X509Certificate

This class represents an X.509 certificate. Its various methods provide complete access to the contents of the certificate. A full understanding of this class requires detailed knowledge of the X.509 standard which is beyond the scope of this reference. Some of the more important methods are described here, however. getSubjectDN( ) returns the Principal to whom this certificate applies, and the inherited getPublicKey( ) method returns the PublicKey that the certificate associates with that Principal . getIssuerDN( ) returns a Principal that represents the issuer of the certificate, and if you know the public key for that Principal , you can pass it to the verify( ) method to check the digital signature of the issuer and ensure that the certificate is not forged. checkValidity( ) checks whether the certificate has expired or has not yet gone into effect. Note that verify( ) and getPublicKey( ) are inherited from Certificate .

Obtain an X509Certificate object by creating a CertificateFactory for certificate type "X.509" and then using generateCertificate( ) to parse an X.509 certificate from a stream of bytes. Finally, cast the Certificate returned by this method to an X509Certificate .

Figure 14-71. java.security.cert.X509Certificate

 public abstract class  X509Certificate  extends java.security.cert.Certificate       implements X509Extension {  // Protected Constructors  protected  X509Certificate  ( );  // Public Instance Methods  public abstract void  checkValidity  ( )          throws CertificateExpiredException, CertificateNotYetValidException;        public abstract void  checkValidity  (java.util.Date  date  )          throws CertificateExpiredException, CertificateNotYetValidException;        public abstract int  getBasicConstraints  ( );  1.4  public java.util.List<String>  getExtendedKeyUsage  ( )          throws CertificateParsingException;  1.4  public java.util.Collection<java.util.List<?>>  getIssuerAlternativeNames  ( )          throws CertificateParsingException;        public abstract java.security.Principal  getIssuerDN  ( );        public abstract boolean[ ]  getIssuerUniqueID  ( );  1.4  public javax.security.auth.x500.X500Principal  getIssuerX500Principal  ( );        public abstract boolean[ ]  getKeyUsage  ( );        public abstract java.util.Date  getNotAfter  ( );        public abstract java.util.Date  getNotBefore  ( );        public abstract java.math.BigInteger  getSerialNumber  ( );        public abstract String  getSigAlgName  ( );        public abstract String  getSigAlgOID  ( );        public abstract byte[ ]  getSigAlgParams  ( );        public abstract byte[ ]  getSignature  ( );  1.4  public java.util.Collection<java.util.List<?>>  getSubjectAlternativeNames  ( )          throws CertificateParsingException;        public abstract java.security.Principal  getSubjectDN  ( );        public abstract boolean[ ]  getSubjectUniqueID  ( );  1.4  public javax.security.auth.x500.X500Principal  getSubjectX500Principal  ( );        public abstract byte[ ]  getTBSCertificate  ( )          throws CertificateEncodingException;        public abstract int  getVersion  ( );   } 

Passed To

trustAnchor.TrustAnchor( ) , X509CertSelector.setCertificate( ) , X509CRL.getRevokedCertificate( ) , X509CRLSelector.setCertificateChecking( ) , javax.net.ssl.X509TrustManager.{checkClientTrusted( ) , checkServerTrusted( )} , javax.security.auth.x500.X500PrivateCredential.X500PrivateCredential( )

Returned By

trustAnchor.getTrustedCert( ) , X509CertSelector.getCertificate( ) , X509CRLSelector.getCertificateChecking( ) , javax.net.ssl.X509KeyManager.getCertificateChain( ) , javax.net.ssl.X509TrustManager.getAcceptedIssuers( ) , javax.security.auth.x500.X500PrivateCredential.getCertificate( )