SHOW Signed
 

net.rim.device.api.crypto.certificate.x509
Class X509Certificate

java.lang.Object
  |
  +--net.rim.device.api.crypto.certificate.x509.X509Certificate
All Implemented Interfaces:
Certificate, Persistable, Persistable

public final class X509Certificate
extends Object
implements Certificate, Persistable

Represents an X.509 certificate. X.509 Certificates are defined in RFC 2459 ( Jan. 1999 )

Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:
JDE 3.6.0
See Also:
Certificate

Field Summary
 Category: Signed static int ALT_NAME_DNS
          Used to lookup the DNS in getSubjectAltNameStrings and getIssuerAltNameStrings.
 Category: Signed static int ALT_NAME_EMAIL
          Used to lookup the email addresses in getSubjectAltNameStrings and getIssuerAltNameStrings.
 Category: Signed static int ALT_NAME_URL
          Used to lookup the URLs in getSubjectAltNameStrings and getIssuerAltNameStrings.
 Category: Signed static int CERTIFICATE_V1
          Refers to an X509 Certificate that is version 1
 Category: Signed static int CERTIFICATE_V2
          Refers to an X509 Certificate that is version 2
 Category: Signed static int CERTIFICATE_V3
          Refers to an X509 Certificate that is version 3
 
Fields inherited from interface net.rim.device.api.crypto.certificate.Certificate
DISPLAY_CA, DISPLAY_ROOT, EMAIL_ADDRESSES, IS_END_ENTITY, PROMPT_TO_TRUST_ON_IMPORT, PUBLIC_KEY_ALGORITHM_INFORMATION, SUMMARY_TEXT
 
Constructor Summary
 Category: Signed X509Certificate(ASN1InputStream asn1Input)
          Creates a certificate object (X509Certificate) given the ASN.1 encoding of the certificate.
 Category: Signed X509Certificate(byte[] encoding)
          Creates a certificate object (X509Certificate) given the encoding of the certificate.
 Category: Signed X509Certificate(InputStream input)
          Creates a certificate object(X509Certificate) given the ASN.1 encoding of the certificate.
 
Method Summary
 Category: Signed  boolean checkAgainstNameConstraints(X509Certificate cert)
          Check the names specified within the provided cert against the name constraints stored within this certificate.
 Category: Signed  void checkCertificateChain(int position, Certificate[] chain)
          Checks to make sure that the certificate at position is valid within the chain.
 Category: Signed static X509Certificate createX509Certificate(KeyPair subjectKeyPair, X509DistinguishedName subject, long keyUsage, byte[] serialNumber, CertificateExtension[] extensionList, long validNotBeforeDate, long validNotAfterDate)
          This function will create a self-signed X509Certificate, from the passed in information, using the provided private key ( from the key pair ).
 Category: Signed static X509Certificate createX509Certificate(PublicKey subjectKey, X509DistinguishedName subject, long keyUsage, byte[] serialNumber, CertificateExtension[] extensionList, X509DistinguishedName issuer, PrivateKey issuerKey, long validNotBeforeDate, long validNotAfterDate)
          This function will create an X509Certificate, from the passed in information, using the provided private key
 Category: Signed  boolean equals(Object other)
          Returns true if and only if the certificate is equal to the object other.
 Category: Signed  String[] getAuthorityCertIssuer()
          Returns an array of the Strings associated with the authority certificate issuer.
 Category: Signed  byte[] getAuthorityCertSerialNumber()
          Returns the certificate serial number of the authority, if it is present.
 Category: Signed  int getBasicConstraints()
          The basic constraints extension (or lack thereof) identifies whether a certificate contains the public key for a Certification Authority (CA) or not.
 Category: Signed  CertificateDisplayField[] getCustomDisplayFields()
          Provides more details about the certificate to be shown in the displayCertificateDetails method in CertificateUtilities.
 Category: Signed  byte[] getEncoding()
          Returns the encoding of the certificate.
 Category: Signed  byte[] getEncoding(int field)
          Returns the encoding of the field within the certificate (see CertificateField).
 Category: Signed  CertificateExtension getExtension(OID oid)
          Returns the extension for the given oid if it exists in the certificate, otherwise null.
 Category: Signed  CertificateExtension[] getExtensions()
          Returns all the extensions associated with this certificate, or null.
 Category: Signed  CertificateExtension[] getExtensions(boolean criticalBit)
          Returns all the extensions associated with this certificate that have their critical bit set to the value of criticalBit, or null if none are found.
 Category: Signed  Object getInformation(long id, Object param, Object defaultValue)
          Retrieves generic information about the certificate
 Category: Signed  DistinguishedName getIssuer()
          Returns a DistinguishedName object, representing the issuer of this certificate.
 Category: Signed  String[] getIssuerAltNameStrings(int type)
          Returns all of the strings associated( for the specified type ) with an issuer alt name.
 Category: Signed  byte[] getIssuerUniqueIdentifier()
          Returns a bit string representing the issuer's unique identifier.
 Category: Signed  long getNotAfter()
          Returns the date on which this certificate will expire.
 Category: Signed  long getNotBefore()
          Returns the date on which this certificate will become valid.
 Category: Signed  PublicKey getPublicKey()
          Extracts the subject's public key.
 Category: Signed  String getPublicKeyAlgorithm()
          Returns a string representing the intended use of the public key.
 Category: Signed  byte[] getSerialNumber()
          Returns the certificates serial number as a byte array representing an an integer in big-endian (network) order.
 Category: Signed  String getSignatureAlgorithm()
          Returns a string representing the signature algorithm used to sign this certificate.
 Category: Signed  CertificateStatus getStatus()
          Retrieves the CertificateStatus for this certificate object
 Category: Signed  DistinguishedName getSubject()
          Returns a DistinguishedName object, representing the subject name this certificate (in different representations).
 Category: Signed  String[] getSubjectAltNameStrings(int type)
          Returns all of the strings associated( for the specified type ) with a subject alt name.
 Category: Signed  String getSubjectFriendlyName()
          Returns a human-readable string version of the name of the subject of this certificate.
 Category: Signed  byte[] getSubjectKeyIdentifier()
          Returns the subject key identifier associated with the public key in the certificate.
 Category: Signed  byte[] getSubjectUniqueIdentifier()
          Returns a bit string representing the subject's unique identifier.
 Category: Signed  String getType()
          Returns the type of this certificate - "X509".
 Category: Signed  int getVersion()
          Returns the version of the certificate we have parsed.
 Category: Signed  int hashCode()
          Returns the hash code associated with the certificate.
 Category: Signed  boolean isCA()
          Returns true if the certificate is of a certificate authority.
 Category: Signed  boolean isRoot()
          Returns true if the certificate is self signed.
 Category: Signed  boolean isValid()
          Check that this certificate is valid, using the current date and time as the time reference.
 Category: Signed  boolean isValid(long date)
          Check that this certificate is valid, using date as the time reference.
 Category: Signed  int queryKeyUsage(long purpose)
          Indicates whether the key contained in this certificate may be used for the specified purpose.
 Category: Signed  void setStatus(CertificateStatus status)
          Sets the current CertificateStatus for this certificate object.
 Category: Signed  String toString()
          Converts the certificate to a string representation by calling getSubjectFriendlyName()
 Category: Signed  void verify()
          Verifies the certificate if the certificate is self signed.
 Category: Signed  void verify(KeyStore keystore)
          Verifies the certificate.
 Category: Signed  void verify(PublicKey issuerPublicKey)
          Verifies the certificate.
 
Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

ALT_NAME_DNS

public static final int ALT_NAME_DNS
Used to lookup the DNS in getSubjectAltNameStrings and getIssuerAltNameStrings.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

ALT_NAME_EMAIL

public static final int ALT_NAME_EMAIL
Used to lookup the email addresses in getSubjectAltNameStrings and getIssuerAltNameStrings.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

ALT_NAME_URL

public static final int ALT_NAME_URL
Used to lookup the URLs in getSubjectAltNameStrings and getIssuerAltNameStrings.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

CERTIFICATE_V1

public static final int CERTIFICATE_V1
Refers to an X509 Certificate that is version 1
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

CERTIFICATE_V2

public static final int CERTIFICATE_V2
Refers to an X509 Certificate that is version 2
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

CERTIFICATE_V3

public static final int CERTIFICATE_V3
Refers to an X509 Certificate that is version 3
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Constructor Detail

X509Certificate

public X509Certificate(ASN1InputStream asn1Input)
                throws CertificateParsingException
Creates a certificate object (X509Certificate) given the ASN.1 encoding of the certificate.

Parameters:
asn1Input - The encoding of the certificate and path.
Throws:
CertificateParsingException - Thrown if a parsing error occurs.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

X509Certificate

public X509Certificate(byte[] encoding)
                throws CertificateParsingException
Creates a certificate object (X509Certificate) given the encoding of the certificate.

Parameters:
encoding - A byte array containing the certificate encoding.
Throws:
CertificateParsingException - Thrown if an error occured while parsing.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

X509Certificate

public X509Certificate(InputStream input)
                throws CertificateParsingException
Creates a certificate object(X509Certificate) given the ASN.1 encoding of the certificate.

Parameters:
input - The certificate encoding.
Throws:
CertificateParsingException - Thrown if a parsing error occurs.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Method Detail

checkAgainstNameConstraints

public boolean checkAgainstNameConstraints(X509Certificate cert)
Check the names specified within the provided cert against the name constraints stored within this certificate. Note that we currently only consider the email, url, and dns identifiers.

Parameters:
cert - The provided certificate
Returns:
true if the provided certificate is approved by the name constraints in this certificate (or it isn't specified) or false if the name constraints disallow the provided certificate
Since:
JDE 4.1.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

checkCertificateChain

public void checkCertificateChain(int position,
                                  Certificate[] chain)
                           throws CertificateChainTooLongException,
                                  CertificateVerificationException
Checks to make sure that the certificate at position is valid within the chain.

Parameters:
position - The position of this ceritificate within the chain.
chain - The array of certificates representing the certificate chain. Note that the end-entity certificate must appear at array index [0].
Throws:
CertificateChainTooLongException - Thrown if the number of certificates, before this one, in the chain is longer than the certificates policy allows.
CertificateVerificationException - Thrown if there is another problem with the chain
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

createX509Certificate

public static X509Certificate createX509Certificate(KeyPair subjectKeyPair,
                                                    X509DistinguishedName subject,
                                                    long keyUsage,
                                                    byte[] serialNumber,
                                                    CertificateExtension[] extensionList,
                                                    long validNotBeforeDate,
                                                    long validNotAfterDate)
                                             throws NoSuchAlgorithmException,
                                                    CryptoUnsupportedOperationException,
                                                    CryptoTokenException,
                                                    InvalidKeyPairException,
                                                    InvalidCryptoSystemException,
                                                    InvalidKeyException
This function will create a self-signed X509Certificate, from the passed in information, using the provided private key ( from the key pair ).

Parameters:
subjectKeyPair - The key pair that provides the public key, for the certificate, and the private key, to sign the certificate with.
subject - The X509DistinguishedName identifying the owner of the public key
keyUsage - A long containing the key usage bits, from { @link KeyUsage KeyUsage }, for this certificate
serialNumber - A byte array containing the serial number for this certificate. Can be null, in which case a random serial number will be assigned.
extensionList - An array of CertificateExtensions to put in this certificate. Can be null.
validNotBeforeDate - The long representing the time this certificate becomes valid. If zero, assumed to be the current time.
validNotAfterDate - The long representing the time this certificate expires. If zero, assumed to be in 2 months.
Returns:
The created X509Certificate, otherwise null if an error occurs.
Throws:
InvalidKeyPairException - Thrown when the keys are not related.
InvalidCryptoSystemException - Thrown if the specified crypto system is invalid.
InvalidKeyException - Thrown when one or both of the keys are of an invalid format.
NoSuchAlgorithmException - Thrown if the keys passed in are not supported by the device.
CryptoUnsupportedOperationException - Thrown if the requested operation is not supported.
CryptoTokenException - Thrown if a token error occurs
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

createX509Certificate

public static X509Certificate createX509Certificate(PublicKey subjectKey,
                                                    X509DistinguishedName subject,
                                                    long keyUsage,
                                                    byte[] serialNumber,
                                                    CertificateExtension[] extensionList,
                                                    X509DistinguishedName issuer,
                                                    PrivateKey issuerKey,
                                                    long validNotBeforeDate,
                                                    long validNotAfterDate)
                                             throws NoSuchAlgorithmException,
                                                    CryptoUnsupportedOperationException,
                                                    CryptoTokenException,
                                                    InvalidCryptoSystemException,
                                                    InvalidKeyException
This function will create an X509Certificate, from the passed in information, using the provided private key

Parameters:
subjectKey - The public key that this certificate covers
subject - The X509DistinguishedName identifying the owner of the public key
keyUsage - A long containing the key usage bits, from { @link KeyUsage KeyUsage }, for this certificate
serialNumber - A byte array containing the serial number for this certificate. Can be null, in which case a random serial number will be assigned.
extensionList - An array of CertificateExtensions to put in this certificate. Can be null.
issuer - the X509DistinguishedName of the issuer of this certificate
issuerKey - The private key of the issuer. Used to sign the certificate.
validNotBeforeDate - The long representing the time this certificate becomes valid. If zero, assumed to be the current time.
validNotAfterDate - The long representing the time this certificate expires. If zero, assumed to be in 2 months.
Returns:
The created X509Certificate, otherwise null if an error occurs.
Throws:
InvalidCryptoSystemException - Thrown if the specified crypto system is invalid.
InvalidKeyException - Thrown when one or both of the keys are of an invalid format.
NoSuchAlgorithmException - Thrown if the keys passed in are not supported by the device.
CryptoUnsupportedOperationException - Thrown if the requested operation is not supported.
CryptoTokenException - Thrown if a token error occurs
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

equals

public boolean equals(Object other)
Returns true if and only if the certificate is equal to the object other. Equals test whether the two encodings are equal. other can either be an X509Certificate or a byte[] representing the encoding of an X509Certificate.

Overrides:
equals in class Object
Returns:
Returns true if other is equal to this
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getAuthorityCertIssuer

public String[] getAuthorityCertIssuer()
Returns an array of the Strings associated with the authority certificate issuer.

Only the rfc822Name, dNSName, and uniform resource identifier are returned ( if present ). If none are present, null is returned. If you need access to all of the information present, then use the getExtension function with the OIDs.idCeAuthorityKeyIdentifier oid and parse the output as per RFC 2459.

Returns:
An array of Strings. May be null.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getAuthorityCertSerialNumber

public byte[] getAuthorityCertSerialNumber()
Returns the certificate serial number of the authority, if it is present. If it is not present, null is returned, else the serial number is returned as a byte array.

Returns:
A byte array containing the certificate serial number. May be null.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getBasicConstraints

public int getBasicConstraints()
The basic constraints extension (or lack thereof) identifies whether a certificate contains the public key for a Certification Authority (CA) or not.

If the extension is not present, or the extension indicates so, the certificate is for a non-CA identity. If the certificate is for a CA, the maximum verification path length might be included in the extension.

Returns:
An integer. When there is a CA, a positive value is returned, otherwise -1 is returned. If the certificate entity is a CA, the maximum verification path length is returned, or Integer.MAX_VALUE is returned if said length did not exist.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getCustomDisplayFields

public CertificateDisplayField[] getCustomDisplayFields()
Provides more details about the certificate to be shown in the displayCertificateDetails method in CertificateUtilities.

Returns:
The certificate display field. May be null.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getEncoding

public byte[] getEncoding()
Description copied from interface: Certificate
Returns the encoding of the certificate.

Since:
JDE 3.6.0

Following copied from interface: Certificate
Returns:
A byte array containing the encoding. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getEncoding

public byte[] getEncoding(int field)
Description copied from interface: Certificate
Returns the encoding of the field within the certificate (see CertificateField).

Since:
JDE 3.6.0

Following copied from interface: Certificate
Parameters:
field - An integer that represents the field.
Returns:
A byte array that represents the encoding of the field. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getExtension

public CertificateExtension getExtension(OID oid)
Returns the extension for the given oid if it exists in the certificate, otherwise null.

Parameters:
oid - The OID of the certificate.
Returns:
The certificate extension. May be null.
Since:
JDE 3.6.0
See Also:
OIDs
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getExtensions

public CertificateExtension[] getExtensions()
Returns all the extensions associated with this certificate, or null.

Returns:
An array of certificate extensions. May be null.
Since:
JDE 3.6.0
See Also:
OIDs
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getExtensions

public CertificateExtension[] getExtensions(boolean criticalBit)
Returns all the extensions associated with this certificate that have their critical bit set to the value of criticalBit, or null if none are found.

Parameters:
criticalBit - a boolean that is true, if all critical extensions are to be returned and set to false if all non-critical extensions are to be returned
Returns:
An array of CertificateExtensions or null.
Since:
JDE 3.6.0
See Also:
OIDs
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getInformation

public Object getInformation(long id,
                             Object param,
                             Object defaultValue)
Retrieves generic information about the certificate
Parameters:
id - the id of the data to retrieve
param - a parameter that may be used to determine what information to return
defaultValue - a default value that should be returned if the certificate does not recognize the id.
Returns:
information about the certificate matching the id and param
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getIssuer

public DistinguishedName getIssuer()
Returns a DistinguishedName object, representing the issuer of this certificate.

Returns:
A DistinguishedName object.
Since:
JDE 3.6.0
See Also:
DistinguishedName
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getIssuerAltNameStrings

public String[] getIssuerAltNameStrings(int type)
Returns all of the strings associated( for the specified type ) with an issuer alt name.

Null is returned if none exist. The types are defined are LOOKUP_EMAIL, LOOKUP_DNS, LOOKUP_URL.

Parameters:
type - An integer representing the type.
Returns:
An array of Strings representing the issuer alt names. May be null.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getIssuerUniqueIdentifier

public byte[] getIssuerUniqueIdentifier()
Returns a bit string representing the issuer's unique identifier.

The bit string is packed into a byte array so that the most significant byte of the first element of the byte array is the first bit in the bit string.

Returns:
A byte array containing the ID of the user. May be null.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getNotAfter

public long getNotAfter()
Returns the date on which this certificate will expire.

Returns:
Returns the date this certificate is valid before
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getNotBefore

public long getNotBefore()
Returns the date on which this certificate will become valid.

Returns:
Returns the date this certificate is valid after
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getPublicKey

public PublicKey getPublicKey()
                       throws InvalidCryptoSystemException
Extracts the subject's public key.

Returns:
The public key or null if an error occurred.
Throws:
InvalidCryptoSystemException - Thrown if the crypto system used to create the key was invalid.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getPublicKeyAlgorithm

public String getPublicKeyAlgorithm()
Description copied from interface: Certificate
Returns a string representing the intended use of the public key. If no specific algorithm is intended for this public key, then the generic string for the public key will be returned.

Since:
JDE 3.6.0

Following copied from interface: Certificate
Returns:
A string representing the intended use of the public key or null if an error occurred.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getSerialNumber

public byte[] getSerialNumber()
Returns the certificates serial number as a byte array representing an an integer in big-endian (network) order.

Returns:
Returns the certificates serial number.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getSignatureAlgorithm

public String getSignatureAlgorithm()
Description copied from interface: Certificate
Returns a string representing the signature algorithm used to sign this certificate.

Since:
JDE 3.6.0

Following copied from interface: Certificate
Returns:
A string representing the signature algorithm used to sign this certificate.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getStatus

public CertificateStatus getStatus()
Retrieves the CertificateStatus for this certificate object
Returns:
the current CertificateStatus stored for this certificate on the device. May be null.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getSubject

public DistinguishedName getSubject()
Returns a DistinguishedName object, representing the subject name this certificate (in different representations).

Returns:
The distinguished name of the subject.
Since:
JDE 3.6.0
See Also:
DistinguishedName
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getSubjectAltNameStrings

public String[] getSubjectAltNameStrings(int type)
Returns all of the strings associated( for the specified type ) with a subject alt name.

Null is returned if none exist. The types are defined are LOOKUP_EMAIL, LOOKUP_DNS, LOOKUP_URL.

Parameters:
type - An integer representing the type.
Returns:
An array of Strings representing the subject alt names. May be null.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getSubjectFriendlyName

public String getSubjectFriendlyName()
Returns a human-readable string version of the name of the subject of this certificate.

This string could be used for display purposes, for example. By default, this method returns the results of CertificateUtilities.getSubjectFriendlyName(), which produces a friendly string using elements of the subject distinguished name. If a name cannot be constructed in that way, this method will look in the subjectAltName extension for an email address.

Returns:
Returns a Friendly Name as a String. May be null.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getSubjectKeyIdentifier

public byte[] getSubjectKeyIdentifier()
Returns the subject key identifier associated with the public key in the certificate. If it is not found, null is returned.

Returns:
A byte array containing the subject key identifier. May be null.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getSubjectUniqueIdentifier

public byte[] getSubjectUniqueIdentifier()
Returns a bit string representing the subject's unique identifier.

The bit string is packed into a byte array so that the most significant byte of the first element of the byte array is the first bit in the bit string.

Returns:
A byte array containing the ID of the subject. May be null.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getType

public String getType()
Returns the type of this certificate - "X509".

Returns:
Returns the string "X509"
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

getVersion

public int getVersion()
Returns the version of the certificate we have parsed. The value returned is either CERTIFICATE_V1, CERTIFICATE_V2, or CERTIFICATE_V3.

Returns:
Returns the version of this certificate
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

hashCode

public int hashCode()
Returns the hash code associated with the certificate.

Overrides:
hashCode in class Object
Returns:
Returns the hash code
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

isCA

public boolean isCA()
Returns true if the certificate is of a certificate authority.

Returns:
Returns true if the certificate is of a CA
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

isRoot

public boolean isRoot()
Returns true if the certificate is self signed.

Returns:
Returns true if the certificate is self signed.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

isValid

public boolean isValid()
Check that this certificate is valid, using the current date and time as the time reference. It checks that the current date is between the values returned by getNotValidBefore() and getNotValidBefore().

Returns:
Returns true if the certificate valid using the current date
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

isValid

public boolean isValid(long date)
Check that this certificate is valid, using date as the time reference. It checks that date is between the values returned by getNotValidBefore() and getNotValidBefore().

Returns:
Returns true if the certificate valid using date
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

queryKeyUsage

public int queryKeyUsage(long purpose)
Description copied from interface: Certificate
Indicates whether the key contained in this certificate may be used for the specified purpose.

Since:
JDE 3.6.0

Following copied from interface: Certificate
Parameters:
purpose - A constant chosen from the KeyUsage constants indicating the purpose for which the key will be checked.
Returns:
KeyUsageResult.ALLOWED Thrown if the subject public key may be used for the specified purpose.
KeyUsageResult.NOT_ALLOWED Thrown if the subject public key may not be used for the specified purpose.
KeyUsageResult.UNSPECIFIED Thrown if it is unspecified whether the subject public key may be used for this purpose.
See Also:
KeyUsageResult
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

setStatus

public void setStatus(CertificateStatus status)
               throws KeyStoreCancelException,
                      InvalidTimeException,
                      BackwardStatusException
Sets the current CertificateStatus for this certificate object.
Parameters:
status - the new CertificateStatus that will be set for this certificate. It is important to note that this status should not attempt to set the status backwards (i.e. from REVOKED to GOOD) and it should not allow the date of a status to be in the future.
Throws:
KeyStoreCancelException - if the user decides not to enter their KeyStore password.
InvalidTimeException - if the time of the status is set in the future.
BackwardStatusException - if the status of the certificate is being backwards (i.e. from REVOKED to GOOD ).
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

toString

public String toString()
Converts the certificate to a string representation by calling getSubjectFriendlyName()

Overrides:
toString in class Object
Returns:
Returns the string representation
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

verify

public void verify()
            throws CertificateVerificationException,
                   DecodeException,
                   NoSuchAlgorithmException,
                   CryptoTokenException,
                   CryptoUnsupportedOperationException
Verifies the certificate if the certificate is self signed.

Throws:
CertificateVerificationException - Thrown if the certificate cannot be verified.
DecodeException - Thrown if the data is improperly formatted.
NoSuchAlgorithmException - Thrown if the specified cipher is invalid.
CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.
CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

verify

public void verify(KeyStore keystore)
            throws CertificateVerificationException,
                   DecodeException,
                   NoSuchAlgorithmException,
                   NoIssuerFoundException,
                   CryptoTokenException,
                   CryptoUnsupportedOperationException
Verifies the certificate.

The function checks that the certificate was signed by issuerPublicKey which is contained in the keyStore.

Parameters:
keystore - A keystore containing the issuer's public key.
Throws:
CertificateVerificationException - Thrown if the certificate cannot be verified.
DecodeException - Thrown if the data is improperly formatted.
NoSuchAlgorithmException - Thrown if the specified cipher is invalid.
NoIssuerFoundException - Thrown if the issuer public key cannot be found.
CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.
CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

verify

public void verify(PublicKey issuerPublicKey)
            throws CertificateVerificationException,
                   NoSuchAlgorithmException,
                   CryptoTokenException,
                   CryptoUnsupportedOperationException
Verifies the certificate.

The function checks that the certificate was signed by. issuerPublicKey.

Parameters:
issuerPublicKey - The issuer's public key.
Throws:
CertificateVerificationException - Thrown if the certificate cannot be verified.
NoSuchAlgorithmException - Thrown if the specified cipher is invalid.
CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.
CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.
Since:
JDE 3.6.0
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.



Copyright 1999-2009 Research In Motion Limited. 295 Phillip Street, Waterloo, Ontario, Canada, N2L 3W8. All Rights Reserved.
Copyright 1993-2003 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California, 94303, U.S.A.
Copyright 2002-2003 Nokia Corporation All Rights Reserved.
Java is a trademark or registered trademark of Sun Microsystems, Inc. in the US and other countries.