Class: X509Certificate

_The X509 Certificate Object represents the properties of an X.509 certificate. _

 classDiagram
    class X509Certificate
    click X509Certificate href "../X509Certificate/"
      CyberObservableObject <|-- X509Certificate
        click CyberObservableObject href "../CyberObservableObject/"

      X509Certificate : defanged

      X509Certificate : description

      X509Certificate : extensions

      X509Certificate : granular_markings





        X509Certificate --> "*" GranularMarking : granular_markings
        click GranularMarking href "../GranularMarking/"



      X509Certificate : hashes





        X509Certificate --> "0..1" HashesType : hashes
        click HashesType href "../HashesType/"



      X509Certificate : id

      X509Certificate : is_self_signed

      X509Certificate : issuer

      X509Certificate : name

      X509Certificate : object_marking_refs

      X509Certificate : serial_number

      X509Certificate : signature_algorithm

      X509Certificate : spec_version





        X509Certificate --> "0..1" SpecVersionEnum : spec_version
        click SpecVersionEnum href "../SpecVersionEnum/"



      X509Certificate : subject

      X509Certificate : subject_public_key_algorithm

      X509Certificate : subject_public_key_exponent

      X509Certificate : subject_public_key_modulus

      X509Certificate : type

      X509Certificate : validity_not_after

      X509Certificate : validity_not_before

      X509Certificate : version

      X509Certificate : x509_v3_extensions





        X509Certificate --> "0..1" X509V3ExtensionsType : x509_v3_extensions
        click X509V3ExtensionsType href "../X509V3ExtensionsType/"

Inheritance

StixEntity
- CommonSchemaComponent
  - CyberObservableCore
    - CyberObservableObject
      - X509Certificate

Slots

Name	Cardinality and Range	Description	Inheritance
is_self_signed	0..1 Boolean	Specifies whether the certificate is self-signed	direct
hashes	0..1 HashesType	Specifies a dictionary of hashes for the file or content	direct
version	0..1 String	Version string	direct
serial_number	0..1 String	X509 serial number	direct
signature_algorithm	0..1 String	X509 signature algorithm	direct
issuer	0..1 String	Certificate issuer	direct
validity_not_before	0..1 Datetime	Certificate validity start	direct
validity_not_after	0..1 Datetime	Certificate validity end	direct
subject	0..1 String	Subject value	direct
subject_public_key_algorithm	0..1 String	Subject public key algorithm	direct
subject_public_key_modulus	0..1 String	Subject public key modulus	direct
subject_public_key_exponent	0..1 Integer	Subject public key exponent	direct
x509_v3_extensions	0..1 X509V3ExtensionsType	X509 v3 extensions payload	direct
type	1 StixTypeName	STIX object type	StixEntity, CyberObservableCore
spec_version	0..1 SpecVersionEnum	STIX specification version	CyberObservableCore
id	1 StixIdentifier	STIX object identifier	StixEntity, CyberObservableCore
object_marking_refs	* StixIdentifier	Marking definition references applied to this object	CyberObservableCore
granular_markings	* GranularMarking	Granular markings that apply to selected content	CyberObservableCore
defanged	0..1 Boolean	Defines whether or not the data contained within the object has been defanged	CyberObservableCore
extensions	* String	Open-ended extension payloads	CyberObservableCore
name	0..1 String	Human-readable name	StixEntity
description	0..1 String	Human-readable description	StixEntity

In Subsets

Observables

Comments

jsonschema_rule: anyOf validator_hint: x509-at-least-one-detail-field jsonschema_source: https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/x509-certificate.json

Notes

JSON Schema defines anyOf requiring at least one certificate detail field.

Identifier and Mapping Information

Schema Source

from schema: https://w3id.org/lmodel/attack

Mappings

Mapping Type	Mapped Value
self	attack:X509Certificate
native	attack:X509Certificate
exact	unified_cyber_ontology:X509Certificate

LinkML Source

Direct

name: X509Certificate
description: 'The X509 Certificate Object represents the properties of an X.509 certificate. '
notes:
- JSON Schema defines anyOf requiring at least one certificate detail field.
comments:
- 'jsonschema_rule: anyOf validator_hint: x509-at-least-one-detail-field jsonschema_source:
  https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/x509-certificate.json'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
exact_mappings:
- unified_cyber_ontology:X509Certificate
is_a: CyberObservableObject
slots:
- is_self_signed
- hashes
- version
- serial_number
- signature_algorithm
- issuer
- validity_not_before
- validity_not_after
- subject
- subject_public_key_algorithm
- subject_public_key_modulus
- subject_public_key_exponent
- x509_v3_extensions
slot_usage:
  id:
    name: id
    pattern: ^x509-certificate--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
  type:
    name: type
    pattern: ^x509-certificate$

Induced

name: X509Certificate
description: 'The X509 Certificate Object represents the properties of an X.509 certificate. '
notes:
- JSON Schema defines anyOf requiring at least one certificate detail field.
comments:
- 'jsonschema_rule: anyOf validator_hint: x509-at-least-one-detail-field jsonschema_source:
  https://github.com/oasis-open/cti-stix2-json-schemas/tree/master/schemas/observables/x509-certificate.json'
in_subset:
- observables
from_schema: https://w3id.org/lmodel/attack
exact_mappings:
- unified_cyber_ontology:X509Certificate
is_a: CyberObservableObject
slot_usage:
  id:
    name: id
    pattern: ^x509-certificate--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
  type:
    name: type
    pattern: ^x509-certificate$
attributes:
  is_self_signed:
    name: is_self_signed
    description: Specifies whether the certificate is self-signed.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: is_self_signed
    owner: X509Certificate
    domain_of:
    - X509Certificate
    range: boolean
  hashes:
    name: hashes
    description: Specifies a dictionary of hashes for the file or content.
    from_schema: https://w3id.org/lmodel/attack
    exact_mappings:
    - unified_cyber_ontology:hashes
    rank: 1000
    alias: hashes
    owner: X509Certificate
    domain_of:
    - ExternalReference
    - Artifact
    - File
    - X509Certificate
    range: HashesType
  version:
    name: version
    description: Version string.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: version
    owner: X509Certificate
    domain_of:
    - ExtensionDefinition
    - Software
    - PdfExt
    - X509Certificate
    - MalwareAnalysis
    range: string
  serial_number:
    name: serial_number
    description: X509 serial number.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: serial_number
    owner: X509Certificate
    domain_of:
    - X509Certificate
    range: string
  signature_algorithm:
    name: signature_algorithm
    description: X509 signature algorithm.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: signature_algorithm
    owner: X509Certificate
    domain_of:
    - X509Certificate
    range: string
  issuer:
    name: issuer
    description: Certificate issuer.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: issuer
    owner: X509Certificate
    domain_of:
    - X509Certificate
    range: string
  validity_not_before:
    name: validity_not_before
    description: Certificate validity start.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: validity_not_before
    owner: X509Certificate
    domain_of:
    - X509Certificate
    range: datetime
  validity_not_after:
    name: validity_not_after
    description: Certificate validity end.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: validity_not_after
    owner: X509Certificate
    domain_of:
    - X509Certificate
    range: datetime
  subject:
    name: subject
    description: Subject value.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: subject
    owner: X509Certificate
    domain_of:
    - EmailMessage
    - X509Certificate
    range: string
  subject_public_key_algorithm:
    name: subject_public_key_algorithm
    description: Subject public key algorithm.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: subject_public_key_algorithm
    owner: X509Certificate
    domain_of:
    - X509Certificate
    range: string
  subject_public_key_modulus:
    name: subject_public_key_modulus
    description: Subject public key modulus.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: subject_public_key_modulus
    owner: X509Certificate
    domain_of:
    - X509Certificate
    range: string
  subject_public_key_exponent:
    name: subject_public_key_exponent
    description: Subject public key exponent.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: subject_public_key_exponent
    owner: X509Certificate
    domain_of:
    - X509Certificate
    range: integer
  x509_v3_extensions:
    name: x509_v3_extensions
    description: X509 v3 extensions payload.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: x509_v3_extensions
    owner: X509Certificate
    domain_of:
    - X509Certificate
    range: X509V3ExtensionsType
    inlined: true
  type:
    name: type
    description: STIX object type.
    from_schema: https://w3id.org/lmodel/attack
    related_mappings:
    - unified_cyber_ontology:state
    rank: 1000
    alias: type
    owner: X509Certificate
    domain_of:
    - StixEntity
    - Bundle
    - Core
    - CyberObservableCore
    - ExtensionDefinition
    - LanguageContent
    - MarkingDefinition
    - File
    range: stix_type_name
    required: true
    pattern: ^x509-certificate$
  spec_version:
    name: spec_version
    description: STIX specification version.
    from_schema: https://w3id.org/lmodel/attack
    close_mappings:
    - unified_cyber_ontology:specVersion
    rank: 1000
    alias: spec_version
    owner: X509Certificate
    domain_of:
    - Core
    - CyberObservableCore
    - MarkingDefinition
    range: SpecVersionEnum
  id:
    name: id
    description: STIX object identifier.
    from_schema: https://w3id.org/lmodel/attack
    related_mappings:
    - unified_cyber_ontology:externalReference
    rank: 1000
    alias: id
    owner: X509Certificate
    domain_of:
    - StixEntity
    - Bundle
    - Core
    - CyberObservableCore
    - ExtensionDefinition
    - LanguageContent
    - MarkingDefinition
    - File
    range: stix_identifier
    required: true
    pattern: ^x509-certificate--[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1-5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$
  object_marking_refs:
    name: object_marking_refs
    description: Marking definition references applied to this object.
    comments:
    - 'jsonschema_minItems: "1"'
    from_schema: https://w3id.org/lmodel/attack
    close_mappings:
    - unified_cyber_ontology:objectMarking
    rank: 1000
    alias: object_marking_refs
    owner: X509Certificate
    domain_of:
    - Core
    - CyberObservableCore
    - MarkingDefinition
    range: stix_identifier
    multivalued: true
  granular_markings:
    name: granular_markings
    description: Granular markings that apply to selected content.
    comments:
    - 'jsonschema_minItems: "1"'
    from_schema: https://w3id.org/lmodel/attack
    narrow_mappings:
    - unified_cyber_ontology:objectMarking
    rank: 1000
    alias: granular_markings
    owner: X509Certificate
    domain_of:
    - Core
    - CyberObservableCore
    - MarkingDefinition
    range: GranularMarking
    multivalued: true
  defanged:
    name: defanged
    description: Defines whether or not the data contained within the object has been
      defanged.
    from_schema: https://w3id.org/lmodel/attack
    rank: 1000
    alias: defanged
    owner: X509Certificate
    domain_of:
    - CyberObservableCore
    range: boolean
  extensions:
    name: extensions
    description: Open-ended extension payloads.
    notes:
    - JSON Schema uses patternProperties for extension keys; exact key validation
      is delegated to validator tooling.
    comments:
    - 'jsonschema_rule: patternProperties validator_hint: validate-extension-keys-and-values'
    from_schema: https://w3id.org/lmodel/attack
    related_mappings:
    - unified_cyber_ontology:hasFacet
    rank: 1000
    alias: extensions
    owner: X509Certificate
    domain_of:
    - Core
    - CyberObservableCore
    - MarkingDefinition
    - File
    range: string
    multivalued: true
  name:
    name: name
    description: Human-readable name.
    from_schema: https://w3id.org/lmodel/attack
    exact_mappings:
    - unified_cyber_ontology:name
    rank: 1000
    alias: name
    owner: X509Certificate
    domain_of:
    - RelatedAsset
    - StixEntity
    - ExtensionDefinition
    - MarkingDefinition
    - AutonomousSystem
    - File
    range: string
  description:
    name: description
    description: Human-readable description.
    from_schema: https://w3id.org/lmodel/attack
    close_mappings:
    - unified_cyber_ontology:description
    rank: 1000
    alias: description
    owner: X509Certificate
    domain_of:
    - RelatedAsset
    - MutableElement
    - StixEntity
    - ExtensionDefinition
    - ExternalReference
    range: string