This class represents an X.509 certificate. Its various methods provide complete access to the contents of the certificate. A full understanding of this class requires detailed knowledge of the X.509 standard which is beyond the scope of this reference. Some of the more important methods are described here, however. getSubjectDN( ) returns the Principal to whom this certificate applies, and the inherited getPublicKey( ) method returns the PublicKey that the certificate associates with that Principal. getIssuerDN( ) returns a Principal that represents the issuer of the certificate, and if you know the public key for that Principal, you can pass it to the verify( ) method to check the digital signature of the issuer and ensure that the certificate is not forged. checkValidity( ) checks whether the certificate has expired or has not yet gone into effect. Note that verify( ) and getPublicKey( ) are inherited from Certificate.

Obtain an X509Certificate object by creating a CertificateFactory for certificate type "X.509" and then using generateCertificate( ) to parse an X.509 certificate from a stream of bytes. Finally, cast the Certificate returned by this method to an X509Certificate.

Figure 14-71. java.security.cert.X509Certificate

public abstract class X509Certificate extends java.security.cert.Certificate 
     implements X509Extension {
// Protected Constructors
     protected X509Certificate( );  
// Public Instance Methods
     public abstract void checkValidity( ) 
        throws CertificateExpiredException, CertificateNotYetValidException;  
     public abstract void checkValidity(java.util.Date date) 
        throws CertificateExpiredException, CertificateNotYetValidException;  
     public abstract int getBasicConstraints( );  
1.4  public java.util.List<String> getExtendedKeyUsage( ) 
        throws CertificateParsingException;  
1.4  public java.util.Collection<java.util.List<?>> getIssuerAlternativeNames( ) 
        throws CertificateParsingException;  
     public abstract java.security.Principal getIssuerDN( );  
     public abstract boolean[ ] getIssuerUniqueID( );  
1.4  public javax.security.auth.x500.X500Principal getIssuerX500Principal( );  
     public abstract boolean[ ] getKeyUsage( );  
     public abstract java.util.Date getNotAfter( );  
     public abstract java.util.Date getNotBefore( );  
     public abstract java.math.BigInteger getSerialNumber( );  
     public abstract String getSigAlgName( );  
     public abstract String getSigAlgOID( );  
     public abstract byte[ ] getSigAlgParams( );  
     public abstract byte[ ] getSignature( );  
1.4  public java.util.Collection<java.util.List<?>> getSubjectAlternativeNames( ) 
        throws CertificateParsingException;  
     public abstract java.security.Principal getSubjectDN( );  
     public abstract boolean[ ] getSubjectUniqueID( );  
1.4  public javax.security.auth.x500.X500Principal getSubjectX500Principal( );  
     public abstract byte[ ] getTBSCertificate( ) 
        throws CertificateEncodingException;  
     public abstract int getVersion( );  
}

Passed To

trustAnchor.TrustAnchor( ), X509CertSelector.setCertificate( ), X509CRL.getRevokedCertificate( ), X509CRLSelector.setCertificateChecking( ), javax.net.ssl.X509TrustManager.{checkClientTrusted( ), checkServerTrusted( )}, javax.security.auth.x500.X500PrivateCredential.X500PrivateCredential( )

Returned By

trustAnchor.getTrustedCert( ), X509CertSelector.getCertificate( ), X509CRLSelector.getCertificateChecking( ), javax.net.ssl.X509KeyManager.getCertificateChain( ), javax.net.ssl.X509TrustManager.getAcceptedIssuers( ), javax.security.auth.x500.X500PrivateCredential.getCertificate( )