|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object | +--net.rim.device.api.crypto.certificate.x509.X509Certificate
Represents an X.509 certificate. X.509 Certificates are defined in RFC 2459 ( Jan. 1999 )
Certificate| Field Summary | ||
|
static int |
ALT_NAME_DNS
Used to lookup the DNS in getSubjectAltNameStrings and getIssuerAltNameStrings. |
|
static int |
ALT_NAME_EMAIL
Used to lookup the email addresses in getSubjectAltNameStrings and getIssuerAltNameStrings. |
|
static int |
ALT_NAME_URL
Used to lookup the URLs in getSubjectAltNameStrings and getIssuerAltNameStrings. |
|
static int |
CERTIFICATE_V1
Refers to an X509 Certificate that is version 1 |
|
static int |
CERTIFICATE_V2
Refers to an X509 Certificate that is version 2 |
|
static int |
CERTIFICATE_V3
Refers to an X509 Certificate that is version 3 |
| Fields inherited from interface net.rim.device.api.crypto.certificate.Certificate |
DISPLAY_CA, DISPLAY_ROOT, EMAIL_ADDRESSES, IS_END_ENTITY, PROMPT_TO_TRUST_ON_IMPORT, PUBLIC_KEY_ALGORITHM_INFORMATION, SUMMARY_TEXT |
| Constructor Summary | ||
|
X509Certificate(ASN1InputStream asn1Input)
Creates a certificate object ( X509Certificate) given the ASN.1 encoding
of the certificate. |
|
|
X509Certificate(byte[] encoding)
Creates a certificate object ( X509Certificate) given the encoding
of the certificate. |
|
|
X509Certificate(InputStream input)
Creates a certificate object( X509Certificate) given the ASN.1 encoding
of the certificate. |
|
| Method Summary | ||
|
boolean |
checkAgainstNameConstraints(X509Certificate cert)
Check the names specified within the provided cert against the name constraints stored within this certificate. |
|
void |
checkCertificateChain(int position,
Certificate[] chain)
Checks to make sure that the certificate at position is valid within the chain. |
|
static X509Certificate |
createX509Certificate(KeyPair subjectKeyPair,
X509DistinguishedName subject,
long keyUsage,
byte[] serialNumber,
CertificateExtension[] extensionList,
long validNotBeforeDate,
long validNotAfterDate)
This function will create a self-signed X509Certificate, from the passed in information, using the provided private key ( from the key pair ). |
|
static X509Certificate |
createX509Certificate(PublicKey subjectKey,
X509DistinguishedName subject,
long keyUsage,
byte[] serialNumber,
CertificateExtension[] extensionList,
X509DistinguishedName issuer,
PrivateKey issuerKey,
long validNotBeforeDate,
long validNotAfterDate)
This function will create an X509Certificate, from the passed in information, using the provided private key |
|
boolean |
equals(Object other)
Returns true if and only if the certificate is equal to
the object other. |
|
String[] |
getAuthorityCertIssuer()
Returns an array of the Strings associated with the authority certificate issuer. |
|
byte[] |
getAuthorityCertSerialNumber()
Returns the certificate serial number of the authority, if it is present. |
|
int |
getBasicConstraints()
The basic constraints extension (or lack thereof) identifies whether a certificate contains the public key for a Certification Authority (CA) or not. |
|
CertificateDisplayField[] |
getCustomDisplayFields()
Provides more details about the certificate to be shown in the displayCertificateDetails method
in CertificateUtilities. |
|
byte[] |
getEncoding()
Returns the encoding of the certificate. |
|
byte[] |
getEncoding(int field)
Returns the encoding of the field within the certificate (see CertificateField). |
|
CertificateExtension |
getExtension(OID oid)
Returns the extension for the given oid if it exists in the certificate, otherwise null. |
|
CertificateExtension[] |
getExtensions()
Returns all the extensions associated with this certificate, or null. |
|
CertificateExtension[] |
getExtensions(boolean criticalBit)
Returns all the extensions associated with this certificate that have their critical bit set to the value of criticalBit, or null if none are found. |
|
Object |
getInformation(long id,
Object param,
Object defaultValue)
Retrieves generic information about the certificate |
|
DistinguishedName |
getIssuer()
Returns a DistinguishedName object,
representing the issuer of this certificate. |
|
String[] |
getIssuerAltNameStrings(int type)
Returns all of the strings associated( for the specified type ) with an issuer alt name. |
|
byte[] |
getIssuerUniqueIdentifier()
Returns a bit string representing the issuer's unique identifier. |
|
long |
getNotAfter()
Returns the date on which this certificate will expire. |
|
long |
getNotBefore()
Returns the date on which this certificate will become valid. |
|
PublicKey |
getPublicKey()
Extracts the subject's public key. |
|
String |
getPublicKeyAlgorithm()
Returns a string representing the intended use of the public key. |
|
byte[] |
getSerialNumber()
Returns the certificates serial number as a byte array representing an an integer in big-endian (network) order. |
|
String |
getSignatureAlgorithm()
Returns a string representing the signature algorithm used to sign this certificate. |
|
CertificateStatus |
getStatus()
Retrieves the CertificateStatus for this certificate object |
|
DistinguishedName |
getSubject()
Returns a DistinguishedName object,
representing the subject name this certificate (in different
representations). |
|
String[] |
getSubjectAltNameStrings(int type)
Returns all of the strings associated( for the specified type ) with a subject alt name. |
|
String |
getSubjectFriendlyName()
Returns a human-readable string version of the name of the subject of this certificate. |
|
byte[] |
getSubjectKeyIdentifier()
Returns the subject key identifier associated with the public key in the certificate. |
|
byte[] |
getSubjectUniqueIdentifier()
Returns a bit string representing the subject's unique identifier. |
|
String |
getType()
Returns the type of this certificate - "X509". |
|
int |
getVersion()
Returns the version of the certificate we have parsed. |
|
int |
hashCode()
Returns the hash code associated with the certificate. |
|
boolean |
isCA()
Returns true if the certificate is of a certificate authority. |
|
boolean |
isRoot()
Returns true if the certificate is self signed. |
|
boolean |
isValid()
Check that this certificate is valid, using the current date and time as the time reference. |
|
boolean |
isValid(long date)
Check that this certificate is valid, using date
as the time reference. |
|
int |
queryKeyUsage(long purpose)
Indicates whether the key contained in this certificate may be used for the specified purpose. |
|
void |
setStatus(CertificateStatus status)
Sets the current CertificateStatus for this certificate object. |
|
String |
toString()
Converts the certificate to a string representation by calling getSubjectFriendlyName()
|
|
void |
verify()
Verifies the certificate if the certificate is self signed. |
|
void |
verify(KeyStore keystore)
Verifies the certificate. |
|
void |
verify(PublicKey issuerPublicKey)
Verifies the certificate. |
| Methods inherited from class java.lang.Object |
getClass, notify, notifyAll, wait, wait, wait |
| Field Detail |
public static final int ALT_NAME_DNS
getSubjectAltNameStrings and getIssuerAltNameStrings.public static final int ALT_NAME_EMAIL
getSubjectAltNameStrings and getIssuerAltNameStrings.public static final int ALT_NAME_URL
getSubjectAltNameStrings and getIssuerAltNameStrings.public static final int CERTIFICATE_V1
public static final int CERTIFICATE_V2
public static final int CERTIFICATE_V3
| Constructor Detail |
public X509Certificate(ASN1InputStream asn1Input) throws CertificateParsingException
X509Certificate) given the ASN.1 encoding
of the certificate.
asn1Input - The encoding of the certificate and path.CertificateParsingException - Thrown if a parsing error occurs.
public X509Certificate(byte[] encoding)
throws CertificateParsingException
X509Certificate) given the encoding
of the certificate.
encoding - A byte array containing the certificate encoding.CertificateParsingException - Thrown if an error occured while parsing.public X509Certificate(InputStream input) throws CertificateParsingException
X509Certificate) given the ASN.1 encoding
of the certificate.
input - The certificate encoding.CertificateParsingException - Thrown if a parsing error occurs.| Method Detail |
public boolean checkAgainstNameConstraints(X509Certificate cert)
cert - The provided certificate
public void checkCertificateChain(int position,
Certificate[] chain)
throws CertificateChainTooLongException,
CertificateVerificationException
position is valid within the chain.
position - The position of this ceritificate within the chain.chain - The array of certificates representing the certificate chain. Note that the end-entity certificate
must appear at array index [0].CertificateChainTooLongException - Thrown if the number of certificates, before this one,
in the chain is longer than the certificates policy allows.CertificateVerificationException - Thrown if there is another problem with the chainpublic static X509Certificate createX509Certificate(KeyPair subjectKeyPair, X509DistinguishedName subject, long keyUsage, byte[] serialNumber, CertificateExtension[] extensionList, long validNotBeforeDate, long validNotAfterDate) throws NoSuchAlgorithmException, CryptoUnsupportedOperationException, CryptoTokenException, InvalidKeyPairException, InvalidCryptoSystemException, InvalidKeyException
subjectKeyPair - The key pair that provides the public key, for the certificate, and the private key, to sign
the certificate with.subject - The X509DistinguishedName identifying the owner of the public keykeyUsage - A long containing the key usage bits, from { @link KeyUsage KeyUsage }, for this certificateserialNumber - A byte array containing the serial number for this certificate. Can be null, in which case
a random serial number will be assigned.extensionList - An array of CertificateExtensions to put in this certificate. Can be null.validNotBeforeDate - The long representing the time this certificate becomes valid. If zero, assumed to be the
current time.validNotAfterDate - The long representing the time this certificate expires. If zero, assumed to be in 2 months.InvalidKeyPairException - Thrown when the keys are not related.InvalidCryptoSystemException - Thrown if the specified crypto system is invalid.InvalidKeyException - Thrown when one or both of the keys are of an invalid format.NoSuchAlgorithmException - Thrown if the keys passed in are not supported by the device.CryptoUnsupportedOperationException - Thrown if the requested operation is not supported.CryptoTokenException - Thrown if a token error occurspublic static X509Certificate createX509Certificate(PublicKey subjectKey, X509DistinguishedName subject, long keyUsage, byte[] serialNumber, CertificateExtension[] extensionList, X509DistinguishedName issuer, PrivateKey issuerKey, long validNotBeforeDate, long validNotAfterDate) throws NoSuchAlgorithmException, CryptoUnsupportedOperationException, CryptoTokenException, InvalidCryptoSystemException, InvalidKeyException
subjectKey - The public key that this certificate coverssubject - The X509DistinguishedName identifying the owner of the public keykeyUsage - A long containing the key usage bits, from { @link KeyUsage KeyUsage }, for this certificateserialNumber - A byte array containing the serial number for this certificate. Can be null, in which case
a random serial number will be assigned.extensionList - An array of CertificateExtensions to put in this certificate. Can be null.issuer - the X509DistinguishedName of the issuer of this certificateissuerKey - The private key of the issuer. Used to sign the certificate.validNotBeforeDate - The long representing the time this certificate becomes valid. If zero, assumed to be the
current time.validNotAfterDate - The long representing the time this certificate expires. If zero, assumed to be in 2 months.InvalidCryptoSystemException - Thrown if the specified crypto system is invalid.InvalidKeyException - Thrown when one or both of the keys are of an invalid format.NoSuchAlgorithmException - Thrown if the keys passed in are not supported by the device.CryptoUnsupportedOperationException - Thrown if the requested operation is not supported.CryptoTokenException - Thrown if a token error occurspublic boolean equals(Object other)
true if and only if the certificate is equal to
the object other. Equals test whether the two encodings
are equal. other can either be an X509Certificate or a byte[]
representing the encoding of an X509Certificate.
other is equal to thispublic String[] getAuthorityCertIssuer()
Only the rfc822Name, dNSName, and uniform resource identifier are returned ( if present ). If none are present, null is returned. If you need access to all of the information present, then use the getExtension function with the OIDs.idCeAuthorityKeyIdentifier oid and parse the output as per RFC 2459.
public byte[] getAuthorityCertSerialNumber()
public int getBasicConstraints()
If the extension is not present, or the extension indicates so, the certificate is for a non-CA identity. If the certificate is for a CA, the maximum verification path length might be included in the extension.
-1 is returned. If the certificate entity is a CA, the
maximum verification path length is returned, or
Integer.MAX_VALUE is returned if said length did not exist.public CertificateDisplayField[] getCustomDisplayFields()
displayCertificateDetails method
in CertificateUtilities.
public byte[] getEncoding()
Certificate
Certificatepublic byte[] getEncoding(int field)
CertificateCertificateField).
Certificatefield - An integer that represents the field.public CertificateExtension getExtension(OID oid)
null.
oid - The OID of the certificate.OIDspublic CertificateExtension[] getExtensions()
OIDspublic CertificateExtension[] getExtensions(boolean criticalBit)
criticalBit, or null if none are found.
criticalBit - a boolean that is true, if all critical extensions are to be returned and
set to false if all non-critical extensions are to be returnedCertificateExtensions or null.OIDspublic Object getInformation(long id, Object param, Object defaultValue)
id - the id of the data to retrieveparam - a parameter that may be used to determine what information to returndefaultValue - a default value that should be returned if the certificate does not recognize the id.public DistinguishedName getIssuer()
DistinguishedName object,
representing the issuer of this certificate.
DistinguishedName object.DistinguishedNamepublic String[] getIssuerAltNameStrings(int type)
Null is returned if
none exist. The types are defined are LOOKUP_EMAIL, LOOKUP_DNS,
LOOKUP_URL.
type - An integer representing the type.public byte[] getIssuerUniqueIdentifier()
The bit string is packed into a byte array so that the most significant byte of the first element of the byte array is the first bit in the bit string.
public long getNotAfter()
public long getNotBefore()
public PublicKey getPublicKey() throws InvalidCryptoSystemException
InvalidCryptoSystemException - Thrown if the crypto system used to create the key was invalid.public String getPublicKeyAlgorithm()
Certificate
Certificatepublic byte[] getSerialNumber()
public String getSignatureAlgorithm()
Certificate
Certificatepublic CertificateStatus getStatus()
CertificateStatus stored for this
certificate on the device. May be null.public DistinguishedName getSubject()
DistinguishedName object,
representing the subject name this certificate (in different
representations).
DistinguishedNamepublic String[] getSubjectAltNameStrings(int type)
Null is returned if
none exist. The types are defined are LOOKUP_EMAIL, LOOKUP_DNS,
LOOKUP_URL.
type - An integer representing the type.public String getSubjectFriendlyName()
This string could be used for display purposes, for example.
By default, this method returns the results of CertificateUtilities.getSubjectFriendlyName(),
which produces a friendly string using elements of the subject distinguished name. If a name cannot
be constructed in that way, this method will look in the subjectAltName extension for an email address.
public byte[] getSubjectKeyIdentifier()
public byte[] getSubjectUniqueIdentifier()
The bit string is packed into a byte array so that the most significant byte of the first element of the byte array is the first bit in the bit string.
public String getType()
public int getVersion()
CERTIFICATE_V1, CERTIFICATE_V2, or
CERTIFICATE_V3.
public int hashCode()
public boolean isCA()
public boolean isRoot()
public boolean isValid()
getNotValidBefore() and
getNotValidBefore().
public boolean isValid(long date)
date
as the time reference. It checks that date is between the
values returned by getNotValidBefore() and
getNotValidBefore().
datepublic int queryKeyUsage(long purpose)
Certificate
Certificatepurpose - A constant chosen from the KeyUsage constants indicating the purpose for which
the key will be checked.KeyUsageResult.ALLOWED | Thrown if the subject public key may be used for the specified purpose. |
KeyUsageResult.NOT_ALLOWED | Thrown if the subject public key may not be used for the specified purpose. |
KeyUsageResult.UNSPECIFIED | Thrown if it is unspecified whether the subject public key may be used for this purpose. |
KeyUsageResultpublic void setStatus(CertificateStatus status) throws KeyStoreCancelException, InvalidTimeException, BackwardStatusException
status - the new CertificateStatus that will be set for this
certificate. It is important to note that this status should not attempt
to set the status backwards (i.e. from REVOKED to GOOD) and it should
not allow the date of a status to be in the future.KeyStoreCancelException - if the user decides not to enter their
KeyStore password.InvalidTimeException - if the time of the status is set in the future.BackwardStatusException - if the status of the certificate is being
backwards (i.e. from REVOKED to GOOD ).public String toString()
getSubjectFriendlyName()
public void verify()
throws CertificateVerificationException,
DecodeException,
NoSuchAlgorithmException,
CryptoTokenException,
CryptoUnsupportedOperationException
CertificateVerificationException - Thrown if the certificate cannot be verified.DecodeException - Thrown if the data is improperly formatted.NoSuchAlgorithmException - Thrown if the specified cipher is invalid.CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.public void verify(KeyStore keystore) throws CertificateVerificationException, DecodeException, NoSuchAlgorithmException, NoIssuerFoundException, CryptoTokenException, CryptoUnsupportedOperationException
The function checks that the certificate was signed by issuerPublicKey which is
contained in the keyStore.
keystore - A keystore containing the issuer's public key.CertificateVerificationException - Thrown if the certificate cannot be verified.DecodeException - Thrown if the data is improperly formatted.NoSuchAlgorithmException - Thrown if the specified cipher is invalid.NoIssuerFoundException - Thrown if the issuer public key cannot be found.CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.public void verify(PublicKey issuerPublicKey) throws CertificateVerificationException, NoSuchAlgorithmException, CryptoTokenException, CryptoUnsupportedOperationException
The function checks that the certificate was signed by.
issuerPublicKey.
issuerPublicKey - The issuer's public key.CertificateVerificationException - Thrown if the certificate cannot be verified.NoSuchAlgorithmException - Thrown if the specified cipher is invalid.CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
Copyright 1999-2007 Research In Motion Limited. 295 Phillip Street, Waterloo, Ontario, Canada, N2L 3W8. All Rights Reserved.
Copyright 1993-2003 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California, 94303, U.S.A.
Copyright 2002-2003 Nokia Corporation All Rights Reserved.
Java is a trademark or registered trademark of Sun Microsystems, Inc. in the US and other countries.