net.rim.device.api.crypto.certificate.x509
Class X509Certificate

java.lang.Object
  extended by net.rim.device.api.crypto.certificate.x509.X509Certificate
All Implemented Interfaces:
Certificate, Persistable

public final class X509Certificate
extends Object
implements Certificate, Persistable

Represents an X.509 certificate. X.509 Certificates are defined in RFC 2459 ( Jan. 1999 )

See Also:
Certificate
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

Field Summary
Category: Signed static int ALT_NAME_DNS
          Used to lookup the DNS in getSubjectAltNameStrings and getIssuerAltNameStrings.
Category: Signed static int ALT_NAME_EMAIL
          Used to lookup the email addresses in getSubjectAltNameStrings and getIssuerAltNameStrings.
Category: Signed static int ALT_NAME_URL
          Used to lookup the URLs in getSubjectAltNameStrings and getIssuerAltNameStrings.
Category: Signed static int CERTIFICATE_V1
          Refers to an X509 Certificate that is version 1
Category: Signed static int CERTIFICATE_V2
          Refers to an X509 Certificate that is version 2
Category: Signed static int CERTIFICATE_V3
          Refers to an X509 Certificate that is version 3
 
Fields inherited from interface net.rim.device.api.crypto.certificate.Certificate
DISPLAY_CA, DISPLAY_ROOT, EMAIL_ADDRESSES, IS_END_ENTITY, PROMPT_TO_TRUST_ON_IMPORT, PUBLIC_KEY_ALGORITHM_INFORMATION, STATUS_FETCH_PERMITTED, SUMMARY_TEXT
 
Constructor Summary
Category: Signed X509Certificate(byte[] encoding)
          Creates a certificate object (X509Certificate) given the encoding of the certificate.
Category: Signed X509Certificate(InputStream input)
          Creates a certificate object(X509Certificate) given the ASN.1 encoding of the certificate.
Category: Signed X509Certificate(ASN1InputStream asn1Input)
          Creates a certificate object (X509Certificate) given the ASN.1 encoding of the certificate.
 
Method Summary
Category: Signed  boolean checkAgainstNameConstraints(X509Certificate cert)
          Check the names specified within the provided cert against the name constraints stored within this certificate.
Category: Signed  void checkCertificateChain(int position, Certificate[] chain)
          Checks to make sure that the certificate at position is valid within the chain.
Category: Signed static X509Certificate createX509Certificate(KeyPair subjectKeyPair, X509DistinguishedName subject, long keyUsage, byte[] serialNumber, CertificateExtension[] extensionList, long validNotBeforeDate, long validNotAfterDate)
          This function will create a self-signed X509Certificate, from the passed in information, using the provided private key ( from the key pair ).
Category: Signed static X509Certificate createX509Certificate(PublicKey subjectKey, X509DistinguishedName subject, long keyUsage, byte[] serialNumber, CertificateExtension[] extensionList, X509DistinguishedName issuer, PrivateKey issuerKey, long validNotBeforeDate, long validNotAfterDate)
          This function will create an X509Certificate, from the passed in information, using the provided private key
Category: Signed  boolean equals(Object other)
          Returns true if and only if the certificate is equal to the object other.
Category: Signed  String[] getAuthorityCertIssuer()
          Returns an array of the Strings associated with the authority certificate issuer.
Category: Signed  byte[] getAuthorityCertSerialNumber()
          Returns the certificate serial number of the authority, if it is present.
Category: Signed  int getBasicConstraints()
          The basic constraints extension (or lack thereof) identifies whether a certificate contains the public key for a Certification Authority (CA) or not.
Category: Signed  CertificateDisplayField[] getCustomDisplayFields()
          Provides more details about the certificate to be shown in the displayCertificateDetails method in CertificateUtilities.
Category: Signed  byte[] getEncoding()
          Returns the encoding of the certificate.
Category: Signed  byte[] getEncoding(int field)
          Returns the encoding of the field within the certificate (see CertificateField).
Category: Signed  CertificateExtension getExtension(OID oid)
          Returns the extension for the given oid if it exists in the certificate, otherwise null.
Category: Signed  CertificateExtension[] getExtensions()
          Returns all the extensions associated with this certificate, or null.
Category: Signed  CertificateExtension[] getExtensions(boolean criticalBit)
          Returns all the extensions associated with this certificate that have their critical bit set to the value of criticalBit, or null if none are found.
Category: Signed  Object getInformation(long id, Object param, Object defaultValue)
          Retrieves generic information about the certificate
Category: Signed  DistinguishedName getIssuer()
          Returns a DistinguishedName object, representing the issuer of this certificate.
Category: Signed  String[] getIssuerAltNameStrings(int type)
          Returns all of the strings associated( for the specified type ) with an issuer alt name.
Category: Signed  byte[] getIssuerUniqueIdentifier()
          Returns a bit string representing the issuer's unique identifier.
Category: Signed  long getNotAfter()
          Returns the date on which this certificate will expire.
Category: Signed  long getNotBefore()
          Returns the date on which this certificate will become valid.
Category: Signed  PublicKey getPublicKey()
          Extracts the subject's public key.
Category: Signed  String getPublicKeyAlgorithm()
          Returns a string representing the intended use of the public key.
Category: Signed  byte[] getSerialNumber()
          Returns the certificates serial number as a byte array representing an an integer in big-endian (network) order.
Category: Signed  String getSignatureAlgorithm()
          Returns a string representing the signature algorithm used to sign this certificate.
Category: Signed  CertificateStatus getStatus()
          Retrieves the CertificateStatus for this certificate object
Category: Signed  DistinguishedName getSubject()
          Returns a DistinguishedName object, representing the subject name this certificate (in different representations).
Category: Signed  String[] getSubjectAltNameStrings(int type)
          Returns all of the strings associated( for the specified type ) with a subject alt name.
Category: Signed  String getSubjectFriendlyName()
          Returns a human-readable string version of the name of the subject of this certificate.
Category: Signed  byte[] getSubjectKeyIdentifier()
          Returns the subject key identifier associated with the public key in the certificate.
Category: Signed  byte[] getSubjectUniqueIdentifier()
          Returns a bit string representing the subject's unique identifier.
Category: Signed  String getType()
          Returns the type of this certificate - "X509".
Category: Signed  int getVersion()
          Returns the version of the certificate we have parsed.
Category: Signed  int hashCode()
          Returns the hash code associated with the certificate.
Category: Signed  boolean isCA()
          Returns true if the certificate is of a certificate authority.
Category: Signed  boolean isRoot()
          Returns true if the certificate is self signed.
Category: Signed  boolean isValid()
          Check that this certificate is valid, using the current date and time as the time reference.
Category: Signed  boolean isValid(long date)
          Check that this certificate is valid, using date as the time reference.
Category: Signed  int queryKeyUsage(long purpose)
          Indicates whether the key contained in this certificate may be used for the specified purpose.
Category: Signed  void setStatus(CertificateStatus status)
          Sets the current CertificateStatus for this certificate object.
Category: Signed  String toString()
          Converts the certificate to a string representation by calling getSubjectFriendlyName()
Category: Signed  void verify()
          Verifies the certificate if the certificate is self signed.
Category: Signed  void verify(PublicKey issuerPublicKey)
          Verifies the certificate.
Category: Signed  void verify(KeyStore keystore)
          Verifies the certificate.
 
Methods inherited from class java.lang.Object
getClass, notify, notifyAll, wait, wait, wait
 



Field Detail

CERTIFICATE_V1

public static final int CERTIFICATE_V1
Refers to an X509 Certificate that is version 1

See Also:
Constant Field Values
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

CERTIFICATE_V2

public static final int CERTIFICATE_V2
Refers to an X509 Certificate that is version 2

See Also:
Constant Field Values
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

CERTIFICATE_V3

public static final int CERTIFICATE_V3
Refers to an X509 Certificate that is version 3

See Also:
Constant Field Values
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

ALT_NAME_EMAIL

public static final int ALT_NAME_EMAIL
Used to lookup the email addresses in getSubjectAltNameStrings and getIssuerAltNameStrings.

See Also:
Constant Field Values
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

ALT_NAME_DNS

public static final int ALT_NAME_DNS
Used to lookup the DNS in getSubjectAltNameStrings and getIssuerAltNameStrings.

See Also:
Constant Field Values
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

ALT_NAME_URL

public static final int ALT_NAME_URL
Used to lookup the URLs in getSubjectAltNameStrings and getIssuerAltNameStrings.

See Also:
Constant Field Values
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0


Constructor Detail

X509Certificate

public X509Certificate(byte[] encoding)
                throws CertificateParsingException
Creates a certificate object (X509Certificate) given the encoding of the certificate.

Parameters:
encoding - A byte array containing the certificate encoding.
Throws:
CertificateParsingException - Thrown if an error occured while parsing.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

X509Certificate

public X509Certificate(InputStream input)
                throws CertificateParsingException
Creates a certificate object(X509Certificate) given the ASN.1 encoding of the certificate.

Parameters:
input - The certificate encoding.
Throws:
CertificateParsingException - Thrown if a parsing error occurs.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

X509Certificate

public X509Certificate(ASN1InputStream asn1Input)
                throws CertificateParsingException
Creates a certificate object (X509Certificate) given the ASN.1 encoding of the certificate.

Parameters:
asn1Input - The encoding of the certificate and path.
Throws:
CertificateParsingException - Thrown if a parsing error occurs.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0


Method Detail

getEncoding

public byte[] getEncoding()
Description copied from interface: Certificate
Returns the encoding of the certificate.

Specified by:
getEncoding in interface Certificate
Returns:
A byte array containing the encoding. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getEncoding

public byte[] getEncoding(int field)
Description copied from interface: Certificate
Returns the encoding of the field within the certificate (see CertificateField).

Specified by:
getEncoding in interface Certificate
Parameters:
field - An integer that represents the field.
Returns:
A byte array that represents the encoding of the field. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getType

public String getType()
Returns the type of this certificate - "X509".

Specified by:
getType in interface Certificate
Returns:
Returns the string "X509"
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

checkCertificateChain

public void checkCertificateChain(int position,
                                  Certificate[] chain)
                           throws CertificateChainTooLongException,
                                  CertificateVerificationException
Checks to make sure that the certificate at position is valid within the chain.

Specified by:
checkCertificateChain in interface Certificate
Parameters:
position - The position of this ceritificate within the chain.
chain - The array of certificates representing the certificate chain. Note that the end-entity certificate must appear at array index [0].
Throws:
CertificateChainTooLongException - Thrown if the number of certificates, before this one, in the chain is longer than the certificates policy allows.
CertificateVerificationException - Thrown if there is another problem with the chain
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

checkAgainstNameConstraints

public boolean checkAgainstNameConstraints(X509Certificate cert)
Check the names specified within the provided cert against the name constraints stored within this certificate. Note that we currently only consider the email, url, and dns identifiers.

Parameters:
cert - The provided certificate
Returns:
true if the provided certificate is approved by the name constraints in this certificate (or it isn't specified) or false if the name constraints disallow the provided certificate
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 4.1.0

verify

public void verify(PublicKey issuerPublicKey)
            throws CertificateVerificationException,
                   NoSuchAlgorithmException,
                   CryptoTokenException,
                   CryptoUnsupportedOperationException
Verifies the certificate.

The function checks that the certificate was signed by. issuerPublicKey.

Specified by:
verify in interface Certificate
Parameters:
issuerPublicKey - The issuer's public key.
Throws:
CertificateVerificationException - Thrown if the certificate cannot be verified.
NoSuchAlgorithmException - Thrown if the specified cipher is invalid.
CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.
CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

verify

public void verify(KeyStore keystore)
            throws CertificateVerificationException,
                   DecodeException,
                   NoSuchAlgorithmException,
                   NoIssuerFoundException,
                   CryptoTokenException,
                   CryptoUnsupportedOperationException
Verifies the certificate.

The function checks that the certificate was signed by issuerPublicKey which is contained in the keyStore.

Specified by:
verify in interface Certificate
Parameters:
keystore - A keystore containing the issuer's public key.
Throws:
CertificateVerificationException - Thrown if the certificate cannot be verified.
DecodeException - Thrown if the data is improperly formatted.
NoSuchAlgorithmException - Thrown if the specified cipher is invalid.
NoIssuerFoundException - Thrown if the issuer public key cannot be found.
CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.
CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

verify

public void verify()
            throws CertificateVerificationException,
                   DecodeException,
                   NoSuchAlgorithmException,
                   CryptoTokenException,
                   CryptoUnsupportedOperationException
Verifies the certificate if the certificate is self signed.

Specified by:
verify in interface Certificate
Throws:
CertificateVerificationException - Thrown if the certificate cannot be verified.
DecodeException - Thrown if the data is improperly formatted.
NoSuchAlgorithmException - Thrown if the specified cipher is invalid.
CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.
CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

isRoot

public boolean isRoot()
Returns true if the certificate is self signed.

Specified by:
isRoot in interface Certificate
Returns:
Returns true if the certificate is self signed.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

isCA

public boolean isCA()
Returns true if the certificate is of a certificate authority.

Specified by:
isCA in interface Certificate
Returns:
Returns true if the certificate is of a CA
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getSubjectKeyIdentifier

public byte[] getSubjectKeyIdentifier()
Returns the subject key identifier associated with the public key in the certificate. If it is not found, null is returned.

Returns:
A byte array containing the subject key identifier. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getAuthorityCertIssuer

public String[] getAuthorityCertIssuer()
Returns an array of the Strings associated with the authority certificate issuer.

Only the rfc822Name, dNSName, and uniform resource identifier are returned ( if present ). If none are present, null is returned. If you need access to all of the information present, then use the getExtension function with the OIDs.idCeAuthorityKeyIdentifier oid and parse the output as per RFC 2459.

Returns:
An array of Strings. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getAuthorityCertSerialNumber

public byte[] getAuthorityCertSerialNumber()
Returns the certificate serial number of the authority, if it is present. If it is not present, null is returned, else the serial number is returned as a byte array.

Returns:
A byte array containing the certificate serial number. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getSubjectAltNameStrings

public String[] getSubjectAltNameStrings(int type)
Returns all of the strings associated( for the specified type ) with a subject alt name.

Null is returned if none exist. The types are defined are LOOKUP_EMAIL, LOOKUP_DNS, LOOKUP_URL.

Parameters:
type - An integer representing the type.
Returns:
An array of Strings representing the subject alt names. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getIssuerAltNameStrings

public String[] getIssuerAltNameStrings(int type)
Returns all of the strings associated( for the specified type ) with an issuer alt name.

Null is returned if none exist. The types are defined are LOOKUP_EMAIL, LOOKUP_DNS, LOOKUP_URL.

Parameters:
type - An integer representing the type.
Returns:
An array of Strings representing the issuer alt names. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getPublicKey

public PublicKey getPublicKey()
                       throws InvalidCryptoSystemException
Extracts the subject's public key.

Specified by:
getPublicKey in interface Certificate
Returns:
The public key or null if an error occurred.
Throws:
InvalidCryptoSystemException - Thrown if the crypto system used to create the key was invalid.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getPublicKeyAlgorithm

public String getPublicKeyAlgorithm()
Description copied from interface: Certificate
Returns a string representing the intended use of the public key. If no specific algorithm is intended for this public key, then the generic string for the public key will be returned.

Specified by:
getPublicKeyAlgorithm in interface Certificate
Returns:
A string representing the intended use of the public key or null if an error occurred.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getSignatureAlgorithm

public String getSignatureAlgorithm()
Description copied from interface: Certificate
Returns a string representing the signature algorithm used to sign this certificate.

Specified by:
getSignatureAlgorithm in interface Certificate
Returns:
A string representing the signature algorithm used to sign this certificate.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getStatus

public CertificateStatus getStatus()
Retrieves the CertificateStatus for this certificate object

Specified by:
getStatus in interface Certificate
Returns:
the current CertificateStatus stored for this certificate on the device. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

setStatus

public void setStatus(CertificateStatus status)
               throws KeyStoreCancelException,
                      InvalidTimeException,
                      BackwardStatusException
Sets the current CertificateStatus for this certificate object.

Specified by:
setStatus in interface Certificate
Parameters:
status - the new CertificateStatus that will be set for this certificate. It is important to note that this status should not attempt to set the status backwards (i.e. from REVOKED to GOOD) and it should not allow the date of a status to be in the future.
Throws:
KeyStoreCancelException - if the user decides not to enter their KeyStore password.
InvalidTimeException - if the time of the status is set in the future.
BackwardStatusException - if the status of the certificate is being backwards (i.e. from REVOKED to GOOD ).
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

isValid

public boolean isValid()
Check that this certificate is valid, using the current date and time as the time reference. It checks that the current date is between the values returned by getNotValidBefore() and getNotValidBefore().

Specified by:
isValid in interface Certificate
Returns:
Returns true if the certificate valid using the current date
See Also:
Certificate.verify()
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

isValid

public boolean isValid(long date)
Check that this certificate is valid, using date as the time reference. It checks that date is between the values returned by getNotValidBefore() and getNotValidBefore().

Specified by:
isValid in interface Certificate
Parameters:
date - The Date used to verify the certificate.
Returns:
Returns true if the certificate valid using date
See Also:
Certificate.verify()
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getVersion

public int getVersion()
Returns the version of the certificate we have parsed. The value returned is either CERTIFICATE_V1, CERTIFICATE_V2, or CERTIFICATE_V3.

Specified by:
getVersion in interface Certificate
Returns:
Returns the version of this certificate
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getSerialNumber

public byte[] getSerialNumber()
Returns the certificates serial number as a byte array representing an an integer in big-endian (network) order.

Specified by:
getSerialNumber in interface Certificate
Returns:
Returns the certificates serial number.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getIssuer

public DistinguishedName getIssuer()
Returns a DistinguishedName object, representing the issuer of this certificate.

Specified by:
getIssuer in interface Certificate
Returns:
A DistinguishedName object.
See Also:
DistinguishedName
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getSubject

public DistinguishedName getSubject()
Returns a DistinguishedName object, representing the subject name this certificate (in different representations).

Specified by:
getSubject in interface Certificate
Returns:
The distinguished name of the subject.
See Also:
DistinguishedName
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getNotBefore

public long getNotBefore()
Returns the date on which this certificate will become valid.

Specified by:
getNotBefore in interface Certificate
Returns:
Returns the date this certificate is valid after
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getNotAfter

public long getNotAfter()
Returns the date on which this certificate will expire.

Specified by:
getNotAfter in interface Certificate
Returns:
Returns the date this certificate is valid before
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getIssuerUniqueIdentifier

public byte[] getIssuerUniqueIdentifier()
Returns a bit string representing the issuer's unique identifier.

The bit string is packed into a byte array so that the most significant byte of the first element of the byte array is the first bit in the bit string.

Returns:
A byte array containing the ID of the user. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getSubjectUniqueIdentifier

public byte[] getSubjectUniqueIdentifier()
Returns a bit string representing the subject's unique identifier.

The bit string is packed into a byte array so that the most significant byte of the first element of the byte array is the first bit in the bit string.

Returns:
A byte array containing the ID of the subject. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getExtension

public CertificateExtension getExtension(OID oid)
Returns the extension for the given oid if it exists in the certificate, otherwise null.

Specified by:
getExtension in interface Certificate
Parameters:
oid - The OID of the certificate.
Returns:
The certificate extension. May be null.
See Also:
OIDs
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getExtensions

public CertificateExtension[] getExtensions()
Returns all the extensions associated with this certificate, or null.

Specified by:
getExtensions in interface Certificate
Returns:
An array of certificate extensions. May be null.
See Also:
OIDs
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getExtensions

public CertificateExtension[] getExtensions(boolean criticalBit)
Returns all the extensions associated with this certificate that have their critical bit set to the value of criticalBit, or null if none are found.

Specified by:
getExtensions in interface Certificate
Parameters:
criticalBit - a boolean that is true, if all critical extensions are to be returned and set to false if all non-critical extensions are to be returned
Returns:
An array of CertificateExtensions or null.
See Also:
OIDs
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getBasicConstraints

public int getBasicConstraints()
The basic constraints extension (or lack thereof) identifies whether a certificate contains the public key for a Certification Authority (CA) or not.

If the extension is not present, or the extension indicates so, the certificate is for a non-CA identity. If the certificate is for a CA, the maximum verification path length might be included in the extension.

Returns:
An integer. When there is a CA, a positive value is returned, otherwise -1 is returned. If the certificate entity is a CA, the maximum verification path length is returned, or Integer.MAX_VALUE is returned if said length did not exist.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

equals

public boolean equals(Object other)
Returns true if and only if the certificate is equal to the object other. Equals test whether the two encodings are equal. other can either be an X509Certificate or a byte[] representing the encoding of an X509Certificate.

Overrides:
equals in class Object
Parameters:
other - the reference object with which to compare.
Returns:
Returns true if other is equal to this
See Also:
Boolean.hashCode(), Hashtable
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

hashCode

public int hashCode()
Returns the hash code associated with the certificate.

Overrides:
hashCode in class Object
Returns:
Returns the hash code
See Also:
Object.equals(java.lang.Object), Hashtable
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

toString

public String toString()
Converts the certificate to a string representation by calling getSubjectFriendlyName()

Overrides:
toString in class Object
Returns:
Returns the string representation
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

queryKeyUsage

public int queryKeyUsage(long purpose)
Description copied from interface: Certificate
Indicates whether the key contained in this certificate may be used for the specified purpose.

Specified by:
queryKeyUsage in interface Certificate
Parameters:
purpose - A constant chosen from the KeyUsage constants indicating the purpose for which the key will be checked.
Returns:
KeyUsageResult.ALLOWED Thrown if the subject public key may be used for the specified purpose.
KeyUsageResult.NOT_ALLOWED Thrown if the subject public key may not be used for the specified purpose.
KeyUsageResult.UNSPECIFIED Thrown if it is unspecified whether the subject public key may be used for this purpose.
See Also:
KeyUsageResult
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getSubjectFriendlyName

public String getSubjectFriendlyName()
Returns a human-readable string version of the name of the subject of this certificate.

This string could be used for display purposes, for example. By default, this method returns the results of CertificateUtilities.getSubjectFriendlyName(), which produces a friendly string using elements of the subject distinguished name. If a name cannot be constructed in that way, this method will look in the subjectAltName extension for an email address.

Specified by:
getSubjectFriendlyName in interface Certificate
Returns:
Returns a Friendly Name as a String. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getCustomDisplayFields

public CertificateDisplayField[] getCustomDisplayFields()
Provides more details about the certificate to be shown in the displayCertificateDetails method in CertificateUtilities.

Specified by:
getCustomDisplayFields in interface Certificate
Returns:
The certificate display field. May be null.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getInformation

public Object getInformation(long id,
                             Object param,
                             Object defaultValue)
Retrieves generic information about the certificate

Specified by:
getInformation in interface Certificate
Parameters:
id - the id of the data to retrieve
param - a parameter that may be used to determine what information to return
defaultValue - a default value that should be returned if the certificate does not recognize the id.
Returns:
information about the certificate matching the id and param
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

createX509Certificate

public static X509Certificate createX509Certificate(KeyPair subjectKeyPair,
                                                    X509DistinguishedName subject,
                                                    long keyUsage,
                                                    byte[] serialNumber,
                                                    CertificateExtension[] extensionList,
                                                    long validNotBeforeDate,
                                                    long validNotAfterDate)
                                             throws NoSuchAlgorithmException,
                                                    CryptoUnsupportedOperationException,
                                                    CryptoTokenException,
                                                    InvalidKeyPairException,
                                                    InvalidCryptoSystemException,
                                                    InvalidKeyException
This function will create a self-signed X509Certificate, from the passed in information, using the provided private key ( from the key pair ).

Parameters:
subjectKeyPair - The key pair that provides the public key, for the certificate, and the private key, to sign the certificate with.
subject - The X509DistinguishedName identifying the owner of the public key
keyUsage - A long containing the key usage bits, from { @link KeyUsage KeyUsage }, for this certificate
serialNumber - A byte array containing the serial number for this certificate. Can be null, in which case a random serial number will be assigned.
extensionList - An array of CertificateExtensions to put in this certificate. Can be null.
validNotBeforeDate - The long representing the time this certificate becomes valid. If zero, assumed to be the current time.
validNotAfterDate - The long representing the time this certificate expires. If zero, assumed to be in 2 months.
Returns:
The created X509Certificate, otherwise null if an error occurs.
Throws:
InvalidKeyPairException - Thrown when the keys are not related.
InvalidCryptoSystemException - Thrown if the specified crypto system is invalid.
InvalidKeyException - Thrown when one or both of the keys are of an invalid format.
NoSuchAlgorithmException - Thrown if the keys passed in are not supported by the device.
CryptoUnsupportedOperationException - Thrown if the requested operation is not supported.
CryptoTokenException - Thrown if a token error occurs
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

createX509Certificate

public static X509Certificate createX509Certificate(PublicKey subjectKey,
                                                    X509DistinguishedName subject,
                                                    long keyUsage,
                                                    byte[] serialNumber,
                                                    CertificateExtension[] extensionList,
                                                    X509DistinguishedName issuer,
                                                    PrivateKey issuerKey,
                                                    long validNotBeforeDate,
                                                    long validNotAfterDate)
                                             throws NoSuchAlgorithmException,
                                                    CryptoUnsupportedOperationException,
                                                    CryptoTokenException,
                                                    InvalidCryptoSystemException,
                                                    InvalidKeyException
This function will create an X509Certificate, from the passed in information, using the provided private key

Parameters:
subjectKey - The public key that this certificate covers
subject - The X509DistinguishedName identifying the owner of the public key
keyUsage - A long containing the key usage bits, from { @link KeyUsage KeyUsage }, for this certificate
serialNumber - A byte array containing the serial number for this certificate. Can be null, in which case a random serial number will be assigned.
extensionList - An array of CertificateExtensions to put in this certificate. Can be null.
issuer - the X509DistinguishedName of the issuer of this certificate
issuerKey - The private key of the issuer. Used to sign the certificate.
validNotBeforeDate - The long representing the time this certificate becomes valid. If zero, assumed to be the current time.
validNotAfterDate - The long representing the time this certificate expires. If zero, assumed to be in 2 months.
Returns:
The created X509Certificate, otherwise null if an error occurs.
Throws:
InvalidCryptoSystemException - Thrown if the specified crypto system is invalid.
InvalidKeyException - Thrown when one or both of the keys are of an invalid format.
NoSuchAlgorithmException - Thrown if the keys passed in are not supported by the device.
CryptoUnsupportedOperationException - Thrown if the requested operation is not supported.
CryptoTokenException - Thrown if a token error occurs
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0





Copyright 1999-2010 Research In Motion Limited. 295 Phillip Street, Waterloo, Ontario, Canada, N2L 3W8. All Rights Reserved.
Copyright 1993-2003 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California, 94303, U.S.A. All Rights Reserved.
Copyright 2002-2003 Nokia Corporation All Rights Reserved.
Java is a trademark of Sun Microsystems, Inc.