151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/* 22c87ad3a45cecf9e344487cad1abfdebe79f2c7cNarayan Kamath * Copyright (C) 2014 The Android Open Source Project 351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Copyright (c) 1997, 2008, Oracle and/or its affiliates. All rights reserved. 451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is free software; you can redistribute it and/or modify it 751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under the terms of the GNU General Public License version 2 only, as 851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * published by the Free Software Foundation. Oracle designates this 951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * particular file as subject to the "Classpath" exception as provided 1051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by Oracle in the LICENSE file that accompanied this code. 1151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This code is distributed in the hope that it will be useful, but WITHOUT 1351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version 2 for more details (a copy is included in the LICENSE file that 1651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * accompanied this code). 1751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 1851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * You should have received a copy of the GNU General Public License version 1951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2 along with this work; if not, write to the Free Software Foundation, 2051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 2251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or visit www.oracle.com if you need additional information or have any 2451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * questions. 2551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 2651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 2851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipackage javax.security.cert; 2951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 30ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamathimport com.sun.security.cert.internal.x509.X509V1CertImpl; 31ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath 3251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.io.InputStream; 3351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.lang.Class; 3451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.lang.reflect.Constructor; 3551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.lang.reflect.InvocationTargetException; 3651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.Security; 3751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 3851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.math.BigInteger; 3951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.AccessController; 4051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.Principal; 4151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.PrivilegedAction; 4251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.security.PublicKey; 4351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.BitSet; 4451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskiimport java.util.Date; 4551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 4651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski/** 4751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Abstract class for X.509 v1 certificates. This provides a standard 4851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * way to access all the version 1 attributes of an X.509 certificate. 4951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Attributes that are specific to X.509 v2 or v3 are not available 5051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * through this interface. Future API evolution will provide full access to 5151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * complete X.509 v3 attributes. 5251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 5351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The basic X.509 format was defined by 5451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ISO/IEC and ANSI X9 and is described below in ASN.1: 5551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 5651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Certificate ::= SEQUENCE { 5751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * tbsCertificate TBSCertificate, 5851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signatureAlgorithm AlgorithmIdentifier, 5951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signature BIT STRING } 6051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 6151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 6251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * These certificates are widely used to support authentication and 6351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * other functionality in Internet security systems. Common applications 6451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), 6551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * code signing for trusted software distribution, and Secure Electronic 6651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Transactions (SET). 6751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 6851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * These certificates are managed and vouched for by <em>Certificate 6951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Authorities</em> (CAs). CAs are services which create certificates by 7051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * placing data in the X.509 standard format and then digitally signing 7151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * that data. CAs act as trusted third parties, making introductions 7251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * between principals who have no direct knowledge of each other. 7351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CA certificates are either signed by themselves, or by some other 7451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CA such as a "root" CA. 7551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 76199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * The ASN.1 definition of {@code tbsCertificate} is: 7751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 7851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * TBSCertificate ::= SEQUENCE { 7951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * version [0] EXPLICIT Version DEFAULT v1, 8051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * serialNumber CertificateSerialNumber, 8151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signature AlgorithmIdentifier, 8251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * issuer Name, 8351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * validity Validity, 8451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * subject Name, 8551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * subjectPublicKeyInfo SubjectPublicKeyInfo, 8651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * } 8751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 8851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 8951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Here is sample code to instantiate an X.509 certificate: 9051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 9151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * InputStream inStream = new FileInputStream("fileName-of-cert"); 9251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * X509Certificate cert = X509Certificate.getInstance(inStream); 9351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * inStream.close(); 9451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 9551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * OR 9651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 9751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * byte[] certData = <certificate read from a file, say> 9851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * X509Certificate cert = X509Certificate.getInstance(certData); 9951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 10051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 10151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * In either case, the code that instantiates an X.509 certificate 102199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * consults the value of the {@code cert.provider.x509v1} security property 103199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * to locate the actual implementation or instantiates a default implementation. 10451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 105199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * The {@code cert.provider.x509v1} property is set to a default 106199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * implementation for X.509 such as: 10751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 10851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl 10951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 11051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 111199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * The value of this {@code cert.provider.x509v1} property has to be 112199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * changed to instantiate another implementation. If this security 11351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * property is not set, a default implementation will be used. 11451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Currently, due to possible security restrictions on access to 11551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Security properties, this value is looked up and cached at class 11651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * initialization time and will fallback on a default implementation if 11751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the Security property is not accessible. 11851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 119199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * <p><em>Note: The classes in the package {@code javax.security.cert} 12051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * exist for compatibility with earlier versions of the 12151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Java Secure Sockets Extension (JSSE). New applications should instead 12251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * use the standard Java SE certificate classes located in 123199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * {@code java.security.cert}.</em></p> 12451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 12551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @author Hemma Prafullchandra 12651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @since 1.4 12751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see Certificate 12851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see java.security.cert.X509Extension 129199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * @see java.security.Security security properties 13051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 13151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebskipublic abstract class X509Certificate extends Certificate { 13251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 13351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /* 13451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Constant to lookup in the Security properties file. 13551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * In the Security properties file the default implementation 13651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for X.509 v3 is given as: 13751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 13851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl 13951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 14051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 14151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private static final String X509_PROVIDER = "cert.provider.x509v1"; 14251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private static String X509Provider; 14351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 144ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath // Android-added. 145ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath private static final String DEFAULT_X509_CERT_CLASS = X509V1CertImpl.class.getName(); 146ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath 14751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski static { 14851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski X509Provider = AccessController.doPrivileged( 14951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski new PrivilegedAction<String>() { 15051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public String run() { 15151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return Security.getProperty(X509_PROVIDER); 15251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 15351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 15451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski ); 15551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 15651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 15751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 15851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Instantiates an X509Certificate object, and initializes it with 159199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * the data read from the input stream {@code inStream}. 16051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The implementation (X509Certificate is an abstract class) is 16151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * provided by the class specified as the value of the 162199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * {@code cert.provider.x509v1} security property. 16351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 16451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>Note: Only one DER-encoded 16551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate is expected to be in the input stream. 16651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Also, all X509Certificate 16751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * subclasses must provide a constructor of the form: 168199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * <pre>{@code 169199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * public <subClass>(InputStream inStream) ... 170199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * }</pre> 17151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 17251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param inStream an input stream with the data to be read to 17351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * initialize the certificate. 17451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return an X509Certificate object initialized with the data 17551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * from the input stream. 17651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException if a class initialization 17751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or certificate parsing error occurs. 17851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 17951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static final X509Certificate getInstance(InputStream inStream) 18051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateException { 18151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return getInst((Object)inStream); 18251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 18351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 18451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 18551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Instantiates an X509Certificate object, and initializes it with 18651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the specified byte array. 18751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The implementation (X509Certificate is an abstract class) is 18851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * provided by the class specified as the value of the 189199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * {@code cert.provider.x509v1} security property. 19051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 19151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>Note: All X509Certificate 19251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * subclasses must provide a constructor of the form: 193199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * <pre>{@code 194199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * public <subClass>(InputStream inStream) ... 195199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * }</pre> 19651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 19751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param certData a byte array containing the DER-encoded 19851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate. 19951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return an X509Certificate object initialized with the data 200199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * from {@code certData}. 20151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateException if a class initialization 20251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * or certificate parsing error occurs. 20351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 20451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public static final X509Certificate getInstance(byte[] certData) 20551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateException { 20651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return getInst((Object)certData); 20751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 20851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 20951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski private static final X509Certificate getInst(Object value) 21051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateException { 21151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /* 21251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * This turns out not to work for now. To run under JDK1.2 we would 21351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * need to call beginPrivileged() but we can't do that and run 21451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * under JDK1.1. 21551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 21651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski String className = X509Provider; 21751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (className == null || className.length() == 0) { 21851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // shouldn't happen, but assume corrupted properties file 21951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // provide access to sun implementation 220ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath // 221ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath // Android-changed. 222ec3e6a75dafb126c36c430e0c991f8ca6031425cNarayan Kamath className = DEFAULT_X509_CERT_CLASS; 22351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 22451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski try { 225199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro Class<?>[] params = null; 22651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski if (value instanceof InputStream) { 227199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro params = new Class<?>[] { InputStream.class }; 22851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else if (value instanceof byte[]) { 229199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro params = new Class<?>[] { value.getClass() }; 23051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } else 23151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CertificateException("Unsupported argument type"); 23251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Class<?> certClass = Class.forName(className); 23351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 23451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // get the appropriate constructor and instantiate it 23551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Constructor<?> cons = certClass.getConstructor(params); 23651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 23751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski // get a new instance 23851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski Object obj = cons.newInstance(new Object[] {value}); 23951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski return (X509Certificate)obj; 24051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 24151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (ClassNotFoundException e) { 24251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CertificateException("Could not find class: " + e); 24351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (IllegalAccessException e) { 24451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CertificateException("Could not access class: " + e); 24551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (InstantiationException e) { 24651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CertificateException("Problems instantiating: " + e); 24751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (InvocationTargetException e) { 24851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CertificateException("InvocationTargetException: " 24951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski + e.getTargetException()); 25051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } catch (NoSuchMethodException e) { 25151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throw new CertificateException("Could not find class method: " 25251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski + e.getMessage()); 25351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 25451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski } 25551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 25651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 25751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Checks that the certificate is currently valid. It is if 25851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the current date and time are within the validity period given in the 25951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate. 26051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p> 26151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The validity period consists of two date/time values: 26251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the first and last dates (and times) on which the certificate 26351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is valid. It is defined in 26451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * ASN.1 as: 26551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 266199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * validity Validity 267199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * 26851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Validity ::= SEQUENCE { 26951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * notBefore CertificateValidityDate, 270199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * notAfter CertificateValidityDate } 271199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * 27251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateValidityDate ::= CHOICE { 27351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * utcTime UTCTime, 27451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * generalTime GeneralizedTime } 27551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 27651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 27751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateExpiredException if the certificate has expired. 27851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateNotYetValidException if the certificate is not 27951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * yet valid. 28051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 28151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void checkValidity() 28251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateExpiredException, CertificateNotYetValidException; 28351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 28451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 28551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Checks that the specified date is within the certificate's 28651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * validity period. In other words, this determines whether the 28751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate would be valid at the specified date/time. 28851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 28951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @param date the Date to check against to see if this certificate 29051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * is valid at that date/time. 29151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateExpiredException if the certificate has expired 292199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * with respect to the {@code date} supplied. 29351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @exception CertificateNotYetValidException if the certificate is not 294199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * yet valid with respect to the {@code date} supplied. 29551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #checkValidity() 29651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 29751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract void checkValidity(Date date) 29851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski throws CertificateExpiredException, CertificateNotYetValidException; 29951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 30051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 301199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * Gets the {@code version} (version number) value from the 30251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate. The ASN.1 definition for this is: 30351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 304199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * version [0] EXPLICIT Version DEFAULT v1 305199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * 30651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Version ::= INTEGER { v1(0), v2(1), v3(2) } 30751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 30851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 30951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the version number from the ASN.1 encoding, i.e. 0, 1 or 2. 31051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 31151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract int getVersion(); 31251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 31351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 314199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * Gets the {@code serialNumber} value from the certificate. 31551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The serial number is an integer assigned by the certification 31651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * authority to each certificate. It must be unique for each 31751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate issued by a given CA (i.e., the issuer name and 31851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * serial number identify a unique certificate). 31951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 definition for this is: 32051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 321199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * serialNumber CertificateSerialNumber 32251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 32351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateSerialNumber ::= INTEGER 32451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 32551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 32651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the serial number. 32751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 32851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract BigInteger getSerialNumber(); 32951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 33051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 331199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * Gets the {@code issuer} (issuer distinguished name) value from 33251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the certificate. The issuer name identifies the entity that signed (and 33351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * issued) the certificate. 33451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 33551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>The issuer name field contains an 33651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * X.500 distinguished name (DN). 33751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 definition for this is: 33851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 339199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * issuer Name 34051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 34151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Name ::= CHOICE { RDNSequence } 34251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName 34351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * RelativeDistinguishedName ::= 34451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * SET OF AttributeValueAssertion 34551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 34651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AttributeValueAssertion ::= SEQUENCE { 34751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AttributeType, 34851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AttributeValue } 34951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AttributeType ::= OBJECT IDENTIFIER 35051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AttributeValue ::= ANY 35151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 352199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * The {@code Name} describes a hierarchical name composed of 35351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * attributes, such as country name, and corresponding values, such as US. 354199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * The type of the {@code AttributeValue} component is determined by 355199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * the {@code AttributeType}; in general it will be a 356199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * {@code directoryString}. A {@code directoryString} is usually 357199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * one of {@code PrintableString}, 358199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * {@code TeletexString} or {@code UniversalString}. 35951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 36051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a Principal whose name is the issuer distinguished name. 36151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 36251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract Principal getIssuerDN(); 36351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 36451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 365199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * Gets the {@code subject} (subject distinguished name) value 36651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * from the certificate. 36751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 definition for this is: 36851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 36951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * subject Name 37051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 37151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 372199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * <p>See {@link #getIssuerDN() getIssuerDN} for {@code Name} 37351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * and other relevant definitions. 37451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 37551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return a Principal whose name is the subject name. 37651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #getIssuerDN() 37751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 37851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract Principal getSubjectDN(); 37951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 38051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 381199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * Gets the {@code notBefore} date from the validity period of 38251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the certificate. 38351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The relevant ASN.1 definitions are: 38451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 385199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * validity Validity 38651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 38751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Validity ::= SEQUENCE { 38851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * notBefore CertificateValidityDate, 389199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * notAfter CertificateValidityDate } 390199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * 39151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * CertificateValidityDate ::= CHOICE { 39251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * utcTime UTCTime, 39351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * generalTime GeneralizedTime } 39451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 39551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 39651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the start date of the validity period. 39751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #checkValidity() 39851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 39951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract Date getNotBefore(); 40051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 40151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 402199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * Gets the {@code notAfter} date from the validity period of 40351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * the certificate. See {@link #getNotBefore() getNotBefore} 40451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * for relevant ASN.1 definitions. 40551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 40651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the end date of the validity period. 40751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @see #checkValidity() 40851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 40951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract Date getNotAfter(); 41051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 41151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 41251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the signature algorithm name for the certificate 41351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * signature algorithm. An example is the string "SHA-1/DSA". 41451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * The ASN.1 definition for this is: 41551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <pre> 416199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * signatureAlgorithm AlgorithmIdentifier 417199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * 41851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * AlgorithmIdentifier ::= SEQUENCE { 41951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * algorithm OBJECT IDENTIFIER, 42051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * parameters ANY DEFINED BY algorithm OPTIONAL } 42151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- contains a value of the type 42251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- registered for use with the 42351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * -- algorithm object identifier value 42451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * </pre> 42551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 426199ba578772e1b9860be61f1733d59c3e24b0b66Sergio Giro * <p>The algorithm name is determined from the {@code algorithm} 42751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * OID string. 42851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 42951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the signature algorithm name. 43051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 43151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract String getSigAlgName(); 43251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 43351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 43451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the signature algorithm OID string from the certificate. 43551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * An OID is represented by a set of positive whole numbers separated 43651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * by periods. 43751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * For example, the string "1.2.840.10040.4.3" identifies the SHA-1 43851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * with DSA signature algorithm, as per the PKIX part I. 43951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 44051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>See {@link #getSigAlgName() getSigAlgName} for 44151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * relevant ASN.1 definitions. 44251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 44351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the signature algorithm OID string. 44451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 44551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract String getSigAlgOID(); 44651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski 44751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski /** 44851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * Gets the DER-encoded signature algorithm parameters from this 44951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * certificate's signature algorithm. In most cases, the signature 45051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * algorithm parameters are null; the parameters are usually 45151b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * supplied with the certificate's public key. 45251b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 45351b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * <p>See {@link #getSigAlgName() getSigAlgName} for 45451b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * relevant ASN.1 definitions. 45551b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * 45651b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * @return the DER-encoded signature algorithm parameters, or 45751b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski * null if no parameters are present. 45851b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski */ 45951b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski public abstract byte[] getSigAlgParams(); 46051b1b6997fd3f980076b8081f7f1165ccc2a4008Piotr Jastrzebski} 461