public final class FakeX509Certificate
extends java.security.cert.X509Certificate
Constructor and Description |
---|
FakeX509Certificate(byte[] subject,
byte[] issuer,
java.math.BigInteger serial,
boolean auth)
Crea un certificado X.509v3 impostado.
|
Modifier and Type | Method and Description |
---|---|
void |
checkValidity()
Checks that the certificate is currently valid.
|
void |
checkValidity(java.util.Date d)
Checks that the given date is within the certificate's
validity period.
|
int |
getBasicConstraints()
Gets the certificate constraints path length from the
critical
BasicConstraints extension, (OID = 2.5.29.19). |
java.util.Set |
getCriticalExtensionOIDs()
Gets a Set of the OID strings for the extension(s) marked
CRITICAL in the certificate/CRL managed by the object
implementing this interface.
|
byte[] |
getEncoded()
Método no implementado.
|
byte[] |
getExtensionValue(java.lang.String e)
Método no implementado.
|
java.security.Principal |
getIssuerDN()
Denigrated, replaced by X509Certificate.getIssuerX500Principal().
|
boolean[] |
getIssuerUniqueID()
Método no implementado.
|
boolean[] |
getKeyUsage()
Gets a boolean array representing bits of
the
KeyUsage extension, (OID = 2.5.29.15). |
java.util.Set |
getNonCriticalExtensionOIDs()
Gets a Set of the OID strings for the extension(s) marked
NON-CRITICAL in the certificate/CRL managed by the object
implementing this interface.
|
java.util.Date |
getNotAfter()
Gets the
notAfter date from the validity period of
the certificate. |
java.util.Date |
getNotBefore()
Gets the
notBefore date from the validity period of
the certificate. |
java.security.PublicKey |
getPublicKey()
Método no implementado.
|
java.math.BigInteger |
getSerialNumber()
Gets the
serialNumber value from the certificate. |
java.lang.String |
getSigAlgName()
Gets the signature algorithm name for the certificate
signature algorithm.
|
java.lang.String |
getSigAlgOID()
Gets the signature algorithm OID string from the certificate.
|
byte[] |
getSigAlgParams()
Gets the DER-encoded signature algorithm parameters from this
certificate's signature algorithm.
|
byte[] |
getSignature()
Método no implementado.
|
java.security.Principal |
getSubjectDN()
Denigrated, replaced by X509Certificate.getSubjectX500Principal().
|
boolean[] |
getSubjectUniqueID()
Método no implementado.
|
byte[] |
getTBSCertificate()
Método no implementado.
|
int |
getVersion()
Gets the
version (version number) value from the
certificate. |
boolean |
hasUnsupportedCriticalExtension()
Check if there is a critical extension that is not supported.
|
java.lang.String |
toString()
Returns a string representation of this certificate.
|
void |
verify(java.security.PublicKey puk)
Método no implementado.
|
void |
verify(java.security.PublicKey puk,
java.lang.String s)
Método no implementado.
|
public FakeX509Certificate(byte[] subject, byte[] issuer, java.math.BigInteger serial, boolean auth)
subject
- Nombre LDAP del titularissuer
- Nombre LDAP del emisorserial
- Número de serieauth
- true
si es un certificado de autenticación, false
si lo es de firma digitalpublic java.util.Set getCriticalExtensionOIDs()
X509Certificate cert = null;
try (InputStream inStrm = new FileInputStream("DER-encoded-Cert")) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
cert = (X509Certificate)cf.generateCertificate(inStrm);
}
Set<String> critSet = cert.getCriticalExtensionOIDs();
if (critSet != null && !critSet.isEmpty()) {
System.out.println("Set of critical extensions:");
for (String oid : critSet) {
System.out.println(oid);
}
}
public byte[] getExtensionValue(java.lang.String e)
e
- the Object Identifier value for the extension.public java.util.Set getNonCriticalExtensionOIDs()
CertificateFactory cf = null;
X509CRL crl = null;
try (InputStream inStrm = new FileInputStream("DER-encoded-CRL")) {
cf = CertificateFactory.getInstance("X.509");
crl = (X509CRL)cf.generateCRL(inStrm);
}
byte[] certData = <DER-encoded certificate data>
ByteArrayInputStream bais = new ByteArrayInputStream(certData);
X509Certificate cert = (X509Certificate)cf.generateCertificate(bais);
X509CRLEntry badCert =
crl.getRevokedCertificate(cert.getSerialNumber());
if (badCert != null) {
Set<String> nonCritSet = badCert.getNonCriticalExtensionOIDs();
if (nonCritSet != null)
for (String oid : nonCritSet) {
System.out.println(oid);
}
}
public boolean hasUnsupportedCriticalExtension()
true
if a critical extension is found that is
not supported, otherwise false
.public void checkValidity()
The validity period consists of two date/time values: the first and last dates (and times) on which the certificate is valid. It is defined in ASN.1 as:
validity Validity Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate } CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
checkValidity
in class java.security.cert.X509Certificate
public void checkValidity(java.util.Date d)
checkValidity
in class java.security.cert.X509Certificate
d
- the Date to check against to see if this certificate
is valid at that date/time.X509Certificate.checkValidity()
public int getBasicConstraints()
BasicConstraints
extension, (OID = 2.5.29.19).
The basic constraints extension identifies whether the subject
of the certificate is a Certificate Authority (CA) and
how deep a certification path may exist through that CA. The
pathLenConstraint
field (see below) is meaningful
only if cA
is set to TRUE. In this case, it gives the
maximum number of CA certificates that may follow this certificate in a
certification path. A value of zero indicates that only an end-entity
certificate may follow in the path.
The ASN.1 definition for this is:
BasicConstraints ::= SEQUENCE { cA BOOLEAN DEFAULT FALSE, pathLenConstraint INTEGER (0..MAX) OPTIONAL }
getBasicConstraints
in class java.security.cert.X509Certificate
pathLenConstraint
if the
BasicConstraints extension is present in the certificate and the
subject of the certificate is a CA, otherwise -1.
If the subject of the certificate is a CA and
pathLenConstraint
does not appear,
Integer.MAX_VALUE
is returned to indicate that there is no
limit to the allowed length of the certification path.public java.security.Principal getIssuerDN()
issuer
as an implementation specific Principal object, which should not be
relied upon by portable code.
Gets the issuer
(issuer distinguished name) value from
the certificate. The issuer name identifies the entity that signed (and
issued) the certificate.
The issuer name field contains an X.500 distinguished name (DN). The ASN.1 definition for this is:
issuer Name Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeValueAssertion AttributeValueAssertion ::= SEQUENCE { AttributeType, AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANYThe
Name
describes a hierarchical name composed of
attributes,
such as country name, and corresponding values, such as US.
The type of the AttributeValue
component is determined by
the AttributeType
; in general it will be a
directoryString
. A directoryString
is usually
one of PrintableString
,
TeletexString
or UniversalString
.getIssuerDN
in class java.security.cert.X509Certificate
public boolean[] getIssuerUniqueID()
getIssuerUniqueID
in class java.security.cert.X509Certificate
public boolean[] getKeyUsage()
KeyUsage
extension, (OID = 2.5.29.15).
The key usage extension defines the purpose (e.g., encipherment,
signature, certificate signing) of the key contained in the
certificate.
The ASN.1 definition for this is:
KeyUsage ::= BIT STRING { digitalSignature (0), nonRepudiation (1), keyEncipherment (2), dataEncipherment (3), keyAgreement (4), keyCertSign (5), cRLSign (6), encipherOnly (7), decipherOnly (8) }RFC 3280 recommends that when used, this be marked as a critical extension.
getKeyUsage
in class java.security.cert.X509Certificate
public java.util.Date getNotAfter()
notAfter
date from the validity period of
the certificate. See getNotBefore
for relevant ASN.1 definitions.getNotAfter
in class java.security.cert.X509Certificate
X509Certificate.checkValidity()
public java.util.Date getNotBefore()
notBefore
date from the validity period of
the certificate.
The relevant ASN.1 definitions are:
validity Validity Validity ::= SEQUENCE { notBefore CertificateValidityDate, notAfter CertificateValidityDate } CertificateValidityDate ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime }
getNotBefore
in class java.security.cert.X509Certificate
X509Certificate.checkValidity()
public java.math.BigInteger getSerialNumber()
serialNumber
value from the certificate.
The serial number is an integer assigned by the certification
authority to each certificate. It must be unique for each
certificate issued by a given CA (i.e., the issuer name and
serial number identify a unique certificate).
The ASN.1 definition for this is:
serialNumber CertificateSerialNumber CertificateSerialNumber ::= INTEGER
getSerialNumber
in class java.security.cert.X509Certificate
public java.lang.String getSigAlgName()
signatureAlgorithm AlgorithmIdentifier AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } -- contains a value of the type -- registered for use with the -- algorithm object identifier value
The algorithm name is determined from the algorithm
OID string.
getSigAlgName
in class java.security.cert.X509Certificate
public java.lang.String getSigAlgOID()
See getSigAlgName
for
relevant ASN.1 definitions.
getSigAlgOID
in class java.security.cert.X509Certificate
public byte[] getSigAlgParams()
AlgorithmParameters
and instantiate with the name returned by
getSigAlgName
.
See getSigAlgName
for
relevant ASN.1 definitions.
getSigAlgParams
in class java.security.cert.X509Certificate
public byte[] getSignature()
getSignature
in class java.security.cert.X509Certificate
public java.security.Principal getSubjectDN()
subject
as an implementation specific Principal object, which should not be
relied upon by portable code.
Gets the subject
(subject distinguished name) value
from the certificate. If the subject
value is empty,
then the getName()
method of the returned
Principal
object returns an empty string ("").
The ASN.1 definition for this is:
subject Name
See getIssuerDN
for Name
and other relevant definitions.
getSubjectDN
in class java.security.cert.X509Certificate
public boolean[] getSubjectUniqueID()
getSubjectUniqueID
in class java.security.cert.X509Certificate
public byte[] getTBSCertificate()
getTBSCertificate
in class java.security.cert.X509Certificate
public int getVersion()
version
(version number) value from the
certificate.
The ASN.1 definition for this is:
version [0] EXPLICIT Version DEFAULT v1 Version ::= INTEGER { v1(0), v2(1), v3(2) }
getVersion
in class java.security.cert.X509Certificate
public byte[] getEncoded()
getEncoded
in class java.security.cert.Certificate
public java.security.PublicKey getPublicKey()
getPublicKey
in class java.security.cert.Certificate
public java.lang.String toString()
toString
in class java.security.cert.Certificate
public void verify(java.security.PublicKey puk)
verify
in class java.security.cert.Certificate
puk
- the PublicKey used to carry out the verification.public void verify(java.security.PublicKey puk, java.lang.String s)
verify
in class java.security.cert.Certificate
puk
- the PublicKey used to carry out the verification.s
- the name of the signature provider.