Scripting Server

X509 - Reference Documentation

Class implementing support for X509 certificates

This class provides a wrapper for java.security.cert.X509 objects. All methods from this Java class are available through the LiveConnect mechanism.

Index of Methods

Constructor

Prototype

X509(ByteString dercert)

X509(String certfile)

Description

Create certificate object from DER encoded certificate or read from file

Arguments

Type Name Description
ByteString dercert DER encoded certificate
String certfile

Filename of file containing DER encoded certificate

Unless an absolute file name is given, the path is relative to the location of the script in which the constructor is called.

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call
GPError GPError.INVALID_DATA The certificate has an invalid or unrecognized structure

Example


root = new X509("root.cer");

print("Issuer  : " + root.getIssuerDNString());
print("Subject : " + root.getSubjectDNString());

bs = new ByteString("\
MIIGGzCCBAOgAwIBAgIRAS31fRUU00bNe4A4sqZ44wQwDQYJKoZIhvcNAQEFBQAw \
VDESMBAGA1UEAwwJUm9vdC1DQSAxMTEwLwYDVQQKDChURVNUIC0gSGF1cHR2ZXJi \
YW5kIMO2c3RlcnIuIFNvemlhbHZlcnMuMQswCQYDVQQGEwJBVDAeFw0wNTA2MjMx \
NzI3MDJaFw0zMDA2MjMxNzI3MDJaMFYxFDASBgNVBAMMC1N5c3RlbSBDQSAxMTEw \
LwYDVQQKDChURVNUIC0gSGF1cHR2ZXJiYW5kIMO2c3RlcnIuIFNvemlhbHZlcnMu \
MQswCQYDVQQGEwJBVDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKWL \
/7+RLD7eqAiqbFtN/3sWgw5nfA3G6vYcVvV4CzXFlzJVk6xtiu/sYlSQK18tbyF4 \
7DfNuHANV24lutFOoGLuhJkSWbqONcNvplD7a+XIniAdSgSBxcJnXvZ4xJ+Bd5TH \
U4CXvcqDGpEaEAgnhpiVPoBMHK/r1eMrLsb9+HryCKBrC0dzVPPKX+HAz2wj757x \
KdlrBva7dFz5pbDDZmifmTko4fj4DQS5quu4MVq2vs1D9km2BZXCgU5Fo6OWoL0a \
U3B4amLzNA981E2niLovz+18DB340/PlgctE6FaM8XQv9Omoe/nUqImM/J+T8uIp \
kFCy+1cuhXGRpqRnHvEq88COsvDFI6vKfwd9Duko+IjUzpq3MIa2bXURBU3kDD79 \
sl1i1uy9Sx6YtwTZBoPIQZP+7WjlZnT4nBpJl2r0qKFKJH3nBJVntlzlSna1gc4u \
HZBkvrfDnLG/RGGBsiqkzdx0myM8mON/veLbY5Nd+SUBm1bWAw0BSbz+3jBtHQID \
AQABo4IBZDCCAWAwEwYDVR0jBAwwCoAIRtDR1WyRFs4wEQYDVR0OBAoECEvRRLys \
X0iFMA4GA1UdDwEB/wQEAwICBDAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGG \
FWh0dHA6Ly8xNDkuMjM5LjE2LjIwOTCB3gYDVR0fBIHWMIHTMIHQoHOgcYZvbGRh \
cDovLzE0OS4yMzkuMTYuMjA5L289VEVTVCUyMC0lMjBIYXVwdHZlcmJhbmQlMjAl \
ZjZzdGVyci4lMjBTb3ppYWx2ZXJzLixjPUFUP2NlcnRpZmljYXRlUmV2b2NhdGlv \
bkxpc3Q7YmluYXJ5olmkVzBVMRMwEQYDVQQDDApDUkwtU2lnbmVyMTEwLwYDVQQK \
DChURVNUIC0gSGF1cHR2ZXJiYW5kIMO2c3RlcnIuIFNvemlhbHZlcnMuMQswCQYD \
VQQGEwJBVDASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4ICAQAY \
P81wkoVpuE6Dtg72snt2KnwURfI1KAD+WgDBKLcSUD+uO2ks7CpRWaqD5WW47lQD \
KsGwLyRmwEfmNBPh15TMYkTvynUwD3WBaPPr59Hy7QrUcdRU511my0CnS3W+2L4a \
oLCuyRvlozuIhBHCfSKsYFZwHrT90J+B9NFnlWCGsxg0xsKpatcXsrMOQTlX3dOl \
5pu9KEoKlryZArD7UDBqMAqKQ9srx1a23AJKREFyJ6a4aW/voZvpoHMsQQPbm8xb \
vQPZaUUqY7R9g/9ZgVdeDrjEJU8qtptSL1ixVbvmpKM0g+G4tda83VfVY5qeto6E \
QLmst4yNA/uv5MxCtEu/DthxUScGkY1erV6LMb97u4m4mx87SxKPBhCdZx76BEgU \
t0bLFAlG63h1bZ3UFcoDR3PSjF1QwUPO6DroCMVpUYRGnli123KQ63lKCOxQqwl+ \
te7x3uEWKgN8FwUKCLYGnBIiBA2c7igRiyKaOon+43kYt+GAyBvOdH1n/EjHQVHE \
h3xwWNCsiAn6XFjlL61i0r5dshBl+rWWyUbNpHXqHuPnm8Zn37DXwmvxU9qdc0TA \
Y8M0uMYAw1rkDoo2zGb2nxAbmmp7L8J2cFE/6TJ6R7gdxY/0uwaIdRHBr844kscO \
i0dKmGsaCPxCVq5venNSatNMEvOgyEloLGqoq3S+xQ==", BASE64);

ca = new X509(bs);

print("Issuer  : " + ca.getIssuerDNString());
print("Subject : " + ca.getSubjectDNString());

getNative()

Prototype

java.security.X509Certificate getNative()

Description

Return underlying native java.security.X509Certificate object. All methods of the Java object are available through the LiveConnect mechanism.

For methods with return type byte[], as ByteString object is created.

Return

java.security.X509Certificate Native Java object

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call

Example


var root = new X509("root.cer");
var ncert = root.getNative();
print("Version: " + ncert.getVersion());

getBytes()

Prototype

ByteString getBytes()

Description

Return certificate in encoded format

Return

ByteString Encoded certificate

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


root = new X509("root.cer");
bs = root.getBytes();
root = new X509(bs);

print("Subject : " + root.getSubjectDNString());

getSerialNumber()

Prototype

ByteString getSerialNumber()

Description

Return the serial number.

Return

ByteString serial number

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


root = new X509("root.cer");

serial = root.getSerialNumber();

print("Serial number  : " + serial);

getSerialNumberString()

Prototype

String getSerialNumberString()

Description

Return the serial number as decimal strin.

Return

String Serial number as decimal string

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


root = new X509("root.cer");

serial = root.getSerialNumberString();

print("Serial number  : " + serial);

getSubjectKeyIdentifier()

Prototype

ByteString getSubjectKeyIdentifier()

Description

Return the RFC 5280 type 1 unique identifier for the subject's public key (SHA-1 of encoded public key).

Return

ByteString SubjectPublicKey value from extension or null if not defined

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


root = new X509("ca.cer");

spkid = root.getSubjectKeyIdentifier();

print("SubjectPublicKeyIdentifier : " + spkid);

assert((new ByteString("44 2A FB B6 64 C5 38 0F", HEX)).equals(spkid));

getAuthorityKeyIdentifier()

Prototype

ByteString getAuthorityKeyIdentifier()

Description

Return the unique identifier for the issuer's public key.

Return

ByteString AuthorityPublicKey value from extension or null if not defined

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


root = new X509("ca.cer");

apkid = root.getAuthorityKeyIdentifier();

print("AuthorityPublicKeyIdentifier : " + apkid);

getNotBefore()

Prototype

Date getNotBefore()

Description

Return the time from which on the certificate is valid.

Return

Date The effective date of the certificate

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


cert = new X509("ca.cer");
print(cert);
print("Not before : " + cert.getNotBefore());

getNotAfter()

Prototype

Date getNotAfter()

Description

Return the time from which on the certificate is expired.

Return

Date The expiration date of the certificate

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


cert = new X509("ca.cer");

print("Not after : " + cert.getNotAfter());

getIssuerDNString()

Prototype

String getIssuerDNString()

Description

Return a string containing the Issuer Distinguished Name in a human readable form.

Return

String String containing the Issuer DN

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


root = new X509("root.cer");

dn = root.getIssuerDNString();
assert(dn);

print("Issuer  : " + dn);

getSubjectDNString()

Prototype

String getSubjectDNString()

Description

Return a string containing the Subject Distinguished Name in a human readable form.

Return

String String containing the Subject DN

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


root = new X509("root.cer");

var dn = root.getSubjectDNString();
assert(dn);

print("Subject : " + dn);

getOCSPResponderURL()

Prototype

String getOCSPResponderURL()

Description

Return a string containing the URL of the OCSP responder for this certificate.

Return

String String containing the OCSP Responder URL

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call

Example


root = new X509("root.cer");

url = root.getOCSPResponderURL();
assert(url);

print("OCSP Responder URL : " + url);

getPublicKey()

Prototype

Key getPublicKey()

Key getPublicKey(Key template)

Description

Extract public key from certificate.

If no template is given, then a new Key object is created. If the key template is provided, then it will be filled with the appropriate values.

Return

Key New key object or object provided as template.

Exceptions

Name Value Description
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call
GPError GPError.INVALID_KEY The key could not be extracted from the certificate

Example


var root = new X509("root.cer");

var key = root.getPublicKey();
assert(key instanceof Key);

assert(key.getType() == Key.PUBLIC);
assert(key.getSize() == 4096);
assert(key.getComponent(Key.MODULUS).toString(HEX) ==
	"D0FC391648CD018C07FD9A9EFCBB0BC88C6D6A72575C4862" +
	"6A632BAE0E6E8091B22CDEFD952BA19E4AF06B2380C3DCE1" +
	"0678FBDD408B7E2E9D8341760079761161C42A0917143E26" +
	"A787B74426CEC430A55E71DEDB391A501696DF116E21D270" +
	"6F0B88CC4AEEA2EC5E8032F5E9FA45B6A4DB51346FAC26AF" +
	"FCB694A6067C0D2F2C9488489BEA5ED0D18B0ABC98A526B2" +
	"62CDE334873AEC73CF57570A8508BCABE224ED97D84F81B6" +
	"FF8F1639E8245FDF143664FACF301DB53640262B9F79FFAD" +
	"12619EAA5A54473D82E8EF876270DAAA5CD57D8557CAA23C" +
	"64C1FCB508E11261EA65DF4667FD168E797D6B7FC01E668A" +
	"3172F906D5A8E45CEB9A7FB8C34FF44230F6DB6CD7415D52" +
	"9879447908E13E09A5EC323C4C6E0F9FCF3B0E426C76C140" +
	"0B3AE3945D03DF7037697FC47B944B7DF1D5DFD18F600579" +
	"0CCB8B82F1D4061F0C837959CF0F091BF072F6F8CA552DFD" +
	"CF5D998B020025C986BA8934F7B5BC277F12313CE2BA533C" +
	"84285F95C7ED028D5A4D0CEECE2708AE1C024D27C26627B2" +
	"F413D9B83C6C82381FD1CBD181A8D453000897F985252BF2" +
	"9FEC0078BBCB8704E5856B8D46E10C4AB9B63B1A26F68C1B" +
	"8F9EE48B1B73005ACCC330C4D20EE3479249FAF2CAD17B6C" +
	"383330549C723C7695D6DF6170E56866FE4F598C8BF3F691" +
	"04DD5C0CC1BD82FC398B1FA7AF4D5EB4EEC06652CE1DBECE" +
	"2F1E47E966E60F45");
assert(key.getComponent(Key.EXPONENT).toString(HEX) == "010001");


var key = root.getPublicKey(key);
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);

var root = new X509("ecdsacert.cer");
var key = root.getPublicKey();
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);
assert(key.getSize() == 192);
assert(key.getComponent(Key.ECC_QX).toString(HEX) ==
            "ED5A2BEB600D48E3B3301AE29DCCFA2A2AD85733AD5F09B0");
assert(key.getComponent(Key.ECC_QY).toString(HEX) ==
            "6DC91E96758FA281D45787759FA5BEA1A4E2AD7564A062F4");

verify()

Prototype

Void verify(Key publicKey)

Description

Arguments

Type Name Description
Key publicKey Public key

Return

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call
GPError GPError.INVALID_DATA Invalid certificate structure
GPError GPError.INVALID_MECH Signature algorithm not supported or provider not found
GPError GPError.CRYPTO_FAILED Signature is not valid
GPError GPError.INVALID_KEY The key is invalid

Example


var root = new X509("root.cer");
var ca = new X509("ca.cer");

var rootKey = root.getPublicKey();
root.verify(rootKey);
ca.verify(rootKey);

try	{
	var caKey = ca.getPublicKey();
	ca.verify(caKey);
	assert(false);
}
catch(e) {
	assert(e instanceof GPError);
	assert(e.error == GPError.CRYPTO_FAILED);
}

verifyWith()

Prototype

Void verifyWith(X509 superior)

Description

Verify if certificate was signed with private key related to superior certificate

Arguments

Type Name Description
X509 superior Certificate from which the public key will be extracted

Return

Exceptions

Name Value Description
GPError GPError.ARGUMENTS_MISSING Too few arguments in call
GPError GPError.INVALID_ARGUMENTS Too many arguments in call
GPError GPError.INVALID_TYPE Type of argument is invalid for call
GPError GPError.INVALID_DATA Invalid certificate structure
GPError GPError.INVALID_MECH Signature algorithm not supported or provider not found
GPError GPError.CRYPTO_FAILED Signature is not valid

Example


root = new X509("root.cer");
ca = new X509("ca.cer");
root.verifyWith(root);
ca.verifyWith(root);

try	{
	ca.verifyWith(ca);
	assert(false);
}
catch(e) {
	assert(e instanceof GPError);
	assert(e.error == GPError.CRYPTO_FAILED);
}