Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

codec.x509
Class X509TBSCertificate

java.lang.Object
  |
  +--java.util.AbstractCollection
        |
        +--java.util.AbstractList
              |
              +--java.util.ArrayList
                    |
                    +--codec.asn1.ASN1AbstractCollection
                          |
                          +--codec.asn1.ASN1Sequence
                                |
                                +--codec.x509.X509TBSCertificate
All Implemented Interfaces:
ASN1Collection, ASN1Type, Cloneable, Collection, Externalizable, List, Serializable
public class X509TBSCertificate
extends ASN1Sequence
implements Externalizable

Implements a X.509v3 certificate TBS block according to the following ASN.1 data structure: 

 TBSCertificate  ::=  SEQUENCE  {
  version         		[0]	EXPLICIT Version DEFAULT v1,
  serialNumber			CertificateSerialNumber,
  signature				AlgorithmIdentifier,
  issuer					Name,
  validity				Validity,
  subject					Name,
  subjectPublicKeyInfo	SubjectPublicKeyInfo,
  issuerUniqueID			[1]	IMPLICIT UniqueIdentifier OPTIONAL,  -- If present, version must be v2 or v3
  subjectUniqueID			[2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3
  extensions      		[3] EXPLICIT Extensions OPTIONAL          -- If present, version must be v3
 }
 UniqueIdentifier  ::=  BIT STRING
 Validity ::= SEQUENCE {
       notBefore      Time,
       notAfter       Time
 }
 Time ::= CHOICE {
      utcTime        UTCTime,
      generalTime    GeneralizedTime
 }
If you want to create a certificate, you should create a X509TBSCertificate, fill it with useful data (certificate serial number, validity period, subject and issuer DN, subject public key) and the signature algorithm!

Note that you have to set the signature algorithm before encoding a X509TBSCertificate or putting it into a X509Certificate!

Certificate version will be set automatically to "V2" if issuerUniqueID or subjectUniqueID is set and to "V3" if any extension is added. Version defaults to "V1".

Example: 

 ... tbd

Author:
Markus Tak
See Also:
Serialized Form

Field Summary
static int DEFAULT_VERSION
          The default version identifier for this class, which is v3(2).
 
Fields inherited from class java.util.AbstractList
modCount
 
Constructor Summary
X509TBSCertificate()
          Constructor that builds the data structure
 
Method Summary
 void addExtension(X509Extension ext)
          Adds an extension to this certificate.
 int getBasicConstraints()
          From java.security.cert.X509Certificate.
 Set getCriticalExtensionOIDs()
          From java.security.cert.X509Extension.
 byte[] getEncoded()
          returns the DER-encoded bytearray of this certificate
 Collection getExtensions()
          Returns a Collection containing all extensions
 byte[] getExtensionValue(String ex)
          From java.security.cert.X509Extension.
 Principal getIssuerDN()
          From java.security.cert.X509Certificate.
 boolean[] getIssuerUniqueID()
          From java.security.cert.X509Certificate.
 boolean[] getKeyUsage()
          From java.security.cert.X509Certificate.
 Set getNonCriticalExtensionOIDs()
          From java.security.cert.X509Extension.
 Date getNotAfter()
          From java.security.cert.X509Certificate.
 Date getNotBefore()
          From java.security.cert.X509Certificate.
 PublicKey getPublicKey()
          From java.security.cert.X509Certificate.
 BigInteger getSerialNumber()
          From java.security.cert.X509Certificate.
 String getSigAlgName()
          From java.security.cert.X509Certificate.
 String getSigAlgOID()
          From java.security.cert.X509Certificate.
 byte[] getSigAlgParams()
          From java.security.cert.X509Certificate.
 Principal getSubjectDN()
          From java.security.cert.X509Certificate.
 boolean[] getSubjectUniqueID()
          From java.security.cert.X509Certificate.
 int getVersion()
          Returns the version of this X509 certificate (0=v1, 1=v2, 2=v3)
 boolean hasUnsupportedCriticalExtension()
          From java.security.cert.X509Extension.
 void setIssuerDN(Principal nissuer)
          Sets the issuers distinguished name (DN).
 void setIssuerDN(Principal nissuer, int encType)
          needed to explicitly name an encoding method in order to change between encodings during runtime.
 void setIssuerUniqueID(byte[] nid)
          Sets the issuer's unique id.
 void setNotAfter(Calendar nnaf)
          Sets the "not after" field.
 void setNotAfter(Date nnaf)
          Sets the "not after" field.
 void setNotBefore(Calendar nnbf)
          Sets the "not before" field.
 void setNotBefore(Date nnbf)
          Sets the "not before" field.
 void setSerialNumber(BigInteger nsnr)
          Sets the serial number of this certificate
 void setSerialNumber(int nsnr)
          Sets the serial number of this certificate
 void setSignatureAlgorithm(AlgorithmIdentifier aid)
          Sets the signature algorithm.
 void setSubjectDN(Principal nsubject)
          Sets the subject's distinguished name (DN).
 void setSubjectDN(Principal nsubject, int encType)
          same as above but with an explicit name encoding
 void setSubjectPublicKey(PublicKey pk)
          Sets the subject's public key
 void setSubjectUniqueID(byte[] nid)
          Sets the subjects's unique id.
 void setVersion(int version)
          Sets the version number of this instance explicitly.
 String toString()
          human-readable String representation of this certificate
 
Methods inherited from class codec.asn1.ASN1Sequence
getTag
 
Methods inherited from class codec.asn1.ASN1AbstractCollection
checkConstraints, decode, encode, getCollection, getConstraint, getTagClass, getValue, isExplicit, isOptional, isType, readExternal, setConstraint, setExplicit, setOptional, writeExternal
 
Methods inherited from class java.util.ArrayList
add, add, addAll, addAll, clear, clone, contains, ensureCapacity, get, indexOf, isEmpty, lastIndexOf, remove, removeRange, set, size, toArray, toArray, trimToSize
 
Methods inherited from class java.util.AbstractList
equals, hashCode, iterator, listIterator, listIterator, subList
 
Methods inherited from class java.util.AbstractCollection
containsAll, remove, removeAll, retainAll
 
Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface java.io.Externalizable
readExternal, writeExternal
 
Methods inherited from interface java.util.Collection
add, addAll, clear, contains, containsAll, equals, hashCode, isEmpty, iterator, remove, removeAll, retainAll, size, toArray, toArray
 
Methods inherited from interface java.util.List
containsAll, equals, hashCode, iterator, listIterator, listIterator, remove, removeAll, retainAll, subList
 

Field Detail

DEFAULT_VERSION

public static final int DEFAULT_VERSION
The default version identifier for this class, which is v3(2).
Constructor Detail

X509TBSCertificate

public X509TBSCertificate()
Constructor that builds the data structure
Method Detail

addExtension

public void addExtension(X509Extension ext)
Adds an extension to this certificate. Note that calling this method automatically means setting the version field to "2" (X.509 version V3)
Parameters:
ext - the extension to be added.

getBasicConstraints

public int getBasicConstraints()
From java.security.cert.X509Certificate. Returns the value of the pathLenConstraint in a BC extension if present and cA set to true. If the Basic Constraints extension (OID 2.5.29.19) is not present in this certificate, null is returned. 
 BasicConstraints ::= SEQUENCE {
 cA                  BOOLEAN DEFAULT FALSE,
  pathLenConstraint   INTEGER (0..MAX) OPTIONAL
 }
Returns:
the value of pathLenConstraint if present and cA set to true or null if the extension is not present

getCriticalExtensionOIDs

public Set getCriticalExtensionOIDs()
From java.security.cert.X509Extension. Gets a set of Strings containing all extension oids present being marked as critical.

getEncoded

public byte[] getEncoded()
                  throws CertificateEncodingException
returns the DER-encoded bytearray of this certificate
Throws:
CertificateEncodingException - if TBSCertificate could not be encoded correctly

getExtensions

public Collection getExtensions()
Returns a Collection containing all extensions

getExtensionValue

public byte[] getExtensionValue(String ex)
From java.security.cert.X509Extension. Gets the value of the extensions denoted by ex or null if not present.

getIssuerDN

public Principal getIssuerDN()
From java.security.cert.X509Certificate. Returns this certificate's issuer as a Principal.

getIssuerUniqueID

public boolean[] getIssuerUniqueID()
From java.security.cert.X509Certificate. Returns the issuer's Unique ID or null if not present.

getKeyUsage

public boolean[] getKeyUsage()
From java.security.cert.X509Certificate. Returns the bits of the KeyUsage extension (OID 2.5.29.15) if present in this certificate or null otherwise. 
 KeyUsage ::= BIT STRING {
        digitalSignature        (0),
        nonRepudiation          (1),
        keyEncipherment         (2),
        dataEncipherment        (3),
        keyAgreement            (4),
        keyCertSign             (5),
        cRLSign                 (6),
        encipherOnly            (7),
        decipherOnly            (8)
 }
Returns:
the key usage bits if present in this certificate, otherwise null.

getNonCriticalExtensionOIDs

public Set getNonCriticalExtensionOIDs()
From java.security.cert.X509Extension. Gets a set of Strings containing all extension oids present being marked as critical.

getNotAfter

public Date getNotAfter()
From java.security.cert.X509Certificate. Returns the Date after which this certificate is not valid anymore.

getNotBefore

public Date getNotBefore()
From java.security.cert.X509Certificate. Returns the Date before which this certificate is not valid.

getPublicKey

public PublicKey getPublicKey()
                       throws NoSuchAlgorithmException
From java.security.cert.X509Certificate. Returns the Public Key inside this certificate

getSerialNumber

public BigInteger getSerialNumber()
From java.security.cert.X509Certificate. Returns the Serial Number of this certificate

getSigAlgName

public String getSigAlgName()
From java.security.cert.X509Certificate. Returns the JCA-compliant Algorithm Name of the signature algorithm.

getSigAlgOID

public String getSigAlgOID()
From java.security.cert.X509Certificate. Returns the Object Identifier (OID) of the signature algorithm.

getSigAlgParams

public byte[] getSigAlgParams()
From java.security.cert.X509Certificate. Returns the Algorithm Parameters for the signature algorithm in a DER encoded form.

getSubjectDN

public Principal getSubjectDN()
From java.security.cert.X509Certificate. Returns this certificate's subject as a Principal.

getSubjectUniqueID

public boolean[] getSubjectUniqueID()
From java.security.cert.X509Certificate. Returns the subject's Unique ID or null if not present.

getVersion

public int getVersion()
Returns the version of this X509 certificate (0=v1, 1=v2, 2=v3)

setVersion

public void setVersion(int version)
Sets the version number of this instance explicitly. If the version number is '0' then the version representation is set to OPTIONAL. Please note that the version number passed to this method is the internal version number identifier. Hence, a '2' must be passed if the certificate shall be a version 3 certificate.
Parameters:
version - The internal version number, one of v1(0), v2(1), v3(2).
Throws:
IllegalArgumentException - if version number is smaller than 2 but extensions are present.

hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()
From java.security.cert.X509Extension. Returns true if this certificate contains any extension being marked as critical but not supported by this implementation.

Currently, this function will always return false since extensions are managed in an abstract way.

setIssuerDN

public void setIssuerDN(Principal nissuer,
                        int encType)
needed to explicitly name an encoding method in order to change between encodings during runtime.
Parameters:
nissuer - the name of the issuer
encType - ITU Tag of the Stringtype

setIssuerDN

public void setIssuerDN(Principal nissuer)
Sets the issuers distinguished name (DN). This method is especially for issuing a certificate.
Parameters:
nissuer - the Principal object describing the issuer.

setIssuerUniqueID

public void setIssuerUniqueID(byte[] nid)
Sets the issuer's unique id. This method is especially for issuing a certificate.
Parameters:
nid - the issuer's unique id

setNotAfter

public void setNotAfter(Calendar nnaf)
Sets the "not after" field. This method is especially for issuing a certificate.
Parameters:
nnaf - "not after" date

setNotAfter

public void setNotAfter(Date nnaf)
Sets the "not after" field. This method is especially for issuing a certificate.
Parameters:
nnaf - "not after" date

setNotBefore

public void setNotBefore(Calendar nnbf)
Sets the "not before" field. This method is especially for issuing a certificate.
Parameters:
nnbf - "not before" date

setNotBefore

public void setNotBefore(Date nnbf)
Sets the "not before" field. This method is especially for issuing a certificate.
Parameters:
nnbf - "not before" date

setSerialNumber

public void setSerialNumber(int nsnr)
Sets the serial number of this certificate

setSerialNumber

public void setSerialNumber(BigInteger nsnr)
Sets the serial number of this certificate

setSignatureAlgorithm

public void setSignatureAlgorithm(AlgorithmIdentifier aid)
Sets the signature algorithm. Note that the AlgorithmIdentifier will be cloned in order to prevent side-effects
Parameters:
aid - AlgorithmID of the signature algorithm

setSubjectDN

public void setSubjectDN(Principal nsubject)
Sets the subject's distinguished name (DN). This method is especially for issuing a certificate.
Parameters:
nsubject - the Principal object describing the subject.

setSubjectDN

public void setSubjectDN(Principal nsubject,
                         int encType)
same as above but with an explicit name encoding
Parameters:
nsubject -  
encType - (the String Type the Name shall be encoded.

setSubjectPublicKey

public void setSubjectPublicKey(PublicKey pk)
                         throws InvalidKeyException
Sets the subject's public key

setSubjectUniqueID

public void setSubjectUniqueID(byte[] nid)
Sets the subjects's unique id. This method is especially for issuing a certificate.
Parameters:
nid - the subjects's unique id

toString

public String toString()
human-readable String representation of this certificate
Overrides:
toString in class ASN1AbstractCollection
Following copied from class: codec.asn1.ASN1AbstractCollection
Returns:
The string representation of this ASN.1 collection.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
Copyright © Fraunhofer Gesellschaft. All Rights Reserved.