Construct secure networked applications with certificates, Part 2

Learn to use X.509 certificates

1 2 Page 2
Page 2 of 2
import java.util.Set;
import java.util.Iterator;
class Main
  main(String [] arstring)
      // Get the correct certificate factory.
      CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509");
      // Each file specified on the command line must contain a single
      // DER-encoded X.509 certificate.  The DER-encoded certificate
      // can be in either binary or ASCII format.
      for (int i = 0; i < arstring.length; i++)
        // Open the file.
        FileInputStream fileinputstream = new FileInputStream(arstring[i]);
        // Generate a certificate from the data in the file.
        X509Certificate x509certificate =
        // First, let's print out information about the certificate itself.
        System.out.println("type = " + x509certificate.getType());
        System.out.println("version = " + x509certificate.getVersion());
        System.out.println("subject = " + x509certificate.getSubjectDN().getName());
        System.out.println("valid from = " + x509certificate.getNotBefore());
        System.out.println("valid to = " + x509certificate.getNotAfter());
        System.out.println("serial number = " + x509certificate.getSerialNumber().toString(16));
        System.out.println("issuer = " + x509certificate.getIssuerDN().getName());
        System.out.println("signing algorithm = " + x509certificate.getSigAlgName());
        System.out.println("public key algorithm = " + x509certificate.getPublicKey().getAlgorithm());
        // Next, let's print out information about the extensions.
        Set setCritical = x509certificate.getCriticalExtensionOIDs();
        if (setCritical != null && setCritical.isEmpty() == false)
          for (Iterator iterator = setCritical.iterator(); iterator.hasNext(); )
            System.out.println( + " *critical*");
        Set setNonCritical = x509certificate.getNonCriticalExtensionOIDs();
        if (setNonCritical != null && setNonCritical.isEmpty() == false)
          for (Iterator iterator = setNonCritical.iterator(); iterator.hasNext(); )
        // We're done.
        // Close the file.
    catch (Exception exception)

You should be able to compile the class definition in the listing above into a classfile. When you execute the class, you should specify the names of one or more certificate files on the command line.


If you plan to use certificates in your applications, the information on the API above and the sample code available in Resources should point you in the right direction. As far as X.509 is concerned, the material on ASN.1 and DER is interesting, but not directly important; Sun's implementation takes care of the details for you. Next month I will cover certificate revocation and the CRL and X509CRL classes. I'll also elaborate a bit more on the software presented this month.

Todd Sundsted has been writing programs since computers became available in convenient desktop models. Though originally interested in building distributed applications in C++, Todd moved on to the Java programming language when it became the obvious choice for that sort of thing. In addition to writing, Todd is cofounder and chief architect of PointFire.

Learn more about this topic

1 2 Page 2
Page 2 of 2