1. /*
  2. * @(#)X509Certificate.java 1.35 03/01/23
  3. *
  4. * Copyright 2003 Sun Microsystems, Inc. All rights reserved.
  5. * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
  6. */
  7. package java.security.cert;
  8. import java.math.BigInteger;
  9. import java.security.Principal;
  10. import java.security.PublicKey;
  11. import java.util.Collection;
  12. import java.util.Date;
  13. import java.util.List;
  14. import javax.security.auth.x500.X500Principal;
  15. import sun.security.x509.X509CertImpl;
  16. /**
  17. * <p>
  18. * Abstract class for X.509 certificates. This provides a standard
  19. * way to access all the attributes of an X.509 certificate.
  20. * <p>
  21. * In June of 1996, the basic X.509 v3 format was completed by
  22. * ISO/IEC and ANSI X9, which is described below in ASN.1:
  23. * <pre>
  24. * Certificate ::= SEQUENCE {
  25. * tbsCertificate TBSCertificate,
  26. * signatureAlgorithm AlgorithmIdentifier,
  27. * signature BIT STRING }
  28. * </pre>
  29. * <p>
  30. * These certificates are widely used to support authentication and
  31. * other functionality in Internet security systems. Common applications
  32. * include Privacy Enhanced Mail (PEM), Transport Layer Security (SSL),
  33. * code signing for trusted software distribution, and Secure Electronic
  34. * Transactions (SET).
  35. * <p>
  36. * These certificates are managed and vouched for by <em>Certificate
  37. * Authorities</em> (CAs). CAs are services which create certificates by
  38. * placing data in the X.509 standard format and then digitally signing
  39. * that data. CAs act as trusted third parties, making introductions
  40. * between principals who have no direct knowledge of each other.
  41. * CA certificates are either signed by themselves, or by some other
  42. * CA such as a "root" CA.
  43. * <p>
  44. * More information can be found in RFC 2459,
  45. * "Internet X.509 Public Key Infrastructure Certificate and CRL
  46. * Profile" at <A HREF="http://www.ietf.org/rfc/rfc2459.txt">
  47. * http://www.ietf.org/rfc/rfc2459.txt </A>.
  48. * <p>
  49. * The ASN.1 definition of <code>tbsCertificate</code> is:
  50. * <pre>
  51. * TBSCertificate ::= SEQUENCE {
  52. * version [0] EXPLICIT Version DEFAULT v1,
  53. * serialNumber CertificateSerialNumber,
  54. * signature AlgorithmIdentifier,
  55. * issuer Name,
  56. * validity Validity,
  57. * subject Name,
  58. * subjectPublicKeyInfo SubjectPublicKeyInfo,
  59. * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
  60. * -- If present, version must be v2 or v3
  61. * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
  62. * -- If present, version must be v2 or v3
  63. * extensions [3] EXPLICIT Extensions OPTIONAL
  64. * -- If present, version must be v3
  65. * }
  66. * </pre>
  67. * <p>
  68. * Certificates are instantiated using a certificate factory. The following is
  69. * an example of how to instantiate an X.509 certificate:
  70. * <pre>
  71. * InputStream inStream = new FileInputStream("fileName-of-cert");
  72. * CertificateFactory cf = CertificateFactory.getInstance("X.509");
  73. * X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
  74. * inStream.close();
  75. * </pre>
  76. *
  77. * @author Hemma Prafullchandra
  78. *
  79. * @version 1.35
  80. *
  81. * @see Certificate
  82. * @see CertificateFactory
  83. * @see X509Extension
  84. */
  85. public abstract class X509Certificate extends Certificate
  86. implements X509Extension {
  87. private transient X500Principal subjectX500Principal, issuerX500Principal;
  88. /**
  89. * Constructor for X.509 certificates.
  90. */
  91. protected X509Certificate() {
  92. super("X.509");
  93. }
  94. /**
  95. * Checks that the certificate is currently valid. It is if
  96. * the current date and time are within the validity period given in the
  97. * certificate.
  98. * <p>
  99. * The validity period consists of two date/time values:
  100. * the first and last dates (and times) on which the certificate
  101. * is valid. It is defined in
  102. * ASN.1 as:
  103. * <pre>
  104. * validity Validity<p>
  105. * Validity ::= SEQUENCE {
  106. * notBefore CertificateValidityDate,
  107. * notAfter CertificateValidityDate }<p>
  108. * CertificateValidityDate ::= CHOICE {
  109. * utcTime UTCTime,
  110. * generalTime GeneralizedTime }
  111. * </pre>
  112. *
  113. * @exception CertificateExpiredException if the certificate has expired.
  114. * @exception CertificateNotYetValidException if the certificate is not
  115. * yet valid.
  116. */
  117. public abstract void checkValidity()
  118. throws CertificateExpiredException, CertificateNotYetValidException;
  119. /**
  120. * Checks that the given date is within the certificate's
  121. * validity period. In other words, this determines whether the
  122. * certificate would be valid at the given date/time.
  123. *
  124. * @param date the Date to check against to see if this certificate
  125. * is valid at that date/time.
  126. *
  127. * @exception CertificateExpiredException if the certificate has expired
  128. * with respect to the <code>date</code> supplied.
  129. * @exception CertificateNotYetValidException if the certificate is not
  130. * yet valid with respect to the <code>date</code> supplied.
  131. *
  132. * @see #checkValidity()
  133. */
  134. public abstract void checkValidity(Date date)
  135. throws CertificateExpiredException, CertificateNotYetValidException;
  136. /**
  137. * Gets the <code>version</code> (version number) value from the
  138. * certificate.
  139. * The ASN.1 definition for this is:
  140. * <pre>
  141. * version [0] EXPLICIT Version DEFAULT v1<p>
  142. * Version ::= INTEGER { v1(0), v2(1), v3(2) }
  143. * </pre>
  144. * @return the version number, i.e. 1, 2 or 3.
  145. */
  146. public abstract int getVersion();
  147. /**
  148. * Gets the <code>serialNumber</code> value from the certificate.
  149. * The serial number is an integer assigned by the certification
  150. * authority to each certificate. It must be unique for each
  151. * certificate issued by a given CA (i.e., the issuer name and
  152. * serial number identify a unique certificate).
  153. * The ASN.1 definition for this is:
  154. * <pre>
  155. * serialNumber CertificateSerialNumber<p>
  156. *
  157. * CertificateSerialNumber ::= INTEGER
  158. * </pre>
  159. *
  160. * @return the serial number.
  161. */
  162. public abstract BigInteger getSerialNumber();
  163. /**
  164. * Gets the <code>issuer</code> (issuer distinguished name) value from
  165. * the certificate. The issuer name identifies the entity that signed (and
  166. * issued) the certificate.
  167. *
  168. * <p>The issuer name field contains an
  169. * X.500 distinguished name (DN).
  170. * The ASN.1 definition for this is:
  171. * <pre>
  172. * issuer Name<p>
  173. *
  174. * Name ::= CHOICE { RDNSequence }
  175. * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
  176. * RelativeDistinguishedName ::=
  177. * SET OF AttributeValueAssertion
  178. *
  179. * AttributeValueAssertion ::= SEQUENCE {
  180. * AttributeType,
  181. * AttributeValue }
  182. * AttributeType ::= OBJECT IDENTIFIER
  183. * AttributeValue ::= ANY
  184. * </pre>
  185. * The <code>Name</code> describes a hierarchical name composed of
  186. * attributes,
  187. * such as country name, and corresponding values, such as US.
  188. * The type of the <code>AttributeValue</code> component is determined by
  189. * the <code>AttributeType</code> in general it will be a
  190. * <code>directoryString</code>. A <code>directoryString</code> is usually
  191. * one of <code>PrintableString</code>,
  192. * <code>TeletexString</code> or <code>UniversalString</code>.
  193. *
  194. * @return a Principal whose name is the issuer distinguished name.
  195. */
  196. public abstract Principal getIssuerDN();
  197. /**
  198. * Returns the issuer (issuer distinguished name) value from the
  199. * certificate as an <code>X500Principal</code>.
  200. * <p>
  201. * It is recommended that subclasses override this method to provide
  202. * an efficient implementation.
  203. *
  204. * @return an <code>X500Principal</code> representing the issuer
  205. * distinguished name
  206. * @since 1.4
  207. */
  208. public X500Principal getIssuerX500Principal() {
  209. if (issuerX500Principal == null) {
  210. issuerX500Principal = X509CertImpl.getIssuerX500Principal(this);
  211. }
  212. return issuerX500Principal;
  213. }
  214. /**
  215. * Gets the <code>subject</code> (subject distinguished name) value
  216. * from the certificate. If the <code>subject</code> value is empty,
  217. * then the <code>getName()</code> method of the returned
  218. * <code>Principal</code> object returns an empty string ("").
  219. *
  220. * <p> The ASN.1 definition for this is:
  221. * <pre>
  222. * subject Name
  223. * </pre>
  224. *
  225. * <p>See {@link #getIssuerDN() getIssuerDN} for <code>Name</code>
  226. * and other relevant definitions.
  227. *
  228. * @return a Principal whose name is the subject name.
  229. */
  230. public abstract Principal getSubjectDN();
  231. /**
  232. * Returns the subject (subject distinguished name) value from the
  233. * certificate as an <code>X500Principal</code>. If the subject value
  234. * is empty, then the <code>getName()</code> method of the returned
  235. * <code>X500Principal</code> object returns an empty string ("").
  236. * <p>
  237. * It is recommended that subclasses override this method to provide
  238. * an efficient implementation.
  239. *
  240. * @return an <code>X500Principal</code> representing the subject
  241. * distinguished name
  242. * @since 1.4
  243. */
  244. public X500Principal getSubjectX500Principal() {
  245. if (subjectX500Principal == null) {
  246. subjectX500Principal = X509CertImpl.getSubjectX500Principal(this);
  247. }
  248. return subjectX500Principal;
  249. }
  250. /**
  251. * Gets the <code>notBefore</code> date from the validity period of
  252. * the certificate.
  253. * The relevant ASN.1 definitions are:
  254. * <pre>
  255. * validity Validity<p>
  256. *
  257. * Validity ::= SEQUENCE {
  258. * notBefore CertificateValidityDate,
  259. * notAfter CertificateValidityDate }<p>
  260. * CertificateValidityDate ::= CHOICE {
  261. * utcTime UTCTime,
  262. * generalTime GeneralizedTime }
  263. * </pre>
  264. *
  265. * @return the start date of the validity period.
  266. * @see #checkValidity
  267. */
  268. public abstract Date getNotBefore();
  269. /**
  270. * Gets the <code>notAfter</code> date from the validity period of
  271. * the certificate. See {@link #getNotBefore() getNotBefore}
  272. * for relevant ASN.1 definitions.
  273. *
  274. * @return the end date of the validity period.
  275. * @see #checkValidity
  276. */
  277. public abstract Date getNotAfter();
  278. /**
  279. * Gets the DER-encoded certificate information, the
  280. * <code>tbsCertificate</code> from this certificate.
  281. * This can be used to verify the signature independently.
  282. *
  283. * @return the DER-encoded certificate information.
  284. * @exception CertificateEncodingException if an encoding error occurs.
  285. */
  286. public abstract byte[] getTBSCertificate()
  287. throws CertificateEncodingException;
  288. /**
  289. * Gets the <code>signature</code> value (the raw signature bits) from
  290. * the certificate.
  291. * The ASN.1 definition for this is:
  292. * <pre>
  293. * signature BIT STRING
  294. * </pre>
  295. *
  296. * @return the signature.
  297. */
  298. public abstract byte[] getSignature();
  299. /**
  300. * Gets the signature algorithm name for the certificate
  301. * signature algorithm. An example is the string "SHA-1/DSA".
  302. * The ASN.1 definition for this is:
  303. * <pre>
  304. * signatureAlgorithm AlgorithmIdentifier<p>
  305. * AlgorithmIdentifier ::= SEQUENCE {
  306. * algorithm OBJECT IDENTIFIER,
  307. * parameters ANY DEFINED BY algorithm OPTIONAL }
  308. * -- contains a value of the type
  309. * -- registered for use with the
  310. * -- algorithm object identifier value
  311. * </pre>
  312. *
  313. * <p>The algorithm name is determined from the <code>algorithm</code>
  314. * OID string.
  315. *
  316. * @return the signature algorithm name.
  317. */
  318. public abstract String getSigAlgName();
  319. /**
  320. * Gets the signature algorithm OID string from the certificate.
  321. * An OID is represented by a set of nonnegative whole numbers separated
  322. * by periods.
  323. * For example, the string "1.2.840.10040.4.3" identifies the SHA-1
  324. * with DSA signature algorithm, as per RFC 2459.
  325. *
  326. * <p>See {@link #getSigAlgName() getSigAlgName} for
  327. * relevant ASN.1 definitions.
  328. *
  329. * @return the signature algorithm OID string.
  330. */
  331. public abstract String getSigAlgOID();
  332. /**
  333. * Gets the DER-encoded signature algorithm parameters from this
  334. * certificate's signature algorithm. In most cases, the signature
  335. * algorithm parameters are null; the parameters are usually
  336. * supplied with the certificate's public key.
  337. * If access to individual parameter values is needed then use
  338. * {@link java.security.AlgorithmParameters AlgorithmParameters}
  339. * and instantiate with the name returned by
  340. * {@link #getSigAlgName() getSigAlgName}.
  341. *
  342. * <p>See {@link #getSigAlgName() getSigAlgName} for
  343. * relevant ASN.1 definitions.
  344. *
  345. * @return the DER-encoded signature algorithm parameters, or
  346. * null if no parameters are present.
  347. */
  348. public abstract byte[] getSigAlgParams();
  349. /**
  350. * Gets the <code>issuerUniqueID</code> value from the certificate.
  351. * The issuer unique identifier is present in the certificate
  352. * to handle the possibility of reuse of issuer names over time.
  353. * RFC 2459 recommends that names not be reused and that
  354. * conforming certificates not make use of unique identifiers.
  355. * Applications conforming to that profile should be capable of
  356. * parsing unique identifiers and making comparisons.
  357. *
  358. * <p>The ASN.1 definition for this is:
  359. * <pre>
  360. * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL<p>
  361. * UniqueIdentifier ::= BIT STRING
  362. * </pre>
  363. *
  364. * @return the issuer unique identifier or null if it is not
  365. * present in the certificate.
  366. */
  367. public abstract boolean[] getIssuerUniqueID();
  368. /**
  369. * Gets the <code>subjectUniqueID</code> value from the certificate.
  370. *
  371. * <p>The ASN.1 definition for this is:
  372. * <pre>
  373. * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL<p>
  374. * UniqueIdentifier ::= BIT STRING
  375. * </pre>
  376. *
  377. * @return the subject unique identifier or null if it is not
  378. * present in the certificate.
  379. */
  380. public abstract boolean[] getSubjectUniqueID();
  381. /**
  382. * Gets a boolean array representing bits of
  383. * the <code>KeyUsage</code> extension, (OID = 2.5.29.15).
  384. * The key usage extension defines the purpose (e.g., encipherment,
  385. * signature, certificate signing) of the key contained in the
  386. * certificate.
  387. * The ASN.1 definition for this is:
  388. * <pre>
  389. * KeyUsage ::= BIT STRING {
  390. * digitalSignature (0),
  391. * nonRepudiation (1),
  392. * keyEncipherment (2),
  393. * dataEncipherment (3),
  394. * keyAgreement (4),
  395. * keyCertSign (5),
  396. * cRLSign (6),
  397. * encipherOnly (7),
  398. * decipherOnly (8) }
  399. * </pre>
  400. * RFC 2459 recommends that when used, this be marked
  401. * as a critical extension.
  402. *
  403. * @return the KeyUsage extension of this certificate, represented as
  404. * an array of booleans. The order of KeyUsage values in the array is
  405. * the same as in the above ASN.1 definition. The array will contain a
  406. * value for each KeyUsage defined above. If the KeyUsage list encoded
  407. * in the certificate is longer than the above list, it will not be
  408. * truncated. Returns null if this certificate does not
  409. * contain a KeyUsage extension.
  410. */
  411. public abstract boolean[] getKeyUsage();
  412. /**
  413. * Gets an unmodifiable list of Strings representing the OBJECT
  414. * IDENTIFIERs of the <code>ExtKeyUsageSyntax</code> field of the
  415. * extended key usage extension, (OID = 2.5.29.37). It indicates
  416. * one or more purposes for which the certified public key may be
  417. * used, in addition to or in place of the basic purposes
  418. * indicated in the key usage extension field. The ASN.1
  419. * definition for this is:
  420. * <pre>
  421. * ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId<p>
  422. *
  423. * KeyPurposeId ::= OBJECT IDENTIFIER<p>
  424. * </pre>
  425. *
  426. * Key purposes may be defined by any organization with a
  427. * need. Object identifiers used to identify key purposes shall be
  428. * assigned in accordance with IANA or ITU-T Rec. X.660 |
  429. * ISO/IEC/ITU 9834-1.
  430. * <p>
  431. * This method was added to version 1.4 of the Java 2 Platform Standard
  432. * Edition. In order to maintain backwards compatibility with existing
  433. * service providers, this method is not <code>abstract</code>
  434. * and it provides a default implementation. Subclasses
  435. * should override this method with a correct implementation.
  436. *
  437. * @return the ExtendedKeyUsage extension of this certificate,
  438. * as an unmodifiable list of object identifiers represented
  439. * as Strings. Returns null if this certificate does not
  440. * contain an ExtendedKeyUsage extension.
  441. * @throws CertificateParsingException if the extension cannot be decoded
  442. * @since 1.4
  443. */
  444. public List getExtendedKeyUsage() throws CertificateParsingException {
  445. return X509CertImpl.getExtendedKeyUsage(this);
  446. }
  447. /**
  448. * Gets the certificate constraints path length from the
  449. * critical <code>BasicConstraints</code> extension, (OID = 2.5.29.19).
  450. * <p>
  451. * The basic constraints extension identifies whether the subject
  452. * of the certificate is a Certificate Authority (CA) and
  453. * how deep a certification path may exist through that CA. The
  454. * <code>pathLenConstraint</code> field (see below) is meaningful
  455. * only if <code>cA</code> is set to TRUE. In this case, it gives the
  456. * maximum number of CA certificates that may follow this certificate in a
  457. * certification path. A value of zero indicates that only an end-entity
  458. * certificate may follow in the path.
  459. * <p>
  460. * Note that for RFC 2459 this extension is always marked
  461. * critical if <code>cA</code> is TRUE, meaning this certificate belongs
  462. * to a Certificate Authority.
  463. * <p>
  464. * The ASN.1 definition for this is:
  465. * <pre>
  466. * BasicConstraints ::= SEQUENCE {
  467. * cA BOOLEAN DEFAULT FALSE,
  468. * pathLenConstraint INTEGER (0..MAX) OPTIONAL }
  469. * </pre>
  470. *
  471. * @return the value of <code>pathLenConstraint</code> if the
  472. * BasicConstraints extension is present in the certificate and the
  473. * subject of the certificate is a CA, otherwise -1.
  474. * If the subject of the certificate is a CA and
  475. * <code>pathLenConstraint</code> does not appear,
  476. * <code>Integer.MAX_VALUE</code> is returned to indicate that there is no
  477. * limit to the allowed length of the certification path.
  478. */
  479. public abstract int getBasicConstraints();
  480. /**
  481. * Gets an immutable collection of subject alternative names from the
  482. * <code>SubjectAltName</code> extension, (OID = 2.5.29.17).
  483. * <p>
  484. * The ASN.1 definition of the <code>SubjectAltName</code> extension is:
  485. * <pre>
  486. * SubjectAltName ::= GeneralNames
  487. *
  488. * GeneralNames :: = SEQUENCE SIZE (1..MAX) OF GeneralName
  489. *
  490. * GeneralName ::= CHOICE {
  491. * otherName [0] OtherName,
  492. * rfc822Name [1] IA5String,
  493. * dNSName [2] IA5String,
  494. * x400Address [3] ORAddress,
  495. * directoryName [4] Name,
  496. * ediPartyName [5] EDIPartyName,
  497. * uniformResourceIdentifier [6] IA5String,
  498. * iPAddress [7] OCTET STRING,
  499. * registeredID [8] OBJECT IDENTIFIER}
  500. * </pre>
  501. * <p>
  502. * If this certificate does not contain a <code>SubjectAltName</code>
  503. * extension, <code>null</code> is returned. Otherwise, a
  504. * <code>Collection</code> is returned with an entry representing each
  505. * <code>GeneralName</code> included in the extension. Each entry is a
  506. * <code>List</code> whose first entry is an <code>Integer</code>
  507. * (the name type, 0-8) and whose second entry is a <code>String</code>
  508. * or a byte array (the name, in string or ASN.1 DER encoded form,
  509. * respectively).
  510. * <p>
  511. * RFC 822, DNS, and URI names are returned as <code>String</code>s,
  512. * using the well-established string formats for those types (subject to
  513. * the restrictions included in RFC 2459). IPv4 address names are
  514. * returned using dotted quad notation. IPv6 address names are returned
  515. * in the form "a1:a2:...:a8", where a1-a8 are hexadecimal values
  516. * representing the eight 16-bit pieces of the address. OID names are
  517. * returned as <code>String</code>s represented as a series of nonnegative
  518. * integers separated by periods. And directory names (distinguished names)
  519. * are returned in RFC 2253 string format. No standard string format is
  520. * defined for otherNames, X.400 names, EDI party names, or any
  521. * other type of names. They are returned as byte arrays
  522. * containing the ASN.1 DER encoded form of the name.
  523. * <p>
  524. * Note that the <code>Collection</code> returned may contain more
  525. * than one name of the same type. Also, note that the returned
  526. * <code>Collection</code> is immutable and any entries containing byte
  527. * arrays are cloned to protect against subsequent modifications.
  528. * <p>
  529. * This method was added to version 1.4 of the Java 2 Platform Standard
  530. * Edition. In order to maintain backwards compatibility with existing
  531. * service providers, this method is not <code>abstract</code>
  532. * and it provides a default implementation. Subclasses
  533. * should override this method with a correct implementation.
  534. *
  535. * @return an immutable <code>Collection</code> of subject alternative
  536. * names (or <code>null</code>)
  537. * @throws CertificateParsingException if the extension cannot be decoded
  538. * @since 1.4
  539. */
  540. public Collection getSubjectAlternativeNames()
  541. throws CertificateParsingException {
  542. return X509CertImpl.getSubjectAlternativeNames(this);
  543. }
  544. /**
  545. * Gets an immutable collection of issuer alternative names from the
  546. * <code>IssuerAltName</code> extension, (OID = 2.5.29.18).
  547. * <p>
  548. * The ASN.1 definition of the <code>IssuerAltName</code> extension is:
  549. * <pre>
  550. * IssuerAltName ::= GeneralNames
  551. * </pre>
  552. * The ASN.1 definition of <code>GeneralNames</code> is defined
  553. * in {@link #getSubjectAlternativeNames getSubjectAlternativeNames}.
  554. * <p>
  555. * If this certificate does not contain an <code>IssuerAltName</code>
  556. * extension, <code>null</code> is returned. Otherwise, a
  557. * <code>Collection</code> is returned with an entry representing each
  558. * <code>GeneralName</code> included in the extension. Each entry is a
  559. * <code>List</code> whose first entry is an <code>Integer</code>
  560. * (the name type, 0-8) and whose second entry is a <code>String</code>
  561. * or a byte array (the name, in string or ASN.1 DER encoded form,
  562. * respectively). For more details about the formats used for each
  563. * name type, see the <code>getSubjectAlternativeNames</code> method.
  564. * <p>
  565. * Note that the <code>Collection</code> returned may contain more
  566. * than one name of the same type. Also, note that the returned
  567. * <code>Collection</code> is immutable and any entries containing byte
  568. * arrays are cloned to protect against subsequent modifications.
  569. * <p>
  570. * This method was added to version 1.4 of the Java 2 Platform Standard
  571. * Edition. In order to maintain backwards compatibility with existing
  572. * service providers, this method is not <code>abstract</code>
  573. * and it provides a default implementation. Subclasses
  574. * should override this method with a correct implementation.
  575. *
  576. * @return an immutable <code>Collection</code> of issuer alternative
  577. * names (or <code>null</code>)
  578. * @throws CertificateParsingException if the extension cannot be decoded
  579. * @since 1.4
  580. */
  581. public Collection getIssuerAlternativeNames()
  582. throws CertificateParsingException {
  583. return X509CertImpl.getIssuerAlternativeNames(this);
  584. }
  585. }