Skip to content

Most visited

Recently visited

navigation
Added in API level 1

X509Certificate

public abstract class X509Certificate
extends Certificate implements X509Extension

java.lang.Object
   ↳ java.security.cert.Certificate
     ↳ java.security.cert.X509Certificate


Abstract base class for X.509 certificates.

This represents a standard way for accessing the attributes of X.509 certificates.

The basic X.509 v3 format described in ASN.1:

 Certificate  ::=  SEQUENCE  {
     tbsCertificate       TBSCertificate,
     signatureAlgorithm   AlgorithmIdentifier,
     signature            BIT STRING  }

 TBSCertificate  ::=  SEQUENCE  {
      version         [0]  EXPLICIT Version DEFAULT v1,
      serialNumber         CertificateSerialNumber,
      signature            AlgorithmIdentifier,
      issuer               Name,
      validity             Validity,
      subject              Name,
      subjectPublicKeyInfo SubjectPublicKeyInfo,
      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                           -- If present, version must be v2 or v3
      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                           -- If present, version must be v2 or v3
      extensions      [3]  EXPLICIT Extensions OPTIONAL
                           -- If present, version must be v3
      }
 

For more information consult RFC 2459 "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt .

Summary

Protected constructors

X509Certificate()

Creates a new X509Certificate.

Public methods

abstract void checkValidity()

Checks whether the certificate is currently valid.

abstract void checkValidity(Date date)

Checks whether the certificate is valid at the specified date.

abstract int getBasicConstraints()

Returns the path length of the certificate constraints from the BasicContraints extension.

List<String> getExtendedKeyUsage()

Returns a read-only list of OID strings representing the ExtKeyUsageSyntax field of the extended key usage extension.

Collection<List<?>> getIssuerAlternativeNames()

Returns a read-only list of the issuer alternative names from the IssuerAltName extension.

abstract Principal getIssuerDN()

Returns the issuer (issuer distinguished name) as an implementation specific Principal object.

abstract boolean[] getIssuerUniqueID()

Returns the issuerUniqueID from the certificate.

X500Principal getIssuerX500Principal()

Returns the issuer (issuer distinguished name) as an X500Principal.

abstract boolean[] getKeyUsage()

Returns the KeyUsage extension as a boolean array.

abstract Date getNotAfter()

Returns the notAfter date of the validity period of the certificate.

abstract Date getNotBefore()

Returns the notBefore date from the validity period of the certificate.

abstract BigInteger getSerialNumber()

Returns the serialNumber of the certificate.

abstract String getSigAlgName()

Returns the name of the algorithm for the certificate signature.

abstract String getSigAlgOID()

Returns the OID of the signature algorithm from the certificate.

abstract byte[] getSigAlgParams()

Returns the parameters of the signature algorithm in DER-encoded format.

abstract byte[] getSignature()

Returns the raw signature bits from the certificate.

Collection<List<?>> getSubjectAlternativeNames()

Returns a read-only list of the subject alternative names from the SubjectAltName extension.

abstract Principal getSubjectDN()

Returns the subject (subject distinguished name) as an implementation specific Principal object.

abstract boolean[] getSubjectUniqueID()

Returns the subjectUniqueID from the certificate.

X500Principal getSubjectX500Principal()

Returns the subject (subject distinguished name) as an X500Principal.

abstract byte[] getTBSCertificate()

Returns the tbsCertificate information from this certificate in DER-encoded format.

abstract int getVersion()

Returns the certificates version (version number).

Inherited methods

From class java.security.cert.Certificate
From class java.lang.Object
From interface java.security.cert.X509Extension

Protected constructors

X509Certificate

Added in API level 1
X509Certificate ()

Creates a new X509Certificate.

Public methods

checkValidity

Added in API level 1
void checkValidity ()

Checks whether the certificate is currently valid.

The validity defined in ASN.1:

 validity             Validity

 Validity ::= SEQUENCE {
      notBefore       CertificateValidityDate,
      notAfter        CertificateValidityDate }

 CertificateValidityDate ::= CHOICE {
      utcTime         UTCTime,
      generalTime     GeneralizedTime }
 

Throws
CertificateExpiredException if the certificate has expired.
CertificateNotYetValidException if the certificate is not yet valid.

checkValidity

Added in API level 1
void checkValidity (Date date)

Checks whether the certificate is valid at the specified date.

Parameters
date Date: the date to check the validity against.
Throws
CertificateExpiredException if the certificate has expired.
CertificateNotYetValidException if the certificate is not yet valid.

See also:

getBasicConstraints

Added in API level 1
int getBasicConstraints ()

Returns the path length of the certificate constraints from the BasicContraints extension. If the certificate has no basic constraints or is not a certificate authority, -1 is returned. If the certificate is a certificate authority without a path length, Integer.MAX_VALUE is returned. Otherwise, the certificate authority's path length is returned.

Returns
int

getExtendedKeyUsage

Added in API level 1
List<String> getExtendedKeyUsage ()

Returns a read-only list of OID strings representing the ExtKeyUsageSyntax field of the extended key usage extension.

Returns
List<String> the extended key usage extension, or null if there's none in the certificate.
Throws
CertificateParsingException if the extension decoding fails.

getIssuerAlternativeNames

Added in API level 1
Collection<List<?>> getIssuerAlternativeNames ()

Returns a read-only list of the issuer alternative names from the IssuerAltName extension.

The ASN.1 definition of IssuerAltName:

 IssuerAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }

 

Returns
Collection<List<?>> the issuer alternative names of null if there are none in the certificate.
Throws
CertificateParsingException if decoding of the extension fails.

getIssuerDN

Added in API level 1
Principal getIssuerDN ()

Returns the issuer (issuer distinguished name) as an implementation specific Principal object.

The ASN.1 definition of issuer:

  issuer      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType
 
replaced by: getIssuerX500Principal().

Returns
Principal the issuer as an implementation specific Principal.

getIssuerUniqueID

Added in API level 1
boolean[] getIssuerUniqueID ()

Returns the issuerUniqueID from the certificate.

Returns
boolean[] the issuerUniqueID or null if there's none in the certificate.

getIssuerX500Principal

Added in API level 1
X500Principal getIssuerX500Principal ()

Returns the issuer (issuer distinguished name) as an X500Principal.

Returns
X500Principal the issuer (issuer distinguished name).

getKeyUsage

Added in API level 1
boolean[] getKeyUsage ()

Returns the KeyUsage extension as a boolean array.

The ASN.1 definition of KeyUsage:

 KeyUsage ::= BIT STRING {
      digitalSignature        (0),
      nonRepudiation          (1),
      keyEncipherment         (2),
      dataEncipherment        (3),
      keyAgreement            (4),
      keyCertSign             (5),
      cRLSign                 (6),
      encipherOnly            (7),
      decipherOnly            (8) }

 

Returns
boolean[] the KeyUsage extension or null if there's none in the certificate.

getNotAfter

Added in API level 1
Date getNotAfter ()

Returns the notAfter date of the validity period of the certificate.

Returns
Date the end of the validity period.

getNotBefore

Added in API level 1
Date getNotBefore ()

Returns the notBefore date from the validity period of the certificate.

Returns
Date the start of the validity period.

getSerialNumber

Added in API level 1
BigInteger getSerialNumber ()

Returns the serialNumber of the certificate.

The ASN.1 definition of serialNumber:

 CertificateSerialNumber  ::=  INTEGER
 

Returns
BigInteger the serial number.

getSigAlgName

Added in API level 1
String getSigAlgName ()

Returns the name of the algorithm for the certificate signature.

Returns
String the signature algorithm name.

getSigAlgOID

Added in API level 1
String getSigAlgOID ()

Returns the OID of the signature algorithm from the certificate.

Returns
String the OID of the signature algorithm.

getSigAlgParams

Added in API level 1
byte[] getSigAlgParams ()

Returns the parameters of the signature algorithm in DER-encoded format.

Returns
byte[] the parameters of the signature algorithm, or null if none are used.

getSignature

Added in API level 1
byte[] getSignature ()

Returns the raw signature bits from the certificate.

Returns
byte[] the raw signature bits from the certificate.

getSubjectAlternativeNames

Added in API level 1
Collection<List<?>> getSubjectAlternativeNames ()

Returns a read-only list of the subject alternative names from the SubjectAltName extension.

The ASN.1 definition of SubjectAltName:

 SubjectAltName ::= GeneralNames

 GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

 GeneralName ::= CHOICE {
      otherName                       [0]     AnotherName,
      rfc822Name                      [1]     IA5String,
      dNSName                         [2]     IA5String,
      x400Address                     [3]     ORAddress,
      directoryName                   [4]     Name,
      ediPartyName                    [5]     EDIPartyName,
      uniformResourceIdentifier       [6]     IA5String,
      iPAddress                       [7]     OCTET STRING,
      registeredID                    [8]     OBJECT IDENTIFIER }

 

Returns
Collection<List<?>> the subject alternative names or null if there are none in the certificate.
Throws
CertificateParsingException if decoding of the extension fails.

getSubjectDN

Added in API level 1
Principal getSubjectDN ()

Returns the subject (subject distinguished name) as an implementation specific Principal object.

The ASN.1 definition of subject:

 subject      Name

  Name ::= CHOICE {
      RDNSequence }

    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName

    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue

    AttributeTypeAndValue ::= SEQUENCE {
      type     AttributeType,
      value    AttributeValue }

    AttributeType ::= OBJECT IDENTIFIER

    AttributeValue ::= ANY DEFINED BY AttributeType
 

replaced by: getSubjectX500Principal().

Returns
Principal the subject (subject distinguished name).

getSubjectUniqueID

Added in API level 1
boolean[] getSubjectUniqueID ()

Returns the subjectUniqueID from the certificate.

Returns
boolean[] the subjectUniqueID or null if there's none in the certificate.

getSubjectX500Principal

Added in API level 1
X500Principal getSubjectX500Principal ()

Returns the subject (subject distinguished name) as an X500Principal.

Returns
X500Principal the subject (subject distinguished name)

getTBSCertificate

Added in API level 1
byte[] getTBSCertificate ()

Returns the tbsCertificate information from this certificate in DER-encoded format.

Returns
byte[] the DER-encoded certificate information.
Throws
CertificateEncodingException if an error occurs in encoding

getVersion

Added in API level 1
int getVersion ()

Returns the certificates version (version number).

The version defined is ASN.1:

 Version ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
 

Returns
int the version number.
This site uses cookies to store your preferences for site-specific language and display options.

Hooray!

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.