com.tencent.kona.sun.security.x509

Class X509CertImpl

java.lang.Object

java.security.cert.Certificate

java.security.cert.X509Certificate

com.tencent.kona.sun.security.x509.X509CertImpl

All Implemented Interfaces:

com.tencent.kona.sun.security.util.DerEncoder, SMCertificate, java.io.Serializable, java.security.cert.X509Extension

public class X509CertImpl
extends java.security.cert.X509Certificate
implements com.tencent.kona.sun.security.util.DerEncoder, SMCertificate

The X509CertImpl class represents an X.509 certificate. These certificates are widely used to support authentication and other functionality in Internet security systems. Common applications include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), code signing for trusted software distribution, and Secure Electronic Transactions (SET). There is a commercial infrastructure ready to manage large scale deployments of X.509 identity certificates.

These certificates are managed and vouched for by Certificate Authorities (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties, making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.

Standards relating to X.509 Public Key Infrastructure for the Internet can be referenced in RFC 5280.

See Also:

X509CertInfo, Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class java.security.cert.Certificate

java.security.cert.Certificate.CertificateRep

Field Summary

Fields

Modifier and Type	Field and Description
protected com.tencent.kona.sun.security.x509.AlgorithmId	algId
protected X509CertInfo	info
static java.lang.String	NAME
protected byte[]	signature

Constructor Summary

Constructors

Constructor and Description
X509CertImpl(byte[] certData) Unmarshals a certificate from its encoded form, parsing the encoded bytes.
X509CertImpl(com.tencent.kona.sun.security.util.DerValue derVal) Unmarshals a certificate from its encoded form, parsing a DER value.
X509CertImpl(java.io.InputStream in) Unmarshals an X.509 certificate from an input stream.
X509CertImpl(X509CertInfo info, com.tencent.kona.sun.security.x509.AlgorithmId algId, byte[] signature, byte[] signedCert) Constructor simply setting all (non-cache) fields.

Method Summary

Modifier and Type	Method and Description
void	checkValidity() Checks that the certificate is currently valid, i.e.
void	checkValidity(java.util.Date date) Checks that the specified date is within the certificate's validity period, or basically if the certificate would be valid at the specified date/time.
void	encode(com.tencent.kona.sun.security.util.DerOutputStream out) DER encode this object onto an output stream.
KeyIdentifier	getAuthKeyId()
AuthorityInfoAccessExtension	getAuthorityInfoAccessExtension()
AuthorityKeyIdentifierExtension	getAuthorityKeyIdentifierExtension() Get AuthorityKeyIdentifier extension
int	getBasicConstraints() Get the certificate constraints path length from the critical BasicConstraints extension, (oid = 2.5.29.19).
BasicConstraintsExtension	getBasicConstraintsExtension() Get BasicConstraints extension
CertificatePoliciesExtension	getCertificatePoliciesExtension() Get CertificatePoliciesExtension
java.util.Set<java.lang.String>	getCriticalExtensionOIDs() Gets a Set of the extension(s) marked CRITICAL in the certificate.
CRLDistributionPointsExtension	getCRLDistributionPointsExtension() Get CRLDistributionPoints extension
byte[]	getEncoded() Returns the encoded form of this certificate.
byte[]	getEncodedInternal() Returned the encoding as an uncloned byte array.
static byte[]	getEncodedInternal(java.security.cert.Certificate cert) Returned the encoding of the given certificate for internal use.
java.util.List<java.lang.String>	getExtendedKeyUsage() This method is the overridden implementation of the getExtendedKeyUsage method in X509Certificate in the Sun provider.
static java.util.List<java.lang.String>	getExtendedKeyUsage(java.security.cert.X509Certificate cert) This static method is the default implementation of the getExtendedKeyUsage method in X509Certificate.
ExtendedKeyUsageExtension	getExtendedKeyUsageExtension() Get ExtendedKeyUsage extension
Extension	getExtension(com.tencent.kona.sun.security.util.ObjectIdentifier oid) Gets the extension identified by the given ObjectIdentifier
byte[]	getExtensionValue(java.lang.String oid) Gets the DER encoded extension identified by the given oid String.
static java.lang.String	getFingerprint(java.lang.String algorithm, java.security.cert.X509Certificate cert, com.tencent.kona.sun.security.util.Debug debug) Gets the requested fingerprint of the certificate.
byte[]	getId()
X509CertInfo	getInfo() Return the requested attribute from the certificate.
IssuerAlternativeNameExtension	getIssuerAlternativeNameExtension() Get IssuerAlternativeName extension
java.util.Collection<java.util.List<?>>	getIssuerAlternativeNames() This method is the overridden implementation of the getIssuerAlternativeNames method in X509Certificate in the Sun provider.
static java.util.Collection<java.util.List<?>>	getIssuerAlternativeNames(java.security.cert.X509Certificate cert) This static method is the default implementation of the getIssuerAlternativeNames method in X509Certificate.
java.security.Principal	getIssuerDN() Gets the issuer distinguished name from the certificate.
boolean[]	getIssuerUniqueID() Gets the Issuer Unique Identity from the certificate.
javax.security.auth.x500.X500Principal	getIssuerX500Principal() Get issuer name as X500Principal.
static javax.security.auth.x500.X500Principal	getIssuerX500Principal(java.security.cert.X509Certificate cert) Extract the issuer X500Principal from an X509Certificate.
boolean[]	getKeyUsage() Get a boolean array representing the bits of the KeyUsage extension, (oid = 2.5.29.15).
NameConstraintsExtension	getNameConstraintsExtension() Get NameConstraints extension
java.util.Set<java.lang.String>	getNonCriticalExtensionOIDs() Gets a Set of the extension(s) marked NON-CRITICAL in the certificate.
java.util.Date	getNotAfter() Gets the notAfter date from the validity period of the certificate.
java.util.Date	getNotBefore() Gets the notBefore date from the validity period of the certificate.
PolicyConstraintsExtension	getPolicyConstraintsExtension() Get PolicyConstraints extension
PolicyMappingsExtension	getPolicyMappingsExtension() Get PolicyMappingsExtension extension
PrivateKeyUsageExtension	getPrivateKeyUsageExtension() Get PrivateKeyUsage extension
java.security.PublicKey	getPublicKey() Gets the publickey from this certificate.
java.math.BigInteger	getSerialNumber() Gets the serial number from the certificate.
SerialNumber	getSerialNumberObject() Gets the serial number from the certificate as a SerialNumber object.
com.tencent.kona.sun.security.x509.AlgorithmId	getSigAlg()
java.lang.String	getSigAlgName() Gets the signature algorithm name for the certificate signature algorithm.
java.lang.String	getSigAlgOID() Gets the signature algorithm OID string from the certificate.
byte[]	getSigAlgParams() Gets the DER encoded signature algorithm parameters from this certificate's signature algorithm.
byte[]	getSignature() Gets the raw Signature bits from the certificate.
SubjectAlternativeNameExtension	getSubjectAlternativeNameExtension() Get SubjectAlternativeName extension
java.util.Collection<java.util.List<?>>	getSubjectAlternativeNames() This method is the overridden implementation of the getSubjectAlternativeNames method in X509Certificate in the Sun provider.
static java.util.Collection<java.util.List<?>>	getSubjectAlternativeNames(java.security.cert.X509Certificate cert) This static method is the default implementation of the getSubjectAlternativeNames method in X509Certificate.
java.security.Principal	getSubjectDN() Gets the subject distinguished name from the certificate.
KeyIdentifier	getSubjectKeyId() Returns the subject's key identifier, or null
SubjectKeyIdentifierExtension	getSubjectKeyIdentifierExtension() Get SubjectKeyIdentifier extension
boolean[]	getSubjectUniqueID() Gets the Subject Unique Identity from the certificate.
javax.security.auth.x500.X500Principal	getSubjectX500Principal() Get subject name as X500Principal.
static javax.security.auth.x500.X500Principal	getSubjectX500Principal(java.security.cert.X509Certificate cert) Extract the subject X500Principal from an X509Certificate.
byte[]	getTBSCertificate() Gets the DER encoded certificate informations, the tbsCertificate from this certificate.
Extension	getUnparseableExtension(com.tencent.kona.sun.security.util.ObjectIdentifier oid)
int	getVersion() Gets the version number from the certificate.
boolean	hasUnsupportedCriticalExtension() Return true if a critical extension is found that is not supported, otherwise return false.
static boolean	isSelfIssued(java.security.cert.X509Certificate cert) Utility method to test if a certificate is self-issued.
static boolean	isSelfSigned(java.security.cert.X509Certificate cert, java.lang.String sigProvider) Utility method to test if a certificate is self-signed.
static X509CertImpl	newSigned(X509CertInfo info, java.security.PrivateKey key, java.lang.String algorithm) Creates a new X.509 certificate, which is signed using the given key (associating a signature algorithm and an X.500 name).
static X509CertImpl	newSigned(X509CertInfo info, java.security.PrivateKey key, java.lang.String algorithm, java.lang.String provider) Creates a new X.509 certificate, which is signed using the given key (associating a signature algorithm and an X.500 name).
void	setId(byte[] id)
static X509CertImpl	toImpl(java.security.cert.X509Certificate cert) Utility method to convert an arbitrary instance of X509Certificate to a X509CertImpl.
java.lang.String	toString() Returns a printable representation of the certificate.
void	verify(java.security.PublicKey key) Throws an exception if the certificate was not signed using the verification key provided.
void	verify(java.security.PublicKey key, java.security.Provider sigProvider) Throws an exception if the certificate was not signed using the verification key provided.
void	verify(java.security.PublicKey key, java.lang.String sigProvider) Throws an exception if the certificate was not signed using the verification key provided.

Methods inherited from class java.security.cert.Certificate

equals, getType, hashCode, writeReplace

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

NAME

public static final java.lang.String NAME

See Also:

Constant Field Values

info

protected X509CertInfo info

algId

protected com.tencent.kona.sun.security.x509.AlgorithmId algId

signature

protected byte[] signature

Constructor Detail

X509CertImpl

public X509CertImpl(X509CertInfo info,
                    com.tencent.kona.sun.security.x509.AlgorithmId algId,
                    byte[] signature,
                    byte[] signedCert)

Constructor simply setting all (non-cache) fields. Only used in newSigned(com.tencent.kona.sun.security.x509.X509CertInfo, java.security.PrivateKey, java.lang.String).

X509CertImpl

public X509CertImpl(byte[] certData)
             throws java.security.cert.CertificateException

Unmarshals a certificate from its encoded form, parsing the encoded bytes. This form of constructor is used by agents which need to examine and use certificate contents. That is, this is one of the more commonly used constructors. Note that the buffer must include only a certificate, and no "garbage" may be left at the end. If you need to ignore data at the end of a certificate, use another constructor.

Parameters:

certData - the encoded bytes, with no trailing padding.

Throws:

java.security.cert.CertificateException - on parsing and initialization errors.

X509CertImpl

public X509CertImpl(com.tencent.kona.sun.security.util.DerValue derVal)
             throws java.security.cert.CertificateException

Unmarshals a certificate from its encoded form, parsing a DER value. This form of constructor is used by agents which need to examine and use certificate contents.

Parameters:

derVal - the der value containing the encoded cert.

Throws:

java.security.cert.CertificateException - on parsing and initialization errors.

X509CertImpl

public X509CertImpl(java.io.InputStream in)
             throws java.security.cert.CertificateException

Unmarshals an X.509 certificate from an input stream. If the certificate is RFC1421 hex-encoded, then it must begin with the line X509Factory.BEGIN_CERT and end with the line X509Factory.END_CERT.

Parameters:

in - an input stream holding at least one certificate that may be either DER-encoded or RFC1421 hex-encoded version of the DER-encoded certificate.

Throws:

java.security.cert.CertificateException - on parsing and initialization errors.

Method Detail

getId

public byte[] getId()

Specified by:

getId in interface SMCertificate

setId

public void setId(byte[] id)

Specified by:

setId in interface SMCertificate

encode

public void encode(com.tencent.kona.sun.security.util.DerOutputStream out)

DER encode this object onto an output stream. Implements the DerEncoder interface.

Specified by:

encode in interface com.tencent.kona.sun.security.util.DerEncoder

Parameters:

out - the output stream on which to write the DER encoding.

getEncoded

public byte[] getEncoded()
                  throws java.security.cert.CertificateEncodingException

Returns the encoded form of this certificate. It is assumed that each certificate type would have only a single form of encoding; for example, X.509 certificates would be encoded as ASN.1 DER.

Specified by:

getEncoded in class java.security.cert.Certificate

Throws:

java.security.cert.CertificateEncodingException - if an encoding error occurs.

getEncodedInternal

public byte[] getEncodedInternal()
                          throws java.security.cert.CertificateEncodingException

Returned the encoding as an uncloned byte array. Callers must guarantee that they neither modify it nor expose it to untrusted code.

Throws:

java.security.cert.CertificateEncodingException

verify

public void verify(java.security.PublicKey key)
            throws java.security.cert.CertificateException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   java.security.NoSuchProviderException,
                   java.security.SignatureException

Throws an exception if the certificate was not signed using the verification key provided. Successfully verifying a certificate does not indicate that one should trust the entity which it represents.

Specified by:

verify in class java.security.cert.Certificate

Parameters:

key - the public key used for verification.

Throws:

java.security.InvalidKeyException - on incorrect key.

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.NoSuchProviderException - if there's no default provider.

java.security.SignatureException - on signature errors.

java.security.cert.CertificateException - on encoding errors.

verify

public void verify(java.security.PublicKey key,
                   java.lang.String sigProvider)
            throws java.security.cert.CertificateException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   java.security.NoSuchProviderException,
                   java.security.SignatureException

Throws an exception if the certificate was not signed using the verification key provided. Successfully verifying a certificate does not indicate that one should trust the entity which it represents.

Specified by:

verify in class java.security.cert.Certificate

Parameters:

key - the public key used for verification.

sigProvider - the name of the provider.

Throws:

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.InvalidKeyException - on incorrect key.

java.security.NoSuchProviderException - on incorrect provider.

java.security.SignatureException - on signature errors.

java.security.cert.CertificateException - on encoding errors.

verify

public void verify(java.security.PublicKey key,
                   java.security.Provider sigProvider)
            throws java.security.cert.CertificateException,
                   java.security.NoSuchAlgorithmException,
                   java.security.InvalidKeyException,
                   java.security.SignatureException

Throws an exception if the certificate was not signed using the verification key provided. This method uses the signature verification engine supplied by the specified provider. Note that the specified Provider object does not have to be registered in the provider list. Successfully verifying a certificate does not indicate that one should trust the entity which it represents.

Overrides:

verify in class java.security.cert.X509Certificate

Parameters:

key - the public key used for verification.

sigProvider - the provider.

Throws:

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.InvalidKeyException - on incorrect key.

java.security.SignatureException - on signature errors.

java.security.cert.CertificateException - on encoding errors.

newSigned

public static X509CertImpl newSigned(X509CertInfo info,
                                     java.security.PrivateKey key,
                                     java.lang.String algorithm)
                              throws java.security.cert.CertificateException,
                                     java.security.NoSuchAlgorithmException,
                                     java.security.InvalidKeyException,
                                     java.security.NoSuchProviderException,
                                     java.security.SignatureException

Creates a new X.509 certificate, which is signed using the given key (associating a signature algorithm and an X.500 name). This operation is used to implement the certificate generation functionality of a certificate authority.

Parameters:

info - the X509CertInfo to sign

key - the private key used for signing.

algorithm - the name of the signature algorithm used.

Returns:

the newly signed certificate

Throws:

java.security.InvalidKeyException - on incorrect key.

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.NoSuchProviderException - if there's no default provider.

java.security.SignatureException - on signature errors.

java.security.cert.CertificateException - on encoding errors.

newSigned

public static X509CertImpl newSigned(X509CertInfo info,
                                     java.security.PrivateKey key,
                                     java.lang.String algorithm,
                                     java.lang.String provider)
                              throws java.security.cert.CertificateException,
                                     java.security.NoSuchAlgorithmException,
                                     java.security.InvalidKeyException,
                                     java.security.NoSuchProviderException,
                                     java.security.SignatureException

Creates a new X.509 certificate, which is signed using the given key (associating a signature algorithm and an X.500 name). This operation is used to implement the certificate generation functionality of a certificate authority.

Parameters:

info - the X509CertInfo to sign

key - the private key used for signing.

algorithm - the name of the signature algorithm used.

provider - (optional) the name of the provider.

Returns:

the newly signed certificate

Throws:

java.security.NoSuchAlgorithmException - on unsupported signature algorithms.

java.security.InvalidKeyException - on incorrect key.

java.security.NoSuchProviderException - on incorrect provider.

java.security.SignatureException - on signature errors.

java.security.cert.CertificateException - on encoding errors.

checkValidity

public void checkValidity()
                   throws java.security.cert.CertificateExpiredException,
                          java.security.cert.CertificateNotYetValidException

Checks that the certificate is currently valid, i.e. the current time is within the specified validity period.

Specified by:

checkValidity in class java.security.cert.X509Certificate

Throws:

java.security.cert.CertificateExpiredException - if the certificate has expired.

java.security.cert.CertificateNotYetValidException - if the certificate is not yet valid.

checkValidity

public void checkValidity(java.util.Date date)
                   throws java.security.cert.CertificateExpiredException,
                          java.security.cert.CertificateNotYetValidException

Checks that the specified date is within the certificate's validity period, or basically if the certificate would be valid at the specified date/time.

Specified by:

checkValidity in class java.security.cert.X509Certificate

Parameters:

date - the Date to check against to see if this certificate is valid at that date/time.

Throws:

java.security.cert.CertificateExpiredException - if the certificate has expired with respect to the date supplied.

java.security.cert.CertificateNotYetValidException - if the certificate is not yet valid with respect to the date supplied.

getInfo

public X509CertInfo getInfo()

Return the requested attribute from the certificate. Note that the X509CertInfo is not cloned for performance reasons. Callers must ensure that they do not modify it. All other attributes are cloned.

toString

public java.lang.String toString()

Returns a printable representation of the certificate. This does not contain all the information available to distinguish this from any other certificate. The certificate must be fully constructed before this function may be called.

Specified by:

toString in class java.security.cert.Certificate

getPublicKey

public java.security.PublicKey getPublicKey()

Gets the publickey from this certificate.

Specified by:

getPublicKey in class java.security.cert.Certificate

Returns:

the publickey.

getVersion

public int getVersion()

Gets the version number from the certificate.

Specified by:

getVersion in class java.security.cert.X509Certificate

Returns:

the version number, i.e. 1, 2 or 3.

getSerialNumber

public java.math.BigInteger getSerialNumber()

Gets the serial number from the certificate.

Specified by:

getSerialNumber in class java.security.cert.X509Certificate

Returns:

the serial number.

getSerialNumberObject

public SerialNumber getSerialNumberObject()

Gets the serial number from the certificate as a SerialNumber object.

Returns:

the serial number.

getSubjectDN

public java.security.Principal getSubjectDN()

Gets the subject distinguished name from the certificate.

Specified by:

getSubjectDN in class java.security.cert.X509Certificate

Returns:

the subject name.

getSubjectX500Principal

public javax.security.auth.x500.X500Principal getSubjectX500Principal()

Get subject name as X500Principal. Overrides implementation in X509Certificate with a slightly more efficient version that is also aware of X509CertImpl mutability.

Overrides:

getSubjectX500Principal in class java.security.cert.X509Certificate

getIssuerDN

public java.security.Principal getIssuerDN()

Gets the issuer distinguished name from the certificate.

Specified by:

getIssuerDN in class java.security.cert.X509Certificate

Returns:

the issuer name.

getIssuerX500Principal

public javax.security.auth.x500.X500Principal getIssuerX500Principal()

Get issuer name as X500Principal. Overrides implementation in X509Certificate with a slightly more efficient version that is also aware of X509CertImpl mutability.

Overrides:

getIssuerX500Principal in class java.security.cert.X509Certificate

getNotBefore

public java.util.Date getNotBefore()

Gets the notBefore date from the validity period of the certificate.

Specified by:

getNotBefore in class java.security.cert.X509Certificate

Returns:

the start date of the validity period.

getNotAfter

public java.util.Date getNotAfter()

Gets the notAfter date from the validity period of the certificate.

Specified by:

getNotAfter in class java.security.cert.X509Certificate

Returns:

the end date of the validity period.

getTBSCertificate

public byte[] getTBSCertificate()
                         throws java.security.cert.CertificateEncodingException

Gets the DER encoded certificate informations, the tbsCertificate from this certificate. This can be used to verify the signature independently.

Specified by:

getTBSCertificate in class java.security.cert.X509Certificate

Returns:

the DER encoded certificate information.

Throws:

java.security.cert.CertificateEncodingException - if an encoding error occurs.

getSignature

public byte[] getSignature()

Gets the raw Signature bits from the certificate.

Specified by:

getSignature in class java.security.cert.X509Certificate

Returns:

the signature.

getSigAlgName

public java.lang.String getSigAlgName()

Gets the signature algorithm name for the certificate signature algorithm. For example, the string "SHA-1/DSA" or "DSS".

Specified by:

getSigAlgName in class java.security.cert.X509Certificate

Returns:

the signature algorithm name.

getSigAlgOID

public java.lang.String getSigAlgOID()

Gets the signature algorithm OID string from the certificate. For example, the string "1.2.840.10040.4.3"

Specified by:

getSigAlgOID in class java.security.cert.X509Certificate

Returns:

the signature algorithm oid string.

getSigAlg

public com.tencent.kona.sun.security.x509.AlgorithmId getSigAlg()

getSigAlgParams

public byte[] getSigAlgParams()

Gets the DER encoded signature algorithm parameters from this certificate's signature algorithm.

Specified by:

getSigAlgParams in class java.security.cert.X509Certificate

Returns:

the DER encoded signature algorithm parameters, or null if no parameters are present.

getIssuerUniqueID

public boolean[] getIssuerUniqueID()

Gets the Issuer Unique Identity from the certificate.

Specified by:

getIssuerUniqueID in class java.security.cert.X509Certificate

Returns:

the Issuer Unique Identity.

getSubjectUniqueID

public boolean[] getSubjectUniqueID()

Gets the Subject Unique Identity from the certificate.

Specified by:

getSubjectUniqueID in class java.security.cert.X509Certificate

Returns:

the Subject Unique Identity.

getAuthKeyId

public KeyIdentifier getAuthKeyId()

getSubjectKeyId

public KeyIdentifier getSubjectKeyId()

Returns the subject's key identifier, or null

getAuthorityKeyIdentifierExtension

public AuthorityKeyIdentifierExtension getAuthorityKeyIdentifierExtension()

Get AuthorityKeyIdentifier extension

Returns:

AuthorityKeyIdentifier object or null (if no such object in certificate)

getBasicConstraintsExtension

public BasicConstraintsExtension getBasicConstraintsExtension()

Get BasicConstraints extension

Returns:

BasicConstraints object or null (if no such object in certificate)

getCertificatePoliciesExtension

public CertificatePoliciesExtension getCertificatePoliciesExtension()

Get CertificatePoliciesExtension

Returns:

CertificatePoliciesExtension or null (if no such object in certificate)

getExtendedKeyUsageExtension

public ExtendedKeyUsageExtension getExtendedKeyUsageExtension()

Get ExtendedKeyUsage extension

Returns:

ExtendedKeyUsage extension object or null (if no such object in certificate)

getIssuerAlternativeNameExtension

public IssuerAlternativeNameExtension getIssuerAlternativeNameExtension()

Get IssuerAlternativeName extension

Returns:

IssuerAlternativeName object or null (if no such object in certificate)

getNameConstraintsExtension

public NameConstraintsExtension getNameConstraintsExtension()

Get NameConstraints extension

Returns:

NameConstraints object or null (if no such object in certificate)

getPolicyConstraintsExtension

public PolicyConstraintsExtension getPolicyConstraintsExtension()

Get PolicyConstraints extension

Returns:

PolicyConstraints object or null (if no such object in certificate)

getPolicyMappingsExtension

public PolicyMappingsExtension getPolicyMappingsExtension()

Get PolicyMappingsExtension extension

Returns:

PolicyMappingsExtension object or null (if no such object in certificate)

getPrivateKeyUsageExtension

public PrivateKeyUsageExtension getPrivateKeyUsageExtension()

Get PrivateKeyUsage extension

Returns:

PrivateKeyUsage object or null (if no such object in certificate)

getSubjectAlternativeNameExtension

public SubjectAlternativeNameExtension getSubjectAlternativeNameExtension()

Get SubjectAlternativeName extension

Returns:

SubjectAlternativeName object or null (if no such object in certificate)

getSubjectKeyIdentifierExtension

public SubjectKeyIdentifierExtension getSubjectKeyIdentifierExtension()

Get SubjectKeyIdentifier extension

Returns:

SubjectKeyIdentifier object or null (if no such object in certificate)

getCRLDistributionPointsExtension

public CRLDistributionPointsExtension getCRLDistributionPointsExtension()

Get CRLDistributionPoints extension

Returns:

CRLDistributionPoints object or null (if no such object in certificate)

hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()

Return true if a critical extension is found that is not supported, otherwise return false.

Specified by:

hasUnsupportedCriticalExtension in interface java.security.cert.X509Extension

getCriticalExtensionOIDs

public java.util.Set<java.lang.String> getCriticalExtensionOIDs()

Gets a Set of the extension(s) marked CRITICAL in the certificate. In the returned set, each extension is represented by its OID string.

Specified by:

getCriticalExtensionOIDs in interface java.security.cert.X509Extension

Returns:

a set of the extension oid strings in the certificate that are marked critical.

getNonCriticalExtensionOIDs

public java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()

Gets a Set of the extension(s) marked NON-CRITICAL in the certificate. In the returned set, each extension is represented by its OID string.

Specified by:

getNonCriticalExtensionOIDs in interface java.security.cert.X509Extension

Returns:

a set of the extension oid strings in the certificate that are NOT marked critical.

getExtension

public Extension getExtension(com.tencent.kona.sun.security.util.ObjectIdentifier oid)

Gets the extension identified by the given ObjectIdentifier

Parameters:

oid - the Object Identifier value for the extension.

Returns:

Extension or null if certificate does not contain this extension

getUnparseableExtension

public Extension getUnparseableExtension(com.tencent.kona.sun.security.util.ObjectIdentifier oid)

getExtensionValue

public byte[] getExtensionValue(java.lang.String oid)

Gets the DER encoded extension identified by the given oid String.

Specified by:

getExtensionValue in interface java.security.cert.X509Extension

Parameters:

oid - the Object Identifier value for the extension.

getKeyUsage

public boolean[] getKeyUsage()

Get a boolean array representing the bits of the KeyUsage extension, (oid = 2.5.29.15).

Specified by:

getKeyUsage in class java.security.cert.X509Certificate

Returns:

the bit values of this extension as an array of booleans.

getExtendedKeyUsage

public java.util.List<java.lang.String> getExtendedKeyUsage()
                                                     throws java.security.cert.CertificateParsingException

This method is the overridden implementation of the getExtendedKeyUsage method in X509Certificate in the Sun provider. It is better performance-wise since it returns cached values.

Overrides:

getExtendedKeyUsage in class java.security.cert.X509Certificate

Throws:

java.security.cert.CertificateParsingException

getExtendedKeyUsage

public static java.util.List<java.lang.String> getExtendedKeyUsage(java.security.cert.X509Certificate cert)
                                                            throws java.security.cert.CertificateParsingException

This static method is the default implementation of the getExtendedKeyUsage method in X509Certificate. A X509Certificate provider generally should overwrite this to provide among other things caching for better performance.

Throws:

java.security.cert.CertificateParsingException

getBasicConstraints

public int getBasicConstraints()

Get the certificate constraints path length from the critical BasicConstraints extension, (oid = 2.5.29.19).

Specified by:

getBasicConstraints in class java.security.cert.X509Certificate

Returns:

the length of the constraint.

getSubjectAlternativeNames

public java.util.Collection<java.util.List<?>> getSubjectAlternativeNames()
                                                                   throws java.security.cert.CertificateParsingException

This method is the overridden implementation of the getSubjectAlternativeNames method in X509Certificate in the Sun provider. It is better performance-wise since it returns cached values.

Overrides:

getSubjectAlternativeNames in class java.security.cert.X509Certificate

Throws:

java.security.cert.CertificateParsingException

getSubjectAlternativeNames

public static java.util.Collection<java.util.List<?>> getSubjectAlternativeNames(java.security.cert.X509Certificate cert)
                                                                          throws java.security.cert.CertificateParsingException

This static method is the default implementation of the getSubjectAlternativeNames method in X509Certificate. A X509Certificate provider generally should overwrite this to provide among other things caching for better performance.

Throws:

java.security.cert.CertificateParsingException

getIssuerAlternativeNames

public java.util.Collection<java.util.List<?>> getIssuerAlternativeNames()
                                                                  throws java.security.cert.CertificateParsingException

This method is the overridden implementation of the getIssuerAlternativeNames method in X509Certificate in the Sun provider. It is better performance-wise since it returns cached values.

Overrides:

getIssuerAlternativeNames in class java.security.cert.X509Certificate

Throws:

java.security.cert.CertificateParsingException

getIssuerAlternativeNames

public static java.util.Collection<java.util.List<?>> getIssuerAlternativeNames(java.security.cert.X509Certificate cert)
                                                                         throws java.security.cert.CertificateParsingException

This static method is the default implementation of the getIssuerAlternativeNames method in X509Certificate. A X509Certificate provider generally should overwrite this to provide among other things caching for better performance.

Throws:

java.security.cert.CertificateParsingException

getAuthorityInfoAccessExtension

public AuthorityInfoAccessExtension getAuthorityInfoAccessExtension()

getSubjectX500Principal

public static javax.security.auth.x500.X500Principal getSubjectX500Principal(java.security.cert.X509Certificate cert)

Extract the subject X500Principal from an X509Certificate. Called from java.security.cert.X509Certificate.getSubjectX500Principal().

getIssuerX500Principal

public static javax.security.auth.x500.X500Principal getIssuerX500Principal(java.security.cert.X509Certificate cert)

Extract the issuer X500Principal from an X509Certificate. Called from java.security.cert.X509Certificate.getIssuerX500Principal().

getEncodedInternal

public static byte[] getEncodedInternal(java.security.cert.Certificate cert)
                                 throws java.security.cert.CertificateEncodingException

Returned the encoding of the given certificate for internal use. Callers must guarantee that they neither modify it nor expose it to untrusted code. Uses getEncodedInternal() if the certificate is instance of X509CertImpl, getEncoded() otherwise.

Throws:

java.security.cert.CertificateEncodingException

toImpl

public static X509CertImpl toImpl(java.security.cert.X509Certificate cert)
                           throws java.security.cert.CertificateException

Utility method to convert an arbitrary instance of X509Certificate to a X509CertImpl. Does a cast if possible, otherwise reparses the encoding.

Throws:

java.security.cert.CertificateException

isSelfIssued

public static boolean isSelfIssued(java.security.cert.X509Certificate cert)

Utility method to test if a certificate is self-issued. This is the case iff the subject and issuer X500Principals are equal.

isSelfSigned

public static boolean isSelfSigned(java.security.cert.X509Certificate cert,
                                   java.lang.String sigProvider)

Utility method to test if a certificate is self-signed. This is the case iff the subject and issuer X500Principals are equal AND the certificate's subject public key can be used to verify the certificate. In case of exception, returns false.

getFingerprint

public static java.lang.String getFingerprint(java.lang.String algorithm,
                                              java.security.cert.X509Certificate cert,
                                              com.tencent.kona.sun.security.util.Debug debug)

Gets the requested fingerprint of the certificate. The result only contains 0-9 and A-F. No small case, no colon.

Parameters:

algorithm - the MessageDigest algorithm

cert - the X509Certificate

Returns:

the fingerprint, or null if it cannot be calculated because of an exception