Chris Rathman / Chris.Rathman@tx.rr.com

/************************************************************************
 *                                                                      *
 * #java.security.cert                                                  *
 *                                                                      *
 *    Interfaces:                                                       *
 *       X509Extension                                                  *
 *                                                                      *
 *    Classes:                                                          *
 *       Certificate                    X509Certificate                 *
 *       CertificateFactory             X509CRL                         *
 *       CertificateFactorySpi          X509CRLEntry                    *
 *       CRL                                                            *
 *                                                                      *
 *    Exceptions:                                                       *
 *       CertificateEncodingException   CertificateNotYetValidException *
 *       CertificateException           CertificateParsingException     *
 *       CertificateExpiredException    CRLException                    *
 *                                                                      *
 ************************************************************************/
package Test.Chris;
import java.security.cert.*;

public class Java_security_cert {

   public static void main(String[] args) {
      Java_security_cert obj = new Java_security_cert();
      obj.exercise();
      System.exit(0);
   }

   public void exercise() {
      certificate();
      certificatefactory();
      certificatefactoryspi();
      crl();
      x509certificate();
      x509crl();
      x509crlentry();
      x509extension();
   }

   /*********************************************************************
    *                                                                   *
    * Certificate:                                                      *
    *                                                                   *
    *    Desc:                                                          *
    *                                                                   *
    *    Methods:                                                       *
    *       equals               getType            toString            *
    *       getEncoded           hashCode           verify              *
    *       getPublicKey                                                *
    *                                                                   *
    *********************************************************************/
   void certificate() {
      boolean b;
      String s;
      int i;
      byte[] x;
      java.io.FileInputStream ios;
      java.security.KeyStore ks;
      java.security.PublicKey k;
      Certificate c;
      Certificate d;

      try {
         ios = new java.io.FileInputStream("c:/java/jdk/CUSkeystore");
         ks = java.security.KeyStore.getInstance("JKS");
         ks.load(ios, null);
         c = ks.getCertificate("critter");
         d = ks.getCertificate("critter");

         s = c.getType();               // type of this certificate
         k = c.getPublicKey();          // public key from this certificate
         c.verify(k);                   // verifies certificate was signed using the private key
         c.verify(k, "SUN");            // verifies certificate was signed using the private key
         x = c.getEncoded();            // encoded form of this certificate
         b = c.equals(c);               // compares certificates for equality
         s = c.toString();              // string representation
         i = c.hashCode();              // hashcode value

         ios.close();

      } catch(java.security.KeyStoreException e) {
         System.out.println(e);
      } catch(java.security.NoSuchAlgorithmException e) {
         System.out.println(e);
      } catch(java.security.NoSuchProviderException e) {
         System.out.println(e);
      } catch(java.security.SignatureException e) {
         System.out.println(e);
      } catch(java.security.InvalidKeyException e) {
         System.out.println(e);
      } catch(CertificateException e) {
         System.out.println(e);
      } catch(java.io.FileNotFoundException e) {
         System.out.println(e);
      } catch(java.io.IOException e) {
         System.out.println(e);
      }
   }

   /*********************************************************************
    *                                                                   *
    * CertificateFactory:                                               *
    *                                                                   *
    *    Desc:                                                          *
    *                                                                   *
    *    Methods:                                                       *
    *       generateCertificate  generateCRLs       getProvider         *
    *       generateCRL          getInstance        getType             *
    *                                                                   *
    *********************************************************************/
   void certificatefactory() {
   /* TO BE DETERMINED
      Certificate generateCertificate(InputStream inStream) // Generates a certificate object and initializes it with the data read from the input stream inStream.
      Collection generateCertificates(InputStream inStream) // Returns a (possibly empty) collection view of the certificates read from the given input stream inStream.
      CRL generateCRL(InputStream inStream)                 // Generates a certificate revocation list (CRL) object and initializes it with the data read from the input stream inStream.
      Collection generateCRLs(InputStream inStream)         // Returns a (possibly empty) collection view of the CRLs read from the given input stream inStream.
      static CertificateFactory getInstance(String type)    // Generates a certificate factory object that implements the specified certificate type.
      static CertificateFactory getInstance(String type, String provider) // Generates a certificate factory object for the specified certificate type from the specified provider.
      Provider getProvider()                                // Returns the provider of this certificate factory.
      String getType()                                      // Returns the name of the certificate type associated with this certificate factory.
   */
   }

   /*********************************************************************
    *                                                                   *
    * CertificateFactorySpi:                                            *
    *                                                                   *
    *    Desc:                                                          *
    *                                                                   *
    *    Methods:                                                       *
    *       engineGenerateCertificate        engineGenerateCRLs         *
    *       engineGenerateCRL                                           *
    *                                                                   *
    *********************************************************************/
   void certificatefactoryspi() {
   /* TO BE DETERMINED
      abstract Certificate engineGenerateCertificate(InputStream inStream) // Generates a certificate object and initializes it with the data read from the input stream inStream.
      abstract Collection engineGenerateCertificates(InputStream inStream) // Returns a (possibly empty) collection view of the certificates read from the given input stream inStream.
      abstract CRL engineGenerateCRL(InputStream inStream) // Generates a certificate revocation list (CRL) object and initializes it with the data read from the input stream inStream.
      abstract Collection engineGenerateCRLs(InputStream inStream) // Returns a (possibly empty) collection view of the CRLs read from the given input stream inStream.
   */
   }

   /*********************************************************************
    *                                                                   *
    * CRL:                                                              *
    *                                                                   *
    *    Desc:                                                          *
    *                                                                   *
    *    Methods:                                                       *
    *       getType              isRevoked          toString            *
    *                                                                   *
    *********************************************************************/
   void crl() {
   /*
      java.io.FileInputStream ios;
      CertificateFactory cf;
      CRL crl;

      try {
         ios = new java.io.FileInputStream("fileName-of-crl");
         cf = CertificateFactory.getInstance("X.509");
         crl = (CRL)cf.generateCRL(ios);

         ios.close();

      } catch(CRLException e) {
         System.out.println(e);
      } catch(CertificateException e) {
         System.out.println(e);
      } catch(java.io.FileNotFoundException e) {
         System.out.println(e);
      } catch(java.io.IOException e) {
         System.out.println(e);
      }
   */

   /* TO BE DETERMINED
      String getType() // Returns the type of this CRL.
      abstract boolean isRevoked(Certificate cert) // Checks whether the given certificate is on this CRL.
      abstract String toString() // Returns a string representation of this CRL.
     */
   }

   /*********************************************************************
    *                                                                   *
    * X509Certificate:                                                  *
    *                                                                   *
    *    Desc:                                                          *
    *                                                                   *
    *    Methods:                                                       *
    *       checkValidity        getNotBefore       getSubjectDN        *
    *       getBasicConstraints  getSerialNumber    getSubjectUniqueID  *
    *       getIssuerDN          getSigAlgName      getTBSCertificate   *
    *       getIssuerUniqueID    getSigAlgOID       getVersion          *
    *       getKeyUsage          getSigAlgParams                        *
    *       getNotAfter          getSignature                           *
    *                                                                   *
    *********************************************************************/
   void x509certificate() {
      String s;
      int i;
      boolean[] x;
      byte[] y;
      java.math.BigInteger j;
      java.util.Date d;
      java.io.FileInputStream ios;
      java.security.KeyStore ks;
      java.security.Principal p;
      X509Certificate c;

      try {
         ios = new java.io.FileInputStream("c:/java/jdk/CUSkeystore");
         ks = java.security.KeyStore.getInstance("JKS");
         ks.load(ios, null);
         c = (X509Certificate)ks.getCertificate("critter");

         d = c.getNotBefore();          // Gets the notBefore date from the validity period of the certificate.
         d = c.getNotAfter();           // Gets the notAfter date from the validity period of the certificate.
//       c.checkValidity();             // Checks that the certificate is currently valid
         c.checkValidity(d);            // Checks that the given date is within the certificate's validity period.
         i = c.getVersion();            // Gets the version (version number) value from the certificate.
         i = c.getBasicConstraints();   // Gets the certificate constraints path length from the critical BasicConstraints extension, (OID = 2.5.29.19).
         j = c.getSerialNumber();       // Gets the serialNumber value from the certificate.
         s = c.getSigAlgName();         // Gets the signature algorithm name for the certificate signature algorithm.
         s = c.getSigAlgOID();          // Gets the signature algorithm OID string from the certificate.
         p = c.getIssuerDN();           // Gets the issuer (issuer distinguished name) value from the certificate.
         p = c.getSubjectDN();          // Gets the subject (subject distinguished name) value from the certificate.

         x = c.getKeyUsage();           // bits of the KeyUsage extension (null?)
         x = c.getIssuerUniqueID();     // issuerUniqueID value from the certificate (null?)
         x = c.getSubjectUniqueID();    // subjectUniqueID value from the certificate (null?)
         y = c.getSignature();          // signature value - the raw signature bits
         y = c.getSigAlgParams();       // DER-encoded signature algorithm parameters (null?)
         y = c.getTBSCertificate();     // DER-encoded certificate information

         ios.close();

      } catch(java.security.KeyStoreException e) {
         System.out.println(e);
      } catch(java.security.NoSuchAlgorithmException e) {
         System.out.println(e);
      } catch(CertificateException e) {
         System.out.println(e);
      } catch(java.io.FileNotFoundException e) {
         System.out.println(e);
      } catch(java.io.IOException e) {
         System.out.println(e);
      }
   }

   /*********************************************************************
    *                                                                   *
    * X509CRL:                                                          *
    *                                                                   *
    *    Desc:                                                          *
    *                                                                   *
    *    Methods:                                                       *
    *       equals                           getSigAlgParams            *
    *       getEncoded                       getSignature               *
    *       getIssuerDN                      getTBSCertList             *
    *       getNextUpdate                    getThisUpdate              *
    *       getRevokedCertificate            getVersion                 *
    *       getRevokedCertificates           hashCode                   *
    *       getSigAlgName                    verify                     *
    *       getSigAlgOID                                                *
    *                                                                   *
    *********************************************************************/
   void x509crl() {
   /* TO BE DETERMINED
      boolean equals(Object other) // Compares this CRL for equality with the given object.
      abstract byte[] getEncoded() // Returns the ASN.1 DER-encoded form of this CRL.
      abstract Principal getIssuerDN() // Gets the issuer (issuer distinguished name) value from the CRL.
      abstract Date getNextUpdate() // Gets the nextUpdate date from the CRL.
      abstract X509CRLEntry getRevokedCertificate(BigInteger serialNumber) // Gets the CRL entry with the given serialNumber from this CRL.
      abstract Set getRevokedCertificates() // Gets all the entries from this CRL.
      abstract String getSigAlgName() // Gets the signature algorithm name for the CRL signature algorithm.
      abstract String getSigAlgOID() // Gets the signature algorithm OID string from the CRL.
      abstract byte[] getSigAlgParams() // Gets the DER-encoded signature algorithm parameters from this CRL's signature algorithm.
      abstract byte[] getSignature() // Gets the signature value (the raw signature bits) from the CRL.
      abstract byte[] getTBSCertList() // Gets the DER-encoded CRL information, the tbsCertList from this CRL.
      abstract Date getThisUpdate() // Gets the thisUpdate date from the CRL.
      abstract int getVersion() // Gets the version (version number) value from the CRL.

      int hashCode() // Returns a hashcode value for this CRL from its encoded form.
      abstract void verify(PublicKey key) // Verifies that this CRL was signed using the private key that corresponds to the given public key.
      abstract void verify(PublicKey key, String sigProvider) // Verifies that this CRL was signed using the private key that corresponds to the given public key.
   */
   }

   /*********************************************************************
    *                                                                   *
    * X509CRLEntry:                                                     *
    *                                                                   *
    *    Desc:                                                          *
    *                                                                   *
    *    Methods:                                                       *
    *       equals               getSerialNumber    hashCode            *
    *       getEncoded           hasExtensions      toString            *
    *       getRevocationDate                                           *
    *                                                                   *
    *********************************************************************/
   void x509crlentry() {
   /* TO BE DETERMINED
      boolean equals(Object other) // Compares this CRL entry for equality with the given object.
      abstract byte[] getEncoded() // Returns the ASN.1 DER-encoded form of this CRL Entry, that is the inner SEQUENCE.
      abstract Date getRevocationDate() // Gets the revocation date from this X509CRLEntry, the revocationDate.
      abstract BigInteger getSerialNumber() // Gets the serial number from this X509CRLEntry, the userCertificate.
      abstract boolean hasExtensions() // Returns true if this CRL entry has extensions.
      int hashCode() // Returns a hashcode value for this CRL entry from its encoded form.
      abstract String toString() // Returns a string representation of this CRL entry.
    */
   }

   /*********************************************************************
    *                                                                   *
    * X509Extension:                                                    *
    *                                                                   *
    *    Desc:                                                          *
    *                                                                   *
    *    Methods:                                                       *
    *       getCriticalExtensionOIDs   getNonCriticalExtensionOIDs      *
    *       getExtensionValue          hasUnsupportedCriticalExtension  *
    *                                                                   *
    *********************************************************************/
   void x509extension() {
      boolean b;
      byte[] x;
      java.util.Set y;
      java.io.FileInputStream ios;
      java.security.KeyStore ks;
      X509Extension c;

      try {
         ios = new java.io.FileInputStream("c:/java/jdk/CUSkeystore");
         ks = java.security.KeyStore.getInstance("JKS");
         ks.load(ios, null);
         c = (X509Extension)ks.getCertificate("critter");

         b = c.hasUnsupportedCriticalExtension(); // test if critical extension found that is not supported
         y = c.getCriticalExtensionOIDs();        // OID strings for the extensions marked CRITICAL
         y = c.getNonCriticalExtensionOIDs();     // OID strings for the extensions marked NON-CRITICAL
         x = c.getExtensionValue("oid?");         // DER-encoded OCTET string for the extension value

      } catch(java.security.KeyStoreException e) {
         System.out.println(e);
      } catch(java.security.NoSuchAlgorithmException e) {
         System.out.println(e);
      } catch(CertificateException e) {
         System.out.println(e);
      } catch(java.io.FileNotFoundException e) {
         System.out.println(e);
      } catch(java.io.IOException e) {
         System.out.println(e);
      }
   }
}

Chris Rathman / Chris.Rathman@tx.rr.com