Certificate Attributes

July 1998

In JDK1.2 we provide an implementation of X.509 (version 3). The X509CertImpl class supports the following methods to manipulate the various attributes of a certificate:

     Object get(String name)
     void set(String name, Object value), and
     void delete(String name)

A list of all the X.509 v3 Certificate attributes that can be manipulated is provided in the following table. For example, if you want to get the signature component of the certificate:

     X509CertImpl cert;
     // get the certificate object
     byte[] sig = (byte[])cert.get("x509.signature");
                  // using the fully-qualified identifier
OR
     byte[] sig = (byte[])cert.get(X509CertImpl.SIG);
                  // using defined constants

sun.security.x509.X509CertImpl
Attribute Fully-qualified identifier Defined constants Type of Object returned
(in sun.security.x509 unless fully-qualified)

signatureAlgorithm x509.algorithm X509CertImpl.SIG_ALG AlgorithmId

signature x509.signature X509CertImpl.SIG byte[]

tbsCertificate x509.info X509CertInfo.IDENT X509CertInfo

version x509.info.version
x509.info.version.number CertificateVersion.IDENT
none CertificateVersion
java.lang.Integer

serialNumber x509.info.serialNumber
x509.info.serialNumber.number CertificateSerialNumber.IDENT
X509CertImpl.SERIAL_ID CertificateSerialNumber
SerialNumber

signature x509.info.algorithmID
x509.info.algorithmID.algorithm CertificateAlgorithmId.IDENT
none CertificateAlgorithmId
AlgorithmId

issuer x509.info.issuer
x509.info.issuer.dname none
X509CertImpl.ISSUER_DN X500Name
X500Name

validity
validity.notAfter
validity.notBefore x509.info.validity
x509.info.validity.notAfter
x509.info.validity.notBefore CertificateValidity.IDENT
none
none CertificateValidity
java.util.Date
java.util.Date

subject x509.info.subject
x509.info.subject.dname none
X509CertImpl.SUBJECT_DN X500Name
X500Name

subjectPublicKeyInfo x509.info.key
x509.info.key.value CertificateX509Key.IDENT
X509CertImpl.PUBLIC_KEY CertificateX509Key
X509Key

issuerUniqueID x509.info.issuerID
x509.info.issuerID.id none
none UniqueIdentity
UniqueIdentity

subjectUniqueID x509.info.subjectID
x509.info.subjectID.id none
none UniqueIdentity
UniqueIdentity

extensions x509.info.extensions CertificateExtensions.IDENT CertificateExtensions

X.509 V3 certificate extensions
Extension Extension attribute identifier Short form Type of Object returned

Authority Key Identifier x509.info.extensions.AuthorityKeyIdentifier AuthorityKeyIdentifierExtension.IDENT AuthorityKeyIdentifierExtension

Subject Key Identifier x509.info.extensions.SubjectKeyIdentifier SubjectKeyIdentifierExtension.IDENT SubjectKeyIdentifierExtension

Key Usage x509.info.extensions.KeyUsage KeyUsageExtension.IDENT KeyUsageExtension

Private Key Usage Period x509.info.extensions.PrivateKeyUsage PrivateKeyUsageExtension.IDENT PrivateKeyUsageExtension

Policy Mappings x509.info.extensions.PolicyMappings PolicyMappingsExtension.IDENT PolicyMappingsExtension

Subject Alternative Name x509.info.extensions.SubjectAlternativeName SubjectAlternativeNameExtension.IDENT SubjectAlternativeNameExtension

Issuer Alternative Name x509.info.extensions.IssuerAlternativeName IssuerAlternativeNameExtension.IDENT IssuerAlternativeNameExtension

Basic Constraints x509.info.extensions.BasicConstraints BasicConstraintsExtension.IDENT BasicConstraintsExtension

Name Constraints x509.info.extensions.NameConstraints NameConstraintsExtension.IDENT NameConstraintsExtension

Policy Constraints x509.info.extensions.PolicyConstraints PolicyConstraintsExtension.IDENT PolicyConstraintsExtension

Netscape Certificate Type x509.info.extensions.NetscapeCertType NetscapeCertTypeExtension.IDENT NetscapeCertTypeExtension

sun.security.x509.X509CertImpl
Attribute	Fully-qualified identifier	Defined constants	Type of Object returned (in sun.security.x509 unless fully-qualified)
signatureAlgorithm	x509.algorithm	X509CertImpl.SIG_ALG	AlgorithmId
signature	x509.signature	X509CertImpl.SIG	byte[]
tbsCertificate	x509.info	X509CertInfo.IDENT	X509CertInfo
version	x509.info.version x509.info.version.number	CertificateVersion.IDENT none	CertificateVersion java.lang.Integer
serialNumber	x509.info.serialNumber x509.info.serialNumber.number	CertificateSerialNumber.IDENT X509CertImpl.SERIAL_ID	CertificateSerialNumber SerialNumber
signature	x509.info.algorithmID x509.info.algorithmID.algorithm	CertificateAlgorithmId.IDENT none	CertificateAlgorithmId AlgorithmId
issuer	x509.info.issuer x509.info.issuer.dname	none X509CertImpl.ISSUER_DN	X500Name X500Name
validity validity.notAfter validity.notBefore	x509.info.validity x509.info.validity.notAfter x509.info.validity.notBefore	CertificateValidity.IDENT none none	CertificateValidity java.util.Date java.util.Date
subject	x509.info.subject x509.info.subject.dname	none X509CertImpl.SUBJECT_DN	X500Name X500Name
subjectPublicKeyInfo	x509.info.key x509.info.key.value	CertificateX509Key.IDENT X509CertImpl.PUBLIC_KEY	CertificateX509Key X509Key
issuerUniqueID	x509.info.issuerID x509.info.issuerID.id	none none	UniqueIdentity UniqueIdentity
subjectUniqueID	x509.info.subjectID x509.info.subjectID.id	none none	UniqueIdentity UniqueIdentity
extensions	x509.info.extensions	CertificateExtensions.IDENT	CertificateExtensions

X.509 V3 certificate extensions
Extension	Extension attribute identifier	Short form	Type of Object returned
Authority Key Identifier	x509.info.extensions.AuthorityKeyIdentifier	AuthorityKeyIdentifierExtension.IDENT	AuthorityKeyIdentifierExtension
Subject Key Identifier	x509.info.extensions.SubjectKeyIdentifier	SubjectKeyIdentifierExtension.IDENT	SubjectKeyIdentifierExtension
Key Usage	x509.info.extensions.KeyUsage	KeyUsageExtension.IDENT	KeyUsageExtension
Private Key Usage Period	x509.info.extensions.PrivateKeyUsage	PrivateKeyUsageExtension.IDENT	PrivateKeyUsageExtension
Policy Mappings	x509.info.extensions.PolicyMappings	PolicyMappingsExtension.IDENT	PolicyMappingsExtension
Subject Alternative Name	x509.info.extensions.SubjectAlternativeName	SubjectAlternativeNameExtension.IDENT	SubjectAlternativeNameExtension
Issuer Alternative Name	x509.info.extensions.IssuerAlternativeName	IssuerAlternativeNameExtension.IDENT	IssuerAlternativeNameExtension
Basic Constraints	x509.info.extensions.BasicConstraints	BasicConstraintsExtension.IDENT	BasicConstraintsExtension
Name Constraints	x509.info.extensions.NameConstraints	NameConstraintsExtension.IDENT	NameConstraintsExtension
Policy Constraints	x509.info.extensions.PolicyConstraints	PolicyConstraintsExtension.IDENT	PolicyConstraintsExtension
Netscape Certificate Type	x509.info.extensions.NetscapeCertType	NetscapeCertTypeExtension.IDENT	NetscapeCertTypeExtension

Extensions can be added by implementing the sun.security.x509.CertAttrSet interface and subclassing sun.security.x509.Extension class. Register the new extension using the OIDMap class. The following extensions are not currently supported from the PKIX profile:

Name ObjectIdentifier

CertificatePolicies 2.5.29.32