📄 x509certificate.java
字号:
/* * @(#)X509Certificate.java 1.35 03/01/23 * * Copyright 2003 Sun Microsystems, Inc. All rights reserved. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */ package java.security.cert;import java.math.BigInteger;import java.security.Principal;import java.security.PublicKey;import java.util.Collection;import java.util.Date;import java.util.List;import javax.security.auth.x500.X500Principal;import sun.security.x509.X509CertImpl;/** * <p> * Abstract class for X.509 certificates. This provides a standard * way to access all the attributes of an X.509 certificate. * <p> * In June of 1996, the basic X.509 v3 format was completed by * ISO/IEC and ANSI X9, which is described below in ASN.1: * <pre> * Certificate ::= SEQUENCE { * tbsCertificate TBSCertificate, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING } * </pre> * <p> * These certificates are widely used to support authentication and * other functionality in Internet security systems. Common applications * include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), * code signing for trusted software distribution, and Secure Electronic * Transactions (SET). * <p> * These certificates are managed and vouched for by <em>Certificate * Authorities</em> (CAs). CAs are services which create certificates by * placing data in the X.509 standard format and then digitally signing * that data. CAs act as trusted third parties, making introductions * between principals who have no direct knowledge of each other. * CA certificates are either signed by themselves, or by some other * CA such as a "root" CA. * <p> * More information can be found in RFC 2459, * "Internet X.509 Public Key Infrastructure Certificate and CRL * Profile" at <A HREF="http://www.ietf.org/rfc/rfc2459.txt"> * http://www.ietf.org/rfc/rfc2459.txt </A>. * <p> * The ASN.1 definition of <code>tbsCertificate</code> is: * <pre> * TBSCertificate ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, * serialNumber CertificateSerialNumber, * signature AlgorithmIdentifier, * issuer Name, * validity Validity, * subject Name, * subjectPublicKeyInfo SubjectPublicKeyInfo, * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, * -- If present, version must be v2 or v3 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, * -- If present, version must be v2 or v3 * extensions [3] EXPLICIT Extensions OPTIONAL * -- If present, version must be v3 * } * </pre> * <p> * Certificates are instantiated using a certificate factory. The following is * an example of how to instantiate an X.509 certificate: * <pre> * InputStream inStream = new FileInputStream("fileName-of-cert"); * CertificateFactory cf = CertificateFactory.getInstance("X.509"); * X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream); * inStream.close(); * </pre> * * @author Hemma Prafullchandra * * @version 1.35 * * @see Certificate * @see CertificateFactory * @see X509Extension */public abstract class X509Certificate extends Certificateimplements X509Extension { private transient X500Principal subjectX500Principal, issuerX500Principal; /** * Constructor for X.509 certificates. */ protected X509Certificate() { super("X.509"); } /** * Checks that the certificate is currently valid. It is if * the current date and time are within the validity period given in the * certificate. * <p> * The validity period consists of two date/time values: * the first and last dates (and times) on which the certificate * is valid. It is defined in * ASN.1 as: * <pre> * validity Validity<p> * Validity ::= SEQUENCE { * notBefore CertificateValidityDate, * notAfter CertificateValidityDate }<p> * CertificateValidityDate ::= CHOICE { * utcTime UTCTime, * generalTime GeneralizedTime } * </pre> * * @exception CertificateExpiredException if the certificate has expired. * @exception CertificateNotYetValidException if the certificate is not * yet valid. */ public abstract void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException; /** * Checks that the given date is within the certificate's * validity period. In other words, this determines whether the * certificate would be valid at the given date/time. * * @param date the Date to check against to see if this certificate * is valid at that date/time. * * @exception CertificateExpiredException if the certificate has expired * with respect to the <code>date</code> supplied. * @exception CertificateNotYetValidException if the certificate is not * yet valid with respect to the <code>date</code> supplied. * * @see #checkValidity() */ public abstract void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException; /** * Gets the <code>version</code> (version number) value from the * certificate. * The ASN.1 definition for this is: * <pre> * version [0] EXPLICIT Version DEFAULT v1<p> * Version ::= INTEGER { v1(0), v2(1), v3(2) } * </pre> * @return the version number, i.e. 1, 2 or 3. */ public abstract int getVersion(); /** * Gets the <code>serialNumber</code> value from the certificate. * The serial number is an integer assigned by the certification * authority to each certificate. It must be unique for each * certificate issued by a given CA (i.e., the issuer name and * serial number identify a unique certificate). * The ASN.1 definition for this is: * <pre> * serialNumber CertificateSerialNumber<p> * * CertificateSerialNumber ::= INTEGER * </pre> * * @return the serial number. */ public abstract BigInteger getSerialNumber(); /** * Gets the <code>issuer</code> (issuer distinguished name) value from * the certificate. The issuer name identifies the entity that signed (and * issued) the certificate. * * <p>The issuer name field contains an * X.500 distinguished name (DN). * The ASN.1 definition for this is: * <pre> * issuer Name<p> * * Name ::= CHOICE { RDNSequence } * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName * RelativeDistinguishedName ::= * SET OF AttributeValueAssertion * * AttributeValueAssertion ::= SEQUENCE { * AttributeType, * AttributeValue } * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY * </pre> * The <code>Name</code> describes a hierarchical name composed of * attributes, * such as country name, and corresponding values, such as US. * The type of the <code>AttributeValue</code> component is determined by * the <code>AttributeType</code>; in general it will be a * <code>directoryString</code>. A <code>directoryString</code> is usually * one of <code>PrintableString</code>, * <code>TeletexString</code> or <code>UniversalString</code>. * * @return a Principal whose name is the issuer distinguished name. */ public abstract Principal getIssuerDN(); /** * Returns the issuer (issuer distinguished name) value from the * certificate as an <code>X500Principal</code>. * <p> * It is recommended that subclasses override this method to provide * an efficient implementation. * * @return an <code>X500Principal</code> representing the issuer * distinguished name * @since 1.4 */ public X500Principal getIssuerX500Principal() { if (issuerX500Principal == null) { issuerX500Principal = X509CertImpl.getIssuerX500Principal(this); } return issuerX500Principal; } /** * Gets the <code>subject</code> (subject distinguished name) value * from the certificate. If the <code>subject</code> value is empty, * then the <code>getName()</code> method of the returned * <code>Principal</code> object returns an empty string (""). * * <p> The ASN.1 definition for this is: * <pre> * subject Name * </pre> * * <p>See {@link #getIssuerDN() getIssuerDN} for <code>Name</code> * and other relevant definitions. * * @return a Principal whose name is the subject name. */ public abstract Principal getSubjectDN(); /** * Returns the subject (subject distinguished name) value from the * certificate as an <code>X500Principal</code>. If the subject value * is empty, then the <code>getName()</code> method of the returned * <code>X500Principal</code> object returns an empty string (""). * <p> * It is recommended that subclasses override this method to provide * an efficient implementation. * * @return an <code>X500Principal</code> representing the subject * distinguished name * @since 1.4 */ public X500Principal getSubjectX500Principal() { if (subjectX500Principal == null) { subjectX500Principal = X509CertImpl.getSubjectX500Principal(this); } return subjectX500Principal; } /** * Gets the <code>notBefore</code> date from the validity period of * the certificate. * The relevant ASN.1 definitions are: * <pre> * validity Validity<p> * * Validity ::= SEQUENCE { * notBefore CertificateValidityDate, * notAfter CertificateValidityDate }<p> * CertificateValidityDate ::= CHOICE { * utcTime UTCTime, * generalTime GeneralizedTime } * </pre> * * @return the start date of the validity period. * @see #checkValidity */ public abstract Date getNotBefore(); /** * Gets the <code>notAfter</code> date from the validity period of * the certificate. See {@link #getNotBefore() getNotBefore} * for relevant ASN.1 definitions. * * @return the end date of the validity period. * @see #checkValidity */ public abstract Date getNotAfter(); /** * Gets the DER-encoded certificate information, the * <code>tbsCertificate</code> from this certificate. * This can be used to verify the signature independently. * * @return the DER-encoded certificate information. * @exception CertificateEncodingException if an encoding error occurs. */ public abstract byte[] getTBSCertificate() throws CertificateEncodingException; /** * Gets the <code>signature</code> value (the raw signature bits) from ⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -