1 /*
2 * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.security.cert;
27
28 import java.math.BigInteger;
29 import java.security.*;
30 import java.util.Collection;
31 import java.util.Date;
32 import java.util.List;
33 import javax.security.auth.x500.X500Principal;
34
35 import sun.security.x509.X509CertImpl;
36
37 /**
38 * <p>
39 * Abstract class for X.509 certificates. This provides a standard
40 * way to access all the attributes of an X.509 certificate.
41 * <p>
42 * In June of 1996, the basic X.509 v3 format was completed by
43 * ISO/IEC and ANSI X9, which is described below in ASN.1:
44 * <pre>
45 * Certificate ::= SEQUENCE {
46 * tbsCertificate TBSCertificate,
47 * signatureAlgorithm AlgorithmIdentifier,
48 * signature BIT STRING }
49 * </pre>
50 * <p>
51 * These certificates are widely used to support authentication and
52 * other functionality in Internet security systems. Common applications
53 * include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL),
54 * code signing for trusted software distribution, and Secure Electronic
55 * Transactions (SET).
56 * <p>
57 * These certificates are managed and vouched for by <em>Certificate
58 * Authorities</em> (CAs). CAs are services which create certificates by
59 * placing data in the X.509 standard format and then digitally signing
60 * that data. CAs act as trusted third parties, making introductions
61 * between principals who have no direct knowledge of each other.
62 * CA certificates are either signed by themselves, or by some other
63 * CA such as a "root" CA.
64 * <p>
65 * More information can be found in
66 * <a href="http://tools.ietf.org/html/rfc5280">RFC 5280: Internet X.509
67 * Public Key Infrastructure Certificate and CRL Profile</a>.
68 * <p>
69 * The ASN.1 definition of {@code tbsCertificate} is:
70 * <pre>
71 * TBSCertificate ::= SEQUENCE {
72 * version [0] EXPLICIT Version DEFAULT v1,
73 * serialNumber CertificateSerialNumber,
74 * signature AlgorithmIdentifier,
75 * issuer Name,
76 * validity Validity,
77 * subject Name,
78 * subjectPublicKeyInfo SubjectPublicKeyInfo,
79 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
80 * -- If present, version must be v2 or v3
81 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
82 * -- If present, version must be v2 or v3
83 * extensions [3] EXPLICIT Extensions OPTIONAL
84 * -- If present, version must be v3
85 * }
86 * </pre>
87 * <p>
88 * Certificates are instantiated using a certificate factory. The following is
89 * an example of how to instantiate an X.509 certificate:
90 * <pre>
91 * try (InputStream inStream = new FileInputStream("fileName-of-cert")) {
92 * CertificateFactory cf = CertificateFactory.getInstance("X.509");
93 * X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
94 * }
95 * </pre>
96 *
97 * @author Hemma Prafullchandra
98 * @since 1.2
99 *
100 *
101 * @see Certificate
102 * @see CertificateFactory
103 * @see X509Extension
104 */
105
106 public abstract class X509Certificate extends Certificate
107 implements X509Extension {
108
109 private static final long serialVersionUID = -2491127588187038216L;
110
111 private transient X500Principal subjectX500Principal, issuerX500Principal;
112
113 /**
114 * Constructor for X.509 certificates.
115 */
116 protected X509Certificate() {
117 super("X.509");
118 }
119
120 /**
121 * Checks that the certificate is currently valid. It is if
122 * the current date and time are within the validity period given in the
123 * certificate.
124 * <p>
125 * The validity period consists of two date/time values:
126 * the first and last dates (and times) on which the certificate
127 * is valid. It is defined in
128 * ASN.1 as:
129 * <pre>
130 * validity Validity
131 *
132 * Validity ::= SEQUENCE {
133 * notBefore CertificateValidityDate,
134 * notAfter CertificateValidityDate }
135 *
136 * CertificateValidityDate ::= CHOICE {
137 * utcTime UTCTime,
138 * generalTime GeneralizedTime }
139 * </pre>
140 *
141 * @exception CertificateExpiredException if the certificate has expired.
142 * @exception CertificateNotYetValidException if the certificate is not
143 * yet valid.
144 */
145 public abstract void checkValidity()
146 throws CertificateExpiredException, CertificateNotYetValidException;
147
148 /**
149 * Checks that the given date is within the certificate's
150 * validity period. In other words, this determines whether the
151 * certificate would be valid at the given date/time.
152 *
153 * @param date the Date to check against to see if this certificate
154 * is valid at that date/time.
155 *
156 * @exception CertificateExpiredException if the certificate has expired
157 * with respect to the {@code date} supplied.
158 * @exception CertificateNotYetValidException if the certificate is not
159 * yet valid with respect to the {@code date} supplied.
160 *
161 * @see #checkValidity()
162 */
163 public abstract void checkValidity(Date date)
164 throws CertificateExpiredException, CertificateNotYetValidException;
165
166 /**
167 * Gets the {@code version} (version number) value from the
168 * certificate.
169 * The ASN.1 definition for this is:
170 * <pre>
171 * version [0] EXPLICIT Version DEFAULT v1
172 *
173 * Version ::= INTEGER { v1(0), v2(1), v3(2) }
174 * </pre>
175 * @return the version number, i.e. 1, 2 or 3.
176 */
177 public abstract int getVersion();
178
179 /**
180 * Gets the {@code serialNumber} value from the certificate.
181 * The serial number is an integer assigned by the certification
182 * authority to each certificate. It must be unique for each
183 * certificate issued by a given CA (i.e., the issuer name and
184 * serial number identify a unique certificate).
185 * The ASN.1 definition for this is:
186 * <pre>
187 * serialNumber CertificateSerialNumber
188 *
189 * CertificateSerialNumber ::= INTEGER
190 * </pre>
191 *
192 * @return the serial number.
193 */
194 public abstract BigInteger getSerialNumber();
195
196 /**
197 * <strong>Denigrated</strong>, replaced by {@linkplain
198 * #getIssuerX500Principal()}. This method returns the {@code issuer}
199 * as an implementation specific Principal object, which should not be
200 * relied upon by portable code.
201 *
202 * <p>
203 * Gets the {@code issuer} (issuer distinguished name) value from
204 * the certificate. The issuer name identifies the entity that signed (and
205 * issued) the certificate.
206 *
207 * <p>The issuer name field contains an
208 * X.500 distinguished name (DN).
209 * The ASN.1 definition for this is:
210 * <pre>
211 * issuer Name
212 *
213 * Name ::= CHOICE { RDNSequence }
214 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
215 * RelativeDistinguishedName ::=
216 * SET OF AttributeValueAssertion
217 *
218 * AttributeValueAssertion ::= SEQUENCE {
219 * AttributeType,
220 * AttributeValue }
221 * AttributeType ::= OBJECT IDENTIFIER
222 * AttributeValue ::= ANY
223 * </pre>
224 * The {@code Name} describes a hierarchical name composed of
225 * attributes,
226 * such as country name, and corresponding values, such as US.
227 * The type of the {@code AttributeValue} component is determined by
228 * the {@code AttributeType}; in general it will be a
229 * {@code directoryString}. A {@code directoryString} is usually
230 * one of {@code PrintableString},
231 * {@code TeletexString} or {@code UniversalString}.
232 *
233 * @return a Principal whose name is the issuer distinguished name.
234 */
235 public abstract Principal getIssuerDN();
236
237 /**
238 * Returns the issuer (issuer distinguished name) value from the
239 * certificate as an {@code X500Principal}.
240 * <p>
241 * It is recommended that subclasses override this method.
242 *
243 * @return an {@code X500Principal} representing the issuer
244 * distinguished name
245 * @since 1.4
246 */
247 public X500Principal getIssuerX500Principal() {
248 if (issuerX500Principal == null) {
249 issuerX500Principal = X509CertImpl.getIssuerX500Principal(this);
250 }
251 return issuerX500Principal;
252 }
253
254 /**
255 * <strong>Denigrated</strong>, replaced by {@linkplain
256 * #getSubjectX500Principal()}. This method returns the {@code subject}
257 * as an implementation specific Principal object, which should not be
258 * relied upon by portable code.
259 *
260 * <p>
261 * Gets the {@code subject} (subject distinguished name) value
262 * from the certificate. If the {@code subject} value is empty,
263 * then the {@code getName()} method of the returned
264 * {@code Principal} object returns an empty string ("").
265 *
266 * <p> The ASN.1 definition for this is:
267 * <pre>
268 * subject Name
269 * </pre>
270 *
271 * <p>See {@link #getIssuerDN() getIssuerDN} for {@code Name}
272 * and other relevant definitions.
273 *
274 * @return a Principal whose name is the subject name.
275 */
276 public abstract Principal getSubjectDN();
277
278 /**
279 * Returns the subject (subject distinguished name) value from the
280 * certificate as an {@code X500Principal}. If the subject value
281 * is empty, then the {@code getName()} method of the returned
282 * {@code X500Principal} object returns an empty string ("").
283 * <p>
284 * It is recommended that subclasses override this method.
285 *
286 * @return an {@code X500Principal} representing the subject
287 * distinguished name
288 * @since 1.4
289 */
290 public X500Principal getSubjectX500Principal() {
291 if (subjectX500Principal == null) {
292 subjectX500Principal = X509CertImpl.getSubjectX500Principal(this);
293 }
294 return subjectX500Principal;
295 }
296
297 /**
298 * Gets the {@code notBefore} date from the validity period of
299 * the certificate.
300 * The relevant ASN.1 definitions are:
301 * <pre>
302 * validity Validity
303 *
304 * Validity ::= SEQUENCE {
305 * notBefore CertificateValidityDate,
306 * notAfter CertificateValidityDate }
307 *
308 * CertificateValidityDate ::= CHOICE {
309 * utcTime UTCTime,
310 * generalTime GeneralizedTime }
311 * </pre>
312 *
313 * @return the start date of the validity period.
314 * @see #checkValidity
315 */
316 public abstract Date getNotBefore();
317
318 /**
319 * Gets the {@code notAfter} date from the validity period of
320 * the certificate. See {@link #getNotBefore() getNotBefore}
321 * for relevant ASN.1 definitions.
322 *
323 * @return the end date of the validity period.
324 * @see #checkValidity
325 */
326 public abstract Date getNotAfter();
327
328 /**
329 * Gets the DER-encoded certificate information, the
330 * {@code tbsCertificate} from this certificate.
331 * This can be used to verify the signature independently.
332 *
333 * @return the DER-encoded certificate information.
334 * @exception CertificateEncodingException if an encoding error occurs.
335 */
336 public abstract byte[] getTBSCertificate()
337 throws CertificateEncodingException;
338
339 /**
340 * Gets the {@code signature} value (the raw signature bits) from
341 * the certificate.
342 * The ASN.1 definition for this is:
343 * <pre>
344 * signature BIT STRING
345 * </pre>
346 *
347 * @return the signature.
348 */
349 public abstract byte[] getSignature();
350
351 /**
352 * Gets the signature algorithm name for the certificate
353 * signature algorithm. An example is the string "SHA256withRSA".
354 * The ASN.1 definition for this is:
355 * <pre>
356 * signatureAlgorithm AlgorithmIdentifier
357 *
358 * AlgorithmIdentifier ::= SEQUENCE {
359 * algorithm OBJECT IDENTIFIER,
360 * parameters ANY DEFINED BY algorithm OPTIONAL }
361 * -- contains a value of the type
362 * -- registered for use with the
363 * -- algorithm object identifier value
364 * </pre>
365 *
366 * <p>The algorithm name is determined from the {@code algorithm}
367 * OID string.
368 *
369 * @return the signature algorithm name.
370 */
371 public abstract String getSigAlgName();
372
373 /**
374 * Gets the signature algorithm OID string from the certificate.
375 * An OID is represented by a set of nonnegative whole numbers separated
376 * by periods.
377 * For example, the string "1.2.840.10040.4.3" identifies the SHA-1
378 * with DSA signature algorithm defined in
379 * <a href="http://www.ietf.org/rfc/rfc3279.txt">RFC 3279: Algorithms and
380 * Identifiers for the Internet X.509 Public Key Infrastructure Certificate
381 * and CRL Profile</a>.
382 *
383 * <p>See {@link #getSigAlgName() getSigAlgName} for
384 * relevant ASN.1 definitions.
385 *
386 * @return the signature algorithm OID string.
387 */
388 public abstract String getSigAlgOID();
389
390 /**
391 * Gets the DER-encoded signature algorithm parameters from this
392 * certificate's signature algorithm. In most cases, the signature
393 * algorithm parameters are null; the parameters are usually
394 * supplied with the certificate's public key.
395 * If access to individual parameter values is needed then use
396 * {@link java.security.AlgorithmParameters AlgorithmParameters}
397 * and instantiate with the name returned by
398 * {@link #getSigAlgName() getSigAlgName}.
399 *
400 * <p>See {@link #getSigAlgName() getSigAlgName} for
401 * relevant ASN.1 definitions.
402 *
403 * @return the DER-encoded signature algorithm parameters, or
404 * null if no parameters are present.
405 */
406 public abstract byte[] getSigAlgParams();
407
408 /**
409 * Gets the {@code issuerUniqueID} value from the certificate.
410 * The issuer unique identifier is present in the certificate
411 * to handle the possibility of reuse of issuer names over time.
412 * RFC 5280 recommends that names not be reused and that
413 * conforming certificates not make use of unique identifiers.
414 * Applications conforming to that profile should be capable of
415 * parsing unique identifiers and making comparisons.
416 *
417 * <p>The ASN.1 definition for this is:
418 * <pre>
419 * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL
420 *
421 * UniqueIdentifier ::= BIT STRING
422 * </pre>
423 *
424 * @return the issuer unique identifier or null if it is not
425 * present in the certificate.
426 */
427 public abstract boolean[] getIssuerUniqueID();
428
429 /**
430 * Gets the {@code subjectUniqueID} value from the certificate.
431 *
432 * <p>The ASN.1 definition for this is:
433 * <pre>
434 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL
435 *
436 * UniqueIdentifier ::= BIT STRING
437 * </pre>
438 *
439 * @return the subject unique identifier or null if it is not
440 * present in the certificate.
441 */
442 public abstract boolean[] getSubjectUniqueID();
443
444 /**
445 * Gets a boolean array representing bits of
446 * the {@code KeyUsage} extension, (OID = 2.5.29.15).
447 * The key usage extension defines the purpose (e.g., encipherment,
448 * signature, certificate signing) of the key contained in the
449 * certificate.
450 * The ASN.1 definition for this is:
451 * <pre>
452 * KeyUsage ::= BIT STRING {
453 * digitalSignature (0),
454 * nonRepudiation (1),
455 * keyEncipherment (2),
456 * dataEncipherment (3),
457 * keyAgreement (4),
458 * keyCertSign (5),
459 * cRLSign (6),
460 * encipherOnly (7),
461 * decipherOnly (8) }
462 * </pre>
463 * RFC 5280 recommends that when used, this be marked
464 * as a critical extension.
465 *
466 * @return the KeyUsage extension of this certificate, represented as
467 * an array of booleans. The order of KeyUsage values in the array is
468 * the same as in the above ASN.1 definition. The array will contain a
469 * value for each KeyUsage defined above. If the KeyUsage list encoded
470 * in the certificate is longer than the above list, it will not be
471 * truncated. Returns null if this certificate does not
472 * contain a KeyUsage extension.
473 */
474 public abstract boolean[] getKeyUsage();
475
476 /**
477 * Gets an unmodifiable list of Strings representing the OBJECT
478 * IDENTIFIERs of the {@code ExtKeyUsageSyntax} field of the
479 * extended key usage extension, (OID = 2.5.29.37). It indicates
480 * one or more purposes for which the certified public key may be
481 * used, in addition to or in place of the basic purposes
482 * indicated in the key usage extension field. The ASN.1
483 * definition for this is:
484 * <pre>
485 * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
486 *
487 * KeyPurposeId ::= OBJECT IDENTIFIER
488 * </pre>
489 *
490 * Key purposes may be defined by any organization with a
491 * need. Object identifiers used to identify key purposes shall be
492 * assigned in accordance with IANA or ITU-T Rec. X.660 |
493 * ISO/IEC/ITU 9834-1.
494 * <p>
495 * This method was added to version 1.4 of the Java 2 Platform Standard
496 * Edition. In order to maintain backwards compatibility with existing
497 * service providers, this method is not {@code abstract}
498 * and it provides a default implementation. Subclasses
499 * should override this method with a correct implementation.
500 *
501 * @return the ExtendedKeyUsage extension of this certificate,
502 * as an unmodifiable list of object identifiers represented
503 * as Strings. Returns null if this certificate does not
504 * contain an ExtendedKeyUsage extension.
505 * @throws CertificateParsingException if the extension cannot be decoded
506 * @since 1.4
507 */
508 public List<String> getExtendedKeyUsage() throws CertificateParsingException {
509 return X509CertImpl.getExtendedKeyUsage(this);
510 }
511
512 /**
513 * Gets the certificate constraints path length from the
514 * critical {@code BasicConstraints} extension, (OID = 2.5.29.19).
515 * <p>
516 * The basic constraints extension identifies whether the subject
517 * of the certificate is a Certificate Authority (CA) and
518 * how deep a certification path may exist through that CA. The
519 * {@code pathLenConstraint} field (see below) is meaningful
520 * only if {@code cA} is set to TRUE. In this case, it gives the
521 * maximum number of CA certificates that may follow this certificate in a
522 * certification path. A value of zero indicates that only an end-entity
523 * certificate may follow in the path.
524 * <p>
525 * The ASN.1 definition for this is:
526 * <pre>
527 * BasicConstraints ::= SEQUENCE {
528 * cA BOOLEAN DEFAULT FALSE,
529 * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
530 * </pre>
531 *
532 * @return the value of {@code pathLenConstraint} if the
533 * BasicConstraints extension is present in the certificate and the
534 * subject of the certificate is a CA, otherwise -1.
535 * If the subject of the certificate is a CA and
536 * {@code pathLenConstraint} does not appear,
537 * {@code Integer.MAX_VALUE} is returned to indicate that there is no
538 * limit to the allowed length of the certification path.
539 */
540 public abstract int getBasicConstraints();
541
542 /**
543 * Gets an immutable collection of subject alternative names from the
544 * {@code SubjectAltName} extension, (OID = 2.5.29.17).
545 * <p>
546 * The ASN.1 definition of the {@code SubjectAltName} extension is:
547 * <pre>
548 * SubjectAltName ::= GeneralNames
549 *
550 * GeneralNames :: = SEQUENCE SIZE (1..MAX) OF GeneralName
551 *
552 * GeneralName ::= CHOICE {
553 * otherName [0] OtherName,
554 * rfc822Name [1] IA5String,
555 * dNSName [2] IA5String,
556 * x400Address [3] ORAddress,
557 * directoryName [4] Name,
558 * ediPartyName [5] EDIPartyName,
559 * uniformResourceIdentifier [6] IA5String,
560 * iPAddress [7] OCTET STRING,
561 * registeredID [8] OBJECT IDENTIFIER}
562 * </pre>
563 * <p>
564 * If this certificate does not contain a {@code SubjectAltName}
565 * extension, {@code null} is returned. Otherwise, a
566 * {@code Collection} is returned with an entry representing each
567 * {@code GeneralName} included in the extension. Each entry is a
568 * {@code List} whose first entry is an {@code Integer}
569 * (the name type, 0-8) and whose second entry is a {@code String}
570 * or a byte array (the name, in string or ASN.1 DER encoded form,
571 * respectively).
572 * <p>
573 * <a href="http://www.ietf.org/rfc/rfc822.txt">RFC 822</a>, DNS, and URI
574 * names are returned as {@code String}s,
575 * using the well-established string formats for those types (subject to
576 * the restrictions included in RFC 5280). IPv4 address names are
577 * returned using dotted quad notation. IPv6 address names are returned
578 * in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values
579 * representing the eight 16-bit pieces of the address. OID names are
580 * returned as {@code String}s represented as a series of nonnegative
581 * integers separated by periods. And directory names (distinguished names)
582 * are returned in <a href="http://www.ietf.org/rfc/rfc2253.txt">
583 * RFC 2253</a> string format. No standard string format is
584 * defined for otherNames, X.400 names, EDI party names, or any
585 * other type of names. They are returned as byte arrays
586 * containing the ASN.1 DER encoded form of the name.
587 * <p>
588 * Note that the {@code Collection} returned may contain more
589 * than one name of the same type. Also, note that the returned
590 * {@code Collection} is immutable and any entries containing byte
591 * arrays are cloned to protect against subsequent modifications.
592 * <p>
593 * This method was added to version 1.4 of the Java 2 Platform Standard
594 * Edition. In order to maintain backwards compatibility with existing
595 * service providers, this method is not {@code abstract}
596 * and it provides a default implementation. Subclasses
597 * should override this method with a correct implementation.
598 *
599 * @return an immutable {@code Collection} of subject alternative
600 * names (or {@code null})
601 * @throws CertificateParsingException if the extension cannot be decoded
602 * @since 1.4
603 */
604 public Collection<List<?>> getSubjectAlternativeNames()
605 throws CertificateParsingException {
606 return X509CertImpl.getSubjectAlternativeNames(this);
607 }
608
609 /**
610 * Gets an immutable collection of issuer alternative names from the
611 * {@code IssuerAltName} extension, (OID = 2.5.29.18).
612 * <p>
613 * The ASN.1 definition of the {@code IssuerAltName} extension is:
614 * <pre>
615 * IssuerAltName ::= GeneralNames
616 * </pre>
617 * The ASN.1 definition of {@code GeneralNames} is defined
618 * in {@link #getSubjectAlternativeNames getSubjectAlternativeNames}.
619 * <p>
620 * If this certificate does not contain an {@code IssuerAltName}
621 * extension, {@code null} is returned. Otherwise, a
622 * {@code Collection} is returned with an entry representing each
623 * {@code GeneralName} included in the extension. Each entry is a
624 * {@code List} whose first entry is an {@code Integer}
625 * (the name type, 0-8) and whose second entry is a {@code String}
626 * or a byte array (the name, in string or ASN.1 DER encoded form,
627 * respectively). For more details about the formats used for each
628 * name type, see the {@code getSubjectAlternativeNames} method.
629 * <p>
630 * Note that the {@code Collection} returned may contain more
631 * than one name of the same type. Also, note that the returned
632 * {@code Collection} is immutable and any entries containing byte
633 * arrays are cloned to protect against subsequent modifications.
634 * <p>
635 * This method was added to version 1.4 of the Java 2 Platform Standard
636 * Edition. In order to maintain backwards compatibility with existing
637 * service providers, this method is not {@code abstract}
638 * and it provides a default implementation. Subclasses
639 * should override this method with a correct implementation.
640 *
641 * @return an immutable {@code Collection} of issuer alternative
642 * names (or {@code null})
643 * @throws CertificateParsingException if the extension cannot be decoded
644 * @since 1.4
645 */
646 public Collection<List<?>> getIssuerAlternativeNames()
647 throws CertificateParsingException {
648 return X509CertImpl.getIssuerAlternativeNames(this);
649 }
650
651 /**
652 * Verifies that this certificate was signed using the
653 * private key that corresponds to the specified public key.
654 * This method uses the signature verification engine
655 * supplied by the specified provider. Note that the specified
656 * Provider object does not have to be registered in the provider list.
657 *
658 * This method was added to version 1.8 of the Java Platform Standard
659 * Edition. In order to maintain backwards compatibility with existing
660 * service providers, this method is not {@code abstract}
661 * and it provides a default implementation.
662 *
663 * @param key the PublicKey used to carry out the verification.
664 * @param sigProvider the signature provider.
665 *
666 * @exception NoSuchAlgorithmException on unsupported signature
667 * algorithms.
668 * @exception InvalidKeyException on incorrect key.
669 * @exception SignatureException on signature errors.
670 * @exception CertificateException on encoding errors.
671 * @exception UnsupportedOperationException if the method is not supported
672 * @since 1.8
673 */
674 public void verify(PublicKey key, Provider sigProvider)
675 throws CertificateException, NoSuchAlgorithmException,
676 InvalidKeyException, SignatureException {
677 X509CertImpl.verify(this, key, sigProvider);
678 }
679 }