public class

X509Certificate

extends Object
implements AutoCloseable
java.lang.Object
   ↳ com.pdftron.crypto.X509Certificate

Class Overview

This class represents an X509 public-key certificate, as specified in RFC 5280.

Summary

Public Constructors
X509Certificate(long impl_ptr)
X509Certificate(String in_certificate_path)
Constructor from filepath.
X509Certificate(byte[] in_cert_buf)
Constructor from buffer.
Public Methods
long __GetHandle()
void close()
Frees the native memory of the object.
void destroy()
Frees the native memory of the object.
byte[] getData()
Retrieves the certificate as binary DER-encoded data.
X509Extension[] getExtensions()
Retrieves all extensions (as first specified in V3 of X509, see RFC 5280) from the certificate.
String getFingerprint()
Retrieves, in a string, a text representation of a cryptographically-secure digest of the certificate that can be used to identify it uniquely.
String getFingerprint(DigestAlgorithm in_digest_algorithm)
Retrieves, in a string, a text representation of a cryptographically-secure digest of the certificate that can be used to identify it uniquely.
X501DistinguishedName getIssuerField()
Retrieves the names of the certificate issuer as a map of OIDs (i.e.
long getNotAfterEpochTime()
Retrieves the notAfter time from the certificate's Validity entry in the form of an integral value representing an epoch time.
long getNotBeforeEpochTime()
Retrieves the notBefore time from the certificate's Validity entry in the form of an integral value representing an epoch time.
int getRawX509VersionNumber()
Retrieves the version number representing which version of X509 the certificate corresponds to, from the certificate.
byte[] getSerialNumber()
Retrieves the serialNumber entry from the certificate.
X501DistinguishedName getSubjectField()
Retrieves the names of the certificate subject as a map of OIDs (i.e.
String toString()
Returns a string representation of the certificate.
[Expand]
Inherited Methods
From class java.lang.Object
From interface java.lang.AutoCloseable

Public Constructors

public X509Certificate (long impl_ptr)

public X509Certificate (String in_certificate_path)

Constructor from filepath. The input must be in DER, BER, or PEM encoding. The certificate must be in X.509 format.

Parameters
in_certificate_path -- the path to the file containing the certificate

public X509Certificate (byte[] in_cert_buf)

Constructor from buffer. The input must be in DER, BER, or PEM encoding. The certificate must be in X.509 format.

Parameters
in_cert_buf -- a buffer containing the certificate

Public Methods

public long __GetHandle ()

public void close ()

Frees the native memory of the object. This can be explicity called to control the deallocation of native memory and avoid situations where the garbage collector does not free the object in a timely manner.

public void destroy ()

Frees the native memory of the object. This can be explicity called to control the deallocation of native memory and avoid situations where the garbage collector does not free the object in a timely manner.

public byte[] getData ()

Retrieves the certificate as binary DER-encoded data. (DER is short for Distinguished Encoding Rules.).

Returns
  • a container of bytes representing the certificate, encoded as binary DER

public X509Extension[] getExtensions ()

Retrieves all extensions (as first specified in V3 of X509, see RFC 5280) from the certificate.

Returns
  • a container of X509Extension objects

public String getFingerprint ()

Retrieves, in a string, a text representation of a cryptographically-secure digest of the certificate that can be used to identify it uniquely. Default algorithm parameter is currently SHA-256, but may change in future without further warning, pursuant to security needs.

Returns
  • a string representation of the fingerprint, in the form of double ASCII characters representing hex bytes, separated by colons

public String getFingerprint (DigestAlgorithm in_digest_algorithm)

Retrieves, in a string, a text representation of a cryptographically-secure digest of the certificate that can be used to identify it uniquely.

Parameters
in_digest_algorithm -- An enumeration representing the digest algorithm to use. Currently supported are SHA-1 (SHA-160), SHA-256, SHA-384, and SHA-512.
Returns
  • a string representation of the fingerprint, in the form of double ASCII characters representing hex bytes, separated by colons

public X501DistinguishedName getIssuerField ()

Retrieves the names of the certificate issuer as a map of OIDs (i.e. one of the object identifiers from the X.500 attribute types) to string values. The issuer field identifies the entity that has signed and issued the certificate. The returned value will contain all of the AttributeTypeAndValue items from all of the RelativeDistinguishedNames in the Name of the issuer. See RFC 5280, section 4.1.2.4 and Appendix A.1 (page 116).

Returns
  • an X501DistinguishedName object

public long getNotAfterEpochTime ()

Retrieves the notAfter time from the certificate's Validity entry in the form of an integral value representing an epoch time.

Returns
  • an integer containing an epoch time

public long getNotBeforeEpochTime ()

Retrieves the notBefore time from the certificate's Validity entry in the form of an integral value representing an epoch time.

Returns
  • an integer containing an epoch time

public int getRawX509VersionNumber ()

Retrieves the version number representing which version of X509 the certificate corresponds to, from the certificate. The X509 version number in the certificate, which we return unchanged here, is zero-indexed and therefore is one less in value than the actual version. e.g. X509v3 is represented by a returned version number of 2.

Returns
  • an integer containing the version number

public byte[] getSerialNumber ()

Retrieves the serialNumber entry from the certificate.

Returns
  • bytes representing the components of an integral serial number in big-endian order

public X501DistinguishedName getSubjectField ()

Retrieves the names of the certificate subject as a map of OIDs (i.e. one of the object identifiers from the X.500 attribute types) to string values. The subject field represents the identity of the entity associated with the certificate's public key. The returned value will contain all of the AttributeTypeAndValue items from all of the RelativeDistinguishedNames in the Name of the subject. See RFC 5280, section 4.1.2.6 and Appendix A.1 (page 116).

Returns
  • an X501DistinguishedName object

public String toString ()

Returns a string representation of the certificate. Output may change in future versions.

Returns
  • a string representation of the certificate