author | darcy |
Thu, 23 Apr 2015 18:51:18 -0700 | |
changeset 30033 | b9c86c17164a |
parent 29377 | d3f457ce9c48 |
child 39562 | 672b948cb355 |
permissions | -rw-r--r-- |
2 | 1 |
/* |
29377
d3f457ce9c48
8073430: Deprecate security APIs that have been superseded
juh
parents:
25859
diff
changeset
|
2 |
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. |
2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
2 | 24 |
*/ |
25 |
||
26 |
||
27 |
package javax.security.cert; |
|
28 |
||
29 |
import java.io.InputStream; |
|
30 |
import java.lang.Class; |
|
31 |
import java.lang.reflect.Constructor; |
|
32 |
import java.lang.reflect.InvocationTargetException; |
|
33 |
import java.security.Security; |
|
34 |
||
35 |
import java.math.BigInteger; |
|
36 |
import java.security.AccessController; |
|
37 |
import java.security.Principal; |
|
38 |
import java.security.PrivilegedAction; |
|
39 |
import java.security.PublicKey; |
|
40 |
import java.util.BitSet; |
|
41 |
import java.util.Date; |
|
42 |
||
43 |
/** |
|
44 |
* Abstract class for X.509 v1 certificates. This provides a standard |
|
45 |
* way to access all the version 1 attributes of an X.509 certificate. |
|
46 |
* Attributes that are specific to X.509 v2 or v3 are not available |
|
47 |
* through this interface. Future API evolution will provide full access to |
|
48 |
* complete X.509 v3 attributes. |
|
49 |
* <p> |
|
50 |
* The basic X.509 format was defined by |
|
51 |
* ISO/IEC and ANSI X9 and is described below in ASN.1: |
|
52 |
* <pre> |
|
53 |
* Certificate ::= SEQUENCE { |
|
54 |
* tbsCertificate TBSCertificate, |
|
55 |
* signatureAlgorithm AlgorithmIdentifier, |
|
56 |
* signature BIT STRING } |
|
57 |
* </pre> |
|
58 |
* <p> |
|
59 |
* These certificates are widely used to support authentication and |
|
60 |
* other functionality in Internet security systems. Common applications |
|
61 |
* include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), |
|
62 |
* code signing for trusted software distribution, and Secure Electronic |
|
63 |
* Transactions (SET). |
|
64 |
* <p> |
|
65 |
* These certificates are managed and vouched for by <em>Certificate |
|
66 |
* Authorities</em> (CAs). CAs are services which create certificates by |
|
67 |
* placing data in the X.509 standard format and then digitally signing |
|
68 |
* that data. CAs act as trusted third parties, making introductions |
|
69 |
* between principals who have no direct knowledge of each other. |
|
70 |
* CA certificates are either signed by themselves, or by some other |
|
71 |
* CA such as a "root" CA. |
|
72 |
* <p> |
|
18830 | 73 |
* The ASN.1 definition of {@code tbsCertificate} is: |
2 | 74 |
* <pre> |
75 |
* TBSCertificate ::= SEQUENCE { |
|
76 |
* version [0] EXPLICIT Version DEFAULT v1, |
|
77 |
* serialNumber CertificateSerialNumber, |
|
78 |
* signature AlgorithmIdentifier, |
|
79 |
* issuer Name, |
|
80 |
* validity Validity, |
|
81 |
* subject Name, |
|
82 |
* subjectPublicKeyInfo SubjectPublicKeyInfo, |
|
83 |
* } |
|
84 |
* </pre> |
|
85 |
* <p> |
|
86 |
* Here is sample code to instantiate an X.509 certificate: |
|
87 |
* <pre> |
|
88 |
* InputStream inStream = new FileInputStream("fileName-of-cert"); |
|
89 |
* X509Certificate cert = X509Certificate.getInstance(inStream); |
|
90 |
* inStream.close(); |
|
91 |
* </pre> |
|
92 |
* OR |
|
93 |
* <pre> |
|
94 |
* byte[] certData = <certificate read from a file, say> |
|
95 |
* X509Certificate cert = X509Certificate.getInstance(certData); |
|
96 |
* </pre> |
|
97 |
* <p> |
|
98 |
* In either case, the code that instantiates an X.509 certificate |
|
14775
2ed01c760aea
8004064: Downgrade normative references to ${java.home}/lib/security/java.security
mullan
parents:
14342
diff
changeset
|
99 |
* consults the value of the {@code cert.provider.x509v1} security property |
2ed01c760aea
8004064: Downgrade normative references to ${java.home}/lib/security/java.security
mullan
parents:
14342
diff
changeset
|
100 |
* to locate the actual implementation or instantiates a default implementation. |
2 | 101 |
* <p> |
14775
2ed01c760aea
8004064: Downgrade normative references to ${java.home}/lib/security/java.security
mullan
parents:
14342
diff
changeset
|
102 |
* The {@code cert.provider.x509v1} property is set to a default |
2ed01c760aea
8004064: Downgrade normative references to ${java.home}/lib/security/java.security
mullan
parents:
14342
diff
changeset
|
103 |
* implementation for X.509 such as: |
2 | 104 |
* <pre> |
105 |
* cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl |
|
106 |
* </pre> |
|
107 |
* <p> |
|
14775
2ed01c760aea
8004064: Downgrade normative references to ${java.home}/lib/security/java.security
mullan
parents:
14342
diff
changeset
|
108 |
* The value of this {@code cert.provider.x509v1} property has to be |
2ed01c760aea
8004064: Downgrade normative references to ${java.home}/lib/security/java.security
mullan
parents:
14342
diff
changeset
|
109 |
* changed to instantiate another implementation. If this security |
2 | 110 |
* property is not set, a default implementation will be used. |
111 |
* Currently, due to possible security restrictions on access to |
|
112 |
* Security properties, this value is looked up and cached at class |
|
113 |
* initialization time and will fallback on a default implementation if |
|
114 |
* the Security property is not accessible. |
|
115 |
* |
|
18830 | 116 |
* <p><em>Note: The classes in the package {@code javax.security.cert} |
2 | 117 |
* exist for compatibility with earlier versions of the |
118 |
* Java Secure Sockets Extension (JSSE). New applications should instead |
|
119 |
* use the standard Java SE certificate classes located in |
|
18830 | 120 |
* {@code java.security.cert}.</em></p> |
2 | 121 |
* |
122 |
* @author Hemma Prafullchandra |
|
123 |
* @since 1.4 |
|
124 |
* @see Certificate |
|
125 |
* @see java.security.cert.X509Extension |
|
14775
2ed01c760aea
8004064: Downgrade normative references to ${java.home}/lib/security/java.security
mullan
parents:
14342
diff
changeset
|
126 |
* @see java.security.Security security properties |
29377
d3f457ce9c48
8073430: Deprecate security APIs that have been superseded
juh
parents:
25859
diff
changeset
|
127 |
* @deprecated Use the classes in {@code java.security.cert} instead. |
2 | 128 |
*/ |
29377
d3f457ce9c48
8073430: Deprecate security APIs that have been superseded
juh
parents:
25859
diff
changeset
|
129 |
@Deprecated |
2 | 130 |
public abstract class X509Certificate extends Certificate { |
131 |
||
132 |
/* |
|
133 |
* Constant to lookup in the Security properties file. |
|
134 |
* In the Security properties file the default implementation |
|
135 |
* for X.509 v3 is given as: |
|
136 |
* <pre> |
|
137 |
* cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl |
|
138 |
* </pre> |
|
139 |
*/ |
|
140 |
private static final String X509_PROVIDER = "cert.provider.x509v1"; |
|
141 |
private static String X509Provider; |
|
142 |
||
143 |
static { |
|
144 |
X509Provider = AccessController.doPrivileged( |
|
30033
b9c86c17164a
8078468: Update security libraries to use diamond with anonymous classes
darcy
parents:
29377
diff
changeset
|
145 |
new PrivilegedAction<>() { |
2 | 146 |
public String run() { |
147 |
return Security.getProperty(X509_PROVIDER); |
|
148 |
} |
|
149 |
} |
|
150 |
); |
|
151 |
} |
|
152 |
||
153 |
/** |
|
154 |
* Instantiates an X509Certificate object, and initializes it with |
|
18830 | 155 |
* the data read from the input stream {@code inStream}. |
2 | 156 |
* The implementation (X509Certificate is an abstract class) is |
157 |
* provided by the class specified as the value of the |
|
14775
2ed01c760aea
8004064: Downgrade normative references to ${java.home}/lib/security/java.security
mullan
parents:
14342
diff
changeset
|
158 |
* {@code cert.provider.x509v1} security property. |
2 | 159 |
* |
160 |
* <p>Note: Only one DER-encoded |
|
161 |
* certificate is expected to be in the input stream. |
|
162 |
* Also, all X509Certificate |
|
163 |
* subclasses must provide a constructor of the form: |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
164 |
* <pre>{@code |
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
165 |
* public <subClass>(InputStream inStream) ... |
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
166 |
* }</pre> |
2 | 167 |
* |
168 |
* @param inStream an input stream with the data to be read to |
|
169 |
* initialize the certificate. |
|
170 |
* @return an X509Certificate object initialized with the data |
|
171 |
* from the input stream. |
|
172 |
* @exception CertificateException if a class initialization |
|
173 |
* or certificate parsing error occurs. |
|
174 |
*/ |
|
175 |
public static final X509Certificate getInstance(InputStream inStream) |
|
176 |
throws CertificateException { |
|
177 |
return getInst((Object)inStream); |
|
178 |
} |
|
179 |
||
180 |
/** |
|
181 |
* Instantiates an X509Certificate object, and initializes it with |
|
182 |
* the specified byte array. |
|
183 |
* The implementation (X509Certificate is an abstract class) is |
|
184 |
* provided by the class specified as the value of the |
|
14775
2ed01c760aea
8004064: Downgrade normative references to ${java.home}/lib/security/java.security
mullan
parents:
14342
diff
changeset
|
185 |
* {@code cert.provider.x509v1} security property. |
2 | 186 |
* |
187 |
* <p>Note: All X509Certificate |
|
188 |
* subclasses must provide a constructor of the form: |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
189 |
* <pre>{@code |
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
190 |
* public <subClass>(InputStream inStream) ... |
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
191 |
* }</pre> |
2 | 192 |
* |
193 |
* @param certData a byte array containing the DER-encoded |
|
194 |
* certificate. |
|
195 |
* @return an X509Certificate object initialized with the data |
|
18830 | 196 |
* from {@code certData}. |
2 | 197 |
* @exception CertificateException if a class initialization |
198 |
* or certificate parsing error occurs. |
|
199 |
*/ |
|
200 |
public static final X509Certificate getInstance(byte[] certData) |
|
201 |
throws CertificateException { |
|
202 |
return getInst((Object)certData); |
|
203 |
} |
|
204 |
||
205 |
private static final X509Certificate getInst(Object value) |
|
206 |
throws CertificateException { |
|
207 |
/* |
|
208 |
* This turns out not to work for now. To run under JDK1.2 we would |
|
209 |
* need to call beginPrivileged() but we can't do that and run |
|
210 |
* under JDK1.1. |
|
211 |
*/ |
|
212 |
String className = X509Provider; |
|
213 |
if (className == null || className.length() == 0) { |
|
214 |
// shouldn't happen, but assume corrupted properties file |
|
215 |
// provide access to sun implementation |
|
216 |
className = "com.sun.security.cert.internal.x509.X509V1CertImpl"; |
|
217 |
} |
|
218 |
try { |
|
10709
d865c9f21240
7092375: Security Libraries don't build with javac -Werror
xuelei
parents:
5506
diff
changeset
|
219 |
Class<?>[] params = null; |
2 | 220 |
if (value instanceof InputStream) { |
10709
d865c9f21240
7092375: Security Libraries don't build with javac -Werror
xuelei
parents:
5506
diff
changeset
|
221 |
params = new Class<?>[] { InputStream.class }; |
2 | 222 |
} else if (value instanceof byte[]) { |
10709
d865c9f21240
7092375: Security Libraries don't build with javac -Werror
xuelei
parents:
5506
diff
changeset
|
223 |
params = new Class<?>[] { value.getClass() }; |
2 | 224 |
} else |
225 |
throw new CertificateException("Unsupported argument type"); |
|
226 |
Class<?> certClass = Class.forName(className); |
|
227 |
||
228 |
// get the appropriate constructor and instantiate it |
|
229 |
Constructor<?> cons = certClass.getConstructor(params); |
|
230 |
||
231 |
// get a new instance |
|
232 |
Object obj = cons.newInstance(new Object[] {value}); |
|
233 |
return (X509Certificate)obj; |
|
234 |
||
235 |
} catch (ClassNotFoundException e) { |
|
236 |
throw new CertificateException("Could not find class: " + e); |
|
237 |
} catch (IllegalAccessException e) { |
|
238 |
throw new CertificateException("Could not access class: " + e); |
|
239 |
} catch (InstantiationException e) { |
|
240 |
throw new CertificateException("Problems instantiating: " + e); |
|
241 |
} catch (InvocationTargetException e) { |
|
242 |
throw new CertificateException("InvocationTargetException: " |
|
243 |
+ e.getTargetException()); |
|
244 |
} catch (NoSuchMethodException e) { |
|
245 |
throw new CertificateException("Could not find class method: " |
|
246 |
+ e.getMessage()); |
|
247 |
} |
|
248 |
} |
|
249 |
||
250 |
/** |
|
251 |
* Checks that the certificate is currently valid. It is if |
|
252 |
* the current date and time are within the validity period given in the |
|
253 |
* certificate. |
|
254 |
* <p> |
|
255 |
* The validity period consists of two date/time values: |
|
256 |
* the first and last dates (and times) on which the certificate |
|
257 |
* is valid. It is defined in |
|
258 |
* ASN.1 as: |
|
259 |
* <pre> |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
260 |
* validity Validity |
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
261 |
* |
2 | 262 |
* Validity ::= SEQUENCE { |
263 |
* notBefore CertificateValidityDate, |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
264 |
* notAfter CertificateValidityDate } |
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
265 |
* |
2 | 266 |
* CertificateValidityDate ::= CHOICE { |
267 |
* utcTime UTCTime, |
|
268 |
* generalTime GeneralizedTime } |
|
269 |
* </pre> |
|
270 |
* |
|
271 |
* @exception CertificateExpiredException if the certificate has expired. |
|
272 |
* @exception CertificateNotYetValidException if the certificate is not |
|
273 |
* yet valid. |
|
274 |
*/ |
|
275 |
public abstract void checkValidity() |
|
276 |
throws CertificateExpiredException, CertificateNotYetValidException; |
|
277 |
||
278 |
/** |
|
279 |
* Checks that the specified date is within the certificate's |
|
280 |
* validity period. In other words, this determines whether the |
|
281 |
* certificate would be valid at the specified date/time. |
|
282 |
* |
|
283 |
* @param date the Date to check against to see if this certificate |
|
284 |
* is valid at that date/time. |
|
285 |
* @exception CertificateExpiredException if the certificate has expired |
|
18830 | 286 |
* with respect to the {@code date} supplied. |
2 | 287 |
* @exception CertificateNotYetValidException if the certificate is not |
18830 | 288 |
* yet valid with respect to the {@code date} supplied. |
2 | 289 |
* @see #checkValidity() |
290 |
*/ |
|
291 |
public abstract void checkValidity(Date date) |
|
292 |
throws CertificateExpiredException, CertificateNotYetValidException; |
|
293 |
||
294 |
/** |
|
18830 | 295 |
* Gets the {@code version} (version number) value from the |
2 | 296 |
* certificate. The ASN.1 definition for this is: |
297 |
* <pre> |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
298 |
* version [0] EXPLICIT Version DEFAULT v1 |
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
299 |
* |
2 | 300 |
* Version ::= INTEGER { v1(0), v2(1), v3(2) } |
301 |
* </pre> |
|
302 |
* |
|
303 |
* @return the version number from the ASN.1 encoding, i.e. 0, 1 or 2. |
|
304 |
*/ |
|
305 |
public abstract int getVersion(); |
|
306 |
||
307 |
/** |
|
18830 | 308 |
* Gets the {@code serialNumber} value from the certificate. |
2 | 309 |
* The serial number is an integer assigned by the certification |
310 |
* authority to each certificate. It must be unique for each |
|
311 |
* certificate issued by a given CA (i.e., the issuer name and |
|
312 |
* serial number identify a unique certificate). |
|
313 |
* The ASN.1 definition for this is: |
|
314 |
* <pre> |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
315 |
* serialNumber CertificateSerialNumber |
2 | 316 |
* |
317 |
* CertificateSerialNumber ::= INTEGER |
|
318 |
* </pre> |
|
319 |
* |
|
320 |
* @return the serial number. |
|
321 |
*/ |
|
322 |
public abstract BigInteger getSerialNumber(); |
|
323 |
||
324 |
/** |
|
18830 | 325 |
* Gets the {@code issuer} (issuer distinguished name) value from |
2 | 326 |
* the certificate. The issuer name identifies the entity that signed (and |
327 |
* issued) the certificate. |
|
328 |
* |
|
329 |
* <p>The issuer name field contains an |
|
330 |
* X.500 distinguished name (DN). |
|
331 |
* The ASN.1 definition for this is: |
|
332 |
* <pre> |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
333 |
* issuer Name |
2 | 334 |
* |
335 |
* Name ::= CHOICE { RDNSequence } |
|
336 |
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName |
|
337 |
* RelativeDistinguishedName ::= |
|
338 |
* SET OF AttributeValueAssertion |
|
339 |
* |
|
340 |
* AttributeValueAssertion ::= SEQUENCE { |
|
341 |
* AttributeType, |
|
342 |
* AttributeValue } |
|
343 |
* AttributeType ::= OBJECT IDENTIFIER |
|
344 |
* AttributeValue ::= ANY |
|
345 |
* </pre> |
|
18830 | 346 |
* The {@code Name} describes a hierarchical name composed of |
2 | 347 |
* attributes, such as country name, and corresponding values, such as US. |
18830 | 348 |
* The type of the {@code AttributeValue} component is determined by |
349 |
* the {@code AttributeType}; in general it will be a |
|
350 |
* {@code directoryString}. A {@code directoryString} is usually |
|
351 |
* one of {@code PrintableString}, |
|
352 |
* {@code TeletexString} or {@code UniversalString}. |
|
2 | 353 |
* |
354 |
* @return a Principal whose name is the issuer distinguished name. |
|
355 |
*/ |
|
356 |
public abstract Principal getIssuerDN(); |
|
357 |
||
358 |
/** |
|
18830 | 359 |
* Gets the {@code subject} (subject distinguished name) value |
2 | 360 |
* from the certificate. |
361 |
* The ASN.1 definition for this is: |
|
362 |
* <pre> |
|
363 |
* subject Name |
|
364 |
* </pre> |
|
365 |
* |
|
18830 | 366 |
* <p>See {@link #getIssuerDN() getIssuerDN} for {@code Name} |
2 | 367 |
* and other relevant definitions. |
368 |
* |
|
369 |
* @return a Principal whose name is the subject name. |
|
370 |
* @see #getIssuerDN() |
|
371 |
*/ |
|
372 |
public abstract Principal getSubjectDN(); |
|
373 |
||
374 |
/** |
|
18830 | 375 |
* Gets the {@code notBefore} date from the validity period of |
2 | 376 |
* the certificate. |
377 |
* The relevant ASN.1 definitions are: |
|
378 |
* <pre> |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
379 |
* validity Validity |
2 | 380 |
* |
381 |
* Validity ::= SEQUENCE { |
|
382 |
* notBefore CertificateValidityDate, |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
383 |
* notAfter CertificateValidityDate } |
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
384 |
* |
2 | 385 |
* CertificateValidityDate ::= CHOICE { |
386 |
* utcTime UTCTime, |
|
387 |
* generalTime GeneralizedTime } |
|
388 |
* </pre> |
|
389 |
* |
|
390 |
* @return the start date of the validity period. |
|
391 |
* @see #checkValidity() |
|
392 |
*/ |
|
393 |
public abstract Date getNotBefore(); |
|
394 |
||
395 |
/** |
|
18830 | 396 |
* Gets the {@code notAfter} date from the validity period of |
90 | 397 |
* the certificate. See {@link #getNotBefore() getNotBefore} |
2 | 398 |
* for relevant ASN.1 definitions. |
399 |
* |
|
400 |
* @return the end date of the validity period. |
|
401 |
* @see #checkValidity() |
|
402 |
*/ |
|
403 |
public abstract Date getNotAfter(); |
|
404 |
||
405 |
/** |
|
406 |
* Gets the signature algorithm name for the certificate |
|
407 |
* signature algorithm. An example is the string "SHA-1/DSA". |
|
408 |
* The ASN.1 definition for this is: |
|
409 |
* <pre> |
|
18771
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
410 |
* signatureAlgorithm AlgorithmIdentifier |
9dadb0719cea
8019772: Fix doclint issues in javax.crypto and javax.security subpackages
juh
parents:
14775
diff
changeset
|
411 |
* |
2 | 412 |
* AlgorithmIdentifier ::= SEQUENCE { |
413 |
* algorithm OBJECT IDENTIFIER, |
|
414 |
* parameters ANY DEFINED BY algorithm OPTIONAL } |
|
415 |
* -- contains a value of the type |
|
416 |
* -- registered for use with the |
|
417 |
* -- algorithm object identifier value |
|
418 |
* </pre> |
|
419 |
* |
|
18830 | 420 |
* <p>The algorithm name is determined from the {@code algorithm} |
2 | 421 |
* OID string. |
422 |
* |
|
423 |
* @return the signature algorithm name. |
|
424 |
*/ |
|
425 |
public abstract String getSigAlgName(); |
|
426 |
||
427 |
/** |
|
428 |
* Gets the signature algorithm OID string from the certificate. |
|
429 |
* An OID is represented by a set of positive whole numbers separated |
|
430 |
* by periods. |
|
431 |
* For example, the string "1.2.840.10040.4.3" identifies the SHA-1 |
|
432 |
* with DSA signature algorithm, as per the PKIX part I. |
|
433 |
* |
|
90 | 434 |
* <p>See {@link #getSigAlgName() getSigAlgName} for |
2 | 435 |
* relevant ASN.1 definitions. |
436 |
* |
|
437 |
* @return the signature algorithm OID string. |
|
438 |
*/ |
|
439 |
public abstract String getSigAlgOID(); |
|
440 |
||
441 |
/** |
|
442 |
* Gets the DER-encoded signature algorithm parameters from this |
|
443 |
* certificate's signature algorithm. In most cases, the signature |
|
444 |
* algorithm parameters are null; the parameters are usually |
|
445 |
* supplied with the certificate's public key. |
|
446 |
* |
|
90 | 447 |
* <p>See {@link #getSigAlgName() getSigAlgName} for |
2 | 448 |
* relevant ASN.1 definitions. |
449 |
* |
|
450 |
* @return the DER-encoded signature algorithm parameters, or |
|
451 |
* null if no parameters are present. |
|
452 |
*/ |
|
453 |
public abstract byte[] getSigAlgParams(); |
|
454 |
} |