source: trunk/gcc/libjava/java/security/cert/X509Certificate.java

Last change on this file was 2, checked in by bird, 22 years ago

Initial revision
  • Property cvs2svn:cvs-rev set to 1.1
  • Property svn:eol-style set to native
  • Property svn:executable set to *
File size: 13.2 KB
Line 
1/* X509Certificate.java --- X.509 Certificate class
2 Copyright (C) 1999 Free Software Foundation, Inc.
3
4This file is part of GNU Classpath.
5
6GNU Classpath is free software; you can redistribute it and/or modify
7it under the terms of the GNU General Public License as published by
8the Free Software Foundation; either version 2, or (at your option)
9any later version.
10
11GNU Classpath is distributed in the hope that it will be useful, but
12WITHOUT ANY WARRANTY; without even the implied warranty of
13MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14General Public License for more details.
15
16You should have received a copy of the GNU General Public License
17along with GNU Classpath; see the file COPYING. If not, write to the
18Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
1902111-1307 USA.
20
21Linking this library statically or dynamically with other modules is
22making a combined work based on this library. Thus, the terms and
23conditions of the GNU General Public License cover the whole
24combination.
25
26As a special exception, the copyright holders of this library give you
27permission to link this library with independent modules to produce an
28executable, regardless of the license terms of these independent
29modules, and to copy and distribute the resulting executable under
30terms of your choice, provided that you also meet, for each linked
31independent module, the terms and conditions of the license of that
32module. An independent module is a module which is not derived from
33or based on this library. If you modify this library, you may extend
34this exception to your version of the library, but you are not
35obligated to do so. If you do not wish to do so, delete this
36exception statement from your version. */
37
38
39package java.security.cert;
40import java.math.BigInteger;
41import java.security.Principal;
42import java.security.PublicKey;
43import java.security.NoSuchAlgorithmException;
44import java.security.InvalidKeyException;
45import java.security.NoSuchProviderException;
46import java.security.SignatureException;
47import java.util.Date;
48
49/**
50 X509Certificate is the abstract class for X.509 certificates.
51 This provides a stanard class interface for accessing all
52 the attributes of X.509 certificates.
53
54 In June 1996, the basic X.509 v3 format was finished by
55 ISO/IEC and ANSI X.9. The ASN.1 DER format is below:
56
57 Certificate ::= SEQUENCE {
58 tbsCertificate TBSCertificate,
59 signatureAlgorithm AlgorithmIdentifier,
60 signatureValue BIT STRING }
61
62 These certificates are widely used in various Internet
63 protocols to support authentication. It is used in
64 Privacy Enhanced Mail (PEM), Transport Layer Security (TLS),
65 Secure Sockets Layer (SSL), code signing for trusted software
66 distribution, and Secure Electronic Transactions (SET).
67
68 The certificates are managed and vouched for by
69 <I>Certificate Authorities</I> (CAs). CAs are companies or
70 groups that create certificates by placing the data in the
71 X.509 certificate format and signing it with their private
72 key. CAs serve as trusted third parties by certifying that
73 the person or group specified in the certificate is who
74 they say they are.
75
76 The ASN.1 defintion for <I>tbsCertificate</I> is
77
78 TBSCertificate ::= SEQUENCE {
79 version [0] EXPLICIT Version DEFAULT v1,
80 serialNumber CertificateSerialNumber,
81 signature AlgorithmIdentifier,
82 issuer Name,
83 validity Validity,
84 subject Name,
85 subjectPublicKeyInfo SubjectPublicKeyInfo,
86 issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
87 -- If present, version shall be v2 or v3
88 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
89 -- If present, version shall be v2 or v3
90 extensions [3] EXPLICIT Extensions OPTIONAL
91 -- If present, version shall be v3
92 }
93
94 Version ::= INTEGER { v1(0), v2(1), v3(2) }
95
96 CertificateSerialNumber ::= INTEGER
97
98 Validity ::= SEQUENCE {
99 notBefore Time,
100 notAfter Time }
101
102 Time ::= CHOICE {
103 utcTime UTCTime,
104 generalTime GeneralizedTime }
105
106 UniqueIdentifier ::= BIT STRING
107
108 SubjectPublicKeyInfo ::= SEQUENCE {
109 algorithm AlgorithmIdentifier,
110 subjectPublicKey BIT STRING }
111
112 Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
113
114 Extension ::= SEQUENCE {
115 extnID OBJECT IDENTIFIER,
116 critical BOOLEAN DEFAULT FALSE,
117 extnValue OCTET STRING }
118
119
120 Certificates are created with the CertificateFactory.
121 For more information about X.509 certificates, consult
122 rfc2459.
123
124 @since JDK 1.2
125
126 @author Mark Benvenuto
127*/
128public abstract class X509Certificate extends Certificate implements X509Extension
129{
130
131 /**
132 Constructs a new certificate of the specified type.
133 */
134 protected X509Certificate()
135 {
136 super( "X.509" );
137 }
138
139 /**
140 Checks the validity of the X.509 certificate. It is valid
141 if the current date and time are within the period specified
142 by the certificate.
143
144 The ASN.1 DER encoding is:
145
146 validity Validity,
147
148 Validity ::= SEQUENCE {
149 notBefore Time,
150 notAfter Time }
151
152 Time ::= CHOICE {
153 utcTime UTCTime,
154 generalTime GeneralizedTime }
155
156 Consult rfc2459 for more information.
157
158 @throws CertificateExpiredException if the certificate expired
159 @throws CertificateNotYetValidException if the certificate is
160 not yet valid
161 */
162 public abstract void checkValidity()
163 throws CertificateExpiredException,
164 CertificateNotYetValidException;
165
166 /**
167 Checks the validity of the X.509 certificate for the
168 specified time and date. It is valid if the specified
169 date and time are within the period specified by
170 the certificate.
171
172 @throws CertificateExpiredException if the certificate expired
173 based on the date
174 @throws CertificateNotYetValidException if the certificate is
175 not yet valid based on the date
176 */
177 public abstract void checkValidity(Date date)
178 throws CertificateExpiredException,
179 CertificateNotYetValidException;
180
181 /**
182 Returns the version of this certificate.
183
184 The ASN.1 DER encoding is:
185
186 version [0] EXPLICIT Version DEFAULT v1,
187
188 Version ::= INTEGER { v1(0), v2(1), v3(2) }
189
190 Consult rfc2459 for more information.
191
192 @return version number of certificate
193 */
194 public abstract int getVersion();
195
196 /**
197 Gets the serial number for serial Number in
198 this Certifcate. It must be a unique number
199 unique other serial numbers from the granting CA.
200
201 The ASN.1 DER encoding is:
202
203 serialNumber CertificateSerialNumber,
204
205 CertificateSerialNumber ::= INTEGER
206
207 Consult rfc2459 for more information.
208
209 @return the serial number for this X509CRLEntry.
210 */
211 public abstract BigInteger getSerialNumber();
212
213 /**
214 Returns the issuer (issuer distinguished name) of the
215 Certificate. The issuer is the entity who signed
216 and issued the Certificate.
217
218 The ASN.1 DER encoding is:
219
220 issuer Name,
221
222 Name ::= CHOICE {
223 RDNSequence }
224
225 RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
226
227 RelativeDistinguishedName ::=
228 SET OF AttributeTypeAndValue
229
230 AttributeTypeAndValue ::= SEQUENCE {
231 type AttributeType,
232 value AttributeValue }
233
234 AttributeType ::= OBJECT IDENTIFIER
235
236 AttributeValue ::= ANY DEFINED BY AttributeType
237
238 DirectoryString ::= CHOICE {
239 teletexString TeletexString (SIZE (1..MAX)),
240 printableString PrintableString (SIZE (1..MAX)),
241 universalString UniversalString (SIZE (1..MAX)),
242 utf8String UTF8String (SIZE (1.. MAX)),
243 bmpString BMPString (SIZE (1..MAX)) }
244
245 Consult rfc2459 for more information.
246
247 @return the issuer in the Principal class
248 */
249 public abstract Principal getIssuerDN();
250
251 /**
252 Returns the subject (subject distinguished name) of the
253 Certificate. The subject is the entity who the Certificate
254 identifies.
255
256 The ASN.1 DER encoding is:
257
258 subject Name,
259
260 Consult rfc2459 for more information.
261
262 @return the issuer in the Principal class
263 */
264 public abstract Principal getSubjectDN();
265
266 /**
267 Returns the date that this certificate is not to be used
268 before, <I>notBefore</I>.
269
270 The ASN.1 DER encoding is:
271
272 validity Validity,
273
274 Validity ::= SEQUENCE {
275 notBefore Time,
276 notAfter Time }
277
278 Time ::= CHOICE {
279 utcTime UTCTime,
280 generalTime GeneralizedTime }
281
282 Consult rfc2459 for more information.
283
284 @return the date <I>notBefore</I>
285 */
286 public abstract Date getNotBefore();
287
288 /**
289 Returns the date that this certificate is not to be used
290 after, <I>notAfter</I>.
291
292 @return the date <I>notAfter</I>
293 */
294 public abstract Date getNotAfter();
295
296
297 /**
298 Returns the <I>tbsCertificate</I> from the certificate.
299
300 @return the DER encoded tbsCertificate
301
302 @throws CertificateEncodingException if encoding error occurred
303 */
304 public abstract byte[] getTBSCertificate() throws CertificateEncodingException;
305
306 /**
307 Returns the signature in its raw DER encoded format.
308
309 The ASN.1 DER encoding is:
310
311 signatureValue BIT STRING
312
313 Consult rfc2459 for more information.
314
315 @return byte array representing signature
316 */
317 public abstract byte[] getSignature();
318
319 /**
320 Returns the signature algorithm used to sign the CRL.
321 An examples is "SHA-1/DSA".
322
323 The ASN.1 DER encoding is:
324
325 signatureAlgorithm AlgorithmIdentifier,
326
327 AlgorithmIdentifier ::= SEQUENCE {
328 algorithm OBJECT IDENTIFIER,
329 parameters ANY DEFINED BY algorithm OPTIONAL }
330
331 Consult rfc2459 for more information.
332
333 The algorithm name is determined from the OID.
334
335 @return a string with the signature algorithm name
336 */
337 public abstract String getSigAlgName();
338
339
340 /**
341 Returns the OID for the signature algorithm used.
342 Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\
343
344 The ASN.1 DER encoding for the example is:
345
346 id-dsa-with-sha1 ID ::= {
347 iso(1) member-body(2) us(840) x9-57 (10040)
348 x9cm(4) 3 }
349
350 Consult rfc2459 for more information.
351
352 @return a string containing the OID.
353 */
354 public abstract String getSigAlgOID();
355
356
357 /**
358 Returns the AlgorithmParameters in the encoded form
359 for the signature algorithm used.
360
361 If access to the parameters is need, create an
362 instance of AlgorithmParameters.
363
364 @return byte array containing algorithm parameters, null
365 if no parameters are present in certificate
366 */
367 public abstract byte[] getSigAlgParams();
368
369
370 /**
371 Returns the issuer unique ID for this certificate.
372
373 The ASN.1 DER encoding is:
374
375 issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
376 -- If present, version shall be v2 or v3
377
378 UniqueIdentifier ::= BIT STRING
379
380 Consult rfc2459 for more information.
381
382 @return bit representation of <I>issuerUniqueID</I>
383 */
384 public abstract boolean[] getIssuerUniqueID();
385
386 /**
387 Returns the subject unique ID for this certificate.
388
389 The ASN.1 DER encoding is:
390
391 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
392 -- If present, version shall be v2 or v3
393
394 UniqueIdentifier ::= BIT STRING
395
396 Consult rfc2459 for more information.
397
398 @return bit representation of <I>subjectUniqueID</I>
399 */
400 public abstract boolean[] getSubjectUniqueID();
401
402 /**
403 Returns a boolean array representing the <I>KeyUsage</I>
404 extension for the certificate. The KeyUsage (OID = 2.5.29.15)
405 defines the purpose of the key in the certificate.
406
407 The ASN.1 DER encoding is:
408
409 id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }
410
411 KeyUsage ::= BIT STRING {
412 digitalSignature (0),
413 nonRepudiation (1),
414 keyEncipherment (2),
415 dataEncipherment (3),
416 keyAgreement (4),
417 keyCertSign (5),
418 cRLSign (6),
419 encipherOnly (7),
420 decipherOnly (8) }
421
422 Consult rfc2459 for more information.
423
424 @return bit representation of <I>KeyUsage</I>
425 */
426 public abstract boolean[] getKeyUsage();
427
428 /**
429 Returns the certificate constraints path length from the
430 critical BasicConstraints extension, (OID = 2.5.29.19).
431
432 The basic constraints extensions is used to determine if
433 the subject of the certificate is a Certificate Authority (CA)
434 and how deep the certification path may exist. The
435 <I>pathLenConstraint</I> only takes affect if <I>cA</I>
436 is set to true. "A value of zero indicates that only an
437 end-entity certificate may follow in the path." (rfc2459)
438
439 The ASN.1 DER encoding is:
440
441 id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }
442
443 BasicConstraints ::= SEQUENCE {
444 cA BOOLEAN DEFAULT FALSE,
445 pathLenConstraint INTEGER (0..MAX) OPTIONAL }
446
447 Consult rfc2459 for more information.
448
449 @return the length of the path constraint if BasicConstraints
450 is present and cA is TRUE. Otherwise returns -1.
451 */
452 public abstract int getBasicConstraints();
453
454
455}
Note: See TracBrowser for help on using the repository browser.