws:
java.io.IOException
- when the certificate is improperly encoded.
-
encode
public void encode(java.io.OutputStream out) throws java.io.IOException
Deprecated.Appends the certificate to an output stream.- Specified by:
encode
in interfacejava.security.Certificate
- Parameters:
out
- an input stream to which the certificate is appended.- Throws:
java.io.IOException
- when appending fails.
-
equals
public boolean equals(java.lang.Object other)
Deprecated.Compares two certificates. This is false if the certificates are not both X.509 certs, otherwise it compares them as binary data.- Overrides:
equals
in classjava.lang.Object
- Parameters:
other
- the object being compared with this one- Returns:
- true iff the certificates are equivalent
-
equals
public boolean equals(X509Cert src)
Deprecated.Compares two certificates, returning false if any data differs between the two.- Parameters:
other
- the object being compared with this one- Returns:
- true iff the certificates are equivalent
-
getFormat
public java.lang.String getFormat()
Deprecated.Returns the "X.509" format identifier.- Specified by:
getFormat
in interfacejava.security.Certificate
-
getGuarantor
public java.security.Principal getGuarantor()
Deprecated.Returns getIssuerName- Specified by:
getGuarantor
in interfacejava.security.Certificate
-
getPrincipal
public java.security.Principal getPrincipal()
Deprecated.Returns getSubjectName- Specified by:
getPrincipal
in interfacejava.security.Certificate
-
verify
public void verify(java.security.PublicKey issuerPublicKey) throws CertException
Deprecated.Throws an exception if the certificate is invalid because it is now outside of the certificate's validity period, or because it was not signed using the verification key provided. Successfully verifying a certificate does not indicate that one should trust the entity which it represents.Note that since this class represents only a single X.509 certificate, it cannot know anything about the certificate chain which is used to provide the verification key and to establish trust. Other code must manage and use those cert chains.
For now, you must walk the cert chain being used to verify any given cert. Start at the root, which is a self-signed certificate; verify it using the key inside the certificate. Then use that to verify the next certificate in the chain, issued by that CA. In this manner, verify each certificate until you reach the particular certificate you wish to verify. You should not use a certificate if any of the verification operations for its certificate chain were unsuccessful.
- Parameters:
issuerPublicKey
- the public key of the issuing CA- Throws:
CertException
- when the certificate is not valid.
-
encodeAndSign
public byte[] encodeAndSign(BigInt serial, X500Signer issuer) throws java.io.IOException, java.security.SignatureException
Deprecated.Creates an X.509 certificate, and signs it using the issuer passed (associating a signature algorithm and an X.500 name). This operation is used to implement the certificate generation functionality of a certificate authority.- Parameters:
serial
- the serial number of the certificate (non-null)issuer
- the certificate issuer (CA) (non-null)- Returns:
- the signed certificate, as returned by getSignedCert
- Throws:
java.io.IOException
- if any of the data could not be encoded, or when any mandatory data was omittedjava.security.SignatureException
- on signing failures- See Also:
getSignedCert()
,getSigner(netscape.security.x509.AlgorithmId, java.security.PrivateKey)
,CertAndKeyGen
-
getSigner
public X500Signer getSigner(AlgorithmId algorithmId, java.security.PrivateKey privateKey) throws java.security.NoSuchAlgorithmException, java.security.InvalidKeyException
Deprecated.Returns an X500Signer that may be used to create signatures. Those signature may in turn be verified using this certificate (or a copy of it).NOTE: If the private key is by itself capable of creating signatures, this fact may not be recognized at this time. Specifically, the case of DSS/DSA keys which get their algorithm parameters from higher in the certificate chain is not supportable without using an X509CertChain API, and there is no current support for other sources of algorithm parameters.
- Parameters:
algorithm
- the signature algorithm to be used. Note that a given public/private key pair may support several such algorithms.privateKey
- the private key used to create the signature, which must correspond to the public key in this certificate- Returns:
- the Signer object
- Throws:
java.security.NoSuchAlgorithmException
- if the signature algorithm is not supportedjava.security.InvalidKeyException
- if either the key in the certificate, or the private key parameter, does not support the requested signature algorithm
-
getVerifier
public java.security.Signature getVerifier(java.lang.String algorithm) throws java.security.NoSuchAlgorithmException, java.security.InvalidKeyException
Deprecated.Returns a signature object that may be used to verify signatures created using a specified signature algorithm and the public key contained in this certificate.NOTE: If the public key in this certificate is not by itself capable of verifying signatures, this may not be recognized at this time. Specifically, the case of DSS/DSA keys which get their algorithm parameters from higher in the certificate chain is not supportable without using an X509CertChain API, and there is no current support for other sources of algorithm parameters.
- Parameters:
algorithm
- the algorithm of the signature to be verified- Returns:
- the Signature object
- Throws:
java.security.NoSuchAlgorithmException
- if the signature algorithm is not supportedjava.security.InvalidKeyException
- if the key in the certificate does not support the requested signature algorithm
-
getSignedCert
public byte[] getSignedCert()
Deprecated.Return the signed X.509 certificate as a byte array. The bytes are in standard DER marshaled form. Null is returned in the case of a partially constructed cert.
-
getSerialNumber
public BigInt getSerialNumber()
Deprecated.Returns the certificate's serial number. Null is returned in the case of a partially constructed cert.
-
getSubjectName
public X500Name getSubjectName()
Deprecated.Returns the subject's X.500 distinguished name.
-
getIssuerName
public X500Name getIssuerName()
Deprecated.Returns the certificate issuer's X.500 distinguished name. Null is returned in the case of a partially constructed cert.
-
getIssuerAlgorithmId
public AlgorithmId getIssuerAlgorithmId()
Deprecated.Returns the algorithm used by the issuer to sign the certificate. Null is returned in the case of a partially constructed cert.
-
getNotBefore
public java.util.Date getNotBefore()
Deprecated.Returns the first time the certificate is valid.
-
getNotAfter
public java.util.Date getNotAfter()
Deprecated.Returns the last time the certificate is valid.
-
getPublicKey
public java.security.PublicKey getPublicKey()
Deprecated.Returns the subject's public key. Note that some public key algorithms support an optional certificate generation policy where the keys in the certificates are not in themselves sufficient to perform a public key operation. Those keys need to be augmented by algorithm parameters, which the certificate generation policy chose not to place in the certificate.Two such public key algorithms are: DSS/DSA, where algorithm parameters could be acquired from a CA certificate in the chain of issuers; and Diffie-Hellman, with a similar solution although the CA then needs both a Diffie-Hellman certificate and a signature capable certificate.
- Specified by:
getPublicKey
in interfacejava.security.Certificate
-
getVersion
public int getVersion()
Deprecated.Returns the X.509 version number of this certificate, zero based. That is, "2" indicates an X.509 version 3 (1993) certificate, and "0" indicates X.509v1 (1988). Zero is returned in the case of a partially constructed cert.
-
hashCode
public int hashCode()
Deprecated.Calculates a hash code value for the object. Objects which are equal will also have the same hashcode.- Overrides:
hashCode
in classjava.lang.Object
-
toString
public java.lang.String toString()
Deprecated.Returns a printable representation of the certificate. This does not contain all the information available to distinguish this from any other certificate. The certificate must be fully constructed before this function may be called; in particular, if you are creating certificates you must call encodeAndSign() before calling this function.- Overrides:
toString
in classjava.lang.Object
-
toString
public java.lang.String toString(boolean detailed)
Deprecated.Returns a printable representation of the certificate.- Specified by:
toString
in interfacejava.security.Certificate
- Parameters:
detailed
- true iff lots of detail is requested
-
-