Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } If you want to create a certificate, follow these steps: Example:
PrivateKey CASigningKey = ...; X509Certificate CASignatureCert = ...; PublicKey subjectPublicKey = ...; Name issuerDN = new Name("cn=My CA, c=DE"); Name subjectDN = new Name("cn=Myself, c=DE"); Calendar validFrom = ...; Calendar validUntil = ...; X509TBSCertificate tbs = new X509TBSCertificate(); tbs.setSerialNumber(new BigInteger("1")); tbs.setSubjectPublicKey(subjectPublicKey); tbs.setSubjectDN(subjectDN); tbs.setIssuerDN(issuerDN); tbs.setNotBefore(validFrom); tbs.setNotAfter(validUntil); X509Certificate theCert = new X509Certificate(tbs); Signature mySig = Signature.getInstance(...); mySig.initSign(CASigningKey); theCert.sign(mySig, CASignatureCert);
@author Markus Tak
The ASN.1 definition of tbsCertificate is:
TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version must be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL -- If present, version must be v3 } Certificates are instantiated using a certificate factory. The following is an example of how to instantiate an X.509 certificate:
InputStream inStream = new FileInputStream("fileName-of-cert"); CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream); inStream.close();
@author Hemma Prafullchandra
@version 1.40
@see Certificate
@see CertificateFactory
@see X509Extension
The basic X.509 format was defined by ISO/IEC and ANSI X9 and is described below in ASN.1:
Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } These certificates are widely used to support authentication and other functionality in Internet security systems. Common applications include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), code signing for trusted software distribution, and Secure Electronic Transactions (SET).
These certificates are managed and vouched for by Certificate Authorities (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. CAs act as trusted third parties, making introductions between principals who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.
The ASN.1 definition of {@code tbsCertificate} is:
TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, } Here is sample code to instantiate an X.509 certificate:
InputStream inStream = new FileInputStream("fileName-of-cert"); X509Certificate cert = X509Certificate.getInstance(inStream); inStream.close(); OR byte[] certData = <certificate read from a file, say> X509Certificate cert = X509Certificate.getInstance(certData);
In either case, the code that instantiates an X.509 certificate consults the value of the {@code cert.provider.x509v1} security propertyto locate the actual implementation or instantiates a default implementation.
The {@code cert.provider.x509v1} property is set to a defaultimplementation for X.509 such as:
cert.provider.x509v1=com.sun.security.cert.internal.x509.X509V1CertImpl
The value of this {@code cert.provider.x509v1} property has to bechanged to instantiate another implementation. If this security property is not set, a default implementation will be used. Currently, due to possible security restrictions on access to Security properties, this value is looked up and cached at class initialization time and will fallback on a default implementation if the Security property is not accessible.
Note: The classes in the package {@code javax.security.cert}exist for compatibility with earlier versions of the Java Secure Sockets Extension (JSSE). New applications should instead use the standard Java SE certificate classes located in {@code java.security.cert}.
@author Hemma Prafullchandra @since 1.4 @see Certificate @see java.security.cert.X509Extension @see java.security.Security security properties
Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } If you want to create a certificate, follow these steps: Example:
PrivateKey CASigningKey = ...; X509Certificate CASignatureCert = ...; PublicKey subjectPublicKey = ...; Name issuerDN = new Name("cn=My CA, c=DE"); Name subjectDN = new Name("cn=Myself, c=DE"); Calendar validFrom = ...; Calendar validUntil = ...; X509TBSCertificate tbs = new X509TBSCertificate(); tbs.setSerialNumber(new BigInteger("1")); tbs.setSubjectPublicKey(subjectPublicKey); tbs.setSubjectDN(subjectDN); tbs.setIssuerDN(issuerDN); tbs.setNotBefore(validFrom); tbs.setNotAfter(validUntil); X509Certificate theCert = new X509Certificate(tbs); Signature mySig = Signature.getInstance(...); mySig.initSign(CASigningKey); theCert.sign(mySig, CASignatureCert);
@author Markus Tak
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |