X509 - Reference Documentation
Class implementing support for X509 certificates
This class provides a wrapper for java.security.cert.X509 objects. All methods from this Java class are available through the LiveConnect mechanism.
Index of Methods
- X509() constructor
- getNative()
- getBytes()
- getIssuerDNString()
- getSubjectDNString()
- getOCSPResponderURL()
- getPublicKey()
- verify()
- verifyWith()
Constructor
Prototype
X509(ByteString dercert)
X509(String certfile)
Description
Create certificate object from DER encoded certificate or read from fileArguments
| Type | Name | Description |
|---|---|---|
ByteString | dercert | DER encoded certificate |
String | certfile |
Filename of file containing DER encoded certificate Unless an absolute file name is given, the path is relative to the location of the script in which the constructor is called. |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.INVALID_DATA | The certificate has an invalid or unrecognized structure |
Example
root = new X509("root.cer");
print("Issuer : " + root.getIssuerDNString());
print("Subject : " + root.getSubjectDNString());
bs = new ByteString("\
MIIGGzCCBAOgAwIBAgIRAS31fRUU00bNe4A4sqZ44wQwDQYJKoZIhvcNAQEFBQAw \
VDESMBAGA1UEAwwJUm9vdC1DQSAxMTEwLwYDVQQKDChURVNUIC0gSGF1cHR2ZXJi \
YW5kIMO2c3RlcnIuIFNvemlhbHZlcnMuMQswCQYDVQQGEwJBVDAeFw0wNTA2MjMx \
NzI3MDJaFw0zMDA2MjMxNzI3MDJaMFYxFDASBgNVBAMMC1N5c3RlbSBDQSAxMTEw \
LwYDVQQKDChURVNUIC0gSGF1cHR2ZXJiYW5kIMO2c3RlcnIuIFNvemlhbHZlcnMu \
MQswCQYDVQQGEwJBVDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKWL \
/7+RLD7eqAiqbFtN/3sWgw5nfA3G6vYcVvV4CzXFlzJVk6xtiu/sYlSQK18tbyF4 \
7DfNuHANV24lutFOoGLuhJkSWbqONcNvplD7a+XIniAdSgSBxcJnXvZ4xJ+Bd5TH \
U4CXvcqDGpEaEAgnhpiVPoBMHK/r1eMrLsb9+HryCKBrC0dzVPPKX+HAz2wj757x \
KdlrBva7dFz5pbDDZmifmTko4fj4DQS5quu4MVq2vs1D9km2BZXCgU5Fo6OWoL0a \
U3B4amLzNA981E2niLovz+18DB340/PlgctE6FaM8XQv9Omoe/nUqImM/J+T8uIp \
kFCy+1cuhXGRpqRnHvEq88COsvDFI6vKfwd9Duko+IjUzpq3MIa2bXURBU3kDD79 \
sl1i1uy9Sx6YtwTZBoPIQZP+7WjlZnT4nBpJl2r0qKFKJH3nBJVntlzlSna1gc4u \
HZBkvrfDnLG/RGGBsiqkzdx0myM8mON/veLbY5Nd+SUBm1bWAw0BSbz+3jBtHQID \
AQABo4IBZDCCAWAwEwYDVR0jBAwwCoAIRtDR1WyRFs4wEQYDVR0OBAoECEvRRLys \
X0iFMA4GA1UdDwEB/wQEAwICBDAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGG \
FWh0dHA6Ly8xNDkuMjM5LjE2LjIwOTCB3gYDVR0fBIHWMIHTMIHQoHOgcYZvbGRh \
cDovLzE0OS4yMzkuMTYuMjA5L289VEVTVCUyMC0lMjBIYXVwdHZlcmJhbmQlMjAl \
ZjZzdGVyci4lMjBTb3ppYWx2ZXJzLixjPUFUP2NlcnRpZmljYXRlUmV2b2NhdGlv \
bkxpc3Q7YmluYXJ5olmkVzBVMRMwEQYDVQQDDApDUkwtU2lnbmVyMTEwLwYDVQQK \
DChURVNUIC0gSGF1cHR2ZXJiYW5kIMO2c3RlcnIuIFNvemlhbHZlcnMuMQswCQYD \
VQQGEwJBVDASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4ICAQAY \
P81wkoVpuE6Dtg72snt2KnwURfI1KAD+WgDBKLcSUD+uO2ks7CpRWaqD5WW47lQD \
KsGwLyRmwEfmNBPh15TMYkTvynUwD3WBaPPr59Hy7QrUcdRU511my0CnS3W+2L4a \
oLCuyRvlozuIhBHCfSKsYFZwHrT90J+B9NFnlWCGsxg0xsKpatcXsrMOQTlX3dOl \
5pu9KEoKlryZArD7UDBqMAqKQ9srx1a23AJKREFyJ6a4aW/voZvpoHMsQQPbm8xb \
vQPZaUUqY7R9g/9ZgVdeDrjEJU8qtptSL1ixVbvmpKM0g+G4tda83VfVY5qeto6E \
QLmst4yNA/uv5MxCtEu/DthxUScGkY1erV6LMb97u4m4mx87SxKPBhCdZx76BEgU \
t0bLFAlG63h1bZ3UFcoDR3PSjF1QwUPO6DroCMVpUYRGnli123KQ63lKCOxQqwl+ \
te7x3uEWKgN8FwUKCLYGnBIiBA2c7igRiyKaOon+43kYt+GAyBvOdH1n/EjHQVHE \
h3xwWNCsiAn6XFjlL61i0r5dshBl+rWWyUbNpHXqHuPnm8Zn37DXwmvxU9qdc0TA \
Y8M0uMYAw1rkDoo2zGb2nxAbmmp7L8J2cFE/6TJ6R7gdxY/0uwaIdRHBr844kscO \
i0dKmGsaCPxCVq5venNSatNMEvOgyEloLGqoq3S+xQ==", BASE64);
ca = new X509(bs);
print("Issuer : " + ca.getIssuerDNString());
print("Subject : " + ca.getSubjectDNString());
getNative()
Prototype
java.security.X509Certificate getNative()
Description
Return underlying native java.security.X509Certificate object. All methods of the Java object are available through the LiveConnect mechanism.
For methods with return type byte[], as ByteString object is created.
Return
java.security.X509Certificate | Native Java object |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
Example
var root = new X509("root.cer");
var ncert = root.getNative();
print("Version: " + ncert.getVersion());
getBytes()
Prototype
ByteString getBytes()
Description
Return certificate in encoded formatReturn
ByteString | Encoded certificate |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
Example
root = new X509("root.cer");
bs = root.getBytes();
root = new X509(bs);
print("Subject : " + root.getSubjectDNString());
getIssuerDNString()
Prototype
String getIssuerDNString()
Description
Return a string containing the Issuer Distinguished Name in a human readable form.Return
String | String containing the Issuer DN |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
Example
root = new X509("root.cer");
dn = root.getIssuerDNString();
assert(dn);
print("Issuer : " + dn);
getSubjectDNString()
Prototype
String getSubjectDNString()
Description
Return a string containing the Subject Distinguished Name in a human readable form.Return
String | String containing the Subject DN |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
Example
root = new X509("root.cer");
var dn = root.getSubjectDNString();
assert(dn);
print("Subject : " + dn);
getOCSPResponderURL()
Prototype
String getOCSPResponderURL()
Description
Return a string containing the URL of the OCSP responder for this certificate.Return
String | String containing the OCSP Responder URL |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
Example
root = new X509("root.cer");
url = root.getOCSPResponderURL();
assert(url);
print("OCSP Responder URL : " + url);
getPublicKey()
Prototype
Key getPublicKey()
Key getPublicKey(Key template)
Description
Extract public key from certificate.
If no template is given, then a new Key object is created. If the key template is provided, then it will be filled with the appropriate values.
Return
Key | New key object or object provided as template. |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.INVALID_KEY | The key could not be extracted from the certificate |
Example
var root = new X509("root.cer");
var key = root.getPublicKey();
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);
assert(key.getSize() == 4096);
assert(key.getComponent(Key.MODULUS).toString(HEX) ==
"D0FC391648CD018C07FD9A9EFCBB0BC88C6D6A72575C4862" +
"6A632BAE0E6E8091B22CDEFD952BA19E4AF06B2380C3DCE1" +
"0678FBDD408B7E2E9D8341760079761161C42A0917143E26" +
"A787B74426CEC430A55E71DEDB391A501696DF116E21D270" +
"6F0B88CC4AEEA2EC5E8032F5E9FA45B6A4DB51346FAC26AF" +
"FCB694A6067C0D2F2C9488489BEA5ED0D18B0ABC98A526B2" +
"62CDE334873AEC73CF57570A8508BCABE224ED97D84F81B6" +
"FF8F1639E8245FDF143664FACF301DB53640262B9F79FFAD" +
"12619EAA5A54473D82E8EF876270DAAA5CD57D8557CAA23C" +
"64C1FCB508E11261EA65DF4667FD168E797D6B7FC01E668A" +
"3172F906D5A8E45CEB9A7FB8C34FF44230F6DB6CD7415D52" +
"9879447908E13E09A5EC323C4C6E0F9FCF3B0E426C76C140" +
"0B3AE3945D03DF7037697FC47B944B7DF1D5DFD18F600579" +
"0CCB8B82F1D4061F0C837959CF0F091BF072F6F8CA552DFD" +
"CF5D998B020025C986BA8934F7B5BC277F12313CE2BA533C" +
"84285F95C7ED028D5A4D0CEECE2708AE1C024D27C26627B2" +
"F413D9B83C6C82381FD1CBD181A8D453000897F985252BF2" +
"9FEC0078BBCB8704E5856B8D46E10C4AB9B63B1A26F68C1B" +
"8F9EE48B1B73005ACCC330C4D20EE3479249FAF2CAD17B6C" +
"383330549C723C7695D6DF6170E56866FE4F598C8BF3F691" +
"04DD5C0CC1BD82FC398B1FA7AF4D5EB4EEC06652CE1DBECE" +
"2F1E47E966E60F45");
assert(key.getComponent(Key.EXPONENT).toString(HEX) == "010001");
var key = root.getPublicKey(key);
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);
var root = new X509("ecdsacert.cer");
var key = root.getPublicKey();
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);
assert(key.getSize() == 192);
assert(key.getComponent(Key.ECC_QX).toString(HEX) ==
"ED5A2BEB600D48E3B3301AE29DCCFA2A2AD85733AD5F09B0");
assert(key.getComponent(Key.ECC_QY).toString(HEX) ==
"6DC91E96758FA281D45787759FA5BEA1A4E2AD7564A062F4");
verify()
Prototype
Void verify(Key publicKey)
Description
Arguments
| Type | Name | Description |
|---|---|---|
Key | publicKey | Public key |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.INVALID_DATA | Invalid certificate structure |
| GPError | GPError.INVALID_MECH | Signature algorithm not supported or provider not found |
| GPError | GPError.CRYPTO_FAILED | Signature is not valid |
| GPError | GPError.INVALID_KEY | The key is invalid |
Example
var root = new X509("root.cer");
var ca = new X509("ca.cer");
var rootKey = root.getPublicKey();
root.verify(rootKey);
ca.verify(rootKey);
try {
var caKey = ca.getPublicKey();
ca.verify(caKey);
assert(false);
}
catch(e) {
assert(e instanceof GPError);
assert(e.error == GPError.CRYPTO_FAILED);
}
verifyWith()
Prototype
Void verifyWith(X509 superior)
Description
Verify if certificate was signed with private key related to superior certificateArguments
| Type | Name | Description |
|---|---|---|
X509 | superior | Certificate from which the public key will be extracted |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.INVALID_DATA | Invalid certificate structure |
| GPError | GPError.INVALID_MECH | Signature algorithm not supported or provider not found |
| GPError | GPError.CRYPTO_FAILED | Signature is not valid |
Example
root = new X509("root.cer");
ca = new X509("ca.cer");
root.verifyWith(root);
ca.verifyWith(root);
try {
ca.verifyWith(ca);
assert(false);
}
catch(e) {
assert(e instanceof GPError);
assert(e.error == GPError.CRYPTO_FAILED);
}
© Copyright 2003 - 2010 CardContact Software & System Consulting, Minden, Germany