home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Book Home Java Security Search this book

D.2. Package java.security.cert

Class java.security.cert.Certificate

This class represents any type of cryptographic certificate. A certificate contains a public key (see getPublicKey()) and other associated information. The certificate contains an internal signature that protects its integrity. You can verify the integrity of the certificate by calling one of the verify() methods with the public key of the certificate's issuer. (Note: don't confuse this class with the java.security.Certificate interface, which is deprecated.)

Class Definition

public abstract class java.security.cert.Certificate
	extends java.lang.Object {

	// Constructors
	public Certificate();

	// Instance Methods
	public boolean equals(Object);
	public abstract byte[] getEncoded();
	public abstract PublicKey getPublicKey();
	public int hashCode();
	public abstract String toString();
	public abstract void verify(PublicKey);
	public abstract void verify(PublicKey, String);
}

See also: PublicKey, X509Certificate

Class java.security.cert.CertificateFactory

A certificate factory is used to import certificates or certificate revocation lists from a file or other input stream.

Class Definition

public java.security.cert.CertificateFactory
	extends java.lang.Object{

	//Constructors
	protected CertificateFactory(CertificateFactorySpi, Provider, 
								String);
	//Class Methods
	public static final CertificateFactory getInstance(String);
	public static final CertificateFactory getInstance(String,
								 String);
	//Instance Methods
	public final CRL generateCRL(InputStream);
	public final Collection generateCRLs(InputStream);
	public final Certificate generateCertificate(InputStream);
	public final Collection generateCertificates(InputStream);
	public final Provider getProvider();
	public final String getType();
	}

See also: X509Certificate, X509CRLEntry

Class java.security.cert.X509Certificate

This class represents certificates as defined in the X.509 standard. Such certificates associate a public key with a subject, which is usually a person or organization. You can find out the certificate's subject by calling getSubjectDN(), while you can retrieve the subject's public key using getPublicKey(). The certificate's issuer is the person or organization that generated and signed the certificate (see getIssuerDN()). If you have a certificate file in the format described by RFC 1421, you can create an X509Certificate from that data by using one of the getInstance() methods.

Class Definition

public abstract class java.security.cert.X509Certificate
	extends java.security.cert.Certificate
	implements java.security.cert.X509Extension {

	// Constructors
	public X509Certificate();

	// Instance Methods
	public abstract void checkValidity();
	public abstract void checkValidity(Date);
	public abstract int getBasicConstraints();
	public abstract Set getCriticalExtensionOIDs();
	public abstract byte[] getExtensionValue(String);
	public abstract Principal getIssuerDN();
	public abstract boolean[] getIssuerUniqueID();
	public abstract boolean[] getKeyUsage();
	public abstract Set getNonCriticalExtensionOIDs();
	public abstract Date getNotAfter();
	public abstract Date getNotBefore();
	public abstract BigInteger getSerialNumber();
	public abstract String getSigAlgName();
	public abstract String getSigAlgOID();
	public abstract byte[] getSigAlgParams();
	public abstract byte[] getSignature();
	public abstract Principal getSubjectDN();
	public abstract boolean[] getSubjectUniqueID();
	public abstract byte[] getTBSCertificate();
	public abstract int getVersion();
}

See also: Principal, PublicKey, X509Extension

Class java.security.cert.X509CRL

A Certificate Revocation List (CRL) is a list of certificates whose keys are no longer valid. This class represents CRLs as defined in the X.509 standard. If you have a CRL file that you would like to examine, you can construct an X509CRL object from the file using one of the getInstance() methods. A CRL, just like a certificate, has an internal signature that protects its integrity. To verify the integrity of the CRL itself, call one of the verify() methods with the issuer's public key. To find out if a particular certificate is revoked, call the isRevoked() method with the certificate's serial number.

Class Definition

public abstract class java.security.cert.X509CRL
	extends java.lang.Object
	implements java.security.cert.X509Extension {

	// Constructors
	public X509CRL();

	// Instance Methods
	public boolean equals(Object);
	public abstract Set getCriticalExtensionOIDs();
	public abstract byte[] getEncoded();
	public abstract byte[] getExtensionValue(String);
	public abstract Principal getIssuerDN();
	public abstract Date getNextUpdate();
	public abstract Set getNonCriticalExtensionOIDs();
	public abstract X509CRLEntry getRevokedCertificate(BigInteger);
	public abstract Set getRevokedCertificates();
	public abstract String getSigAlgName();
	public abstract String getSigAlgOID();
	public abstract byte[] getSigAlgParams();
	public abstract byte[] getSignature();
	public abstract byte[] getTBSCertList();
	public abstract Date getThisUpdate();
	public abstract int getVersion();
	public abstract boolean hasUnsupportedCriticalExtension();
	public int hashCode();
	public abstract boolean isRevoked(BigInteger);
	public abstract String toString();
	public abstract void verify(PublicKey);
	public abstract void verify(PublicKey, String);
}

See also: Certificate, PublicKey, X509CRLEntry, X509Extension

Class java.security.cert.X509CRLEntry

A revoked certificate represents a certificate whose contained key is no longer safe to use. Instances of this class are returned by X509CRL's getRevokedCertificate() method. You can examine the certificate's revocation date and X.509 extensions.

Class Definition

public abstract class java.security.cert.X509CRLEntry
	extends java.lang.Object
	implements java.security.cert.X509Extension {

	// Constructors
	public RevokedCertificate();

	// Instance Methods
	public abstract Set getCriticalExtensionOIDs();
	public abstract byte[] getExtensionValue(String);
	public abstract Set getNonCriticalExtensionOIDs();
	public abstract Date getRevocationDate();
	public abstract BigInteger getSerialNumber();
	public abstract boolean hasExtensions();
	public abstract boolean hasUnsupportedCriticalExtension();
	public abstract String toString();
}

See also: Certificate, X509CRL, X509Extension

Interface java.security.cert.X509Extension

The X509Extension interface represents the certificate extensions defined by the X.509v3 standard. Extensions are additional bits of information contained in a certificate. Each extension is designated as critical or non-critical. An application that handles a certificate should either correctly interpret the critical extensions or produce some kind of error if they cannot be recognized.

Class Definition

public abstract interface java.security.cert.X509Extension {

	// Instance Methods
	public abstract Set getCriticalExtensionOIDs();
	public abstract boolean hasUnsupportedCriticalExtension();
	public abstract byte[] getExtensionValue(String);
	public abstract Set getNonCriticalExtensionOIDs();
}

See also: X509CRLEntry, X509Certificate, X509CRL



Library Navigation Links

Copyright © 2001 O'Reilly & Associates. All rights reserved.