Examples of sun.security.x509.X509CertImpl

• sun.security.x509.X509CertImpl
  The X509CertImpl class represents an X.509 certificate. These certificates are widely used to support authentication and other functionality in Internet security systems. Common applications include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL), code signing for trusted software distribution, and Secure Electronic Transactions (SET). There is a commercial infrastructure ready to manage large scale deployments of X.509 identity certificates.

  These certificates are managed and vouched for by Certificate Authorities (CAs). CAs are services which create certificates by placing data in the X.509 standard format and then digitally signing that data. Such signatures are quite difficult to forge. CAs act as trusted third parties, making introductions between agents who have no direct knowledge of each other. CA certificates are either signed by themselves, or by some other CA such as a "root" CA.

  RFC 1422 is very informative, though it does not describe much of the recent work being done with X.509 certificates. That includes a 1996 version (X.509v3) and a variety of enhancements being made to facilitate an explosion of personal certificates used as "Internet Drivers' Licences", or with SET for credit card transactions.

  More recent work includes the IETF PKIX Working Group efforts, especially RFC2459. @author Dave Brownell @author Amit Kapoor @author Hemma Prafullchandra @see X509CertInfo

        //
        //}
        try {
            if( getFaults().isEmpty() ) {
                // Sign the cert to identify the algorithm that's used.
                X509CertImpl cert = new X509CertImpl(info);
                cert.sign(issuerPrivateKey, algorithm.getName()); // NoSuchAlgorithMException, InvalidKeyException, NoSuchProviderException, , SignatureException

                /*
                 * for some unknown reason, if we return the "cert" now then all
                 * the optioanl fields such as getBasicConstraints() and
                 * getKeyUsage() are missing even though they are included if you
                 * call getEncoded() ... but if you re-create the certificate
                 * then those fields are present in the re-created certificate.
                 */
                CertificateFactory cf = CertificateFactory.getInstance("X.509");
                X509Certificate cert2 = (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(cert.getEncoded()));

                return cert2;
            }
            return null;
        }

      final CertificateSigner signer = createCertificateSigner(issuer, issuerPrivateKey);
      final CertificateValidity validity = new CertificateValidity(notBefore, notAfter);
      final X509CertInfo info = createCertificateInfo(subject, subjectPublic, issuer, issuerPublicKey, validity, signer);
      final CertificateExtensions extensions = (isCaCert) ? (getCACertificateExtensions()) : (getCertificateExtensions(subjectPublic, issuerPublicKey));
      info.set(X509CertInfo.EXTENSIONS, extensions);
      final X509CertImpl cert = new X509CertImpl(info);
      cert.sign(issuerPrivateKey, SIGNATURE_ALGORITHM);
      return cert;
    } catch (Exception e) {
      throw new CertificateException("Failed to generate certificate: "+ e.getMessage(), e);
    }
  }

        for (int i=0; i < contents.length; i++) {
            ByteArrayInputStream bais = null;
            try {
                if (certfac == null)
                    certificates[i] = new X509CertImpl(contents[i]);
                else {
                    byte[] encoded = contents[i].toByteArray();
                    bais = new ByteArrayInputStream(encoded);
                    certificates[i] =
                        (X509Certificate)certfac.generateCertificate(bais);

            for (int i = 0; i < len; i++) {
                ByteArrayInputStream bais = null;
                try {
                    if (certfac == null)
                        certificates[i] = new X509CertImpl(certVals[i]);
                    else {
                        byte[] encoded = certVals[i].toByteArray();
                        bais = new ByteArrayInputStream(encoded);
                        certificates[i] =
                            (X509Certificate)certfac.generateCertificate(bais);

        for (int i = 0; i < len; i++) {
            ByteArrayInputStream bais = null;
            try {
                if (certfac == null)
                    certificates[i] = new X509CertImpl(certVals[i]);
                else {
                    byte[] encoded = certVals[i].toByteArray();
                    bais = new ByteArrayInputStream(encoded);
                    certificates[i] =
                        (X509Certificate)certfac.generateCertificate(bais);

        contentInfo.encode(signedData);

        // certificates (optional)
        if (certificates != null && certificates.length != 0) {
            // cast to X509CertImpl[] since X509CertImpl implements DerEncoder
            X509CertImpl implCerts[] = new X509CertImpl[certificates.length];
            for (int i = 0; i < certificates.length; i++) {
                if (certificates[i] instanceof X509CertImpl)
                    implCerts[i] = (X509CertImpl) certificates[i];
                else {
                    try {
                        byte[] encoded = certificates[i].getEncoded();
                        implCerts[i] = new X509CertImpl(encoded);
                    } catch (CertificateException ce) {
                        IOException ie = new IOException(ce.getMessage());
                        ie.initCause(ce);
                        throw ie;
                    }

      // add Extensions
      CertificateExtensions ext = (subject == issuer) ? getCACertificateExtensions()
          : getCertificateExtensions(pubKey, caPubKey);
      info.set(X509CertInfo.EXTENSIONS, ext);

      X509CertImpl cert = new X509CertImpl(info);
      cert.sign(caKey, SIGALG);

      return cert;
    } catch (IOException e) {
      CertificateEncodingException cee = new CertificateEncodingException("generate: "
          + e.getMessage());

        }

        info.set(X509CertInfo.EXTENSIONS, ext);

        // Sign the cert to identify the algorithm that's used.
        X509CertImpl cert = new X509CertImpl(info);
        cert.sign(privkey, algorithm);

        // Update the algorithm, and resign.
        algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
        info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
        cert = new X509CertImpl(info);
        cert.sign(privkey, algorithm);
        return cert;
    }

      .set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
    AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
    info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));

    // Sign the cert to identify the algorithm that's used.
    X509CertImpl cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);

    // Update the algorith, and resign.
    algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG);
    info
      .set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM,
           algo);
    cert = new X509CertImpl(info);
    cert.sign(privkey, algorithm);
    return cert;
  }

             */
            if(_logger.isLoggable(Level.FINE)){
    _logger.log(Level.FINE,"Contents of X509 Certificate chain:");
            }
            for (int i = 0; i < certchain.length; i++) {
                certchain[i] = new X509CertImpl(derval[i]);
                if(_logger.isLoggable(Level.FINE)){
                _logger.log(Level.FINE,"    " + certchain[i].getSubjectDN().getName());
                }
            }
            if(_logger.isLoggable(Level.FINE)){