jdk/src/share/classes/sun/security/x509/X509Cert.java
author mikejwre
Wed, 16 Dec 2009 23:39:39 -0800
changeset 4421 fcbbd4d49581
parent 715 f16baef3a20e
permissions -rw-r--r--
Merge

/*
 * Copyright 1997-2008 Sun Microsystems, Inc.  All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Sun designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Sun in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
 * CA 95054 USA or visit www.sun.com if you need additional information or
 * have any questions.
 */

package sun.security.x509;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.*;
import java.util.Date;
import java.util.Enumeration;

import sun.security.util.*;     // DER

/**
 * @author David Brownell
 *
 * @see CertAndKeyGen
 * @deprecated  Use the new X509Certificate class.
 *              This class is only restored for backwards compatibility.
 */
@Deprecated
public class X509Cert implements Certificate, Serializable {

    static final long serialVersionUID = -52595524744692374L;

    /*
     * NOTE: All fields are marked transient, because we do not want them to
     * be included in the class description when we serialize an object of
     * this class. We override "writeObject" and "readObject" to use the
     * ASN.1 encoding of a certificate as the serialized form, instead of
     * calling the default routines which would operate on the field values.
     *
     * MAKE SURE TO MARK ANY FIELDS THAT ARE ADDED IN THE FUTURE AS TRANSIENT.
     */

    /* The algorithm id */
    transient protected AlgorithmId algid;

    /*
     * Certificate data, and its envelope
     */
    transient private byte rawCert [];
    transient private byte signature [];
    transient private byte signedCert [];

    /*
     * X509.v1 data (parsed)
     */
    transient private X500Name subject; // from subject
    transient private PublicKey pubkey;

    transient private Date notafter;    // from CA (constructor)
    transient private Date notbefore;

    transient private int version;      // from CA (signAndEncode)
    transient private BigInteger serialnum;
    transient private X500Name issuer;
    transient private AlgorithmId issuerSigAlg;

    /*
     * flag to indicate whether or not this certificate has already been parsed
     * (through a call to one of the constructors or the "decode" or
     * "readObject" methods). This is to ensure that certificates are
     * immutable.
     */
    transient private boolean parsed=false;

    /*
     * X509.v2 extensions
     */

    /*
     * X509.v3 extensions
     */

    /*
     * Other extensions ... Netscape, Verisign, SET, etc
     */


    /**
     * Construct a uninitialized X509 Cert on which <a href="#decode">
     * decode</a> must later be called (or which may be deserialized).
     */
    // XXX deprecated, delete this
    public X509Cert() { }


    /**
     * Unmarshals a certificate from its encoded form, parsing the
     * encoded bytes.  This form of constructor is used by agents which
     * need to examine and use certificate contents.  That is, this is
     * one of the more commonly used constructors.  Note that the buffer
     * must include only a certificate, and no "garbage" may be left at
     * the end.  If you need to ignore data at the end of a certificate,
     * use another constructor.
     *
     * @param cert the encoded bytes, with no terminatu (CONSUMED)
     * @exception IOException when the certificate is improperly encoded.
     */
    public X509Cert(byte cert []) throws IOException
    {
        DerValue in = new DerValue (cert);
        parse (in);
        if (in.data.available () != 0)
            throw new CertParseError ("garbage at end");
        signedCert = cert;
    }


    /**
     * Unmarshals a certificate from its encoded form, parsing the
     * encoded bytes.  This form of constructor is used by agents which
     * need to examine and use certificate contents.  That is, this is
     * one of the most commonly used constructors.
     *
     * @param buf the buffer holding the encoded bytes
     * @param offset the offset in the buffer where the bytes begin
     * @param len how many bytes of certificate exist
     *
     * @exception IOException when the certificate is improperly encoded.
     */
    public X509Cert(byte buf [], int offset, int len) throws IOException
    {
        DerValue in = new DerValue (buf, offset, len);

        parse (in);
        if (in.data.available () != 0)
            throw new CertParseError ("garbage at end");
        signedCert = new byte [len];
        System.arraycopy (buf, offset, signedCert, 0, len);
    }


    /**
     * Unmarshal a certificate from its encoded form, parsing a DER value.
     * This form of constructor is used by agents which need to examine
     * and use certificate contents.
     *
     * @param derVal the der value containing the encoded cert.
     * @exception IOException when the certificate is improperly encoded.
     */
    public X509Cert(DerValue derVal) throws IOException
    {
        parse (derVal);
        if (derVal.data.available () != 0)
            throw new CertParseError ("garbage at end");
        signedCert = derVal.toByteArray ();
    }


    /**
     * Partially constructs a certificate from descriptive parameters.
     * This constructor may be used by Certificate Authority (CA) code,
     * which later <a href="#signAndEncode">signs and encodes</a> the
     * certificate.  Also, self-signed certificates serve as CA certificates,
     * and are sometimes used as certificate requests.
     *
     * <P>Until the certificate has been signed and encoded, some of
     * the mandatory fields in the certificate will not be available
     * via accessor functions:  the serial number, issuer name and signing
     * algorithm, and of course the signed certificate.  The fields passed
     * to this constructor are available, and must be non-null.
     *
     * <P>Note that the public key being signed is generally independent of
     * the signature algorithm being used.  So for example Diffie-Hellman
     * keys (which do not support signatures) can be placed in X.509
     * certificates when some other signature algorithm (e.g. DSS/DSA,
     * or one of the RSA based algorithms) is used.
     *
     * @see CertAndKeyGen
     *
     * @param subjectName the X.500 distinguished name being certified
     * @param subjectPublicKey the public key being certified.  This
     *  must be an "X509Key" implementing the "PublicKey" interface.
     * @param notBefore the first time the certificate is valid
     * @param notAfter the last time the certificate is valid
     *
     * @exception CertException if the public key is inappropriate
     */
    public X509Cert(X500Name subjectName, X509Key subjectPublicKey,
                    Date notBefore, Date notAfter) throws CertException
    {
        subject = subjectName;

        if (!(subjectPublicKey instanceof PublicKey))
            throw new CertException (CertException.err_INVALID_PUBLIC_KEY,
                "Doesn't implement PublicKey interface");

        // The X509 cert API requires X509 keys, else things break.
        pubkey = subjectPublicKey;
        notbefore = notBefore;
        notafter = notAfter;
        version = 0;
    }


    /**
     * Decode an X.509 certificate from an input stream.
     *
     * @param in an input stream holding at least one certificate
     * @exception IOException when the certificate is improperly encoded, or
     * if it has already been parsed.
     */
    public void decode(InputStream in) throws IOException
    {
        DerValue val = new DerValue(in);
        parse(val);
        signedCert = val.toByteArray();
    }


    /**
     * Appends the certificate to an output stream.
     *
     * @param out an input stream to which the certificate is appended.
     * @exception IOException when appending fails.
     */
    public void encode (OutputStream out) throws IOException
        { out.write (getSignedCert ()); }


    /**
     * Compares two certificates.  This is false if the
     * certificates are not both X.509 certs, otherwise it
     * compares them as binary data.
     *
     * @param other the object being compared with this one
     * @return true iff the certificates are equivalent
     */
    public boolean      equals (Object other)
    {
        if (other instanceof X509Cert)
            return equals ((X509Cert) other);
        else
            return false;
    }


    /**
     * Compares two certificates, returning false if any data
     * differs between the two.
     *
     * @param other the object being compared with this one
     * @return true iff the certificates are equivalent
     */
    public boolean      equals (X509Cert src)
    {
        if (this == src)
            return true;
        if (signedCert == null || src.signedCert == null)
            return false;
        if (signedCert.length != src.signedCert.length)
            return false;
        for (int i = 0; i < signedCert.length; i++)
            if (signedCert [i] != src.signedCert [i])
                return false;
        return true;
    }


    /** Returns the "X.509" format identifier. */
    public String getFormat () // for Certificate
        { return "X.509"; }


    /** Returns <a href="#getIssuerName">getIssuerName</a> */
    public Principal getGuarantor () // for Certificate
        { return getIssuerName (); }


    /** Returns <a href="#getSubjectName">getSubjectName</a> */
    public Principal getPrincipal ()
        { return getSubjectName (); }


    /**
     * Throws an exception if the certificate is invalid because it is
     * now outside of the certificate's validity period, or because it
     * was not signed using the verification key provided.  Successfully
     * verifying a certificate does <em>not</em> indicate that one should
     * trust the entity which it represents.
     *
     * <P><em>Note that since this class represents only a single X.509
     * certificate, it cannot know anything about the certificate chain
     * which is used to provide the verification key and to establish trust.
     * Other code must manage and use those cert chains.
     *
     * <P>For now, you must walk the cert chain being used to verify any
     * given cert.  Start at the root, which is a self-signed certificate;
     * verify it using the key inside the certificate.  Then use that to
     * verify the next certificate in the chain, issued by that CA.  In
     * this manner, verify each certificate until you reach the particular
     * certificate you wish to verify.  You should not use a certificate
     * if any of the verification operations for its certificate chain
     * were unsuccessful.
     * </em>
     *
     * @param issuerPublicKey the public key of the issuing CA
     * @exception CertException when the certificate is not valid.
     */
    public void verify (PublicKey issuerPublicKey)
    throws CertException
    {
        Date    now = new Date ();

        if (now.before (notbefore))
            throw new CertException (CertException.verf_INVALID_NOTBEFORE);
        if (now.after (notafter))
            throw new CertException (CertException.verf_INVALID_EXPIRED);
        if (signedCert == null)
            throw new CertException (CertException.verf_INVALID_SIG,
                "?? certificate is not signed yet ??");

        //
        // Verify the signature ...
        //
        String          algName = null;

        try {
            Signature   sigVerf = null;

            algName = issuerSigAlg.getName();
            sigVerf = Signature.getInstance(algName);
            sigVerf.initVerify (issuerPublicKey);
            sigVerf.update (rawCert, 0, rawCert.length);

            if (!sigVerf.verify (signature)) {
                throw new CertException (CertException.verf_INVALID_SIG,
                    "Signature ... by <" + issuer + "> for <" + subject + ">");
            }

        // Gag -- too many catch clauses, let most through.

        } catch (NoSuchAlgorithmException e) {
            throw new CertException (CertException.verf_INVALID_SIG,
                "Unsupported signature algorithm (" + algName + ")");

        } catch (InvalidKeyException e) {
            // e.printStackTrace();
            throw new CertException (CertException.err_INVALID_PUBLIC_KEY,
                "Algorithm (" + algName + ") rejected public key");

        } catch (SignatureException e) {
            throw new CertException (CertException.verf_INVALID_SIG,
                "Signature by <" + issuer + "> for <" + subject + ">");
        }
    }


    /**
     * Creates an X.509 certificate, and signs it using the issuer
     * passed (associating a signature algorithm and an X.500 name).
     * This operation is used to implement the certificate generation
     * functionality of a certificate authority.
     *
     * @see #getSignedCert
     * @see #getSigner
     * @see CertAndKeyGen
     *
     * @param serial the serial number of the certificate (non-null)
     * @param issuer the certificate issuer (CA) (non-null)
     * @return the signed certificate, as returned by getSignedCert
     *
     * @exception IOException if any of the data could not be encoded,
     *  or when any mandatory data was omitted
     * @exception SignatureException on signing failures
     */
    public byte []
    encodeAndSign (
        BigInteger      serial,
        X500Signer      issuer
    ) throws IOException, SignatureException
    {
        rawCert = null;

        /*
         * Get the remaining cert parameters, and make sure we have enough.
         *
         * We deduce version based on what attribute data are available
         * For now, we have no attributes, so we always deduce X.509v1 !
         */
        version = 0;
        serialnum = serial;
        this.issuer = issuer.getSigner ();
        issuerSigAlg = issuer.getAlgorithmId ();

        if (subject == null || pubkey == null
                || notbefore == null || notafter == null)
            throw new IOException ("not enough cert parameters");

        /*
         * Encode the raw cert, create its signature and put it
         * into the envelope.
         */
        rawCert = DERencode ();
        signedCert = sign (issuer, rawCert);
        return signedCert;
    }


    /**
     * Returns an X500Signer that may be used to create signatures.  Those
     * signature may in turn be verified using this certificate (or a
     * copy of it).
     *
     * <P><em><b>NOTE:</b>  If the private key is by itself capable of
     * creating signatures, this fact may not be recognized at this time.
     * Specifically, the case of DSS/DSA keys which get their algorithm
     * parameters from higher in the certificate chain is not supportable
     * without using an X509CertChain API, and there is no current support
     * for other sources of algorithm parameters.</em>
     *
     * @param algorithm the signature algorithm to be used.  Note that a
     *  given public/private key pair may support several such algorithms.
     * @param privateKey the private key used to create the signature,
     *  which must correspond to the public key in this certificate
     * @return the Signer object
     *
     * @exception NoSuchAlgorithmException if the signature
     *  algorithm is not supported
     * @exception InvalidKeyException if either the key in the certificate,
     *  or the private key parameter, does not support the requested
     *  signature algorithm
     */
    public X500Signer   getSigner (AlgorithmId algorithmId,
                                   PrivateKey privateKey)
    throws NoSuchAlgorithmException, InvalidKeyException
    {
        String algorithm;
        Signature       sig;

        if (privateKey instanceof Key) {
            Key key = (Key)privateKey;
            algorithm = key.getAlgorithm();
        } else {
            throw new InvalidKeyException("private key not a key!");
        }

        sig = Signature.getInstance(algorithmId.getName());

        if (!pubkey.getAlgorithm ().equals (algorithm)) {

          throw new InvalidKeyException( "Private key algorithm " +
                                         algorithm +
                                         " incompatible with certificate " +
                                         pubkey.getAlgorithm());
        }
        sig.initSign (privateKey);
        return new X500Signer (sig, subject);
    }


    /**
     * Returns a signature object that may be used to verify signatures
     * created using a specified signature algorithm and the public key
     * contained in this certificate.
     *
     * <P><em><b>NOTE:</b>  If the public key in this certificate is not by
     * itself capable of verifying signatures, this may not be recognized
     * at this time.  Specifically, the case of DSS/DSA keys which get
     * their algorithm parameters from higher in the certificate chain
     * is not supportable without using an X509CertChain API, and there
     * is no current support for other sources of algorithm parameters.</em>
     *
     * @param algorithm the algorithm of the signature to be verified
     * @return the Signature object
     * @exception NoSuchAlgorithmException if the signature
     *  algorithm is not supported
     * @exception InvalidKeyException if the key in the certificate
     *  does not support the requested signature algorithm
     */
    public Signature getVerifier(String algorithm)
    throws NoSuchAlgorithmException, InvalidKeyException
    {
        String          algName;
        Signature       sig;

        sig = Signature.getInstance(algorithm);
        sig.initVerify (pubkey);
        return sig;
    }



    /**
     * Return the signed X.509 certificate as a byte array.
     * The bytes are in standard DER marshaled form.
     * Null is returned in the case of a partially constructed cert.
     */
    public byte []      getSignedCert ()
        { return signedCert.clone(); }


    /**
     * Returns the certificate's serial number.
     * Null is returned in the case of a partially constructed cert.
     */
    public BigInteger   getSerialNumber ()
        { return serialnum; }


    /**
     * Returns the subject's X.500 distinguished name.
     */
    public X500Name     getSubjectName ()
        { return subject; }


    /**
     * Returns the certificate issuer's X.500 distinguished name.
     * Null is returned in the case of a partially constructed cert.
     */
    public X500Name     getIssuerName ()
        { return issuer; }


    /**
     * Returns the algorithm used by the issuer to sign the certificate.
     * Null is returned in the case of a partially constructed cert.
     */
    public AlgorithmId  getIssuerAlgorithmId ()
        { return issuerSigAlg; }


    /**
     * Returns the first time the certificate is valid.
     */
    public Date getNotBefore ()
        { return new Date(notbefore.getTime()); }


    /**
     * Returns the last time the certificate is valid.
     */
    public Date getNotAfter ()
        { return new Date(notafter.getTime()); }


    /**
     * Returns the subject's public key.  Note that some public key
     * algorithms support an optional certificate generation policy
     * where the keys in the certificates are not in themselves sufficient
     * to perform a public key operation.  Those keys need to be augmented
     * by algorithm parameters, which the certificate generation policy
     * chose not to place in the certificate.
     *
     * <P>Two such public key algorithms are:  DSS/DSA, where algorithm
     * parameters could be acquired from a CA certificate in the chain
     * of issuers; and Diffie-Hellman, with a similar solution although
     * the CA then needs both a Diffie-Hellman certificate and a signature
     * capable certificate.
     */
    public PublicKey            getPublicKey ()
        { return pubkey; }


    /**
     * Returns the X.509 version number of this certificate, zero based.
     * That is, "2" indicates an X.509 version 3 (1993) certificate,
     * and "0" indicates X.509v1 (1988).
     * Zero is returned in the case of a partially constructed cert.
     */
    public int          getVersion ()
        { return version; }


    /**
     * Calculates a hash code value for the object.  Objects
     * which are equal will also have the same hashcode.
     */
    public int          hashCode ()
    {
        int     retval = 0;

        for (int i = 0; i < signedCert.length; i++)
            retval += signedCert [i] * i;
        return retval;
    }


    /**
     * Returns a printable representation of the certificate.  This does not
     * contain all the information available to distinguish this from any
     * other certificate.  The certificate must be fully constructed
     * before this function may be called; in particular, if you are
     * creating certificates you must call encodeAndSign() before calling
     * this function.
     */
    public String       toString ()
    {
        String          s;

        if (subject == null || pubkey == null
                || notbefore == null || notafter == null
                || issuer == null || issuerSigAlg == null
                || serialnum == null)
            throw new NullPointerException ("X.509 cert is incomplete");

        s = "  X.509v" + (version + 1) + " certificate,\n";
        s += "  Subject is " + subject + "\n";
        s += "  Key:  " + pubkey;
        s += "  Validity <" + notbefore + "> until <" + notafter + ">\n";
        s += "  Issuer is " + issuer + "\n";
        s += "  Issuer signature used " + issuerSigAlg.toString () + "\n";
        s += "  Serial number = " + Debug.toHexString(serialnum) + "\n";

        // optional v2, v3 extras

        return "[\n" + s + "]";
    }


    /**
     * Returns a printable representation of the certificate.
     *
     * @param detailed true iff lots of detail is requested
     */
    public String       toString (boolean detailed)
        { return toString (); }


    /************************************************************/

    /*
     * Cert is a SIGNED ASN.1 macro, a three elment sequence:
     *
     *  - Data to be signed (ToBeSigned) -- the "raw" cert
     *  - Signature algorithm (SigAlgId)
     *  - The signature bits
     *
     * This routine unmarshals the certificate, saving the signature
     * parts away for later verification.
     */
    private void parse (DerValue val) throws IOException
    {
        if (parsed == true) {
            throw new IOException("Certificate already parsed");
        }

        DerValue seq [] = new DerValue [3];

        seq [0] = val.data.getDerValue ();
        seq [1] = val.data.getDerValue ();
        seq [2] = val.data.getDerValue ();

        if (val.data.available () != 0)
            throw new CertParseError ("signed overrun, bytes = "
                    + val.data.available ());
        if (seq [0].tag != DerValue.tag_Sequence)
            throw new CertParseError ("signed fields invalid");

        rawCert = seq [0].toByteArray ();       // XXX slow; fixme!


        issuerSigAlg = AlgorithmId.parse (seq [1]);
        signature = seq [2].getBitString ();

        if (seq [1].data.available () != 0) {
            // XXX why was this error check commented out?
            // It was originally part of the next check.
            throw new CertParseError ("algid field overrun");
        }

        if (seq [2].data.available () != 0)
            throw new CertParseError ("signed fields overrun");

        /*
         * Let's have fun parsing the cert itself.
         */
        DerInputStream  in;
        DerValue        tmp;

        in = seq [0].data;

        /*
         * Version -- this is optional (default zero). If it's there it's
         * the first field and is specially tagged.
         *
         * Both branches leave "tmp" holding a value for the serial
         * number that comes next.
         */
        version = 0;
        tmp = in.getDerValue ();
        if (tmp.isConstructed () && tmp.isContextSpecific ()) {
            version = tmp.data.getInteger();
            if (tmp.data.available () != 0)
                throw new IOException ("X.509 version, bad format");
            tmp = in.getDerValue ();
        }

        /*
         * serial number ... an integer
         */
        serialnum = tmp.getBigInteger ();

        /*
         * algorithm type for CA's signature ... needs to match the
         * one on the envelope, and that's about it!  different IDs
         * may represent a signature attack.  In general we want to
         * inherit parameters.
         */
        tmp = in.getDerValue ();
        {
            AlgorithmId         algid;


            algid = AlgorithmId.parse(tmp);

            if (!algid.equals (issuerSigAlg))
                throw new CertParseError ("CA Algorithm mismatch!");

            this.algid = algid;
        }

        /*
         * issuer name
         */
        issuer = new X500Name (in);

        /*
         * validity:  SEQUENCE { start date, end date }
         */
        tmp = in.getDerValue ();
        if (tmp.tag != DerValue.tag_Sequence)
            throw new CertParseError ("corrupt validity field");

        notbefore = tmp.data.getUTCTime ();
        notafter = tmp.data.getUTCTime ();
        if (tmp.data.available () != 0)
            throw new CertParseError ("excess validity data");

        /*
         * subject name and public key
         */
        subject = new X500Name (in);

        tmp = in.getDerValue ();
        pubkey = X509Key.parse (tmp);

        /*
         * XXX for v2 and later, a bunch of tagged options follow
         */

        if (in.available () != 0) {
            /*
             * Until we parse V2/V3 data ... ignore it.
             *
            // throw new CertParseError ("excess cert data");
            System.out.println (
                    "@end'o'cert, optional V2/V3 data unparsed:  "
                    + in.available ()
                    + " bytes"
                    );
            */
        }

        parsed = true;
    }


    /*
     * Encode only the parts that will later be signed.
     */
    private byte [] DERencode () throws IOException
    {
        DerOutputStream raw = new DerOutputStream ();

        encode (raw);
        return raw.toByteArray ();
    }


    /*
     * Marshal the contents of a "raw" certificate into a DER sequence.
     */
    private void encode (DerOutputStream out) throws IOException
    {
        DerOutputStream tmp = new DerOutputStream ();

        /*
         * encode serial number, issuer signing algorithm,
         * and issuer name into the data we'll return
         */
        tmp.putInteger (serialnum);
        issuerSigAlg.encode (tmp);
        issuer.encode (tmp);

        /*
         * Validity is a two element sequence ... encode the
         * elements, then wrap them into the data we'll return
         */
        {
            DerOutputStream     seq = new DerOutputStream ();

            seq.putUTCTime (notbefore);
            seq.putUTCTime (notafter);
            tmp.write (DerValue.tag_Sequence, seq);
        }

        /*
         * Encode subject (principal) and associated key
         */
        subject.encode (tmp);
        tmp.write(pubkey.getEncoded());

        /*
         * Wrap the data; encoding of the "raw" cert is now complete.
         */
        out.write (DerValue.tag_Sequence, tmp);
    }


    /*
     * Calculate the signature of the "raw" certificate,
     * and marshal the cert with the signature and a
     * description of the signing algorithm.
     */
    private byte [] sign (X500Signer issuer, byte data [])
    throws IOException, SignatureException
    {
        /*
         * Encode the to-be-signed data, then the algorithm used
         * to create the signature.
         */
        DerOutputStream out = new DerOutputStream ();
        DerOutputStream tmp = new DerOutputStream ();

        tmp.write (data);
        issuer.getAlgorithmId ().encode(tmp);


        /*
         * Create and encode the signature itself.
         */
        issuer.update (data, 0, data.length);
        signature = issuer.sign ();
        tmp.putBitString (signature);

        /*
         * Wrap the signed data in a SEQUENCE { data, algorithm, sig }
         */
        out.write (DerValue.tag_Sequence, tmp);
        return out.toByteArray ();
    }


    /**
     * Serialization write ... X.509 certificates serialize as
     * themselves, and they're parsed when they get read back.
     * (Actually they serialize as some type data from the
     * serialization subsystem, then the cert data.)
     */
    private void writeObject (java.io.ObjectOutputStream stream)
        throws IOException
        { encode(stream); }

    /**
     * Serialization read ... X.509 certificates serialize as
     * themselves, and they're parsed when they get read back.
     */
    private void readObject (ObjectInputStream stream)
        throws IOException
        { decode(stream); }
}