net.rim.device.api.crypto.certificate.x509
Class X509Certificate

java.lang.Object
  net.rim.device.api.crypto.certificate.x509.X509Certificate

All Implemented Interfaces:

Certificate, Persistable

public final class X509Certificate
extends Object
implements Certificate, Persistable

Represents an X.509 certificate. X.509 Certificates are defined in RFC 2459 ( Jan. 1999 )

See Also:

Certificate

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

Field Summary
	static int	ALT_NAME_DNS Used to lookup the DNS in getSubjectAltNameStrings and getIssuerAltNameStrings.
	static int	ALT_NAME_EMAIL Used to lookup the email addresses in getSubjectAltNameStrings and getIssuerAltNameStrings.
	static int	ALT_NAME_URL Used to lookup the URLs in getSubjectAltNameStrings and getIssuerAltNameStrings.
	static int	CERTIFICATE_V1 Refers to an X509 Certificate that is version 1
	static int	CERTIFICATE_V2 Refers to an X509 Certificate that is version 2
	static int	CERTIFICATE_V3 Refers to an X509 Certificate that is version 3

Fields inherited from interface net.rim.device.api.crypto.certificate.Certificate

DISPLAY_CA, DISPLAY_ROOT, EMAIL_ADDRESSES, IS_END_ENTITY, PROMPT_TO_TRUST_ON_IMPORT, PUBLIC_KEY_ALGORITHM_INFORMATION, STATUS_FETCH_PERMITTED, SUMMARY_TEXT

Constructor Summary
	X509Certificate(byte[] encoding) Creates a certificate object (X509Certificate) given the encoding of the certificate.
	X509Certificate(InputStream input) Creates a certificate object(X509Certificate) given the ASN.1 encoding of the certificate.
	X509Certificate(ASN1InputStream asn1Input) Creates a certificate object (X509Certificate) given the ASN.1 encoding of the certificate.

Method Summary
	boolean	checkAgainstNameConstraints(X509Certificate cert) Check the names specified within the provided cert against the name constraints stored within this certificate.
	void	checkCertificateChain(int position, Certificate[] chain) Checks to make sure that the certificate at position is valid within the chain.
	static X509Certificate	createX509Certificate(KeyPair subjectKeyPair, X509DistinguishedName subject, long keyUsage, byte[] serialNumber, CertificateExtension[] extensionList, long validNotBeforeDate, long validNotAfterDate) This function will create a self-signed X509Certificate, from the passed in information, using the provided private key ( from the key pair ).
	static X509Certificate	createX509Certificate(PublicKey subjectKey, X509DistinguishedName subject, long keyUsage, byte[] serialNumber, CertificateExtension[] extensionList, X509DistinguishedName issuer, PrivateKey issuerKey, long validNotBeforeDate, long validNotAfterDate) This function will create an X509Certificate, from the passed in information, using the provided private key
	boolean	equals(Object other) Returns true if and only if the certificate is equal to the object other.
	String[]	getAuthorityCertIssuer() Returns an array of the Strings associated with the authority certificate issuer.
	byte[]	getAuthorityCertSerialNumber() Returns the certificate serial number of the authority, if it is present.
	int	getBasicConstraints() The basic constraints extension (or lack thereof) identifies whether a certificate contains the public key for a Certification Authority (CA) or not.
	CertificateDisplayField[]	getCustomDisplayFields() Provides more details about the certificate to be shown in the displayCertificateDetails method in CertificateUtilities.
	byte[]	getEncoding() Returns the encoding of the certificate.
	byte[]	getEncoding(int field) Returns the encoding of the field within the certificate (see CertificateField).
	CertificateExtension	getExtension(OID oid) Returns the extension for the given oid if it exists in the certificate, otherwise null.
	CertificateExtension[]	getExtensions() Returns all the extensions associated with this certificate, or null.
	CertificateExtension[]	getExtensions(boolean criticalBit) Returns all the extensions associated with this certificate that have their critical bit set to the value of criticalBit, or null if none are found.
	Object	getInformation(long id, Object param, Object defaultValue) Retrieves generic information about the certificate
	DistinguishedName	getIssuer() Returns a DistinguishedName object, representing the issuer of this certificate.
	String[]	getIssuerAltNameStrings(int type) Returns all of the strings associated( for the specified type ) with an issuer alt name.
	byte[]	getIssuerUniqueIdentifier() Returns a bit string representing the issuer's unique identifier.
	long	getNotAfter() Returns the date on which this certificate will expire.
	long	getNotBefore() Returns the date on which this certificate will become valid.
	PublicKey	getPublicKey() Extracts the subject's public key.
	String	getPublicKeyAlgorithm() Returns a string representing the intended use of the public key.
	byte[]	getSerialNumber() Returns the certificates serial number as a byte array representing an an integer in big-endian (network) order.
	String	getSignatureAlgorithm() Returns a string representing the signature algorithm used to sign this certificate.
	CertificateStatus	getStatus() Retrieves the CertificateStatus for this certificate object
	DistinguishedName	getSubject() Returns a DistinguishedName object, representing the subject name this certificate (in different representations).
	String[]	getSubjectAltNameStrings(int type) Returns all of the strings associated( for the specified type ) with a subject alt name.
	String	getSubjectFriendlyName() Returns a human-readable string version of the name of the subject of this certificate.
	byte[]	getSubjectKeyIdentifier() Returns the subject key identifier associated with the public key in the certificate.
	byte[]	getSubjectUniqueIdentifier() Returns a bit string representing the subject's unique identifier.
	String	getType() Returns the type of this certificate - "X509".
	int	getVersion() Returns the version of the certificate we have parsed.
	int	hashCode() Returns the hash code associated with the certificate.
	boolean	isCA() Returns true if the certificate is of a certificate authority.
	boolean	isRoot() Returns true if the certificate is self signed.
	boolean	isValid() Check that this certificate is valid, using the current date and time as the time reference.
	boolean	isValid(long date) Check that this certificate is valid, using date as the time reference.
	int	queryKeyUsage(long purpose) Indicates whether the key contained in this certificate may be used for the specified purpose.
	void	setStatus(CertificateStatus status) Sets the current CertificateStatus for this certificate object.
	String	toString() Converts the certificate to a string representation by calling getSubjectFriendlyName()
	void	verify() Verifies the certificate if the certificate is self signed.
	void	verify(PublicKey issuerPublicKey) Verifies the certificate.
	void	verify(KeyStore keystore) Verifies the certificate.

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Field Detail

CERTIFICATE_V1

public static final int CERTIFICATE_V1

Refers to an X509 Certificate that is version 1

See Also:

Constant Field Values

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

CERTIFICATE_V2

public static final int CERTIFICATE_V2

Refers to an X509 Certificate that is version 2

See Also:

Constant Field Values

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

CERTIFICATE_V3

public static final int CERTIFICATE_V3

Refers to an X509 Certificate that is version 3

See Also:

Constant Field Values

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

ALT_NAME_EMAIL

public static final int ALT_NAME_EMAIL

Used to lookup the email addresses in getSubjectAltNameStrings and getIssuerAltNameStrings.

See Also:

Constant Field Values

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

ALT_NAME_DNS

public static final int ALT_NAME_DNS

Used to lookup the DNS in getSubjectAltNameStrings and getIssuerAltNameStrings.

See Also:

Constant Field Values

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

ALT_NAME_URL

public static final int ALT_NAME_URL

Used to lookup the URLs in getSubjectAltNameStrings and getIssuerAltNameStrings.

See Also:

Constant Field Values

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

Constructor Detail

X509Certificate

public X509Certificate(byte[] encoding)
                throws CertificateParsingException

Creates a certificate object (X509Certificate) given the encoding of the certificate.

Parameters:

encoding - A byte array containing the certificate encoding.

Throws:

CertificateParsingException - Thrown if an error occured while parsing.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

X509Certificate

public X509Certificate(InputStream input)
                throws CertificateParsingException

Creates a certificate object(X509Certificate) given the ASN.1 encoding of the certificate.

Parameters:

input - The certificate encoding.

Throws:

CertificateParsingException - Thrown if a parsing error occurs.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

X509Certificate

public X509Certificate(ASN1InputStream asn1Input)
                throws CertificateParsingException

Creates a certificate object (X509Certificate) given the ASN.1 encoding of the certificate.

Parameters:

asn1Input - The encoding of the certificate and path.

Throws:

CertificateParsingException - Thrown if a parsing error occurs.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

Method Detail

getEncoding

public byte[] getEncoding()

Description copied from interface: Certificate

Returns the encoding of the certificate.

Specified by:

getEncoding in interface Certificate

Returns:

A byte array containing the encoding. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getEncoding

public byte[] getEncoding(int field)

Description copied from interface: Certificate

Returns the encoding of the field within the certificate (see CertificateField).

Specified by:

getEncoding in interface Certificate

Parameters:

field - An integer that represents the field.

Returns:

A byte array that represents the encoding of the field. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getType

public String getType()

Returns the type of this certificate - "X509".

Specified by:

getType in interface Certificate

Returns:

Returns the string "X509"

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

checkCertificateChain

public void checkCertificateChain(int position,
                                  Certificate[] chain)
                           throws CertificateChainTooLongException,
                                  CertificateVerificationException

Checks to make sure that the certificate at position is valid within the chain.

Specified by:

checkCertificateChain in interface Certificate

Parameters:

position - The position of this ceritificate within the chain.

chain - The array of certificates representing the certificate chain. Note that the end-entity certificate must appear at array index [0].

Throws:

CertificateChainTooLongException - Thrown if the number of certificates, before this one, in the chain is longer than the certificates policy allows.

CertificateVerificationException - Thrown if there is another problem with the chain

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

checkAgainstNameConstraints

public boolean checkAgainstNameConstraints(X509Certificate cert)

Check the names specified within the provided cert against the name constraints stored within this certificate. Note that we currently only consider the email, url, and dns identifiers.

Parameters:

cert - The provided certificate

Returns:

true if the provided certificate is approved by the name constraints in this certificate (or it isn't specified) or false if the name constraints disallow the provided certificate

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 4.1.0

verify

public void verify(PublicKey issuerPublicKey)
            throws CertificateVerificationException,
                   NoSuchAlgorithmException,
                   CryptoTokenException,
                   CryptoUnsupportedOperationException

Verifies the certificate.

The function checks that the certificate was signed by. issuerPublicKey.

Specified by:

verify in interface Certificate

Parameters:

issuerPublicKey - The issuer's public key.

Throws:

CertificateVerificationException - Thrown if the certificate cannot be verified.

NoSuchAlgorithmException - Thrown if the specified cipher is invalid.

CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.

CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

verify

public void verify(KeyStore keystore)
            throws CertificateVerificationException,
                   DecodeException,
                   NoSuchAlgorithmException,
                   NoIssuerFoundException,
                   CryptoTokenException,
                   CryptoUnsupportedOperationException

Verifies the certificate.

The function checks that the certificate was signed by issuerPublicKey which is contained in the keyStore.

Specified by:

verify in interface Certificate

Parameters:

keystore - A keystore containing the issuer's public key.

Throws:

CertificateVerificationException - Thrown if the certificate cannot be verified.

DecodeException - Thrown if the data is improperly formatted.

NoSuchAlgorithmException - Thrown if the specified cipher is invalid.

NoIssuerFoundException - Thrown if the issuer public key cannot be found.

CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.

CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

verify

public void verify()
            throws CertificateVerificationException,
                   DecodeException,
                   NoSuchAlgorithmException,
                   CryptoTokenException,
                   CryptoUnsupportedOperationException

Verifies the certificate if the certificate is self signed.

Specified by:

verify in interface Certificate

Throws:

CertificateVerificationException - Thrown if the certificate cannot be verified.

DecodeException - Thrown if the data is improperly formatted.

NoSuchAlgorithmException - Thrown if the specified cipher is invalid.

CryptoTokenException - Thrown if an error occurs with the crypto token or crypto token is invalid.

CryptoUnsupportedOperationException - Thrown if a call is made to an unsupported operation.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

isRoot

public boolean isRoot()

Returns true if the certificate is self signed.

Specified by:

isRoot in interface Certificate

Returns:

Returns true if the certificate is self signed.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

isCA

public boolean isCA()

Returns true if the certificate is of a certificate authority.

Specified by:

isCA in interface Certificate

Returns:

Returns true if the certificate is of a CA

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getSubjectKeyIdentifier

public byte[] getSubjectKeyIdentifier()

Returns the subject key identifier associated with the public key in the certificate. If it is not found, null is returned.

Returns:

A byte array containing the subject key identifier. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getAuthorityCertIssuer

public String[] getAuthorityCertIssuer()

Returns an array of the Strings associated with the authority certificate issuer.

Only the rfc822Name, dNSName, and uniform resource identifier are returned ( if present ). If none are present, null is returned. If you need access to all of the information present, then use the getExtension function with the OIDs.idCeAuthorityKeyIdentifier oid and parse the output as per RFC 2459.

Returns:

An array of Strings. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getAuthorityCertSerialNumber

public byte[] getAuthorityCertSerialNumber()

Returns the certificate serial number of the authority, if it is present. If it is not present, null is returned, else the serial number is returned as a byte array.

Returns:

A byte array containing the certificate serial number. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getSubjectAltNameStrings

public String[] getSubjectAltNameStrings(int type)

Returns all of the strings associated( for the specified type ) with a subject alt name.

Null is returned if none exist. The types are defined are LOOKUP_EMAIL, LOOKUP_DNS, LOOKUP_URL.

Parameters:

type - An integer representing the type.

Returns:

An array of Strings representing the subject alt names. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getIssuerAltNameStrings

public String[] getIssuerAltNameStrings(int type)

Returns all of the strings associated( for the specified type ) with an issuer alt name.

Null is returned if none exist. The types are defined are LOOKUP_EMAIL, LOOKUP_DNS, LOOKUP_URL.

Parameters:

type - An integer representing the type.

Returns:

An array of Strings representing the issuer alt names. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getPublicKey

public PublicKey getPublicKey()
                       throws InvalidCryptoSystemException

Extracts the subject's public key.

Specified by:

getPublicKey in interface Certificate

Returns:

The public key or null if an error occurred.

Throws:

InvalidCryptoSystemException - Thrown if the crypto system used to create the key was invalid.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getPublicKeyAlgorithm

public String getPublicKeyAlgorithm()

Description copied from interface: Certificate

Returns a string representing the intended use of the public key. If no specific algorithm is intended for this public key, then the generic string for the public key will be returned.

Specified by:

getPublicKeyAlgorithm in interface Certificate

Returns:

A string representing the intended use of the public key or null if an error occurred.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getSignatureAlgorithm

public String getSignatureAlgorithm()

Description copied from interface: Certificate

Returns a string representing the signature algorithm used to sign this certificate.

Specified by:

getSignatureAlgorithm in interface Certificate

Returns:

A string representing the signature algorithm used to sign this certificate.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getStatus

public CertificateStatus getStatus()

Retrieves the CertificateStatus for this certificate object

Specified by:

getStatus in interface Certificate

Returns:

the current CertificateStatus stored for this certificate on the device. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

setStatus

public void setStatus(CertificateStatus status)
               throws KeyStoreCancelException,
                      InvalidTimeException,
                      BackwardStatusException

Sets the current CertificateStatus for this certificate object.

Specified by:

setStatus in interface Certificate

Parameters:

status - the new CertificateStatus that will be set for this certificate. It is important to note that this status should not attempt to set the status backwards (i.e. from REVOKED to GOOD) and it should not allow the date of a status to be in the future.

Throws:

KeyStoreCancelException - if the user decides not to enter their KeyStore password.

InvalidTimeException - if the time of the status is set in the future.

BackwardStatusException - if the status of the certificate is being backwards (i.e. from REVOKED to GOOD ).

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

isValid

public boolean isValid()

Check that this certificate is valid, using the current date and time as the time reference. It checks that the current date is between the values returned by getNotValidBefore() and getNotValidBefore().

Specified by:

isValid in interface Certificate

Returns:

Returns true if the certificate valid using the current date

See Also:

Certificate.verify()

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

isValid

public boolean isValid(long date)

Check that this certificate is valid, using date as the time reference. It checks that date is between the values returned by getNotValidBefore() and getNotValidBefore().

Specified by:

isValid in interface Certificate

Parameters:

date - The Date used to verify the certificate.

Returns:

Returns true if the certificate valid using date

See Also:

Certificate.verify()

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getVersion

public int getVersion()

Returns the version of the certificate we have parsed. The value returned is either CERTIFICATE_V1, CERTIFICATE_V2, or CERTIFICATE_V3.

Specified by:

getVersion in interface Certificate

Returns:

Returns the version of this certificate

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getSerialNumber

public byte[] getSerialNumber()

Returns the certificates serial number as a byte array representing an an integer in big-endian (network) order.

Specified by:

getSerialNumber in interface Certificate

Returns:

Returns the certificates serial number.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getIssuer

public DistinguishedName getIssuer()

Returns a DistinguishedName object, representing the issuer of this certificate.

Specified by:

getIssuer in interface Certificate

Returns:

A DistinguishedName object.

See Also:

DistinguishedName

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getSubject

public DistinguishedName getSubject()

Returns a DistinguishedName object, representing the subject name this certificate (in different representations).

Specified by:

getSubject in interface Certificate

Returns:

The distinguished name of the subject.

See Also:

DistinguishedName

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getNotBefore

public long getNotBefore()

Returns the date on which this certificate will become valid.

Specified by:

getNotBefore in interface Certificate

Returns:

Returns the date this certificate is valid after

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getNotAfter

public long getNotAfter()

Returns the date on which this certificate will expire.

Specified by:

getNotAfter in interface Certificate

Returns:

Returns the date this certificate is valid before

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getIssuerUniqueIdentifier

public byte[] getIssuerUniqueIdentifier()

Returns a bit string representing the issuer's unique identifier.

The bit string is packed into a byte array so that the most significant byte of the first element of the byte array is the first bit in the bit string.

Returns:

A byte array containing the ID of the user. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getSubjectUniqueIdentifier

public byte[] getSubjectUniqueIdentifier()

Returns a bit string representing the subject's unique identifier.

The bit string is packed into a byte array so that the most significant byte of the first element of the byte array is the first bit in the bit string.

Returns:

A byte array containing the ID of the subject. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getExtension

public CertificateExtension getExtension(OID oid)

Returns the extension for the given oid if it exists in the certificate, otherwise null.

Specified by:

getExtension in interface Certificate

Parameters:

oid - The OID of the certificate.

Returns:

The certificate extension. May be null.

See Also:

OIDs

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getExtensions

public CertificateExtension[] getExtensions()

Returns all the extensions associated with this certificate, or null.

Specified by:

getExtensions in interface Certificate

Returns:

An array of certificate extensions. May be null.

See Also:

OIDs

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getExtensions

public CertificateExtension[] getExtensions(boolean criticalBit)

Returns all the extensions associated with this certificate that have their critical bit set to the value of criticalBit, or null if none are found.

Specified by:

getExtensions in interface Certificate

Parameters:

criticalBit - a boolean that is true, if all critical extensions are to be returned and set to false if all non-critical extensions are to be returned

Returns:

An array of CertificateExtensions or null.

See Also:

OIDs

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getBasicConstraints

public int getBasicConstraints()

The basic constraints extension (or lack thereof) identifies whether a certificate contains the public key for a Certification Authority (CA) or not.

If the extension is not present, or the extension indicates so, the certificate is for a non-CA identity. If the certificate is for a CA, the maximum verification path length might be included in the extension.

Returns:

An integer. When there is a CA, a positive value is returned, otherwise -1 is returned. If the certificate entity is a CA, the maximum verification path length is returned, or Integer.MAX_VALUE is returned if said length did not exist.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

equals

public boolean equals(Object other)

Returns true if and only if the certificate is equal to the object other. Equals test whether the two encodings are equal. other can either be an X509Certificate or a byte[] representing the encoding of an X509Certificate.

Overrides:

equals in class Object

Parameters:

other - the reference object with which to compare.

Returns:

Returns true if other is equal to this

See Also:

Boolean.hashCode(), Hashtable

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

hashCode

public int hashCode()

Returns the hash code associated with the certificate.

Overrides:

hashCode in class Object

Returns:

Returns the hash code

See Also:

Object.equals(java.lang.Object), Hashtable

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

toString

public String toString()

Converts the certificate to a string representation by calling getSubjectFriendlyName()

Overrides:

toString in class Object

Returns:

Returns the string representation

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

queryKeyUsage

public int queryKeyUsage(long purpose)

Description copied from interface: Certificate

Indicates whether the key contained in this certificate may be used for the specified purpose.

Specified by:

queryKeyUsage in interface Certificate

Parameters:

purpose - A constant chosen from the KeyUsage constants indicating the purpose for which the key will be checked.

Returns:

KeyUsageResult.ALLOWED	Thrown if the subject public key may be used for the specified purpose.
KeyUsageResult.NOT_ALLOWED	Thrown if the subject public key may not be used for the specified purpose.
KeyUsageResult.UNSPECIFIED	Thrown if it is unspecified whether the subject public key may be used for this purpose.

See Also:

KeyUsageResult

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getSubjectFriendlyName

public String getSubjectFriendlyName()

Returns a human-readable string version of the name of the subject of this certificate.

This string could be used for display purposes, for example. By default, this method returns the results of CertificateUtilities.getSubjectFriendlyName(), which produces a friendly string using elements of the subject distinguished name. If a name cannot be constructed in that way, this method will look in the subjectAltName extension for an email address.

Specified by:

getSubjectFriendlyName in interface Certificate

Returns:

Returns a Friendly Name as a String. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getCustomDisplayFields

public CertificateDisplayField[] getCustomDisplayFields()

Provides more details about the certificate to be shown in the displayCertificateDetails method in CertificateUtilities.

Specified by:

getCustomDisplayFields in interface Certificate

Returns:

The certificate display field. May be null.

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

getInformation

public Object getInformation(long id,
                             Object param,
                             Object defaultValue)

Retrieves generic information about the certificate

Specified by:

getInformation in interface Certificate

Parameters:

id - the id of the data to retrieve

param - a parameter that may be used to determine what information to return

defaultValue - a default value that should be returned if the certificate does not recognize the id.

Returns:

information about the certificate matching the id and param

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

createX509Certificate

public static X509Certificate createX509Certificate(KeyPair subjectKeyPair,
                                                    X509DistinguishedName subject,
                                                    long keyUsage,
                                                    byte[] serialNumber,
                                                    CertificateExtension[] extensionList,
                                                    long validNotBeforeDate,
                                                    long validNotAfterDate)
                                             throws NoSuchAlgorithmException,
                                                    CryptoUnsupportedOperationException,
                                                    CryptoTokenException,
                                                    InvalidKeyPairException,
                                                    InvalidCryptoSystemException,
                                                    InvalidKeyException

This function will create a self-signed X509Certificate, from the passed in information, using the provided private key ( from the key pair ).

Parameters:

subjectKeyPair - The key pair that provides the public key, for the certificate, and the private key, to sign the certificate with.

subject - The X509DistinguishedName identifying the owner of the public key

keyUsage - A long containing the key usage bits, from { @link KeyUsage KeyUsage }, for this certificate

serialNumber - A byte array containing the serial number for this certificate. Can be null, in which case a random serial number will be assigned.

extensionList - An array of CertificateExtensions to put in this certificate. Can be null.

validNotBeforeDate - The long representing the time this certificate becomes valid. If zero, assumed to be the current time.

validNotAfterDate - The long representing the time this certificate expires. If zero, assumed to be in 2 months.

Returns:

The created X509Certificate, otherwise null if an error occurs.

Throws:

InvalidKeyPairException - Thrown when the keys are not related.

InvalidCryptoSystemException - Thrown if the specified crypto system is invalid.

InvalidKeyException - Thrown when one or both of the keys are of an invalid format.

NoSuchAlgorithmException - Thrown if the keys passed in are not supported by the device.

CryptoUnsupportedOperationException - Thrown if the requested operation is not supported.

CryptoTokenException - Thrown if a token error occurs

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0

createX509Certificate

public static X509Certificate createX509Certificate(PublicKey subjectKey,
                                                    X509DistinguishedName subject,
                                                    long keyUsage,
                                                    byte[] serialNumber,
                                                    CertificateExtension[] extensionList,
                                                    X509DistinguishedName issuer,
                                                    PrivateKey issuerKey,
                                                    long validNotBeforeDate,
                                                    long validNotAfterDate)
                                             throws NoSuchAlgorithmException,
                                                    CryptoUnsupportedOperationException,
                                                    CryptoTokenException,
                                                    InvalidCryptoSystemException,
                                                    InvalidKeyException

This function will create an X509Certificate, from the passed in information, using the provided private key

Parameters:

subjectKey - The public key that this certificate covers

subject - The X509DistinguishedName identifying the owner of the public key

keyUsage - A long containing the key usage bits, from { @link KeyUsage KeyUsage }, for this certificate

serialNumber - A byte array containing the serial number for this certificate. Can be null, in which case a random serial number will be assigned.

extensionList - An array of CertificateExtensions to put in this certificate. Can be null.

issuer - the X509DistinguishedName of the issuer of this certificate

issuerKey - The private key of the issuer. Used to sign the certificate.

validNotBeforeDate - The long representing the time this certificate becomes valid. If zero, assumed to be the current time.

validNotAfterDate - The long representing the time this certificate expires. If zero, assumed to be in 2 months.

Returns:

The created X509Certificate, otherwise null if an error occurs.

Throws:

InvalidCryptoSystemException - Thrown if the specified crypto system is invalid.

InvalidKeyException - Thrown when one or both of the keys are of an invalid format.

NoSuchAlgorithmException - Thrown if the keys passed in are not supported by the device.

CryptoUnsupportedOperationException - Thrown if the requested operation is not supported.

CryptoTokenException - Thrown if a token error occurs

Category:

Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.

Since:

BlackBerry API 3.6.0