|
|
Optimize with a SATA RAID Storage Solution
Range of capacities as low as $1250 per TB. Ideal if you currently rely on servers/disks/JBODs
Page 3 of 4
The generateCertificate() and generateCRL() methods expect the input stream's contents to contain DER-encoded representations of a certificate or a CRL, respectively.
Both the generateCertificates() and generateCRLs() methods expect the contents of the input stream to contain either a sequence of DER-encoded representations or a PKCS#7 (Public-Key
Cryptography Standard #7)-compliant certificate or CRL set. (See Resources for links.)
java.security.cert.Certificate defines the interface common to all types of certificates: X.509, PGP, and a small handful of others. This class's most important
methods are:
public abstract PublicKey getPublicKey() returns the public key related to the certificate instance on which this method is being called.
public abstract byte [] getEncoded() returns that certificate's encoded form.
public abstract void verify(PublicKey publickey) and public abstract void verify(PublicKey publickey, String stringProvider) verify that the private key corresponding to the supplied public key signed the certificate in question. If the keys do not
match, both methods throw a SignatureException.
The class java.security.cert.X509Certificate extends the Certficate class described above and adds X.509-specific functionality. This class is important because you usually interact with certificates
at this level, not as the base class.
public abstract byte [] getEncoded() returns the encoded form of that certificate, as above. The method uses the DER encoding for the certificate.
Most of java.security.cert.X509Certificate's additional functionality consists of query methods that return information about the certificate. I presented most of that
information in Part 1. Here are the methods:
public abstract int getVersion() returns the certificate's version.
public abstract Principal getSubjectDN() returns information that identifies the certificate's subject.
public abstract Principal getIssuerDN() returns information that identifies the certificate's issuer, which is typically the CA, but can be the subject if the certificate
is self-signed.
public abstract Date getNotBefore() and public abstract Date getNotAfter() return values that restrict the time period in which the issuer is willing to vouch for the subject's public key.
public abstract BigInteger getSerialNumber() returns the certificate's serial number. The combination of a certificate's issuer name and serial number is its unique identification.
That fact is crucial for certificate revocation, which I will discuss in more detail next month.
public abstract String getSigAlgName() and public abstract String getSigAlgOID() return information about the algorithm used to sign the certificate.
The following methods return information about the extensions defined for the certificate. Remember, extensions are mechanisms for associating information with a certificate; they only appear on version 3 certificates.
public abstract int getBasicConstraints() returns the length of a certificate's constraints path from the BasicConstraints extension, if defined. The constraints path specifies the maximum number of CA certificates that may follow this certificate
in a certification path.
public abstract boolean [] getKeyUsage() returns the purpose of the certificate as encoded in the KeyUsage extension.
public Set getCriticalExtensionOIDs() and public Set getNonCriticalExtensionOIDs() return a collection of object identifiers (OIDs) for the extensions marked critical and noncritical, respectively. An OID
is a sequence of integers that universally identifies a resource.
I don't want to leave you without code to play with, so rather than delving into CRLs, which is a complete topic on its own, I'll present the code and leave CRLs for Part 3.
java.security.cert