151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/*
22c87ad3a45cecf9e344487cad1abfdebe79f2c7cNarayan Kamath * Copyright (C) 2014 The Android Open Source Project
351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Copyright (c) 1997, 2008, Oracle and/or its affiliates. All rights reserved.
451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *
651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it
751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as
851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation.  Oracle designates this
951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided
1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code.
1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *
1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT
1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that
1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code).
1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *
1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version
1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation,
2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *
2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any
2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions.
2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */
2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage javax.security.cert;
2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
30ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamathimport com.sun.security.cert.internal.x509.X509V1CertImpl;
31ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath
3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.io.InputStream;
3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.lang.Class;
3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.lang.reflect.Constructor;
3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.lang.reflect.InvocationTargetException;
3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.Security;
3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.math.BigInteger;
3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.AccessController;
4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.Principal;
4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.PrivilegedAction;
4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.PublicKey;
4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.BitSet;
4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.Date;
4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/**
4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Abstract class for X.509 v1 certificates. This provides a standard
4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * way to access all the version 1 attributes of an X.509 certificate.
4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Attributes that are specific to X.509 v2 or v3 are not available
5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * through this interface. Future API evolution will provide full access to
5151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * complete X.509 v3 attributes.
5251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>
5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The basic X.509 format was defined by
5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ISO/IEC and ANSI X9 and is described below in ASN.1:
5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre>
5651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Certificate  ::=  SEQUENCE  {
5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     tbsCertificate       TBSCertificate,
5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     signatureAlgorithm   AlgorithmIdentifier,
5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     signature            BIT STRING  }
6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre>
6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>
6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * These certificates are widely used to support authentication and
6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * other functionality in Internet security systems. Common applications
6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL),
6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * code signing for trusted software distribution, and Secure Electronic
6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Transactions (SET).
6751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>
6851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * These certificates are managed and vouched for by <em>Certificate
6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Authorities</em> (CAs). CAs are services which create certificates by
7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * placing data in the X.509 standard format and then digitally signing
7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * that data. CAs act as trusted third parties, making introductions
7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * between principals who have no direct knowledge of each other.
7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CA certificates are either signed by themselves, or by some other
7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CA such as a "root" CA.
7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>
76199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * The ASN.1 definition of {@code tbsCertificate} is:
7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre>
7851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * TBSCertificate  ::=  SEQUENCE  {
7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     version         [0]  EXPLICIT Version DEFAULT v1,
8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     serialNumber         CertificateSerialNumber,
8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     signature            AlgorithmIdentifier,
8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     issuer               Name,
8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     validity             Validity,
8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     subject              Name,
8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     subjectPublicKeyInfo SubjectPublicKeyInfo,
8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *     }
8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre>
8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>
8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Here is sample code to instantiate an X.509 certificate:
9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre>
9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * InputStream inStream = new FileInputStream("fileName-of-cert");
9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * X509Certificate cert = X509Certificate.getInstance(inStream);
9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * inStream.close();
9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre>
9551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * OR
9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre>
9751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * byte[] certData = &lt;certificate read from a file, say&gt;
9851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * X509Certificate cert = X509Certificate.getInstance(certData);
9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre>
10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>
10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * In either case, the code that instantiates an X.509 certificate
102199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * consults the value of the {@code cert.provider.x509v1} security property
103199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * to locate the actual implementation or instantiates a default implementation.
10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>
105199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * The {@code cert.provider.x509v1} property is set to a default
106199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * implementation for X.509 such as:
10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre>
10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl
10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre>
11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>
111199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * The value of this {@code cert.provider.x509v1} property has to be
112199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * changed to instantiate another implementation. If this security
11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * property is not set, a default implementation will be used.
11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Currently, due to possible security restrictions on access to
11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Security properties, this value is looked up and cached at class
11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * initialization time and will fallback on a default implementation if
11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the Security property is not accessible.
11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *
119199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * <p><em>Note: The classes in the package {@code javax.security.cert}
12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * exist for compatibility with earlier versions of the
12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Java Secure Sockets Extension (JSSE). New applications should instead
12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * use the standard Java SE certificate classes located in
123199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * {@code java.security.cert}.</em></p>
12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski *
12551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Hemma Prafullchandra
12651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4
12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see Certificate
12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see java.security.cert.X509Extension
129199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * @see java.security.Security security properties
13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */
13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic abstract class X509Certificate extends Certificate {
13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /*
13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Constant to lookup in the Security properties file.
13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * In the Security properties file the default implementation
13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * for X.509 v3 is given as:
13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <pre>
13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl
13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * </pre>
14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    private static final String X509_PROVIDER = "cert.provider.x509v1";
14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    private static String X509Provider;
14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
144ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath    // Android-added.
145ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath    private static final String DEFAULT_X509_CERT_CLASS = X509V1CertImpl.class.getName();
146ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath
14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    static {
14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        X509Provider = AccessController.doPrivileged(
14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            new PrivilegedAction<String>() {
15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski                public String run() {
15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski                    return Security.getProperty(X509_PROVIDER);
15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski                }
15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            }
15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        );
15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    }
15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Instantiates an X509Certificate object, and initializes it with
159199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * the data read from the input stream {@code inStream}.
16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * The implementation (X509Certificate is an abstract class) is
16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * provided by the class specified as the value of the
162199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * {@code cert.provider.x509v1} security property.
16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <p>Note: Only one DER-encoded
16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * certificate is expected to be in the input stream.
16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Also, all X509Certificate
16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * subclasses must provide a constructor of the form:
168199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * <pre>{@code
169199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * public <subClass>(InputStream inStream) ...
170199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * }</pre>
17151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
17251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @param inStream an input stream with the data to be read to
17351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *        initialize the certificate.
17451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return an X509Certificate object initialized with the data
17551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *         from the input stream.
17651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @exception CertificateException if a class initialization
17751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *            or certificate parsing error occurs.
17851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
17951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public static final X509Certificate getInstance(InputStream inStream)
18051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    throws CertificateException {
18151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        return getInst((Object)inStream);
18251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    }
18351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
18451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
18551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Instantiates an X509Certificate object, and initializes it with
18651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * the specified byte array.
18751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * The implementation (X509Certificate is an abstract class) is
18851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * provided by the class specified as the value of the
189199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * {@code cert.provider.x509v1} security property.
19051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
19151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <p>Note: All X509Certificate
19251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * subclasses must provide a constructor of the form:
193199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * <pre>{@code
194199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * public <subClass>(InputStream inStream) ...
195199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * }</pre>
19651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
19751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @param certData a byte array containing the DER-encoded
19851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *        certificate.
19951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return an X509Certificate object initialized with the data
200199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     *         from {@code certData}.
20151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @exception CertificateException if a class initialization
20251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *            or certificate parsing error occurs.
20351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
20451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public static final X509Certificate getInstance(byte[] certData)
20551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    throws CertificateException {
20651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        return getInst((Object)certData);
20751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    }
20851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
20951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    private static final X509Certificate getInst(Object value)
21051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    throws CertificateException {
21151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        /*
21251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski         * This turns out not to work for now. To run under JDK1.2 we would
21351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski         * need to call beginPrivileged() but we can't do that and run
21451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski         * under JDK1.1.
21551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski         */
21651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        String className = X509Provider;
21751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        if (className == null || className.length() == 0) {
21851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            // shouldn't happen, but assume corrupted properties file
21951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            // provide access to sun implementation
220ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath            //
221ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath            // Android-changed.
222ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath            className = DEFAULT_X509_CERT_CLASS;
22351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        }
22451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        try {
225199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro            Class<?>[] params = null;
22651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            if (value instanceof InputStream) {
227199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro                params = new Class<?>[] { InputStream.class };
22851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            } else if (value instanceof byte[]) {
229199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro                params = new Class<?>[] { value.getClass() };
23051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            } else
23151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski                throw new CertificateException("Unsupported argument type");
23251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            Class<?> certClass = Class.forName(className);
23351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
23451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            // get the appropriate constructor and instantiate it
23551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            Constructor<?> cons = certClass.getConstructor(params);
23651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
23751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            // get a new instance
23851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            Object obj = cons.newInstance(new Object[] {value});
23951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski            return (X509Certificate)obj;
24051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
24151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        } catch (ClassNotFoundException e) {
24251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski          throw new CertificateException("Could not find class: " + e);
24351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        } catch (IllegalAccessException e) {
24451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski          throw new CertificateException("Could not access class: " + e);
24551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        } catch (InstantiationException e) {
24651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski          throw new CertificateException("Problems instantiating: " + e);
24751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        } catch (InvocationTargetException e) {
24851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski          throw new CertificateException("InvocationTargetException: "
24951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski                                         + e.getTargetException());
25051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        } catch (NoSuchMethodException e) {
25151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski          throw new CertificateException("Could not find class method: "
25251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski                                          + e.getMessage());
25351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        }
25451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    }
25551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
25651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
25751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Checks that the certificate is currently valid. It is if
25851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * the current date and time are within the validity period given in the
25951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * certificate.
26051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <p>
26151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * The validity period consists of two date/time values:
26251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * the first and last dates (and times) on which the certificate
26351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * is valid. It is defined in
26451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * ASN.1 as:
26551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <pre>
266199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * validity             Validity
267199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     *
26851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Validity ::= SEQUENCE {
26951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *     notBefore      CertificateValidityDate,
270199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     *     notAfter       CertificateValidityDate }
271199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     *
27251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * CertificateValidityDate ::= CHOICE {
27351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *     utcTime        UTCTime,
27451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *     generalTime    GeneralizedTime }
27551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * </pre>
27651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
27751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @exception CertificateExpiredException if the certificate has expired.
27851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @exception CertificateNotYetValidException if the certificate is not
27951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *            yet valid.
28051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
28151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract void checkValidity()
28251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        throws CertificateExpiredException, CertificateNotYetValidException;
28351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
28451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
28551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Checks that the specified date is within the certificate's
28651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * validity period. In other words, this determines whether the
28751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * certificate would be valid at the specified date/time.
28851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
28951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @param date the Date to check against to see if this certificate
29051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *        is valid at that date/time.
29151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @exception CertificateExpiredException if the certificate has expired
292199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     *            with respect to the {@code date} supplied.
29351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @exception CertificateNotYetValidException if the certificate is not
294199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     *            yet valid with respect to the {@code date} supplied.
29551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @see #checkValidity()
29651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
29751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract void checkValidity(Date date)
29851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski        throws CertificateExpiredException, CertificateNotYetValidException;
29951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
30051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
301199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * Gets the {@code version} (version number) value from the
30251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * certificate. The ASN.1 definition for this is:
30351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <pre>
304199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * version         [0]  EXPLICIT Version DEFAULT v1
305199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     *
30651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
30751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * </pre>
30851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
30951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return the version number from the ASN.1 encoding, i.e. 0, 1 or 2.
31051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
31151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract int getVersion();
31251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
31351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
314199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * Gets the {@code serialNumber} value from the certificate.
31551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * The serial number is an integer assigned by the certification
31651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * authority to each certificate. It must be unique for each
31751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * certificate issued by a given CA (i.e., the issuer name and
31851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * serial number identify a unique certificate).
31951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * The ASN.1 definition for this is:
32051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <pre>
321199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * serialNumber     CertificateSerialNumber
32251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
32351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * CertificateSerialNumber  ::=  INTEGER
32451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * </pre>
32551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
32651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return the serial number.
32751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
32851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract BigInteger getSerialNumber();
32951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
33051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
331199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * Gets the {@code issuer} (issuer distinguished name) value from
33251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * the certificate. The issuer name identifies the entity that signed (and
33351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * issued) the certificate.
33451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
33551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <p>The issuer name field contains an
33651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * X.500 distinguished name (DN).
33751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * The ASN.1 definition for this is:
33851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <pre>
339199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * issuer    Name
34051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
34151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Name ::= CHOICE { RDNSequence }
34251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
34351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * RelativeDistinguishedName ::=
34451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *     SET OF AttributeValueAssertion
34551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
34651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * AttributeValueAssertion ::= SEQUENCE {
34751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *                               AttributeType,
34851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *                               AttributeValue }
34951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * AttributeType ::= OBJECT IDENTIFIER
35051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * AttributeValue ::= ANY
35151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * </pre>
352199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * The {@code Name} describes a hierarchical name composed of
35351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * attributes, such as country name, and corresponding values, such as US.
354199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * The type of the {@code AttributeValue} component is determined by
355199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * the {@code AttributeType}; in general it will be a
356199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * {@code directoryString}. A {@code directoryString} is usually
357199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * one of {@code PrintableString},
358199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * {@code TeletexString} or {@code UniversalString}.
35951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
36051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return a Principal whose name is the issuer distinguished name.
36151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
36251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract Principal getIssuerDN();
36351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
36451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
365199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * Gets the {@code subject} (subject distinguished name) value
36651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * from the certificate.
36751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * The ASN.1 definition for this is:
36851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <pre>
36951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * subject    Name
37051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * </pre>
37151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
372199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * <p>See {@link #getIssuerDN() getIssuerDN} for {@code Name}
37351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * and other relevant definitions.
37451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
37551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return a Principal whose name is the subject name.
37651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @see #getIssuerDN()
37751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
37851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract Principal getSubjectDN();
37951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
38051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
381199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * Gets the {@code notBefore} date from the validity period of
38251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * the certificate.
38351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * The relevant ASN.1 definitions are:
38451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <pre>
385199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * validity             Validity
38651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
38751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Validity ::= SEQUENCE {
38851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *     notBefore      CertificateValidityDate,
389199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     *     notAfter       CertificateValidityDate }
390199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     *
39151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * CertificateValidityDate ::= CHOICE {
39251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *     utcTime        UTCTime,
39351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *     generalTime    GeneralizedTime }
39451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * </pre>
39551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
39651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return the start date of the validity period.
39751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @see #checkValidity()
39851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
39951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract Date getNotBefore();
40051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
40151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
402199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * Gets the {@code notAfter} date from the validity period of
40351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * the certificate. See {@link #getNotBefore() getNotBefore}
40451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * for relevant ASN.1 definitions.
40551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
40651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return the end date of the validity period.
40751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @see #checkValidity()
40851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
40951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract Date getNotAfter();
41051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
41151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
41251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Gets the signature algorithm name for the certificate
41351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * signature algorithm. An example is the string "SHA-1/DSA".
41451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * The ASN.1 definition for this is:
41551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <pre>
416199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * signatureAlgorithm   AlgorithmIdentifier
417199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     *
41851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * AlgorithmIdentifier  ::=  SEQUENCE  {
41951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *     algorithm               OBJECT IDENTIFIER,
42051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *     parameters              ANY DEFINED BY algorithm OPTIONAL  }
42151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *                             -- contains a value of the type
42251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *                             -- registered for use with the
42351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *                             -- algorithm object identifier value
42451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * </pre>
42551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
426199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro     * <p>The algorithm name is determined from the {@code algorithm}
42751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * OID string.
42851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
42951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return the signature algorithm name.
43051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
43151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract String getSigAlgName();
43251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
43351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
43451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Gets the signature algorithm OID string from the certificate.
43551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * An OID is represented by a set of positive whole numbers separated
43651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * by periods.
43751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * For example, the string "1.2.840.10040.4.3" identifies the SHA-1
43851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * with DSA signature algorithm, as per the PKIX part I.
43951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
44051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <p>See {@link #getSigAlgName() getSigAlgName} for
44151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * relevant ASN.1 definitions.
44251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
44351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return the signature algorithm OID string.
44451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
44551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract String getSigAlgOID();
44651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski
44751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    /**
44851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * Gets the DER-encoded signature algorithm parameters from this
44951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * certificate's signature algorithm. In most cases, the signature
45051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * algorithm parameters are null; the parameters are usually
45151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * supplied with the certificate's public key.
45251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
45351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * <p>See {@link #getSigAlgName() getSigAlgName} for
45451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * relevant ASN.1 definitions.
45551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *
45651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     * @return the DER-encoded signature algorithm parameters, or
45751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     *         null if no parameters are present.
45851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski     */
45951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski    public abstract byte[] getSigAlgParams();
46051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski}
461