Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

codec.x509
Class X509TBSCertificate

java.lang.Object
  extended by java.util.AbstractCollection<E>
      extended by java.util.AbstractList<E>
          extended by java.util.ArrayList
              extended by codec.asn1.ASN1AbstractCollection
                  extended by codec.asn1.ASN1Sequence
                      extended by codec.x509.X509TBSCertificate
All Implemented Interfaces:
ASN1Collection, ASN1Type, Externalizable, Serializable, Cloneable, Iterable, Collection, List, RandomAccess
public class X509TBSCertificate
extends ASN1Sequence
implements Externalizable

Implements a X.509v3 certificate TBS block according to the following ASN.1 data structure:

 TBSCertificate  ::=  SEQUENCE  {
  version                       [0]     EXPLICIT Version DEFAULT v1,
  serialNumber                  CertificateSerialNumber,
  signature                             AlgorithmIdentifier,
  issuer                                        Name,
  validity                              Validity,
  subject                                       Name,
  subjectPublicKeyInfo  SubjectPublicKeyInfo,
  issuerUniqueID                        [1]     IMPLICIT UniqueIdentifier OPTIONAL,  -- If present, version must be v2 or v3
  subjectUniqueID                       [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3
  extensions                    [3] EXPLICIT Extensions OPTIONAL          -- If present, version must be v3
 }

 UniqueIdentifier  ::=  BIT STRING

 Validity ::= SEQUENCE {
       notBefore      Time,
       notAfter       Time
 }

 Time ::= CHOICE {
      utcTime        UTCTime,
      generalTime    GeneralizedTime
 }
If you want to create a certificate, you should create a X509TBSCertificate,X509TBSCertificate, fill it with useful data (certificate serial number, validity period, subject and issuer DN, subject public key) and the signature algorithm!

Note that you have to set the signature algorithm before encoding a X509TBSCertificate or putting it into a X509Certificate!

Certificate version will be set automatically to "V2" if issuerUniqueID or subjectUniqueID is set and to "V3" if any extension is added. Version defaults to "V1".

Example: 

 ... tbd

Author:
Markus Tak
See Also:
Serialized Form

Field Summary
private  ASN1SequenceOf extensions_
           
private  ASN1TaggedType extensionsTag_
           
private  Name issuer_
           
private  ASN1BitString issuerUniqueID_
           
private  ASN1TaggedType issuerUniqueIDTag_
           
private  ASN1Choice notAfter_
           
private  ASN1Choice notBefore_
           
private  ASN1Integer serialNumber_
           
private  AlgorithmIdentifier signature_
           
private  Name subject_
           
private  SubjectPublicKeyInfo subjectPublicKeyInfo_
           
private  ASN1BitString subjectUniqueID_
           
private  ASN1TaggedType subjectUniqueIDTag_
           
private  ASN1Integer version_
           
private  ASN1TaggedType versionTag_
           
 
Fields inherited from class java.util.AbstractList
modCount
 
Constructor Summary
X509TBSCertificate()
          Constructor that builds the data structure
 
Method Summary
 void addExtension(X509Extension ext)
          Adds an extension to this certificate.
 int getBasicConstraints()
          From java.security.cert.X509Certificate.
 Set getCriticalExtensionOIDs()
          From java.security.cert.X509Extension.
 byte[] getEncoded()
          returns the DER-encoded bytearray of this certificate
 Collection getExtensions()
          Returns a Collection containing all extensions
 byte[] getExtensionValue(String ex)
          From java.security.cert.X509Extension.
 Principal getIssuerDN()
          From java.security.cert.X509Certificate.
 boolean[] getIssuerUniqueID()
          From java.security.cert.X509Certificate.
 boolean[] getKeyUsage()
          From java.security.cert.X509Certificate.
 Set getNonCriticalExtensionOIDs()
          From java.security.cert.X509Extension.
 Date getNotAfter()
          From java.security.cert.X509Certificate.
 Date getNotBefore()
          From java.security.cert.X509Certificate.
 PublicKey getPublicKey()
          From java.security.cert.X509Certificate.
 BigInteger getSerialNumber()
          From java.security.cert.X509Certificate.
 String getSigAlgName()
          From java.security.cert.X509Certificate.
 String getSigAlgOID()
          From java.security.cert.X509Certificate.
 byte[] getSigAlgParams()
          From java.security.cert.X509Certificate.
 Principal getSubjectDN()
          From java.security.cert.X509Certificate.
 boolean[] getSubjectUniqueID()
          From java.security.cert.X509Certificate.
 int getVersion()
          Returns the version of this X509 certificate (0=v1, 1=v2, 2=v3)
 boolean hasUnsupportedCriticalExtension()
          From java.security.cert.X509Extension.
 void readExternal(ObjectInput s)
           
 void setIssuerDN(Principal nissuer)
          Sets the issuers distinguished name (DN).
 void setIssuerUniqueID(byte[] nid)
          Sets the issuer's unique id.
 void setNotAfter(Calendar nnaf)
          Sets the "not after" field.
 void setNotAfter(Date nnaf)
          Sets the "not after" field.
 void setNotBefore(Calendar nnbf)
          Sets the "not before" field.
 void setNotBefore(Date nnbf)
          Sets the "not before" field.
 void setSerialNumber(BigInteger nsnr)
          Sets the serial number of this certificate
 void setSerialNumber(int nsnr)
          Sets the serial number of this certificate
 void setSignatureAlgorithm(AlgorithmIdentifier aid)
          Sets the signature algorithm.
 void setSubjectDN(Principal nsubject)
          Sets the subject's distinguished name (DN).
 void setSubjectPublicKey(PublicKey pk)
          Sets the subject's public key
 void setSubjectUniqueID(byte[] nid)
          Sets the subjects's unique id.
 String toString()
          human-readable String representation of this certificate
 void writeExternal(ObjectOutput s)
           
 
Methods inherited from class codec.asn1.ASN1Sequence
getTag
 
Methods inherited from class codec.asn1.ASN1AbstractCollection
checkConstraints, decode, encode, getCollection, getConstraint, getTagClass, getValue, isExplicit, isOptional, isType, setConstraint, setExplicit, setOptional
 
Methods inherited from class java.util.ArrayList
add, add, addAll, addAll, clear, clone, contains, ensureCapacity, get, indexOf, isEmpty, lastIndexOf, remove, remove, removeRange, set, size, toArray, toArray, trimToSize
 
Methods inherited from class java.util.AbstractList
equals, hashCode, iterator, listIterator, listIterator, subList
 
Methods inherited from class java.util.AbstractCollection
containsAll, removeAll, retainAll
 
Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface java.util.Collection
add, addAll, clear, contains, containsAll, equals, hashCode, isEmpty, iterator, remove, removeAll, retainAll, size, toArray, toArray
 
Methods inherited from interface java.util.List
containsAll, equals, hashCode, iterator, listIterator, listIterator, removeAll, retainAll, subList
 

Field Detail

version_

private ASN1Integer version_

versionTag_

private ASN1TaggedType versionTag_

serialNumber_

private ASN1Integer serialNumber_

signature_

private AlgorithmIdentifier signature_

issuer_

private Name issuer_

notBefore_

private ASN1Choice notBefore_

notAfter_

private ASN1Choice notAfter_

subject_

private Name subject_

subjectPublicKeyInfo_

private SubjectPublicKeyInfo subjectPublicKeyInfo_

issuerUniqueID_

private ASN1BitString issuerUniqueID_

issuerUniqueIDTag_

private ASN1TaggedType issuerUniqueIDTag_

subjectUniqueID_

private ASN1BitString subjectUniqueID_

subjectUniqueIDTag_

private ASN1TaggedType subjectUniqueIDTag_

extensions_

private ASN1SequenceOf extensions_

extensionsTag_

private ASN1TaggedType extensionsTag_
Constructor Detail

X509TBSCertificate

public X509TBSCertificate()
Constructor that builds the data structure

Method Detail

addExtension

public void addExtension(X509Extension ext)
Adds an extension to this certificate. Note that calling this method automatically means setting the version field to "2" (X.509 version V3)

Parameters:
ext - the extension to be added.

getBasicConstraints

public int getBasicConstraints()
From java.security.cert.X509Certificate. Returns the value of the pathLenConstraint in a BC extension if present and cA set to true. If the Basic Constraints extension (OID 2.5.29.19) is not present in this certificate, null is returned. 
 BasicConstraints ::= SEQUENCE {
        cA                  BOOLEAN DEFAULT FALSE,
  pathLenConstraint   INTEGER (0..MAX) OPTIONAL
 }

getCriticalExtensionOIDs

public Set getCriticalExtensionOIDs()
From java.security.cert.X509Extension. Gets a set of Strings containing all extension oids present being marked as critical.

getEncoded

public byte[] getEncoded()
                  throws CertificateEncodingException
returns the DER-encoded bytearray of this certificate

Throws:
CertificateEncodingException - if TBSCertificate could not be encoded correctly

getExtensions

public Collection getExtensions()
Returns a Collection containing all extensions

getExtensionValue

public byte[] getExtensionValue(String ex)
From java.security.cert.X509Extension. Gets the value of the extensions denoted by ex or null if not present.

getIssuerDN

public Principal getIssuerDN()
From java.security.cert.X509Certificate. Returns this certificate's issuer as a Principal.

getIssuerUniqueID

public boolean[] getIssuerUniqueID()
From java.security.cert.X509Certificate. Returns the issuer's Unique ID or null if not present.

getKeyUsage

public boolean[] getKeyUsage()
From java.security.cert.X509Certificate. Returns the bits of the KeyUsage extension (OID 2.5.29.15) if present in this certificate or null otherwise. 
 KeyUsage ::= BIT STRING {
        digitalSignature        (0),
        nonRepudiation          (1),
        keyEncipherment         (2),
        dataEncipherment        (3),
        keyAgreement            (4),
        keyCertSign             (5),
        cRLSign                 (6),
        encipherOnly            (7),
        decipherOnly            (8)
 }

getNonCriticalExtensionOIDs

public Set getNonCriticalExtensionOIDs()
From java.security.cert.X509Extension. Gets a set of Strings containing all extension oids present being marked as critical.

getNotAfter

public Date getNotAfter()
From java.security.cert.X509Certificate. Returns the Date after which this certificate is not valid anymore.

getNotBefore

public Date getNotBefore()
From java.security.cert.X509Certificate. Returns the Date before which this certificate is not valid.

getPublicKey

public PublicKey getPublicKey()
                       throws NoSuchAlgorithmException
From java.security.cert.X509Certificate. Returns the Public Key inside this certificate

Throws:
NoSuchAlgorithmException

getSerialNumber

public BigInteger getSerialNumber()
From java.security.cert.X509Certificate. Returns the Serial Number of this certificate

getSigAlgName

public String getSigAlgName()
From java.security.cert.X509Certificate. Returns the JCA-compliant Algorithm Name of the signature algorithm.

getSigAlgOID

public String getSigAlgOID()
From java.security.cert.X509Certificate. Returns the Object Identifier (OID) of the signature algorithm.

getSigAlgParams

public byte[] getSigAlgParams()
From java.security.cert.X509Certificate. Returns the Algorithm Parameters for the signature algorithm in a DER encoded form.

getSubjectDN

public Principal getSubjectDN()
From java.security.cert.X509Certificate. Returns this certificate's subject as a Principal.

getSubjectUniqueID

public boolean[] getSubjectUniqueID()
From java.security.cert.X509Certificate. Returns the subject's Unique ID or null if not present.

getVersion

public int getVersion()
Returns the version of this X509 certificate (0=v1, 1=v2, 2=v3)

hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()
From java.security.cert.X509Extension. Returns true if this certificate contains any extension being marked as critical but not supported by this implementation.

Currently, this function will always return false since extensions are managed in an abstract way.

setIssuerDN

public void setIssuerDN(Principal nissuer)
Sets the issuers distinguished name (DN). This method is especially for issuing a certificate.

Parameters:
nissuer - the Principal object describing the issuer.

setIssuerUniqueID

public void setIssuerUniqueID(byte[] nid)
Sets the issuer's unique id. This method is especially for issuing a certificate.

Parameters:
nid - the issuer's unique id

setNotAfter

public void setNotAfter(Calendar nnaf)
Sets the "not after" field. This method is especially for issuing a certificate.

Parameters:
nnaf - "not after" date

setNotAfter

public void setNotAfter(Date nnaf)
Sets the "not after" field. This method is especially for issuing a certificate.

Parameters:
nnaf - "not after" date

setNotBefore

public void setNotBefore(Calendar nnbf)
Sets the "not before" field. This method is especially for issuing a certificate.

Parameters:
nnbf - "not before" date

setNotBefore

public void setNotBefore(Date nnbf)
Sets the "not before" field. This method is especially for issuing a certificate.

Parameters:
nnbf - "not before" date

setSerialNumber

public void setSerialNumber(int nsnr)
Sets the serial number of this certificate

setSerialNumber

public void setSerialNumber(BigInteger nsnr)
Sets the serial number of this certificate

setSignatureAlgorithm

public void setSignatureAlgorithm(AlgorithmIdentifier aid)
Sets the signature algorithm. Note that the AlgorithmIdentifier will be cloned in order to prevent side-effects

Parameters:
aid - AlgorithmID of the signature algorithm

setSubjectDN

public void setSubjectDN(Principal nsubject)
Sets the subject's distinguished name (DN). This method is especially for issuing a certificate.

Parameters:
nsubject - the Principal object describing the subject.

setSubjectPublicKey

public void setSubjectPublicKey(PublicKey pk)
                         throws InvalidKeyException
Sets the subject's public key

Throws:
InvalidKeyException

setSubjectUniqueID

public void setSubjectUniqueID(byte[] nid)
Sets the subjects's unique id. This method is especially for issuing a certificate.

Parameters:
nid - the subjects's unique id

toString

public String toString()
human-readable String representation of this certificate

Overrides:
toString in class ASN1AbstractCollection
Returns:
The string representation of this ASN.1 collection.

writeExternal

public void writeExternal(ObjectOutput s)
                   throws IOException
Specified by:
writeExternal in interface Externalizable
Throws:
IOException

readExternal

public void readExternal(ObjectInput s)
                  throws IOException
Specified by:
readExternal in interface Externalizable
Throws:
IOException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © Fraunhofer Gesellschaft. All Rights Reserved.