Examples of java.security.cert.Certificate

• java.security.cert.Certificate

  Abstract class for managing a variety of identity certificates. An identity certificate is a binding of a principal to a public key which is vouched for by another principal. (A principal represents an entity such as an individual user, a group, or a corporation.)

  This class is an abstraction for certificates that have different formats but important common uses. For example, different types of certificates, such as X.509 and PGP, share general certificate functionality (like encoding and verifying) and some types of information (like a public key).

  X.509, PGP, and SDSI certificates can all be implemented by subclassing the Certificate class, even though they contain different sets of information, and they store and retrieve the information in different ways. @see X509Certificate @see CertificateFactory @author Hemma Prafullchandra @version 1.27, 04/21/06

        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = (String) aliases.nextElement();
            if (keyStore.isKeyEntry(alias)) {

                Certificate cert = keyStore.getCertificate(alias);
                if (cert instanceof X509Certificate) {
                    XMLX509SubjectName certSN =
                        new XMLX509SubjectName(x509SubjectName.getDocument(), (X509Certificate) cert);

                    if (certSN.equals(x509SubjectName)) {

        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String alias = (String) aliases.nextElement();
            if (keyStore.isKeyEntry(alias)) {

                Certificate cert = keyStore.getCertificate(alias);
                if (cert instanceof X509Certificate) {
                    byte[] certBytes = null;

                    try {
                        certBytes = cert.getEncoded();
                    } catch (CertificateEncodingException e1) {
                    }

                    if (certBytes != null && Arrays.equals(certBytes, x509CertBytes)) {
                        log.debug("match !!! ");

  @Test
  public void signatureOnPreCertificateVerifies() throws IOException {
    List<Certificate> preCertificatesList = loadCertificates(TEST_PRE_CERT);
    assertEquals(1, preCertificatesList.size());
    Certificate preCertificate = preCertificatesList.get(0);

    List<Certificate> caList = loadCertificates(ROOT_CA_CERT);
    assertEquals(1, caList.size());
    Certificate signerCert = caList.get(0);

    Ct.SignedCertificateTimestamp sct = Deserializer.parseSCTFromBinary(
        new ByteArrayInputStream(Files.toByteArray(new File(TEST_PRE_SCT))));

    LogSignatureVerifier verifier = getVerifier();

 */
@RunWith(JUnit4.class)
public class CertificateInfoTest {
  @Test
  public void correctlyIdentifiesPreCertificateSigningCert() {
    Certificate preCertificateSigningCert = loadCertificates(PRE_CERT_SIGNING_CERT).get(0);
    Certificate ordinaryCaCert = loadCertificates(ROOT_CA_CERT).get(0);

    assertTrue(CertificateInfo.isPreCertificateSigningCert(preCertificateSigningCert));
    assertFalse(CertificateInfo.isPreCertificateSigningCert(ordinaryCaCert));
  }

    assertFalse(CertificateInfo.isPreCertificateSigningCert(ordinaryCaCert));
  }

  @Test
  public void correctlyIdentifiesPreCertificates() {
    Certificate regularCert = loadCertificates(TEST_CERT).get(0);
    Certificate preCertificate = loadCertificates(TEST_PRE_CERT).get(0);

    assertTrue(CertificateInfo.isPreCertificate(preCertificate));
    assertFalse(CertificateInfo.isPreCertificate(regularCert));
  }

        harness.check(k2, k1, "In-memory and original public key MUST be equal");
        // store a certificate
        CertificateFactory x509Factory = CertificateFactory.getInstance("X.509");
        byte[] certificateBytes = SELF_SIGNED_CERT.getBytes("ASCII");
        ByteArrayInputStream bais = new ByteArrayInputStream(certificateBytes);
        Certificate certificate = x509Factory.generateCertificate(bais);
        Certificate[] chain1 = new Certificate[] { certificate };
        kr1.putCertPath(ALIAS, chain1);
        // retrieve the same certificate path
        Certificate[] chain2 = kr1.getCertPath(ALIAS);
        harness.check(Arrays.equals(chain2, chain1),

        harness.check(kr.containsCertificate(ALIAS), "containsCertificate(...)");

        final List list = kr.get(ALIAS);
        harness.check(list.size() == 1, "get(...).size() == 1");

        final Certificate cert = kr.getCertificate(ALIAS);
        harness.check(cert != null, "getCertificate(...) != null");

//        System.out.println("cert="+cert);
      }
    catch (Exception x)

    if ((supportFlags & SignedBundleHook.VERIFY_TRUST) == 0)
      // we are not searching the engines; in this case we just assume the root cert is trusted
      return certs != null && certs.length > 0 ? certs[certs.length - 1] : null;
    for (int i = 0; i < engines.length; i++) {
      try {
        Certificate anchor = engines[i].findTrustAnchor(certs);
        if (anchor != null)
          // found an anchor
          return anchor;
      } catch (IOException e) {
        // log the exception and continue

   * @param alias - the name of the trust anchor
   * @throws IOException if there is a problem connecting to the backing store
   * @throws GeneralSecurityException if there is a certificate problem
   */
  public void removeTrustAnchor(String alias) throws IOException, GeneralSecurityException {
    Certificate existing = getTrustAnchor(alias);
    doRemoveTrustAnchor(alias);
    if (existing != null) {
      TrustEngineListener listener = TrustEngineListener.getInstance();
      if (listener != null)
        listener.removedTrustAnchor(existing);

    X500Principal signerIssuer = new X500Principal(new ByteArrayInputStream(issuerAndSN.buffer, issuerAndSN.offset, issuerAndSN.endOffset - issuerAndSN.offset));
    issuerAndSN.stepOver();
    BigInteger sn = issuerAndSN.getIntValue();

    // initilize the newSignerCert to the issuer cert of leaf cert
    Certificate newSignerCert = null;

    Iterator itr = certs.iterator();
    // PKCS7: compuare the issuers in the issuerAndSN BER equals to the issuers in Certs generated at the beginning of this method
    // it seems like there is no neeed, cause both ways use the same set of bytes
    while (itr.hasNext()) {