Return the version of the X509 specification that this certificate was created with. For the Sun implementation, this will be version 3. public abstract BigInteger getSerialNumber Return the serial number of the certificate. public abstract Principal getIssuerDN Extract the distinguished name of the certificate authority from the certificate and use that name to instantiate a principal object. public abstract Principal getSubjectDN Extract the distinguished name of the subject entity in the certificate and use that name to instantiate a principal object. public abstract Date getNotBefore Return the first date on which the certificate is valid. public abstract Date getNotAfter Return the date after which the certificate is invalid. From a programmatic view, these are the most useful of the attributes of a certificate. If your X509 certificate is contained in the file sdo.cer, you could import and print out information about the certificate as follows: package javasec.samples.ch09; import java.security.cert.; import java.io.; public class PrintCert { public static void mainString args[] { try { FileInputStream fr = new FileInputStreamsdo.cer; CertificateFactory cf = CertificateFactory.getInstanceX509; X509Certificate c = X509Certificate cf.generateCertificatefr; System.out.printlnRead in the following certificate:; System.out.println\tCertificate for: + c.getSubjectDN ; System.out.println\tCertificate issued by: + c.getIssuerDN ; System.out.println\tThe certificate is valid from + c.getNotBefore + to + c.getNotAfter ; System.out.println\tCertificate SN + c.getSerialNumber ; System.out.println\tGenerated with + c.getSigAlgName ; } catch Exception e { e.printStackTrace ; } } } Running this program would produce the following output: piccolo java −classpath ...... javasec.samples.ch09.PrintCert Read in the following certificate: Certificate for: CN=Scott Oaks, OU=SMCC, O=Sun, L=NY, ST=NY, C=US Certificate issued by: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA The certificate is valid from Wed Apr 19 14:01:51 EDT 2000 to Sat May 20 14:01:51 EDT 2000 Certificate SN 6042116 Generated with MD5withRSA

9.4.4 Advanced X509Certificate Methods

There are a number of other methods of the X509Certificate class. For the purposes of this book, these methods are not generally useful; they enable you to perform more introspection on the certificate itself. Well list these methods here simply as a matter of record. public abstract byte[] getTBSCertificate Get the DER−encoded TBS certificate. The TBS certificate is the body of the actual certificate; it contains all the naming and key information held in the certificate. The only information in the actual certificate that is not held in the TBS certificate is the name of the algorithm used to sign the certificate and the signature itself. The TBS certificate is used as the input data to the signature algorithm when the certificate is signed or verified. public abstract byte[] getSignature Get the raw signature bytes of the certificate. These bytes could be used to verify the signature explicitly e.g., using the methods well describe in Chapter 12 instead of relying upon the verify method to do so. public abstract String getSigAlgName Return the name of the algorithm that was used to sign the certificate. For the Sun implementation, this will always be SHA1withDSA . public String getSigAlgOID Return the OID of the signature algorithm used to produce the certificate. public abstract byte[] getSigAlgParams Return the DER−encoded parameters that were used to generate the signature. In general, this will return null since the parameters are usually specified by the certificate authoritys public key. public abstract byte[] getIssuerUniqueID Return the unique identifier for the issuer of the certificate. The presence of a unique identifier for each issuer allows the names to be reused, although in general it is recommended that certificates not make use of the unique identifier. Chapter 9. Keys and Certificates