/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package java.security.cert; import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.security.Principal; import java.util.Collection; import java.util.Date; import java.util.List; import javax.security.auth.x500.X500Principal; /** * Abstract base class for X.509 certificates. *

* This represents a standard way for accessing the attributes of X.509 * certificates. *

* The basic X.509 v3 format described in ASN.1: * *

 * Certificate  ::=  SEQUENCE  {
 *     tbsCertificate       TBSCertificate,
 *     signatureAlgorithm   AlgorithmIdentifier,
 *     signature            BIT STRING  }
 *
 * TBSCertificate  ::=  SEQUENCE  {
 *      version         [0]  EXPLICIT Version DEFAULT v1,
 *      serialNumber         CertificateSerialNumber,
 *      signature            AlgorithmIdentifier,
 *      issuer               Name,
 *      validity             Validity,
 *      subject              Name,
 *      subjectPublicKeyInfo SubjectPublicKeyInfo,
 *      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
 *                           -- If present, version must be v2 or v3
 *      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
 *                           -- If present, version must be v2 or v3
 *      extensions      [3]  EXPLICIT Extensions OPTIONAL
 *                           -- If present, version must be v3
 *      }
 * 
*

* For more information consult RFC 2459 * "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt * . */ public abstract class X509Certificate extends Certificate implements X509Extension { private static final long serialVersionUID = -2491127588187038216L; /** * Creates a new {@code X509Certificate}. */ protected X509Certificate() { super("X.509"); } /** * Checks whether the certificate is currently valid. *

* The validity defined in ASN.1: * *

     * validity             Validity
     *
     * Validity ::= SEQUENCE {
     *      notBefore       CertificateValidityDate,
     *      notAfter        CertificateValidityDate }
     *
     * CertificateValidityDate ::= CHOICE {
     *      utcTime         UTCTime,
     *      generalTime     GeneralizedTime }
     * 
* * @throws CertificateExpiredException * if the certificate has expired. * @throws CertificateNotYetValidException * if the certificate is not yet valid. */ public abstract void checkValidity() throws CertificateExpiredException, CertificateNotYetValidException; /** * Checks whether the certificate is valid at the specified date. * * @param date * the date to check the validity against. * @throws CertificateExpiredException * if the certificate has expired. * @throws CertificateNotYetValidException * if the certificate is not yet valid. * @see #checkValidity() */ public abstract void checkValidity(Date date) throws CertificateExpiredException, CertificateNotYetValidException; /** * Returns the certificates {@code version} (version number). *

* The version defined is ASN.1: * *

     * Version ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
     * 
* * @return the version number. */ public abstract int getVersion(); /** * Returns the {@code serialNumber} of the certificate. *

* The ASN.1 definition of {@code serialNumber}: * *

     * CertificateSerialNumber  ::=  INTEGER
     * 
* * @return the serial number. */ public abstract BigInteger getSerialNumber(); /** * Returns the {@code issuer} (issuer distinguished name) as an * implementation specific {@code Principal} object. *

* The ASN.1 definition of {@code issuer}: * *

     *  issuer      Name
     *
     *  Name ::= CHOICE {
     *      RDNSequence }
     *
     *    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
     *
     *    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
     *
     *    AttributeTypeAndValue ::= SEQUENCE {
     *      type     AttributeType,
     *      value    AttributeValue }
     *
     *    AttributeType ::= OBJECT IDENTIFIER
     *
     *    AttributeValue ::= ANY DEFINED BY AttributeType
     * 
* * replaced by: {@link #getIssuerX500Principal()}. * * @return the {@code issuer} as an implementation specific {@code * Principal}. */ public abstract Principal getIssuerDN() ; /** * Returns the {@code issuer} (issuer distinguished name) as an {@code * X500Principal}. * * @return the {@code issuer} (issuer distinguished name). */ public X500Principal getIssuerX500Principal() { try { // TODO if there is no X.509 certificate provider installed // should we try to access Harmony X509CertImpl via classForName? CertificateFactory factory = CertificateFactory .getInstance("X.509"); X509Certificate cert = (X509Certificate) factory .generateCertificate(new ByteArrayInputStream(getEncoded())); return cert.getIssuerX500Principal(); } catch (Exception e) { throw new RuntimeException("Failed to get X500Principal issuer", e); } } /** * Returns the {@code subject} (subject distinguished name) as an * implementation specific {@code Principal} object. *

* The ASN.1 definition of {@code subject}: * *

     * subject      Name
     *
     *  Name ::= CHOICE {
     *      RDNSequence }
     *
     *    RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
     *
     *    RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
     *
     *    AttributeTypeAndValue ::= SEQUENCE {
     *      type     AttributeType,
     *      value    AttributeValue }
     *
     *    AttributeType ::= OBJECT IDENTIFIER
     *
     *    AttributeValue ::= ANY DEFINED BY AttributeType
     * 
* *

* replaced by: {@link #getSubjectX500Principal()}. * * @return the {@code subject} (subject distinguished name). */ public abstract Principal getSubjectDN(); /** * Returns the {@code subject} (subject distinguished name) as an {@code * X500Principal}. * * @return the {@code subject} (subject distinguished name) */ public X500Principal getSubjectX500Principal() { try { // TODO if there is no X.509 certificate provider installed // should we try to access Harmony X509CertImpl via classForName? CertificateFactory factory = CertificateFactory .getInstance("X.509"); X509Certificate cert = (X509Certificate) factory .generateCertificate(new ByteArrayInputStream(getEncoded())); return cert.getSubjectX500Principal(); } catch (Exception e) { throw new RuntimeException("Failed to get X500Principal subject", e); } } /** * Returns the {@code notBefore} date from the validity period of the * certificate. * * @return the start of the validity period. */ public abstract Date getNotBefore(); /** * Returns the {@code notAfter} date of the validity period of the * certificate. * * @return the end of the validity period. */ public abstract Date getNotAfter(); /** * Returns the {@code tbsCertificate} information from this certificate in * DER-encoded format. * * @return the DER-encoded certificate information. * @throws CertificateEncodingException * if an error occurs in encoding */ public abstract byte[] getTBSCertificate() throws CertificateEncodingException; /** * Returns the raw signature bits from the certificate. * * @return the raw signature bits from the certificate. */ public abstract byte[] getSignature(); /** * Returns the name of the algorithm for the certificate signature. * * @return the signature algorithm name. */ public abstract String getSigAlgName(); /** * Returns the OID of the signature algorithm from the certificate. * * @return the OID of the signature algorithm. */ public abstract String getSigAlgOID(); /** * Returns the parameters of the signature algorithm in DER-encoded format. * * @return the parameters of the signature algorithm, or {@code null} if * none are used. */ public abstract byte[] getSigAlgParams(); /** * Returns the {@code issuerUniqueID} from the certificate. * * @return the {@code issuerUniqueID} or {@code null} if there's none in the * certificate. */ public abstract boolean[] getIssuerUniqueID(); /** * Returns the {@code subjectUniqueID} from the certificate. * * @return the {@code subjectUniqueID} or null if there's none in the * certificate. */ public abstract boolean[] getSubjectUniqueID(); /** * Returns the {@code KeyUsage} extension as a {@code boolean} array. *

* The ASN.1 definition of {@code KeyUsage}: * *

     * KeyUsage ::= BIT STRING {
     *      digitalSignature        (0),
     *      nonRepudiation          (1),
     *      keyEncipherment         (2),
     *      dataEncipherment        (3),
     *      keyAgreement            (4),
     *      keyCertSign             (5),
     *      cRLSign                 (6),
     *      encipherOnly            (7),
     *      decipherOnly            (8) }
     *
     * 
* * @return the {@code KeyUsage} extension or {@code null} if there's none in * the certificate. */ public abstract boolean[] getKeyUsage(); /** * Returns a read-only list of OID strings representing the {@code * ExtKeyUsageSyntax} field of the extended key usage extension. * * @return the extended key usage extension, or {@code null} if there's none * in the certificate. * @throws CertificateParsingException * if the extension decoding fails. */ public List getExtendedKeyUsage() throws CertificateParsingException { return null; } /** * Returns the path length of the certificate constraints from the {@code * BasicContraints} extension. * * @return the path length of the certificate constraints if the extension * is present or {@code -1} if the extension is not present. {@code * Integer.MAX_VALUE} if there's not limit. */ public abstract int getBasicConstraints(); /** * Returns a read-only list of the subject alternative names from the * {@code SubjectAltName} extension. *

* The ASN.1 definition of {@code SubjectAltName}: * *

     * SubjectAltName ::= GeneralNames
     *
     * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
     *
     * GeneralName ::= CHOICE {
     *      otherName                       [0]     AnotherName,
     *      rfc822Name                      [1]     IA5String,
     *      dNSName                         [2]     IA5String,
     *      x400Address                     [3]     ORAddress,
     *      directoryName                   [4]     Name,
     *      ediPartyName                    [5]     EDIPartyName,
     *      uniformResourceIdentifier       [6]     IA5String,
     *      iPAddress                       [7]     OCTET STRING,
     *      registeredID                    [8]     OBJECT IDENTIFIER }
     *
     * 
* * @return the subject alternative names or {@code null} if there are none * in the certificate. * @throws CertificateParsingException * if decoding of the extension fails. */ public Collection> getSubjectAlternativeNames() throws CertificateParsingException { return null; } /** * Returns a read-only list of the issuer alternative names from the {@code * IssuerAltName} extension. *

* The ASN.1 definition of {@code IssuerAltName}: * *

     * IssuerAltName ::= GeneralNames
     *
     * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
     *
     * GeneralName ::= CHOICE {
     *      otherName                       [0]     AnotherName,
     *      rfc822Name                      [1]     IA5String,
     *      dNSName                         [2]     IA5String,
     *      x400Address                     [3]     ORAddress,
     *      directoryName                   [4]     Name,
     *      ediPartyName                    [5]     EDIPartyName,
     *      uniformResourceIdentifier       [6]     IA5String,
     *      iPAddress                       [7]     OCTET STRING,
     *      registeredID                    [8]     OBJECT IDENTIFIER }
     *
     * 
* * @return the issuer alternative names of {@code null} if there are none in * the certificate. * @throws CertificateParsingException * if decoding of the extension fails. */ public Collection> getIssuerAlternativeNames() throws CertificateParsingException { return null; } }