KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > java > security > cert > X509Certificate


1 /*
2  * @(#)X509Certificate.java 1.39 03/12/19
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7  
8 package java.security.cert;
9
10 import java.math.BigInteger JavaDoc;
11 import java.security.Principal JavaDoc;
12 import java.security.PublicKey JavaDoc;
13 import java.util.Collection JavaDoc;
14 import java.util.Date JavaDoc;
15 import java.util.List JavaDoc;
16 import javax.security.auth.x500.X500Principal JavaDoc;
17
18 import sun.security.x509.X509CertImpl;
19
20 /**
21  * <p>
22  * Abstract class for X.509 certificates. This provides a standard
23  * way to access all the attributes of an X.509 certificate.
24  * <p>
25  * In June of 1996, the basic X.509 v3 format was completed by
26  * ISO/IEC and ANSI X9, which is described below in ASN.1:
27  * <pre>
28  * Certificate ::= SEQUENCE {
29  * tbsCertificate TBSCertificate,
30  * signatureAlgorithm AlgorithmIdentifier,
31  * signature BIT STRING }
32  * </pre>
33  * <p>
34  * These certificates are widely used to support authentication and
35  * other functionality in Internet security systems. Common applications
36  * include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL),
37  * code signing for trusted software distribution, and Secure Electronic
38  * Transactions (SET).
39  * <p>
40  * These certificates are managed and vouched for by <em>Certificate
41  * Authorities</em> (CAs). CAs are services which create certificates by
42  * placing data in the X.509 standard format and then digitally signing
43  * that data. CAs act as trusted third parties, making introductions
44  * between principals who have no direct knowledge of each other.
45  * CA certificates are either signed by themselves, or by some other
46  * CA such as a "root" CA.
47  * <p>
48  * More information can be found in RFC 2459,
49  * "Internet X.509 Public Key Infrastructure Certificate and CRL
50  * Profile" at <A HREF="http://www.ietf.org/rfc/rfc2459.txt">
51  * http://www.ietf.org/rfc/rfc2459.txt </A>.
52  * <p>
53  * The ASN.1 definition of <code>tbsCertificate</code> is:
54  * <pre>
55  * TBSCertificate ::= SEQUENCE {
56  * version [0] EXPLICIT Version DEFAULT v1,
57  * serialNumber CertificateSerialNumber,
58  * signature AlgorithmIdentifier,
59  * issuer Name,
60  * validity Validity,
61  * subject Name,
62  * subjectPublicKeyInfo SubjectPublicKeyInfo,
63  * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
64  * -- If present, version must be v2 or v3
65  * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
66  * -- If present, version must be v2 or v3
67  * extensions [3] EXPLICIT Extensions OPTIONAL
68  * -- If present, version must be v3
69  * }
70  * </pre>
71  * <p>
72  * Certificates are instantiated using a certificate factory. The following is
73  * an example of how to instantiate an X.509 certificate:
74  * <pre>
75  * InputStream inStream = new FileInputStream("fileName-of-cert");
76  * CertificateFactory cf = CertificateFactory.getInstance("X.509");
77  * X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
78  * inStream.close();
79  * </pre>
80  *
81  * @author Hemma Prafullchandra
82  *
83  * @version 1.39
84  *
85  * @see Certificate
86  * @see CertificateFactory
87  * @see X509Extension
88  */
89
90 public abstract class X509Certificate extends Certificate JavaDoc
91 implements X509Extension JavaDoc {
92
93     private static final long serialVersionUID = -2491127588187038216L;
94
95     private transient X500Principal JavaDoc subjectX500Principal, issuerX500Principal;
96
97     /**
98      * Constructor for X.509 certificates.
99      */
100     protected X509Certificate() {
101     super("X.509");
102     }
103
104     /**
105      * Checks that the certificate is currently valid. It is if
106      * the current date and time are within the validity period given in the
107      * certificate.
108      * <p>
109      * The validity period consists of two date/time values:
110      * the first and last dates (and times) on which the certificate
111      * is valid. It is defined in
112      * ASN.1 as:
113      * <pre>
114      * validity Validity<p>
115      * Validity ::= SEQUENCE {
116      * notBefore CertificateValidityDate,
117      * notAfter CertificateValidityDate }<p>
118      * CertificateValidityDate ::= CHOICE {
119      * utcTime UTCTime,
120      * generalTime GeneralizedTime }
121      * </pre>
122      *
123      * @exception CertificateExpiredException if the certificate has expired.
124      * @exception CertificateNotYetValidException if the certificate is not
125      * yet valid.
126      */
127     public abstract void checkValidity()
128         throws CertificateExpiredException JavaDoc, CertificateNotYetValidException JavaDoc;
129
130     /**
131      * Checks that the given date is within the certificate's
132      * validity period. In other words, this determines whether the
133      * certificate would be valid at the given date/time.
134      *
135      * @param date the Date to check against to see if this certificate
136      * is valid at that date/time.
137      *
138      * @exception CertificateExpiredException if the certificate has expired
139      * with respect to the <code>date</code> supplied.
140      * @exception CertificateNotYetValidException if the certificate is not
141      * yet valid with respect to the <code>date</code> supplied.
142      *
143      * @see #checkValidity()
144      */
145     public abstract void checkValidity(Date JavaDoc date)
146         throws CertificateExpiredException JavaDoc, CertificateNotYetValidException JavaDoc;
147
148     /**
149      * Gets the <code>version</code> (version number) value from the
150      * certificate.
151      * The ASN.1 definition for this is:
152      * <pre>
153      * version [0] EXPLICIT Version DEFAULT v1<p>
154      * Version ::= INTEGER { v1(0), v2(1), v3(2) }
155      * </pre>
156      * @return the version number, i.e. 1, 2 or 3.
157      */
158     public abstract int getVersion();
159
160     /**
161      * Gets the <code>serialNumber</code> value from the certificate.
162      * The serial number is an integer assigned by the certification
163      * authority to each certificate. It must be unique for each
164      * certificate issued by a given CA (i.e., the issuer name and
165      * serial number identify a unique certificate).
166      * The ASN.1 definition for this is:
167      * <pre>
168      * serialNumber CertificateSerialNumber<p>
169      *
170      * CertificateSerialNumber ::= INTEGER
171      * </pre>
172      *
173      * @return the serial number.
174      */
175     public abstract BigInteger JavaDoc getSerialNumber();
176
177     /**
178      * <strong>Denigrated</strong>, replaced by {@linkplain
179      * #getIssuerX500Principal()}. This method returns the <code>issuer</code>
180      * as an implementation specific Principal object, which should not be
181      * relied upon by portable code.
182      *
183      * <p>
184      * Gets the <code>issuer</code> (issuer distinguished name) value from
185      * the certificate. The issuer name identifies the entity that signed (and
186      * issued) the certificate.
187      *
188      * <p>The issuer name field contains an
189      * X.500 distinguished name (DN).
190      * The ASN.1 definition for this is:
191      * <pre>
192      * issuer Name<p>
193      *
194      * Name ::= CHOICE { RDNSequence }
195      * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
196      * RelativeDistinguishedName ::=
197      * SET OF AttributeValueAssertion
198      *
199      * AttributeValueAssertion ::= SEQUENCE {
200      * AttributeType,
201      * AttributeValue }
202      * AttributeType ::= OBJECT IDENTIFIER
203      * AttributeValue ::= ANY
204      * </pre>
205      * The <code>Name</code> describes a hierarchical name composed of
206      * attributes,
207      * such as country name, and corresponding values, such as US.
208      * The type of the <code>AttributeValue</code> component is determined by
209      * the <code>AttributeType</code>; in general it will be a
210      * <code>directoryString</code>. A <code>directoryString</code> is usually
211      * one of <code>PrintableString</code>,
212      * <code>TeletexString</code> or <code>UniversalString</code>.
213      *
214      * @return a Principal whose name is the issuer distinguished name.
215      */
216     public abstract Principal JavaDoc getIssuerDN();
217
218     /**
219      * Returns the issuer (issuer distinguished name) value from the
220      * certificate as an <code>X500Principal</code>.
221      * <p>
222      * It is recommended that subclasses override this method.
223      *
224      * @return an <code>X500Principal</code> representing the issuer
225      * distinguished name
226      * @since 1.4
227      */
228     public X500Principal JavaDoc getIssuerX500Principal() {
229         if (issuerX500Principal == null) {
230         issuerX500Principal = X509CertImpl.getIssuerX500Principal(this);
231     }
232     return issuerX500Principal;
233     }
234
235     /**
236      * <strong>Denigrated</strong>, replaced by {@linkplain
237      * #getSubjectX500Principal()}. This method returns the <code>subject</code>
238      * as an implementation specific Principal object, which should not be
239      * relied upon by portable code.
240      *
241      * <p>
242      * Gets the <code>subject</code> (subject distinguished name) value
243      * from the certificate. If the <code>subject</code> value is empty,
244      * then the <code>getName()</code> method of the returned
245      * <code>Principal</code> object returns an empty string ("").
246      *
247      * <p> The ASN.1 definition for this is:
248      * <pre>
249      * subject Name
250      * </pre>
251      *
252      * <p>See {@link #getIssuerDN() getIssuerDN} for <code>Name</code>
253      * and other relevant definitions.
254      *
255      * @return a Principal whose name is the subject name.
256      */
257     public abstract Principal JavaDoc getSubjectDN();
258
259     /**
260      * Returns the subject (subject distinguished name) value from the
261      * certificate as an <code>X500Principal</code>. If the subject value
262      * is empty, then the <code>getName()</code> method of the returned
263      * <code>X500Principal</code> object returns an empty string ("").
264      * <p>
265      * It is recommended that subclasses override this method.
266      *
267      * @return an <code>X500Principal</code> representing the subject
268      * distinguished name
269      * @since 1.4
270      */
271     public X500Principal JavaDoc getSubjectX500Principal() {
272         if (subjectX500Principal == null) {
273         subjectX500Principal = X509CertImpl.getSubjectX500Principal(this);
274     }
275     return subjectX500Principal;
276     }
277
278     /**
279      * Gets the <code>notBefore</code> date from the validity period of
280      * the certificate.
281      * The relevant ASN.1 definitions are:
282      * <pre>
283      * validity Validity<p>
284      *
285      * Validity ::= SEQUENCE {
286      * notBefore CertificateValidityDate,
287      * notAfter CertificateValidityDate }<p>
288      * CertificateValidityDate ::= CHOICE {
289      * utcTime UTCTime,
290      * generalTime GeneralizedTime }
291      * </pre>
292      *
293      * @return the start date of the validity period.
294      * @see #checkValidity
295      */
296     public abstract Date JavaDoc getNotBefore();
297
298     /**
299      * Gets the <code>notAfter</code> date from the validity period of
300      * the certificate. See {@link #getNotBefore() getNotBefore}
301      * for relevant ASN.1 definitions.
302      *
303      * @return the end date of the validity period.
304      * @see #checkValidity
305      */
306     public abstract Date JavaDoc getNotAfter();
307
308     /**
309      * Gets the DER-encoded certificate information, the
310      * <code>tbsCertificate</code> from this certificate.
311      * This can be used to verify the signature independently.
312      *
313      * @return the DER-encoded certificate information.
314      * @exception CertificateEncodingException if an encoding error occurs.
315      */
316     public abstract byte[] getTBSCertificate()
317         throws CertificateEncodingException JavaDoc;
318
319     /**
320      * Gets the <code>signature</code> value (the raw signature bits) from
321      * the certificate.
322      * The ASN.1 definition for this is:
323      * <pre>
324      * signature BIT STRING
325      * </pre>
326      *
327      * @return the signature.
328      */
329     public abstract byte[] getSignature();
330
331     /**
332      * Gets the signature algorithm name for the certificate
333      * signature algorithm. An example is the string "SHA-1/DSA".
334      * The ASN.1 definition for this is:
335      * <pre>
336      * signatureAlgorithm AlgorithmIdentifier<p>
337      * AlgorithmIdentifier ::= SEQUENCE {
338      * algorithm OBJECT IDENTIFIER,
339      * parameters ANY DEFINED BY algorithm OPTIONAL }
340      * -- contains a value of the type
341      * -- registered for use with the
342      * -- algorithm object identifier value
343      * </pre>
344      *
345      * <p>The algorithm name is determined from the <code>algorithm</code>
346      * OID string.
347      *
348      * @return the signature algorithm name.
349      */
350     public abstract String JavaDoc getSigAlgName();
351
352     /**
353      * Gets the signature algorithm OID string from the certificate.
354      * An OID is represented by a set of nonnegative whole numbers separated
355      * by periods.
356      * For example, the string "1.2.840.10040.4.3" identifies the SHA-1
357      * with DSA signature algorithm, as per RFC 2459.
358      *
359      * <p>See {@link #getSigAlgName() getSigAlgName} for
360      * relevant ASN.1 definitions.
361      *
362      * @return the signature algorithm OID string.
363      */
364     public abstract String JavaDoc getSigAlgOID();
365
366     /**
367      * Gets the DER-encoded signature algorithm parameters from this
368      * certificate's signature algorithm. In most cases, the signature
369      * algorithm parameters are null; the parameters are usually
370      * supplied with the certificate's public key.
371      * If access to individual parameter values is needed then use
372      * {@link java.security.AlgorithmParameters AlgorithmParameters}
373      * and instantiate with the name returned by
374      * {@link #getSigAlgName() getSigAlgName}.
375      *
376      * <p>See {@link #getSigAlgName() getSigAlgName} for
377      * relevant ASN.1 definitions.
378      *
379      * @return the DER-encoded signature algorithm parameters, or
380      * null if no parameters are present.
381      */
382     public abstract byte[] getSigAlgParams();
383
384     /**
385      * Gets the <code>issuerUniqueID</code> value from the certificate.
386      * The issuer unique identifier is present in the certificate
387      * to handle the possibility of reuse of issuer names over time.
388      * RFC 2459 recommends that names not be reused and that
389      * conforming certificates not make use of unique identifiers.
390      * Applications conforming to that profile should be capable of
391      * parsing unique identifiers and making comparisons.
392      *
393      * <p>The ASN.1 definition for this is:
394      * <pre>
395      * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL<p>
396      * UniqueIdentifier ::= BIT STRING
397      * </pre>
398      *
399      * @return the issuer unique identifier or null if it is not
400      * present in the certificate.
401      */
402     public abstract boolean[] getIssuerUniqueID();
403
404     /**
405      * Gets the <code>subjectUniqueID</code> value from the certificate.
406      *
407      * <p>The ASN.1 definition for this is:
408      * <pre>
409      * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL<p>
410      * UniqueIdentifier ::= BIT STRING
411      * </pre>
412      *
413      * @return the subject unique identifier or null if it is not
414      * present in the certificate.
415      */
416     public abstract boolean[] getSubjectUniqueID();
417    
418     /**
419      * Gets a boolean array representing bits of
420      * the <code>KeyUsage</code> extension, (OID = 2.5.29.15).
421      * The key usage extension defines the purpose (e.g., encipherment,
422      * signature, certificate signing) of the key contained in the
423      * certificate.
424      * The ASN.1 definition for this is:
425      * <pre>
426      * KeyUsage ::= BIT STRING {
427      * digitalSignature (0),
428      * nonRepudiation (1),
429      * keyEncipherment (2),
430      * dataEncipherment (3),
431      * keyAgreement (4),
432      * keyCertSign (5),
433      * cRLSign (6),
434      * encipherOnly (7),
435      * decipherOnly (8) }
436      * </pre>
437      * RFC 2459 recommends that when used, this be marked
438      * as a critical extension.
439      *
440      * @return the KeyUsage extension of this certificate, represented as
441      * an array of booleans. The order of KeyUsage values in the array is
442      * the same as in the above ASN.1 definition. The array will contain a
443      * value for each KeyUsage defined above. If the KeyUsage list encoded
444      * in the certificate is longer than the above list, it will not be
445      * truncated. Returns null if this certificate does not
446      * contain a KeyUsage extension.
447      */
448     public abstract boolean[] getKeyUsage();
449     
450     /**
451      * Gets an unmodifiable list of Strings representing the OBJECT
452      * IDENTIFIERs of the <code>ExtKeyUsageSyntax</code> field of the
453      * extended key usage extension, (OID = 2.5.29.37). It indicates
454      * one or more purposes for which the certified public key may be
455      * used, in addition to or in place of the basic purposes
456      * indicated in the key usage extension field. The ASN.1
457      * definition for this is:
458      * <pre>
459      * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId<p>
460      *
461      * KeyPurposeId ::= OBJECT IDENTIFIER<p>
462      * </pre>
463      *
464      * Key purposes may be defined by any organization with a
465      * need. Object identifiers used to identify key purposes shall be
466      * assigned in accordance with IANA or ITU-T Rec. X.660 |
467      * ISO/IEC/ITU 9834-1.
468      * <p>
469      * This method was added to version 1.4 of the Java 2 Platform Standard
470      * Edition. In order to maintain backwards compatibility with existing
471      * service providers, this method is not <code>abstract</code>
472      * and it provides a default implementation. Subclasses
473      * should override this method with a correct implementation.
474      *
475      * @return the ExtendedKeyUsage extension of this certificate,
476      * as an unmodifiable list of object identifiers represented
477      * as Strings. Returns null if this certificate does not
478      * contain an ExtendedKeyUsage extension.
479      * @throws CertificateParsingException if the extension cannot be decoded
480      * @since 1.4
481      */
482     public List JavaDoc<String JavaDoc> getExtendedKeyUsage() throws CertificateParsingException JavaDoc {
483     return X509CertImpl.getExtendedKeyUsage(this);
484     }
485
486     /**
487      * Gets the certificate constraints path length from the
488      * critical <code>BasicConstraints</code> extension, (OID = 2.5.29.19).
489      * <p>
490      * The basic constraints extension identifies whether the subject
491      * of the certificate is a Certificate Authority (CA) and
492      * how deep a certification path may exist through that CA. The
493      * <code>pathLenConstraint</code> field (see below) is meaningful
494      * only if <code>cA</code> is set to TRUE. In this case, it gives the
495      * maximum number of CA certificates that may follow this certificate in a
496      * certification path. A value of zero indicates that only an end-entity
497      * certificate may follow in the path.
498      * <p>
499      * Note that for RFC 2459 this extension is always marked
500      * critical if <code>cA</code> is TRUE, meaning this certificate belongs
501      * to a Certificate Authority.
502      * <p>
503      * The ASN.1 definition for this is:
504      * <pre>
505      * BasicConstraints ::= SEQUENCE {
506      * cA BOOLEAN DEFAULT FALSE,
507      * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
508      * </pre>
509      *
510      * @return the value of <code>pathLenConstraint</code> if the
511      * BasicConstraints extension is present in the certificate and the
512      * subject of the certificate is a CA, otherwise -1.
513      * If the subject of the certificate is a CA and
514      * <code>pathLenConstraint</code> does not appear,
515      * <code>Integer.MAX_VALUE</code> is returned to indicate that there is no
516      * limit to the allowed length of the certification path.
517      */
518     public abstract int getBasicConstraints();
519
520     /**
521      * Gets an immutable collection of subject alternative names from the
522      * <code>SubjectAltName</code> extension, (OID = 2.5.29.17).
523      * <p>
524      * The ASN.1 definition of the <code>SubjectAltName</code> extension is:
525      * <pre>
526      * SubjectAltName ::= GeneralNames
527      *
528      * GeneralNames :: = SEQUENCE SIZE (1..MAX) OF GeneralName
529      *
530      * GeneralName ::= CHOICE {
531      * otherName [0] OtherName,
532      * rfc822Name [1] IA5String,
533      * dNSName [2] IA5String,
534      * x400Address [3] ORAddress,
535      * directoryName [4] Name,
536      * ediPartyName [5] EDIPartyName,
537      * uniformResourceIdentifier [6] IA5String,
538      * iPAddress [7] OCTET STRING,
539      * registeredID [8] OBJECT IDENTIFIER}
540      * </pre>
541      * <p>
542      * If this certificate does not contain a <code>SubjectAltName</code>
543      * extension, <code>null</code> is returned. Otherwise, a
544      * <code>Collection</code> is returned with an entry representing each
545      * <code>GeneralName</code> included in the extension. Each entry is a
546      * <code>List</code> whose first entry is an <code>Integer</code>
547      * (the name type, 0-8) and whose second entry is a <code>String</code>
548      * or a byte array (the name, in string or ASN.1 DER encoded form,
549      * respectively).
550      * <p>
551      * RFC 822, DNS, and URI names are returned as <code>String</code>s,
552      * using the well-established string formats for those types (subject to
553      * the restrictions included in RFC 2459). IPv4 address names are
554      * returned using dotted quad notation. IPv6 address names are returned
555      * in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values
556      * representing the eight 16-bit pieces of the address. OID names are
557      * returned as <code>String</code>s represented as a series of nonnegative
558      * integers separated by periods. And directory names (distinguished names)
559      * are returned in RFC 2253 string format. No standard string format is
560      * defined for otherNames, X.400 names, EDI party names, or any
561      * other type of names. They are returned as byte arrays
562      * containing the ASN.1 DER encoded form of the name.
563      * <p>
564      * Note that the <code>Collection</code> returned may contain more
565      * than one name of the same type. Also, note that the returned
566      * <code>Collection</code> is immutable and any entries containing byte
567      * arrays are cloned to protect against subsequent modifications.
568      * <p>
569      * This method was added to version 1.4 of the Java 2 Platform Standard
570      * Edition. In order to maintain backwards compatibility with existing
571      * service providers, this method is not <code>abstract</code>
572      * and it provides a default implementation. Subclasses
573      * should override this method with a correct implementation.
574      *
575      * @return an immutable <code>Collection</code> of subject alternative
576      * names (or <code>null</code>)
577      * @throws CertificateParsingException if the extension cannot be decoded
578      * @since 1.4
579      */
580     public Collection JavaDoc<List JavaDoc<?>> getSubjectAlternativeNames()
581     throws CertificateParsingException JavaDoc {
582     return X509CertImpl.getSubjectAlternativeNames(this);
583     }
584
585     /**
586      * Gets an immutable collection of issuer alternative names from the
587      * <code>IssuerAltName</code> extension, (OID = 2.5.29.18).
588      * <p>
589      * The ASN.1 definition of the <code>IssuerAltName</code> extension is:
590      * <pre>
591      * IssuerAltName ::= GeneralNames
592      * </pre>
593      * The ASN.1 definition of <code>GeneralNames</code> is defined
594      * in {@link #getSubjectAlternativeNames getSubjectAlternativeNames}.
595      * <p>
596      * If this certificate does not contain an <code>IssuerAltName</code>
597      * extension, <code>null</code> is returned. Otherwise, a
598      * <code>Collection</code> is returned with an entry representing each
599      * <code>GeneralName</code> included in the extension. Each entry is a
600      * <code>List</code> whose first entry is an <code>Integer</code>
601      * (the name type, 0-8) and whose second entry is a <code>String</code>
602      * or a byte array (the name, in string or ASN.1 DER encoded form,
603      * respectively). For more details about the formats used for each
604      * name type, see the <code>getSubjectAlternativeNames</code> method.
605      * <p>
606      * Note that the <code>Collection</code> returned may contain more
607      * than one name of the same type. Also, note that the returned
608      * <code>Collection</code> is immutable and any entries containing byte
609      * arrays are cloned to protect against subsequent modifications.
610      * <p>
611      * This method was added to version 1.4 of the Java 2 Platform Standard
612      * Edition. In order to maintain backwards compatibility with existing
613      * service providers, this method is not <code>abstract</code>
614      * and it provides a default implementation. Subclasses
615      * should override this method with a correct implementation.
616      *
617      * @return an immutable <code>Collection</code> of issuer alternative
618      * names (or <code>null</code>)
619      * @throws CertificateParsingException if the extension cannot be decoded
620      * @since 1.4
621      */
622     public Collection JavaDoc<List JavaDoc<?>> getIssuerAlternativeNames()
623     throws CertificateParsingException JavaDoc {
624     return X509CertImpl.getIssuerAlternativeNames(this);
625     }
626 }
627
Popular Tags