net.rim.device.api.crypto.certificate.x509
Class X509Certificate
java.lang.Object
net.rim.device.api.crypto.certificate.x509.X509Certificate
- All Implemented Interfaces:
- Certificate, Persistable
public final class X509Certificate
- extends Object
- implements Certificate, Persistable
Represents an X.509 certificate. X.509 Certificates are defined in RFC 2459 ( Jan. 1999 )
- See Also:
Certificate
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
Field Summary |
|
static int |
ALT_NAME_DNS
Used to lookup the DNS in getSubjectAltNameStrings and getIssuerAltNameStrings . |
|
static int |
ALT_NAME_EMAIL
Used to lookup the email addresses in getSubjectAltNameStrings and getIssuerAltNameStrings . |
|
static int |
ALT_NAME_URL
Used to lookup the URLs in getSubjectAltNameStrings and getIssuerAltNameStrings . |
|
static int |
CERTIFICATE_V1
Refers to an X509 Certificate that is version 1 |
|
static int |
CERTIFICATE_V2
Refers to an X509 Certificate that is version 2 |
|
static int |
CERTIFICATE_V3
Refers to an X509 Certificate that is version 3 |
Constructor Summary |
|
X509Certificate(byte[] encoding)
Creates a certificate object (X509Certificate ) given the encoding
of the certificate. |
|
X509Certificate(InputStream input)
Creates a certificate object(X509Certificate ) given the ASN.1 encoding
of the certificate. |
|
X509Certificate(ASN1InputStream asn1Input)
Creates a certificate object (X509Certificate ) given the ASN.1 encoding
of the certificate. |
Method Summary |
|
boolean |
checkAgainstNameConstraints(X509Certificate cert)
Check the names specified within the provided cert against the name constraints stored within this
certificate. |
|
void |
checkCertificateChain(int position,
Certificate[] chain)
Checks to make sure that the certificate at position is valid within the chain. |
|
static X509Certificate |
createX509Certificate(KeyPair subjectKeyPair,
X509DistinguishedName subject,
long keyUsage,
byte[] serialNumber,
CertificateExtension[] extensionList,
long validNotBeforeDate,
long validNotAfterDate)
This function will create a self-signed X509Certificate, from the passed in information,
using the provided private key ( from the key pair ). |
|
static X509Certificate |
createX509Certificate(PublicKey subjectKey,
X509DistinguishedName subject,
long keyUsage,
byte[] serialNumber,
CertificateExtension[] extensionList,
X509DistinguishedName issuer,
PrivateKey issuerKey,
long validNotBeforeDate,
long validNotAfterDate)
This function will create an X509Certificate, from the passed in information, using the provided private key
|
|
boolean |
equals(Object other)
Returns true if and only if the certificate is equal to
the object other . |
|
String[] |
getAuthorityCertIssuer()
Returns an array of the Strings associated with the authority certificate
issuer. |
|
byte[] |
getAuthorityCertSerialNumber()
Returns the certificate serial number of the authority, if it is present. |
|
int |
getBasicConstraints()
The basic constraints extension (or lack thereof) identifies whether a
certificate contains the public key for a Certification Authority (CA)
or not. |
|
CertificateDisplayField[] |
getCustomDisplayFields()
Provides more details about the certificate to be shown in the displayCertificateDetails method
in CertificateUtilities . |
|
byte[] |
getEncoding()
Returns the encoding of the certificate. |
|
byte[] |
getEncoding(int field)
Returns the encoding of the field within the certificate (see CertificateField ). |
|
CertificateExtension |
getExtension(OID oid)
Returns the extension for the given oid if it exists in the certificate, otherwise null . |
|
CertificateExtension[] |
getExtensions()
Returns all the extensions associated with this certificate, or null. |
|
CertificateExtension[] |
getExtensions(boolean criticalBit)
Returns all the extensions associated with this certificate that have their
critical bit set to the value of criticalBit , or null if none are found. |
|
Object |
getInformation(long id,
Object param,
Object defaultValue)
Retrieves generic information about the certificate |
|
DistinguishedName |
getIssuer()
Returns a DistinguishedName object,
representing the issuer of this certificate. |
|
String[] |
getIssuerAltNameStrings(int type)
Returns all of the strings associated( for the specified type ) with an
issuer alt name. |
|
byte[] |
getIssuerUniqueIdentifier()
Returns a bit string representing the issuer's unique identifier. |
|
long |
getNotAfter()
Returns the date on which this certificate will expire. |
|
long |
getNotBefore()
Returns the date on which this certificate will become valid. |
|
PublicKey |
getPublicKey()
Extracts the subject's public key. |
|
String |
getPublicKeyAlgorithm()
Returns a string representing the intended use of the public key. |
|
byte[] |
getSerialNumber()
Returns the certificates serial number as a byte array representing an
an integer in big-endian (network) order. |
|
String |
getSignatureAlgorithm()
Returns a string representing the signature algorithm used to sign this certificate. |
|
CertificateStatus |
getStatus()
Retrieves the CertificateStatus for this certificate object |
|
DistinguishedName |
getSubject()
Returns a DistinguishedName object,
representing the subject name this certificate (in different
representations). |
|
String[] |
getSubjectAltNameStrings(int type)
Returns all of the strings associated( for the specified type ) with a
subject alt name. |
|
String |
getSubjectFriendlyName()
Returns a human-readable string version of the name of the subject of
this certificate. |
|
byte[] |
getSubjectKeyIdentifier()
Returns the subject key identifier associated with the public key in the certificate. |
|
byte[] |
getSubjectUniqueIdentifier()
Returns a bit string representing the subject's unique identifier. |
|
String |
getType()
Returns the type of this certificate - "X509". |
|
int |
getVersion()
Returns the version of the certificate we have parsed. |
|
int |
hashCode()
Returns the hash code associated with the certificate. |
|
boolean |
isCA()
Returns true if the certificate is of a certificate authority. |
|
boolean |
isRoot()
Returns true if the certificate is self signed. |
|
boolean |
isValid()
Check that this certificate is valid, using the current date and time
as the time reference. |
|
boolean |
isValid(long date)
Check that this certificate is valid, using date
as the time reference. |
|
int |
queryKeyUsage(long purpose)
Indicates whether the key contained in this certificate may be used for
the specified purpose. |
|
void |
setStatus(CertificateStatus status)
Sets the current CertificateStatus for this certificate object. |
|
String |
toString()
Converts the certificate to a string representation by calling getSubjectFriendlyName()
|
|
void |
verify()
Verifies the certificate if the certificate is self signed. |
|
void |
verify(PublicKey issuerPublicKey)
Verifies the certificate. |
|
void |
verify(KeyStore keystore)
Verifies the certificate. |
CERTIFICATE_V1
public static final int CERTIFICATE_V1
- Refers to an X509 Certificate that is version 1
- See Also:
- Constant Field Values
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
CERTIFICATE_V2
public static final int CERTIFICATE_V2
- Refers to an X509 Certificate that is version 2
- See Also:
- Constant Field Values
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
CERTIFICATE_V3
public static final int CERTIFICATE_V3
- Refers to an X509 Certificate that is version 3
- See Also:
- Constant Field Values
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
ALT_NAME_EMAIL
public static final int ALT_NAME_EMAIL
- Used to lookup the email addresses in
getSubjectAltNameStrings
and getIssuerAltNameStrings
.
- See Also:
- Constant Field Values
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
ALT_NAME_DNS
public static final int ALT_NAME_DNS
- Used to lookup the DNS in
getSubjectAltNameStrings
and getIssuerAltNameStrings
.
- See Also:
- Constant Field Values
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
ALT_NAME_URL
public static final int ALT_NAME_URL
- Used to lookup the URLs in
getSubjectAltNameStrings
and getIssuerAltNameStrings
.
- See Also:
- Constant Field Values
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
X509Certificate
public X509Certificate(byte[] encoding)
throws CertificateParsingException
- Creates a certificate object (
X509Certificate
) given the encoding
of the certificate.
- Parameters:
encoding
- A byte array containing the certificate encoding.
- Throws:
CertificateParsingException
- Thrown if an error occured while parsing.- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
X509Certificate
public X509Certificate(InputStream input)
throws CertificateParsingException
- Creates a certificate object(
X509Certificate
) given the ASN.1 encoding
of the certificate.
- Parameters:
input
- The certificate encoding.
- Throws:
CertificateParsingException
- Thrown if a parsing error occurs.- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
X509Certificate
public X509Certificate(ASN1InputStream asn1Input)
throws CertificateParsingException
- Creates a certificate object (
X509Certificate
) given the ASN.1 encoding
of the certificate.
- Parameters:
asn1Input
- The encoding of the certificate and path.
- Throws:
CertificateParsingException
- Thrown if a parsing error occurs.- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getEncoding
public byte[] getEncoding()
- Description copied from interface:
Certificate
- Returns the encoding of the certificate.
- Specified by:
getEncoding
in interface Certificate
- Returns:
- A byte array containing the encoding. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getEncoding
public byte[] getEncoding(int field)
- Description copied from interface:
Certificate
- Returns the encoding of the field within the certificate (see
CertificateField
).
- Specified by:
getEncoding
in interface Certificate
- Parameters:
field
- An integer that represents the field.
- Returns:
- A byte array that represents the encoding of the field. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getType
public String getType()
- Returns the type of this certificate - "X509".
- Specified by:
getType
in interface Certificate
- Returns:
- Returns the string "X509"
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
checkCertificateChain
public void checkCertificateChain(int position,
Certificate[] chain)
throws CertificateChainTooLongException,
CertificateVerificationException
- Checks to make sure that the certificate at
position
is valid within the chain.
- Specified by:
checkCertificateChain
in interface Certificate
- Parameters:
position
- The position of this ceritificate within the chain.chain
- The array of certificates representing the certificate chain. Note that the end-entity certificate
must appear at array index [0].
- Throws:
CertificateChainTooLongException
- Thrown if the number of certificates, before this one,
in the chain is longer than the certificates policy allows.
CertificateVerificationException
- Thrown if there is another problem with the chain- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
checkAgainstNameConstraints
public boolean checkAgainstNameConstraints(X509Certificate cert)
- Check the names specified within the provided cert against the name constraints stored within this
certificate. Note that we currently only consider the email, url, and dns identifiers.
- Parameters:
cert
- The provided certificate
- Returns:
- true if the provided certificate is approved by the name constraints in this certificate
(or it isn't specified) or false if the name constraints disallow the provided certificate
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 4.1.0
verify
public void verify(PublicKey issuerPublicKey)
throws CertificateVerificationException,
NoSuchAlgorithmException,
CryptoTokenException,
CryptoUnsupportedOperationException
- Verifies the certificate.
The function checks that the certificate was signed by.
issuerPublicKey
.
- Specified by:
verify
in interface Certificate
- Parameters:
issuerPublicKey
- The issuer's public key.
- Throws:
CertificateVerificationException
- Thrown if the certificate cannot be verified.
NoSuchAlgorithmException
- Thrown if the specified cipher is invalid.
CryptoTokenException
- Thrown if an error occurs with the crypto token or crypto token is invalid.
CryptoUnsupportedOperationException
- Thrown if a call is made to an unsupported operation.- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
verify
public void verify(KeyStore keystore)
throws CertificateVerificationException,
DecodeException,
NoSuchAlgorithmException,
NoIssuerFoundException,
CryptoTokenException,
CryptoUnsupportedOperationException
- Verifies the certificate.
The function checks that the certificate was signed by issuerPublicKey
which is
contained in the keyStore
.
- Specified by:
verify
in interface Certificate
- Parameters:
keystore
- A keystore containing the issuer's public key.
- Throws:
CertificateVerificationException
- Thrown if the certificate cannot be verified.
DecodeException
- Thrown if the data is improperly formatted.
NoSuchAlgorithmException
- Thrown if the specified cipher is invalid.
NoIssuerFoundException
- Thrown if the issuer public key cannot be found.
CryptoTokenException
- Thrown if an error occurs with the crypto token or crypto token is invalid.
CryptoUnsupportedOperationException
- Thrown if a call is made to an unsupported operation.- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
verify
public void verify()
throws CertificateVerificationException,
DecodeException,
NoSuchAlgorithmException,
CryptoTokenException,
CryptoUnsupportedOperationException
- Verifies the certificate if the certificate is self signed.
- Specified by:
verify
in interface Certificate
- Throws:
CertificateVerificationException
- Thrown if the certificate cannot be verified.
DecodeException
- Thrown if the data is improperly formatted.
NoSuchAlgorithmException
- Thrown if the specified cipher is invalid.
CryptoTokenException
- Thrown if an error occurs with the crypto token or crypto token is invalid.
CryptoUnsupportedOperationException
- Thrown if a call is made to an unsupported operation.- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
isRoot
public boolean isRoot()
- Returns true if the certificate is self signed.
- Specified by:
isRoot
in interface Certificate
- Returns:
- Returns true if the certificate is self signed.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
isCA
public boolean isCA()
- Returns true if the certificate is of a certificate authority.
- Specified by:
isCA
in interface Certificate
- Returns:
- Returns true if the certificate is of a CA
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getSubjectKeyIdentifier
public byte[] getSubjectKeyIdentifier()
- Returns the subject key identifier associated with the public key in the certificate. If
it is not found, null is returned.
- Returns:
- A byte array containing the subject key identifier. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getAuthorityCertIssuer
public String[] getAuthorityCertIssuer()
- Returns an array of the Strings associated with the authority certificate
issuer.
Only the rfc822Name, dNSName,
and uniform resource identifier are returned ( if present ). If none are present, null is returned. If you need
access to all of the information present, then use the getExtension function with the OIDs.idCeAuthorityKeyIdentifier
oid and parse the output as per RFC 2459.
- Returns:
- An array of Strings. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getAuthorityCertSerialNumber
public byte[] getAuthorityCertSerialNumber()
- Returns the certificate serial number of the authority, if it is present. If it is not present, null is returned,
else the serial number is returned as a byte array.
- Returns:
- A byte array containing the certificate serial number. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getSubjectAltNameStrings
public String[] getSubjectAltNameStrings(int type)
- Returns all of the strings associated( for the specified type ) with a
subject alt name.
Null is returned if
none exist. The types are defined are LOOKUP_EMAIL, LOOKUP_DNS,
LOOKUP_URL
.
- Parameters:
type
- An integer representing the type.
- Returns:
- An array of Strings representing the subject alt names. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getIssuerAltNameStrings
public String[] getIssuerAltNameStrings(int type)
- Returns all of the strings associated( for the specified type ) with an
issuer alt name.
Null is returned if
none exist. The types are defined are LOOKUP_EMAIL, LOOKUP_DNS,
LOOKUP_URL
.
- Parameters:
type
- An integer representing the type.
- Returns:
- An array of Strings representing the issuer alt names. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getPublicKey
public PublicKey getPublicKey()
throws InvalidCryptoSystemException
- Extracts the subject's public key.
- Specified by:
getPublicKey
in interface Certificate
- Returns:
- The public key or null if an error occurred.
- Throws:
InvalidCryptoSystemException
- Thrown if the crypto system used to create the key was invalid.- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getPublicKeyAlgorithm
public String getPublicKeyAlgorithm()
- Description copied from interface:
Certificate
- Returns a string representing the intended use of the public key. If no specific algorithm is
intended for this public key, then the generic string for the public key will be returned.
- Specified by:
getPublicKeyAlgorithm
in interface Certificate
- Returns:
- A string representing the intended use of the public key or null if an error occurred.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getSignatureAlgorithm
public String getSignatureAlgorithm()
- Description copied from interface:
Certificate
- Returns a string representing the signature algorithm used to sign this certificate.
- Specified by:
getSignatureAlgorithm
in interface Certificate
- Returns:
- A string representing the signature algorithm used to sign this certificate.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getStatus
public CertificateStatus getStatus()
- Retrieves the CertificateStatus for this certificate object
- Specified by:
getStatus
in interface Certificate
- Returns:
- the current
CertificateStatus
stored for this
certificate on the device. May be null. - Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
setStatus
public void setStatus(CertificateStatus status)
throws KeyStoreCancelException,
InvalidTimeException,
BackwardStatusException
- Sets the current CertificateStatus for this certificate object.
- Specified by:
setStatus
in interface Certificate
- Parameters:
status
- the new CertificateStatus that will be set for this
certificate. It is important to note that this status should not attempt
to set the status backwards (i.e. from REVOKED to GOOD) and it should
not allow the date of a status to be in the future.
- Throws:
KeyStoreCancelException
- if the user decides not to enter their
KeyStore password.
InvalidTimeException
- if the time of the status is set in the future.
BackwardStatusException
- if the status of the certificate is being
backwards (i.e. from REVOKED to GOOD ).- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
isValid
public boolean isValid()
- Check that this certificate is valid, using the current date and time
as the time reference. It checks that the current date is between the
values returned by
getNotValidBefore()
and
getNotValidBefore()
.
- Specified by:
isValid
in interface Certificate
- Returns:
- Returns true if the certificate valid using the current date
- See Also:
Certificate.verify()
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
isValid
public boolean isValid(long date)
- Check that this certificate is valid, using
date
as the time reference. It checks that date
is between the
values returned by getNotValidBefore()
and
getNotValidBefore()
.
- Specified by:
isValid
in interface Certificate
- Parameters:
date
- The Date used to verify the certificate.
- Returns:
- Returns true if the certificate valid using
date
- See Also:
Certificate.verify()
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getVersion
public int getVersion()
- Returns the version of the certificate we have parsed. The value returned
is either
CERTIFICATE_V1
, CERTIFICATE_V2
, or
CERTIFICATE_V3
.
- Specified by:
getVersion
in interface Certificate
- Returns:
- Returns the version of this certificate
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getSerialNumber
public byte[] getSerialNumber()
- Returns the certificates serial number as a byte array representing an
an integer in big-endian (network) order.
- Specified by:
getSerialNumber
in interface Certificate
- Returns:
- Returns the certificates serial number.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getIssuer
public DistinguishedName getIssuer()
- Returns a
DistinguishedName
object,
representing the issuer of this certificate.
- Specified by:
getIssuer
in interface Certificate
- Returns:
- A
DistinguishedName
object. - See Also:
DistinguishedName
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getSubject
public DistinguishedName getSubject()
- Returns a
DistinguishedName
object,
representing the subject name this certificate (in different
representations).
- Specified by:
getSubject
in interface Certificate
- Returns:
- The distinguished name of the subject.
- See Also:
DistinguishedName
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getNotBefore
public long getNotBefore()
- Returns the date on which this certificate will become valid.
- Specified by:
getNotBefore
in interface Certificate
- Returns:
- Returns the date this certificate is valid after
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getNotAfter
public long getNotAfter()
- Returns the date on which this certificate will expire.
- Specified by:
getNotAfter
in interface Certificate
- Returns:
- Returns the date this certificate is valid before
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getIssuerUniqueIdentifier
public byte[] getIssuerUniqueIdentifier()
- Returns a bit string representing the issuer's unique identifier.
The bit string is packed into a byte array so that the most significant
byte of the first element of the byte array is the first bit in the
bit string.
- Returns:
- A byte array containing the ID of the user. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getSubjectUniqueIdentifier
public byte[] getSubjectUniqueIdentifier()
- Returns a bit string representing the subject's unique identifier.
The bit string is packed into a byte array so that the most significant
byte of the first element of the byte array is the first bit in the
bit string.
- Returns:
- A byte array containing the ID of the subject. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getExtension
public CertificateExtension getExtension(OID oid)
- Returns the extension for the given oid if it exists in the certificate, otherwise
null
.
- Specified by:
getExtension
in interface Certificate
- Parameters:
oid
- The OID of the certificate.
- Returns:
- The certificate extension. May be null.
- See Also:
OIDs
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getExtensions
public CertificateExtension[] getExtensions()
- Returns all the extensions associated with this certificate, or null.
- Specified by:
getExtensions
in interface Certificate
- Returns:
- An array of certificate extensions. May be null.
- See Also:
OIDs
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getExtensions
public CertificateExtension[] getExtensions(boolean criticalBit)
- Returns all the extensions associated with this certificate that have their
critical bit set to the value of
criticalBit
, or null if none are found.
- Specified by:
getExtensions
in interface Certificate
- Parameters:
criticalBit
- a boolean that is true, if all critical extensions are to be returned and
set to false if all non-critical extensions are to be returned
- Returns:
- An array of
CertificateExtensions
or null. - See Also:
OIDs
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getBasicConstraints
public int getBasicConstraints()
- The basic constraints extension (or lack thereof) identifies whether a
certificate contains the public key for a Certification Authority (CA)
or not.
If the extension is not present, or the extension indicates so,
the certificate is for a non-CA identity. If the certificate is for a CA,
the maximum verification path length might be included in the extension.
- Returns:
- An integer. When there is a CA, a positive value is returned, otherwise
-1
is returned. If the certificate entity is a CA, the
maximum verification path length is returned, or
Integer.MAX_VALUE
is returned if said length did not exist. - Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
equals
public boolean equals(Object other)
- Returns
true
if and only if the certificate is equal to
the object other
. Equals test whether the two encodings
are equal. other
can either be an X509Certificate or a byte[]
representing the encoding of an X509Certificate.
- Overrides:
equals
in class Object
- Parameters:
other
- the reference object with which to compare.
- Returns:
- Returns true if
other
is equal to this
- See Also:
Boolean.hashCode()
,
Hashtable
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
hashCode
public int hashCode()
- Returns the hash code associated with the certificate.
- Overrides:
hashCode
in class Object
- Returns:
- Returns the hash code
- See Also:
Object.equals(java.lang.Object)
,
Hashtable
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
toString
public String toString()
- Converts the certificate to a string representation by calling
getSubjectFriendlyName()
- Overrides:
toString
in class Object
- Returns:
- Returns the string representation
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
queryKeyUsage
public int queryKeyUsage(long purpose)
- Description copied from interface:
Certificate
- Indicates whether the key contained in this certificate may be used for
the specified purpose.
- Specified by:
queryKeyUsage
in interface Certificate
- Parameters:
purpose
- A constant chosen from the KeyUsage
constants indicating the purpose for which
the key will be checked.
- Returns:
KeyUsageResult.ALLOWED | Thrown if the subject public key may be used for the specified purpose.
|
KeyUsageResult.NOT_ALLOWED | Thrown if the subject public key may not be used for the specified purpose.
|
KeyUsageResult.UNSPECIFIED | Thrown if it is unspecified whether the subject public key may be used for this purpose.
|
- See Also:
KeyUsageResult
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getSubjectFriendlyName
public String getSubjectFriendlyName()
- Returns a human-readable string version of the name of the subject of
this certificate.
This string could be used for display purposes, for example.
By default, this method returns the results of CertificateUtilities.getSubjectFriendlyName()
,
which produces a friendly string using elements of the subject distinguished name. If a name cannot
be constructed in that way, this method will look in the subjectAltName extension for an email address.
- Specified by:
getSubjectFriendlyName
in interface Certificate
- Returns:
- Returns a Friendly Name as a String. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getCustomDisplayFields
public CertificateDisplayField[] getCustomDisplayFields()
- Provides more details about the certificate to be shown in the
displayCertificateDetails
method
in CertificateUtilities
.
- Specified by:
getCustomDisplayFields
in interface Certificate
- Returns:
- The certificate display field. May be null.
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
getInformation
public Object getInformation(long id,
Object param,
Object defaultValue)
- Retrieves generic information about the certificate
- Specified by:
getInformation
in interface Certificate
- Parameters:
id
- the id of the data to retrieveparam
- a parameter that may be used to determine what information to returndefaultValue
- a default value that should be returned if the certificate does not recognize the id.
- Returns:
- information about the certificate matching the id and param
- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
createX509Certificate
public static X509Certificate createX509Certificate(KeyPair subjectKeyPair,
X509DistinguishedName subject,
long keyUsage,
byte[] serialNumber,
CertificateExtension[] extensionList,
long validNotBeforeDate,
long validNotAfterDate)
throws NoSuchAlgorithmException,
CryptoUnsupportedOperationException,
CryptoTokenException,
InvalidKeyPairException,
InvalidCryptoSystemException,
InvalidKeyException
- This function will create a self-signed X509Certificate, from the passed in information,
using the provided private key ( from the key pair ).
- Parameters:
subjectKeyPair
- The key pair that provides the public key, for the certificate, and the private key, to sign
the certificate with.subject
- The X509DistinguishedName identifying the owner of the public keykeyUsage
- A long containing the key usage bits, from { @link KeyUsage KeyUsage }, for this certificateserialNumber
- A byte array containing the serial number for this certificate. Can be null, in which case
a random serial number will be assigned.extensionList
- An array of CertificateExtensions to put in this certificate. Can be null.validNotBeforeDate
- The long representing the time this certificate becomes valid. If zero, assumed to be the
current time.validNotAfterDate
- The long representing the time this certificate expires. If zero, assumed to be in 2 months.
- Returns:
- The created X509Certificate, otherwise null if an error occurs.
- Throws:
InvalidKeyPairException
- Thrown when the keys are not related.
InvalidCryptoSystemException
- Thrown if the specified crypto system is invalid.
InvalidKeyException
- Thrown when one or both of the keys are of an invalid format.
NoSuchAlgorithmException
- Thrown if the keys passed in are not supported by the device.
CryptoUnsupportedOperationException
- Thrown if the requested operation is not supported.
CryptoTokenException
- Thrown if a token error occurs- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
createX509Certificate
public static X509Certificate createX509Certificate(PublicKey subjectKey,
X509DistinguishedName subject,
long keyUsage,
byte[] serialNumber,
CertificateExtension[] extensionList,
X509DistinguishedName issuer,
PrivateKey issuerKey,
long validNotBeforeDate,
long validNotAfterDate)
throws NoSuchAlgorithmException,
CryptoUnsupportedOperationException,
CryptoTokenException,
InvalidCryptoSystemException,
InvalidKeyException
- This function will create an X509Certificate, from the passed in information, using the provided private key
- Parameters:
subjectKey
- The public key that this certificate coverssubject
- The X509DistinguishedName identifying the owner of the public keykeyUsage
- A long containing the key usage bits, from { @link KeyUsage KeyUsage }, for this certificateserialNumber
- A byte array containing the serial number for this certificate. Can be null, in which case
a random serial number will be assigned.extensionList
- An array of CertificateExtensions to put in this certificate. Can be null.issuer
- the X509DistinguishedName of the issuer of this certificateissuerKey
- The private key of the issuer. Used to sign the certificate.validNotBeforeDate
- The long representing the time this certificate becomes valid. If zero, assumed to be the
current time.validNotAfterDate
- The long representing the time this certificate expires. If zero, assumed to be in 2 months.
- Returns:
- The created X509Certificate, otherwise null if an error occurs.
- Throws:
InvalidCryptoSystemException
- Thrown if the specified crypto system is invalid.
InvalidKeyException
- Thrown when one or both of the keys are of an invalid format.
NoSuchAlgorithmException
- Thrown if the keys passed in are not supported by the device.
CryptoUnsupportedOperationException
- Thrown if the requested operation is not supported.
CryptoTokenException
- Thrown if a token error occurs- Category:
- Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
- Since:
- BlackBerry API 3.6.0
Copyright 1999-2010 Research In Motion Limited. 295 Phillip Street, Waterloo, Ontario, Canada, N2L 3W8. All Rights Reserved.
Copyright 1993-2003 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California, 94303, U.S.A. All Rights Reserved.
Copyright 2002-2003 Nokia Corporation All Rights Reserved.
Java is a trademark of Sun Microsystems, Inc.