SSE4E
GPError
GPSystem
ByteString
ByteBuffer
TLV
TLVList
Card
Atr
Key
Crypto
Application GPApplication GPSecDomain
ASN1
CardFile
IsoSecureChannel
ApplFactory
GPXML
JsScript
CardSim
X509
CRL
KeyStore
CMSSignedData
CMSGenerator
XMLSignature
OCSPQuery
LDAP
SOAP
URLConnection
PKCS11Provider
PKCS11Session
PKCS11Object
OutlineNode
OpenSCDP
X509 - Reference Documentation
Class implementing support for X509 certificates
This class provides a wrapper for java.security.cert.X509 objects. All methods from this Java class are available through the LiveConnect mechanism.
Index of Methods
- X509() constructor
- getNative()
- getBytes()
- getIssuerDNString()
- getSubjectDNString()
- getOCSPResponderURL()
- getPublicKey()
- verify()
- verifyWith()
Constructor
Prototype
X509(ByteString dercert)
X509(String certfile)
Description
Create certificate object from DER encoded certificate or read from fileArguments
| Type | Name | Description |
|---|---|---|
ByteString | dercert | DER encoded certificate |
String | certfile |
Filename of file containing DER encoded certificate Unless an absolute file name is given, the path is relative to the location of the script in which the constructor is called. |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.INVALID_DATA | The certificate has an invalid or unrecognized structure |
Example
root = new X509("root.cer");
print("Issuer : " + root.getIssuerDNString());
print("Subject : " + root.getSubjectDNString());
bs = new ByteString("\
MIIGGzCCBAOgAwIBAgIRAS31fRUU00bNe4A4sqZ44wQwDQYJKoZIhvcNAQEFBQAw \
VDESMBAGA1UEAwwJUm9vdC1DQSAxMTEwLwYDVQQKDChURVNUIC0gSGF1cHR2ZXJi \
YW5kIMO2c3RlcnIuIFNvemlhbHZlcnMuMQswCQYDVQQGEwJBVDAeFw0wNTA2MjMx \
NzI3MDJaFw0zMDA2MjMxNzI3MDJaMFYxFDASBgNVBAMMC1N5c3RlbSBDQSAxMTEw \
LwYDVQQKDChURVNUIC0gSGF1cHR2ZXJiYW5kIMO2c3RlcnIuIFNvemlhbHZlcnMu \
MQswCQYDVQQGEwJBVDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKWL \
/7+RLD7eqAiqbFtN/3sWgw5nfA3G6vYcVvV4CzXFlzJVk6xtiu/sYlSQK18tbyF4 \
7DfNuHANV24lutFOoGLuhJkSWbqONcNvplD7a+XIniAdSgSBxcJnXvZ4xJ+Bd5TH \
U4CXvcqDGpEaEAgnhpiVPoBMHK/r1eMrLsb9+HryCKBrC0dzVPPKX+HAz2wj757x \
KdlrBva7dFz5pbDDZmifmTko4fj4DQS5quu4MVq2vs1D9km2BZXCgU5Fo6OWoL0a \
U3B4amLzNA981E2niLovz+18DB340/PlgctE6FaM8XQv9Omoe/nUqImM/J+T8uIp \
kFCy+1cuhXGRpqRnHvEq88COsvDFI6vKfwd9Duko+IjUzpq3MIa2bXURBU3kDD79 \
sl1i1uy9Sx6YtwTZBoPIQZP+7WjlZnT4nBpJl2r0qKFKJH3nBJVntlzlSna1gc4u \
HZBkvrfDnLG/RGGBsiqkzdx0myM8mON/veLbY5Nd+SUBm1bWAw0BSbz+3jBtHQID \
AQABo4IBZDCCAWAwEwYDVR0jBAwwCoAIRtDR1WyRFs4wEQYDVR0OBAoECEvRRLys \
X0iFMA4GA1UdDwEB/wQEAwICBDAxBggrBgEFBQcBAQQlMCMwIQYIKwYBBQUHMAGG \
FWh0dHA6Ly8xNDkuMjM5LjE2LjIwOTCB3gYDVR0fBIHWMIHTMIHQoHOgcYZvbGRh \
cDovLzE0OS4yMzkuMTYuMjA5L289VEVTVCUyMC0lMjBIYXVwdHZlcmJhbmQlMjAl \
ZjZzdGVyci4lMjBTb3ppYWx2ZXJzLixjPUFUP2NlcnRpZmljYXRlUmV2b2NhdGlv \
bkxpc3Q7YmluYXJ5olmkVzBVMRMwEQYDVQQDDApDUkwtU2lnbmVyMTEwLwYDVQQK \
DChURVNUIC0gSGF1cHR2ZXJiYW5kIMO2c3RlcnIuIFNvemlhbHZlcnMuMQswCQYD \
VQQGEwJBVDASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEBBQUAA4ICAQAY \
P81wkoVpuE6Dtg72snt2KnwURfI1KAD+WgDBKLcSUD+uO2ks7CpRWaqD5WW47lQD \
KsGwLyRmwEfmNBPh15TMYkTvynUwD3WBaPPr59Hy7QrUcdRU511my0CnS3W+2L4a \
oLCuyRvlozuIhBHCfSKsYFZwHrT90J+B9NFnlWCGsxg0xsKpatcXsrMOQTlX3dOl \
5pu9KEoKlryZArD7UDBqMAqKQ9srx1a23AJKREFyJ6a4aW/voZvpoHMsQQPbm8xb \
vQPZaUUqY7R9g/9ZgVdeDrjEJU8qtptSL1ixVbvmpKM0g+G4tda83VfVY5qeto6E \
QLmst4yNA/uv5MxCtEu/DthxUScGkY1erV6LMb97u4m4mx87SxKPBhCdZx76BEgU \
t0bLFAlG63h1bZ3UFcoDR3PSjF1QwUPO6DroCMVpUYRGnli123KQ63lKCOxQqwl+ \
te7x3uEWKgN8FwUKCLYGnBIiBA2c7igRiyKaOon+43kYt+GAyBvOdH1n/EjHQVHE \
h3xwWNCsiAn6XFjlL61i0r5dshBl+rWWyUbNpHXqHuPnm8Zn37DXwmvxU9qdc0TA \
Y8M0uMYAw1rkDoo2zGb2nxAbmmp7L8J2cFE/6TJ6R7gdxY/0uwaIdRHBr844kscO \
i0dKmGsaCPxCVq5venNSatNMEvOgyEloLGqoq3S+xQ==", BASE64);
ca = new X509(bs);
print("Issuer : " + ca.getIssuerDNString());
print("Subject : " + ca.getSubjectDNString());
getNative()
Prototype
java.security.X509Certificate getNative()
Description
Return underlying native java.security.X509Certificate object. All methods of the Java object are available through the LiveConnect mechanism.
For methods with return type byte[], as ByteString object is created.
Return
java.security.X509Certificate | Native Java object |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
Example
var root = new X509("root.cer");
var ncert = root.getNative();
print("Version: " + ncert.getVersion());
getBytes()
Prototype
ByteString getBytes()
Description
Return certificate in encoded formatReturn
ByteString | Encoded certificate |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
Example
root = new X509("root.cer");
bs = root.getBytes();
root = new X509(bs);
print("Subject : " + root.getSubjectDNString());
getIssuerDNString()
Prototype
String getIssuerDNString()
Description
Return a string containing the Issuer Distinguished Name in a human readable form.Return
String | String containing the Issuer DN |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
Example
root = new X509("root.cer");
dn = root.getIssuerDNString();
assert(dn);
print("Issuer : " + dn);
getSubjectDNString()
Prototype
String getSubjectDNString()
Description
Return a string containing the Subject Distinguished Name in a human readable form.Return
String | String containing the Subject DN |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
Example
root = new X509("root.cer");
var dn = root.getSubjectDNString();
assert(dn);
print("Subject : " + dn);
getOCSPResponderURL()
Prototype
String getOCSPResponderURL()
Description
Return a string containing the URL of the OCSP responder for this certificate.Return
String | String containing the OCSP Responder URL |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
Example
root = new X509("root.cer");
url = root.getOCSPResponderURL();
assert(url);
print("OCSP Responder URL : " + url);
getPublicKey()
Prototype
Key getPublicKey()
Key getPublicKey(Key template)
Description
Extract public key from certificate.
If no template is given, then a new Key object is created. If the key template is provided, then it will be filled with the appropriate values.
Return
Key | New key object or object provided as template. |
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.INVALID_KEY | The key could not be extracted from the certificate |
Example
var root = new X509("root.cer");
var key = root.getPublicKey();
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);
assert(key.getSize() == 4096);
assert(key.getComponent(Key.MODULUS).toString(HEX) ==
"D0FC391648CD018C07FD9A9EFCBB0BC88C6D6A72575C48626A632BAE0E6E8091B22CDEFD952BA19E4AF06B2380C3DCE1" +
"0678FBDD408B7E2E9D8341760079761161C42A0917143E26A787B74426CEC430A55E71DEDB391A501696DF116E21D270" +
"6F0B88CC4AEEA2EC5E8032F5E9FA45B6A4DB51346FAC26AFFCB694A6067C0D2F2C9488489BEA5ED0D18B0ABC98A526B2" +
"62CDE334873AEC73CF57570A8508BCABE224ED97D84F81B6FF8F1639E8245FDF143664FACF301DB53640262B9F79FFAD" +
"12619EAA5A54473D82E8EF876270DAAA5CD57D8557CAA23C64C1FCB508E11261EA65DF4667FD168E797D6B7FC01E668A" +
"3172F906D5A8E45CEB9A7FB8C34FF44230F6DB6CD7415D529879447908E13E09A5EC323C4C6E0F9FCF3B0E426C76C140" +
"0B3AE3945D03DF7037697FC47B944B7DF1D5DFD18F6005790CCB8B82F1D4061F0C837959CF0F091BF072F6F8CA552DFD" +
"CF5D998B020025C986BA8934F7B5BC277F12313CE2BA533C84285F95C7ED028D5A4D0CEECE2708AE1C024D27C26627B2" +
"F413D9B83C6C82381FD1CBD181A8D453000897F985252BF29FEC0078BBCB8704E5856B8D46E10C4AB9B63B1A26F68C1B" +
"8F9EE48B1B73005ACCC330C4D20EE3479249FAF2CAD17B6C383330549C723C7695D6DF6170E56866FE4F598C8BF3F691" +
"04DD5C0CC1BD82FC398B1FA7AF4D5EB4EEC06652CE1DBECE2F1E47E966E60F45");
assert(key.getComponent(Key.EXPONENT).toString(HEX) == "010001");
var key = root.getPublicKey(key);
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);
var root = new X509("ecdsacert.cer");
var key = root.getPublicKey();
assert(key instanceof Key);
assert(key.getType() == Key.PUBLIC);
assert(key.getSize() == 192);
assert(key.getComponent(Key.ECC_QX).toString(HEX) == "ED5A2BEB600D48E3B3301AE29DCCFA2A2AD85733AD5F09B0");
assert(key.getComponent(Key.ECC_QY).toString(HEX) == "6DC91E96758FA281D45787759FA5BEA1A4E2AD7564A062F4");
verify()
Prototype
Void verify(Key publicKey)
Description
Arguments
| Type | Name | Description |
|---|---|---|
Key | publicKey | Public key |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.INVALID_DATA | Invalid certificate structure |
| GPError | GPError.INVALID_MECH | Signature algorithm not supported or provider not found |
| GPError | GPError.CRYPTO_FAILED | Signature is not valid |
| GPError | GPError.INVALID_KEY | The key is invalid |
Example
var root = new X509("root.cer");
var ca = new X509("ca.cer");
var rootKey = root.getPublicKey();
root.verify(rootKey);
ca.verify(rootKey);
try {
var caKey = ca.getPublicKey();
ca.verify(caKey);
assert(false);
}
catch(e) {
assert(e instanceof GPError);
assert(e.error == GPError.CRYPTO_FAILED);
}
verifyWith()
Prototype
Void verifyWith(X509 superior)
Description
Verify if certificate was signed with private key related to superior certificateArguments
| Type | Name | Description |
|---|---|---|
X509 | superior | Certificate from which the public key will be extracted |
Return
|
Exceptions
| Name | Value | Description |
|---|---|---|
| GPError | GPError.ARGUMENTS_MISSING | Too few arguments in call |
| GPError | GPError.INVALID_ARGUMENTS | Too many arguments in call |
| GPError | GPError.INVALID_TYPE | Type of argument is invalid for call |
| GPError | GPError.INVALID_DATA | Invalid certificate structure |
| GPError | GPError.INVALID_MECH | Signature algorithm not supported or provider not found |
| GPError | GPError.CRYPTO_FAILED | Signature is not valid |
Example
root = new X509("root.cer");
ca = new X509("ca.cer");
root.verifyWith(root);
ca.verifyWith(root);
try {
ca.verifyWith(ca);
assert(false);
}
catch(e) {
assert(e instanceof GPError);
assert(e.error == GPError.CRYPTO_FAILED);
}
© Copyright 2003 - 2010 CardContact Software & System Consulting, Minden, Germany