X509 - Reference Documentation
Class implementing support for X509 certificates
This class provides a wrapper for java.security.cert.X509 objects. All methods
from this Java class are available through the LiveConnect mechanism.
Index of Methods
Constructor
Prototype
X509(ByteString dercert)
X509(String certfile)
Description
Create certificate object from DER encoded certificate or read from file
Arguments
Type |
Name |
Description |
ByteString
|
dercert |
DER encoded certificate |
String
|
certfile |
Filename of file containing DER encoded certificate
Unless an absolute file name is given, the path is relative to the location of the
script in which the constructor is called.
|
Exceptions
Name |
Value |
Description |
GPError |
GPError.ARGUMENTS_MISSING |
Too few arguments in call |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
Type of argument is invalid for call |
GPError |
GPError.INVALID_DATA |
The certificate has an invalid or unrecognized structure |
Example
root = new X509("root.cer");
print("Issuer : " + root.getIssuerDNString());
print("Subject : " + root.getSubjectDNString());
bs = new ByteString("\
MIIGGzCCBAOgAwIBAgIRAS31fRUU00bNe4A4sqZ44wQwDQYJKoZIhvcNAQEFBQAw \
VDESMBAGA1UEAwwJUm9vdC1DQSAxMTEwLwYDVQQKDChURVNUIC0gSGF1cHR2ZXJi \
YW5kIMO2c3RlcnIuIFNvemlhbHZlcnMuMQswCQYDVQQGEwJBVDAeFw0wNTA2MjMx \
NzI3MDJaFw0zMDA2MjMxNzI3MDJaMFYxFDASBgNVBAMMC1N5c3RlbSBDQSAxMTEw \
LwYDVQQKDChURVNUIC0gSGF1cHR2ZXJiYW5kIMO2c3RlcnIuIFNvemlhbHZlcnMu \
MQswCQYDVQQGEwJBVDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKWL \
/7+RLD7eqAiqbFtN/3sWgw5nfA3G6vYcVvV4CzXFlzJVk6xtiu/sYlSQK18tbyF4 \
7DfNuHANV24lutFOoGLuhJkSWbqONcNvplD7a+XIniAdSgSBxcJnXvZ4xJ+Bd5TH \
U4CXvcqDGpEaEAgnhpiVPoBMHK/r1eMrLsb9+HryCKBrC0dzVPPKX+HAz2wj757x \
KdlrBva7dFz5pbDDZmifmTko4fj4DQS5quu4MVq2vs1D9km2BZXCgU5Fo6OWoL0a \
U3B4amLzNA981E2niLovz+18DB340/PlgctE6FaM8XQv9Omoe/nUqImM/J+T8uIp \
kFCy+1cuhXGRpqRnHvEq88COsvDFI6vKfwd9Duko+IjUzpq3MIa2bXURBU3kDD79 \
sl1i1uy9Sx6YtwTZBoPIQZP+7WjlZnT4nBpJl2r0qKFKJH3nBJVntlzlSna1gc4u \
HZBkvrfDnLG/RGGBsiqkzdx0myM8mON/veLbY5Nd+SUBm1bWAw0BSbz+3jBtHQID \
AQABo4IBZDCCAWAwEwYDVR0jBAwwCoAIRtDR1WyRFs4wEQYDVR0OBAoECEvRRLys \
X0iFMA4GA1UdDwEB/wQEAwICBDAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGG \
FWh0dHA6Ly8xNDkuMjM5LjE2LjIwOTCB3gYDVR0fBIHWMIHTMIHQoHOgcYZvbGRh \
cDovLzE0OS4yMzkuMTYuMjA5L289VEVTVCUyMC0lMjBIYXVwdHZlcmJhbmQlMjAl \
ZjZzdGVyci4lMjBTb3ppYWx2ZXJzLixjPUFUP2NlcnRpZmljYXRlUmV2b2NhdGlv \
bkxpc3Q7YmluYXJ5olmkVzBVMRMwEQYDVQQDDApDUkwtU2lnbmVyMTEwLwYDVQQK \
DChURVNUIC0gSGF1cHR2ZXJiYW5kIMO2c3RlcnIuIFNvemlhbHZlcnMuMQswCQYD \
VQQGEwJBVDASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4ICAQAY \
P81wkoVpuE6Dtg72snt2KnwURfI1KAD+WgDBKLcSUD+uO2ks7CpRWaqD5WW47lQD \
KsGwLyRmwEfmNBPh15TMYkTvynUwD3WBaPPr59Hy7QrUcdRU511my0CnS3W+2L4a \
oLCuyRvlozuIhBHCfSKsYFZwHrT90J+B9NFnlWCGsxg0xsKpatcXsrMOQTlX3dOl \
5pu9KEoKlryZArD7UDBqMAqKQ9srx1a23AJKREFyJ6a4aW/voZvpoHMsQQPbm8xb \
vQPZaUUqY7R9g/9ZgVdeDrjEJU8qtptSL1ixVbvmpKM0g+G4tda83VfVY5qeto6E \
QLmst4yNA/uv5MxCtEu/DthxUScGkY1erV6LMb97u4m4mx87SxKPBhCdZx76BEgU \
t0bLFAlG63h1bZ3UFcoDR3PSjF1QwUPO6DroCMVpUYRGnli123KQ63lKCOxQqwl+ \
te7x3uEWKgN8FwUKCLYGnBIiBA2c7igRiyKaOon+43kYt+GAyBvOdH1n/EjHQVHE \
h3xwWNCsiAn6XFjlL61i0r5dshBl+rWWyUbNpHXqHuPnm8Zn37DXwmvxU9qdc0TA \
Y8M0uMYAw1rkDoo2zGb2nxAbmmp7L8J2cFE/6TJ6R7gdxY/0uwaIdRHBr844kscO \
i0dKmGsaCPxCVq5venNSatNMEvOgyEloLGqoq3S+xQ==", BASE64);
ca = new X509(bs);
print("Issuer : " + ca.getIssuerDNString());
print("Subject : " + ca.getSubjectDNString());
getNative()
Prototype
java.security.X509Certificate getNative()
Description
Return underlying native java.security.X509Certificate object. All methods of the
Java object are available through the LiveConnect mechanism.
For methods with return type byte[], as ByteString object is created.
Return
java.security.X509Certificate
|
Native Java object |
Exceptions
Name |
Value |
Description |
GPError |
GPError.ARGUMENTS_MISSING |
Too few arguments in call |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
Type of argument is invalid for call |
Example
var root = new X509("root.cer");
var ncert = root.getNative();
print("Version: " + ncert.getVersion());
getBytes()
Prototype
ByteString getBytes()
Description
Return certificate in encoded format
Return
ByteString
|
Encoded certificate |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
Example
root = new X509("root.cer");
bs = root.getBytes();
root = new X509(bs);
print("Subject : " + root.getSubjectDNString());
getSerialNumber()
Prototype
ByteString getSerialNumber()
Description
Return the serial number.
Return
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
Example
root = new X509("root.cer");
serial = root.getSerialNumber();
print("Serial number : " + serial);
getSerialNumberString()
Prototype
String getSerialNumberString()
Description
Return the serial number as decimal strin.
Return
String
|
Serial number as decimal string |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
Example
root = new X509("root.cer");
serial = root.getSerialNumberString();
print("Serial number : " + serial);
getSubjectKeyIdentifier()
Prototype
ByteString getSubjectKeyIdentifier()
Description
Return the RFC 5280 type 1 unique identifier for the subject's public key (SHA-1 of encoded public key).
Return
ByteString
|
SubjectPublicKey value from extension or null if not defined |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
Example
root = new X509("ca.cer");
spkid = root.getSubjectKeyIdentifier();
print("SubjectPublicKeyIdentifier : " + spkid);
assert((new ByteString("44 2A FB B6 64 C5 38 0F", HEX)).equals(spkid));
getAuthorityKeyIdentifier()
Prototype
ByteString getAuthorityKeyIdentifier()
Description
Return the unique identifier for the issuer's public key.
Return
ByteString
|
AuthorityPublicKey value from extension or null if not defined |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
Example
root = new X509("ca.cer");
apkid = root.getAuthorityKeyIdentifier();
print("AuthorityPublicKeyIdentifier : " + apkid);
getNotBefore()
Prototype
Date getNotBefore()
Description
Return the time from which on the certificate is valid.
Return
Date
|
The effective date of the certificate |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
Example
cert = new X509("ca.cer");
print(cert);
print("Not before : " + cert.getNotBefore());
getNotAfter()
Prototype
Date getNotAfter()
Description
Return the time from which on the certificate is expired.
Return
Date
|
The expiration date of the certificate |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
Example
cert = new X509("ca.cer");
print("Not after : " + cert.getNotAfter());
getIssuerDNString()
Prototype
String getIssuerDNString()
Description
Return a string containing the Issuer Distinguished Name in a human readable form.
Return
String
|
String containing the Issuer DN |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
Example
root = new X509("root.cer");
dn = root.getIssuerDNString();
assert(dn);
print("Issuer : " + dn);
getSubjectDNString()
Prototype
String getSubjectDNString()
Description
Return a string containing the Subject Distinguished Name in a human readable form.
Return
String
|
String containing the Subject DN |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
Example
root = new X509("root.cer");
var dn = root.getSubjectDNString();
assert(dn);
print("Subject : " + dn);
getOCSPResponderURL()
Prototype
String getOCSPResponderURL()
Description
Return a string containing the URL of the OCSP responder for this certificate.
Return
String
|
String containing the OCSP Responder URL |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
Example
root = new X509("root.cer");
url = root.getOCSPResponderURL();
assert(url);
print("OCSP Responder URL : " + url);
getPublicKey()
Prototype
Key getPublicKey()
Key getPublicKey(Key template)
Description
Extract public key from certificate.
If no template is given, then a new Key object is created. If the key template
is provided, then it will be filled with the appropriate values.
Return
Key
|
New key object or object provided as template. |
Exceptions
Name |
Value |
Description |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
Type of argument is invalid for call |
GPError |
GPError.INVALID_KEY |
The key could not be extracted from the certificate |
Example
var root = new X509("root.cer");
var key = root.getPublicKey();
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);
assert(key.getSize() == 4096);
assert(key.getComponent(Key.MODULUS).toString(HEX) ==
"D0FC391648CD018C07FD9A9EFCBB0BC88C6D6A72575C4862" +
"6A632BAE0E6E8091B22CDEFD952BA19E4AF06B2380C3DCE1" +
"0678FBDD408B7E2E9D8341760079761161C42A0917143E26" +
"A787B74426CEC430A55E71DEDB391A501696DF116E21D270" +
"6F0B88CC4AEEA2EC5E8032F5E9FA45B6A4DB51346FAC26AF" +
"FCB694A6067C0D2F2C9488489BEA5ED0D18B0ABC98A526B2" +
"62CDE334873AEC73CF57570A8508BCABE224ED97D84F81B6" +
"FF8F1639E8245FDF143664FACF301DB53640262B9F79FFAD" +
"12619EAA5A54473D82E8EF876270DAAA5CD57D8557CAA23C" +
"64C1FCB508E11261EA65DF4667FD168E797D6B7FC01E668A" +
"3172F906D5A8E45CEB9A7FB8C34FF44230F6DB6CD7415D52" +
"9879447908E13E09A5EC323C4C6E0F9FCF3B0E426C76C140" +
"0B3AE3945D03DF7037697FC47B944B7DF1D5DFD18F600579" +
"0CCB8B82F1D4061F0C837959CF0F091BF072F6F8CA552DFD" +
"CF5D998B020025C986BA8934F7B5BC277F12313CE2BA533C" +
"84285F95C7ED028D5A4D0CEECE2708AE1C024D27C26627B2" +
"F413D9B83C6C82381FD1CBD181A8D453000897F985252BF2" +
"9FEC0078BBCB8704E5856B8D46E10C4AB9B63B1A26F68C1B" +
"8F9EE48B1B73005ACCC330C4D20EE3479249FAF2CAD17B6C" +
"383330549C723C7695D6DF6170E56866FE4F598C8BF3F691" +
"04DD5C0CC1BD82FC398B1FA7AF4D5EB4EEC06652CE1DBECE" +
"2F1E47E966E60F45");
assert(key.getComponent(Key.EXPONENT).toString(HEX) == "010001");
var key = root.getPublicKey(key);
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);
var root = new X509("ecdsacert.cer");
var key = root.getPublicKey();
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);
assert(key.getSize() == 192);
assert(key.getComponent(Key.ECC_QX).toString(HEX) ==
"ED5A2BEB600D48E3B3301AE29DCCFA2A2AD85733AD5F09B0");
assert(key.getComponent(Key.ECC_QY).toString(HEX) ==
"6DC91E96758FA281D45787759FA5BEA1A4E2AD7564A062F4");
verify()
Prototype
Void verify(Key publicKey)
Description
Arguments
Type |
Name |
Description |
Key
|
publicKey |
Public key |
Return
Exceptions
Name |
Value |
Description |
GPError |
GPError.ARGUMENTS_MISSING |
Too few arguments in call |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
Type of argument is invalid for call |
GPError |
GPError.INVALID_DATA |
Invalid certificate structure |
GPError |
GPError.INVALID_MECH |
Signature algorithm not supported or provider not found |
GPError |
GPError.CRYPTO_FAILED |
Signature is not valid |
GPError |
GPError.INVALID_KEY |
The key is invalid |
Example
var root = new X509("root.cer");
var ca = new X509("ca.cer");
var rootKey = root.getPublicKey();
root.verify(rootKey);
ca.verify(rootKey);
try {
var caKey = ca.getPublicKey();
ca.verify(caKey);
assert(false);
}
catch(e) {
assert(e instanceof GPError);
assert(e.error == GPError.CRYPTO_FAILED);
}
verifyWith()
Prototype
Void verifyWith(X509 superior)
Description
Verify if certificate was signed with private key related to superior certificate
Arguments
Type |
Name |
Description |
X509
|
superior |
Certificate from which the public key will be extracted |
Return
Exceptions
Name |
Value |
Description |
GPError |
GPError.ARGUMENTS_MISSING |
Too few arguments in call |
GPError |
GPError.INVALID_ARGUMENTS |
Too many arguments in call |
GPError |
GPError.INVALID_TYPE |
Type of argument is invalid for call |
GPError |
GPError.INVALID_DATA |
Invalid certificate structure |
GPError |
GPError.INVALID_MECH |
Signature algorithm not supported or provider not found |
GPError |
GPError.CRYPTO_FAILED |
Signature is not valid |
Example
root = new X509("root.cer");
ca = new X509("ca.cer");
root.verifyWith(root);
ca.verifyWith(root);
try {
ca.verifyWith(ca);
assert(false);
}
catch(e) {
assert(e instanceof GPError);
assert(e.error == GPError.CRYPTO_FAILED);
}
© Copyright 2003 - 2024 CardContact Systems GmbH
, Minden, Germany