diff options
Diffstat (limited to 'libjava/java/security/cert/X509Certificate.java')
-rw-r--r-- | libjava/java/security/cert/X509Certificate.java | 444 |
1 files changed, 0 insertions, 444 deletions
diff --git a/libjava/java/security/cert/X509Certificate.java b/libjava/java/security/cert/X509Certificate.java deleted file mode 100644 index 46f47f615d5..00000000000 --- a/libjava/java/security/cert/X509Certificate.java +++ /dev/null @@ -1,444 +0,0 @@ -/* X509Certificate.java --- X.509 Certificate class - Copyright (C) 1999 Free Software Foundation, Inc. - -This file is part of GNU Classpath. - -GNU Classpath is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2, or (at your option) -any later version. - -GNU Classpath is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -General Public License for more details. - -You should have received a copy of the GNU General Public License -along with GNU Classpath; see the file COPYING. If not, write to the -Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA -02111-1307 USA. - -As a special exception, if you link this library with other files to -produce an executable, this library does not by itself cause the -resulting executable to be covered by the GNU General Public License. -This exception does not however invalidate any other reasons why the -executable file might be covered by the GNU General Public License. */ - - -package java.security.cert; -import java.math.BigInteger; -import java.security.Principal; -import java.security.PublicKey; -import java.security.NoSuchAlgorithmException; -import java.security.InvalidKeyException; -import java.security.NoSuchProviderException; -import java.security.SignatureException; -import java.util.Date; - -/** - X509Certificate is the abstract class for X.509 certificates. - This provides a stanard class interface for accessing all - the attributes of X.509 certificates. - - In June 1996, the basic X.509 v3 format was finished by - ISO/IEC and ANSI X.9. The ASN.1 DER format is below: - - Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm AlgorithmIdentifier, - signatureValue BIT STRING } - - These certificates are widely used in various Internet - protocols to support authentication. It is used in - Privacy Enhanced Mail (PEM), Transport Layer Security (TLS), - Secure Sockets Layer (SSL), code signing for trusted software - distribution, and Secure Electronic Transactions (SET). - - The certificates are managed and vouched for by - <I>Certificate Authorities</I> (CAs). CAs are companies or - groups that create certificates by placing the data in the - X.509 certificate format and signing it with their private - key. CAs serve as trusted third parties by certifying that - the person or group specified in the certificate is who - they say they are. - - The ASN.1 defintion for <I>tbsCertificate</I> is - - TBSCertificate ::= SEQUENCE { - version [0] EXPLICIT Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature AlgorithmIdentifier, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - extensions [3] EXPLICIT Extensions OPTIONAL - -- If present, version shall be v3 - } - - Version ::= INTEGER { v1(0), v2(1), v3(2) } - - CertificateSerialNumber ::= INTEGER - - Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - UniqueIdentifier ::= BIT STRING - - SubjectPublicKeyInfo ::= SEQUENCE { - algorithm AlgorithmIdentifier, - subjectPublicKey BIT STRING } - - Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - - Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING } - - - Certificates are created with the CertificateFactory. - For more information about X.509 certificates, consult - rfc2459. - - @since JDK 1.2 - - @author Mark Benvenuto -*/ -public abstract class X509Certificate extends Certificate implements X509Extension -{ - - /** - Constructs a new certificate of the specified type. - */ - protected X509Certificate() - { - super( "X.509" ); - } - - /** - Checks the validity of the X.509 certificate. It is valid - if the current date and time are within the period specified - by the certificate. - - The ASN.1 DER encoding is: - - validity Validity, - - Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - Consult rfc2459 for more information. - - @throws CertificateExpiredException if the certificate expired - @throws CertificateNotYetValidException if the certificate is - not yet valid - */ - public abstract void checkValidity() - throws CertificateExpiredException, - CertificateNotYetValidException; - - /** - Checks the validity of the X.509 certificate for the - specified time and date. It is valid if the specified - date and time are within the period specified by - the certificate. - - @throws CertificateExpiredException if the certificate expired - based on the date - @throws CertificateNotYetValidException if the certificate is - not yet valid based on the date - */ - public abstract void checkValidity(Date date) - throws CertificateExpiredException, - CertificateNotYetValidException; - - /** - Returns the version of this certificate. - - The ASN.1 DER encoding is: - - version [0] EXPLICIT Version DEFAULT v1, - - Version ::= INTEGER { v1(0), v2(1), v3(2) } - - Consult rfc2459 for more information. - - @return version number of certificate - */ - public abstract int getVersion(); - - /** - Gets the serial number for serial Number in - this Certifcate. It must be a unique number - unique other serial numbers from the granting CA. - - The ASN.1 DER encoding is: - - serialNumber CertificateSerialNumber, - - CertificateSerialNumber ::= INTEGER - - Consult rfc2459 for more information. - - @return the serial number for this X509CRLEntry. - */ - public abstract BigInteger getSerialNumber(); - - /** - Returns the issuer (issuer distinguished name) of the - Certificate. The issuer is the entity who signed - and issued the Certificate. - - The ASN.1 DER encoding is: - - issuer Name, - - Name ::= CHOICE { - RDNSequence } - - RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - - RelativeDistinguishedName ::= - SET OF AttributeTypeAndValue - - AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue } - - AttributeType ::= OBJECT IDENTIFIER - - AttributeValue ::= ANY DEFINED BY AttributeType - - DirectoryString ::= CHOICE { - teletexString TeletexString (SIZE (1..MAX)), - printableString PrintableString (SIZE (1..MAX)), - universalString UniversalString (SIZE (1..MAX)), - utf8String UTF8String (SIZE (1.. MAX)), - bmpString BMPString (SIZE (1..MAX)) } - - Consult rfc2459 for more information. - - @return the issuer in the Principal class - */ - public abstract Principal getIssuerDN(); - - /** - Returns the subject (subject distinguished name) of the - Certificate. The subject is the entity who the Certificate - identifies. - - The ASN.1 DER encoding is: - - subject Name, - - Consult rfc2459 for more information. - - @return the issuer in the Principal class - */ - public abstract Principal getSubjectDN(); - - /** - Returns the date that this certificate is not to be used - before, <I>notBefore</I>. - - The ASN.1 DER encoding is: - - validity Validity, - - Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - - Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - - Consult rfc2459 for more information. - - @return the date <I>notBefore</I> - */ - public abstract Date getNotBefore(); - - /** - Returns the date that this certificate is not to be used - after, <I>notAfter</I>. - - @return the date <I>notAfter</I> - */ - public abstract Date getNotAfter(); - - - /** - Returns the <I>tbsCertificate</I> from the certificate. - - @return the DER encoded tbsCertificate - - @throws CertificateEncodingException if encoding error occured - */ - public abstract byte[] getTBSCertificate() throws CertificateEncodingException; - - /** - Returns the signature in its raw DER encoded format. - - The ASN.1 DER encoding is: - - signatureValue BIT STRING - - Consult rfc2459 for more information. - - @return byte array representing signature - */ - public abstract byte[] getSignature(); - - /** - Returns the signature algorithm used to sign the CRL. - An examples is "SHA-1/DSA". - - The ASN.1 DER encoding is: - - signatureAlgorithm AlgorithmIdentifier, - - AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL } - - Consult rfc2459 for more information. - - The algorithm name is determined from the OID. - - @return a string with the signature algorithm name - */ - public abstract String getSigAlgName(); - - - /** - Returns the OID for the signature algorithm used. - Example "1.2.840.10040.4.3" is return for SHA-1 with DSA.\ - - The ASN.1 DER encoding for the example is: - - id-dsa-with-sha1 ID ::= { - iso(1) member-body(2) us(840) x9-57 (10040) - x9cm(4) 3 } - - Consult rfc2459 for more information. - - @return a string containing the OID. - */ - public abstract String getSigAlgOID(); - - - /** - Returns the AlgorithmParameters in the encoded form - for the signature algorithm used. - - If access to the parameters is need, create an - instance of AlgorithmParameters. - - @return byte array containing algorithm parameters, null - if no parameters are present in certificate - */ - public abstract byte[] getSigAlgParams(); - - - /** - Returns the issuer unique ID for this certificate. - - The ASN.1 DER encoding is: - - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - - UniqueIdentifier ::= BIT STRING - - Consult rfc2459 for more information. - - @return bit representation of <I>issuerUniqueID</I> - */ - public abstract boolean[] getIssuerUniqueID(); - - /** - Returns the subject unique ID for this certificate. - - The ASN.1 DER encoding is: - - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version shall be v2 or v3 - - UniqueIdentifier ::= BIT STRING - - Consult rfc2459 for more information. - - @return bit representation of <I>subjectUniqueID</I> - */ - public abstract boolean[] getSubjectUniqueID(); - - /** - Returns a boolean array representing the <I>KeyUsage</I> - extension for the certificate. The KeyUsage (OID = 2.5.29.15) - defines the purpose of the key in the certificate. - - The ASN.1 DER encoding is: - - id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } - - KeyUsage ::= BIT STRING { - digitalSignature (0), - nonRepudiation (1), - keyEncipherment (2), - dataEncipherment (3), - keyAgreement (4), - keyCertSign (5), - cRLSign (6), - encipherOnly (7), - decipherOnly (8) } - - Consult rfc2459 for more information. - - @return bit representation of <I>KeyUsage</I> - */ - public abstract boolean[] getKeyUsage(); - - /** - Returns the certificate constraints path length from the - critical BasicConstraints extension, (OID = 2.5.29.19). - - The basic constraints extensions is used to determine if - the subject of the certificate is a Certificate Authority (CA) - and how deep the certification path may exist. The - <I>pathLenConstraint</I> only takes affect if <I>cA</I> - is set to true. "A value of zero indicates that only an - end-entity certificate may follow in the path." (rfc2459) - - The ASN.1 DER encoding is: - - id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } - - BasicConstraints ::= SEQUENCE { - cA BOOLEAN DEFAULT FALSE, - pathLenConstraint INTEGER (0..MAX) OPTIONAL } - - Consult rfc2459 for more information. - - @return the length of the path constraint if BasicConstraints - is present and cA is TRUE. Otherwise returns -1. - */ - public abstract int getBasicConstraints(); - - -} |