/*
* Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.x509;
import java.io.*;
import sun.security.util.*;
Lists all the object identifiers of the X509 extensions of the PKIX profile.
Extensions are addiitonal attributes which can be inserted in a X509
v3 certificate. For example a "Driving License Certificate" could have
the driving license number as a extension.
Extensions are represented as a sequence of the extension identifier
(Object Identifier), a boolean flag stating whether the extension is to
be treated as being critical and the extension value itself (this is again
a DER encoding of the extension value).
Author: Amit Kapoor, Hemma Prafullchandra See Also: - Extension
/**
* Lists all the object identifiers of the X509 extensions of the PKIX profile.
*
* <p>Extensions are addiitonal attributes which can be inserted in a X509
* v3 certificate. For example a "Driving License Certificate" could have
* the driving license number as a extension.
*
* <p>Extensions are represented as a sequence of the extension identifier
* (Object Identifier), a boolean flag stating whether the extension is to
* be treated as being critical and the extension value itself (this is again
* a DER encoding of the extension value).
*
* @see Extension
*
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public class PKIXExtensions {
// The object identifiers
private static final int[] AuthorityKey_data = { 2, 5, 29, 35 };
private static final int[] SubjectKey_data = { 2, 5, 29, 14 };
private static final int[] KeyUsage_data = { 2, 5, 29, 15 };
private static final int[] PrivateKeyUsage_data = { 2, 5, 29, 16 };
private static final int[] CertificatePolicies_data = { 2, 5, 29, 32 };
private static final int[] PolicyMappings_data = { 2, 5, 29, 33 };
private static final int[] SubjectAlternativeName_data = { 2, 5, 29, 17 };
private static final int[] IssuerAlternativeName_data = { 2, 5, 29, 18 };
private static final int[] SubjectDirectoryAttributes_data = { 2, 5, 29, 9 };
private static final int[] BasicConstraints_data = { 2, 5, 29, 19 };
private static final int[] NameConstraints_data = { 2, 5, 29, 30 };
private static final int[] PolicyConstraints_data = { 2, 5, 29, 36 };
private static final int[] CRLDistributionPoints_data = { 2, 5, 29, 31 };
private static final int[] CRLNumber_data = { 2, 5, 29, 20 };
private static final int[] IssuingDistributionPoint_data = { 2, 5, 29, 28 };
private static final int[] DeltaCRLIndicator_data = { 2, 5, 29, 27 };
private static final int[] ReasonCode_data = { 2, 5, 29, 21 };
private static final int[] HoldInstructionCode_data = { 2, 5, 29, 23 };
private static final int[] InvalidityDate_data = { 2, 5, 29, 24 };
private static final int[] ExtendedKeyUsage_data = { 2, 5, 29, 37 };
private static final int[] InhibitAnyPolicy_data = { 2, 5, 29, 54 };
private static final int[] CertificateIssuer_data = { 2, 5, 29, 29 };
private static final int[] AuthInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 1};
private static final int[] SubjectInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 11};
private static final int[] FreshestCRL_data = { 2, 5, 29, 46 };
private static final int[] OCSPNoCheck_data = { 1, 3, 6, 1, 5, 5, 7,
48, 1, 5};
// Additional extensions under the PKIX arc that are not necessarily
// used in X.509 Certificates or CRLs.
private static final int OCSPNonce_data [] = { 1, 3, 6, 1, 5, 5, 7,
48, 1, 2};
Identifies the particular public key used to sign the certificate.
/**
* Identifies the particular public key used to sign the certificate.
*/
public static final ObjectIdentifier AuthorityKey_Id;
Identifies the particular public key used in an application.
/**
* Identifies the particular public key used in an application.
*/
public static final ObjectIdentifier SubjectKey_Id;
Defines the purpose of the key contained in the certificate.
/**
* Defines the purpose of the key contained in the certificate.
*/
public static final ObjectIdentifier KeyUsage_Id;
Allows the certificate issuer to specify a different validity period
for the private key than the certificate.
/**
* Allows the certificate issuer to specify a different validity period
* for the private key than the certificate.
*/
public static final ObjectIdentifier PrivateKeyUsage_Id;
Contains the sequence of policy information terms.
/**
* Contains the sequence of policy information terms.
*/
public static final ObjectIdentifier CertificatePolicies_Id;
Lists pairs of object identifiers of policies considered equivalent by
the issuing CA to the subject CA.
/**
* Lists pairs of object identifiers of policies considered equivalent by
* the issuing CA to the subject CA.
*/
public static final ObjectIdentifier PolicyMappings_Id;
Allows additional identities to be bound to the subject of the
certificate.
/**
* Allows additional identities to be bound to the subject of the
* certificate.
*/
public static final ObjectIdentifier SubjectAlternativeName_Id;
Allows additional identities to be associated with the certificate
issuer.
/**
* Allows additional identities to be associated with the certificate
* issuer.
*/
public static final ObjectIdentifier IssuerAlternativeName_Id;
Identifies additional directory attributes.
This extension is always non-critical.
/**
* Identifies additional directory attributes.
* This extension is always non-critical.
*/
public static final ObjectIdentifier SubjectDirectoryAttributes_Id;
Identifies whether the subject of the certificate is a CA and how deep
a certification path may exist through that CA.
/**
* Identifies whether the subject of the certificate is a CA and how deep
* a certification path may exist through that CA.
*/
public static final ObjectIdentifier BasicConstraints_Id;
Provides for permitted and excluded subtrees that place restrictions
on names that may be included within a certificate issued by a given CA.
/**
* Provides for permitted and excluded subtrees that place restrictions
* on names that may be included within a certificate issued by a given CA.
*/
public static final ObjectIdentifier NameConstraints_Id;
Used to either prohibit policy mapping or limit the set of policies
that can be in subsequent certificates.
/**
* Used to either prohibit policy mapping or limit the set of policies
* that can be in subsequent certificates.
*/
public static final ObjectIdentifier PolicyConstraints_Id;
Identifies how CRL information is obtained.
/**
* Identifies how CRL information is obtained.
*/
public static final ObjectIdentifier CRLDistributionPoints_Id;
Conveys a monotonically increasing sequence number for each CRL
issued by a given CA.
/**
* Conveys a monotonically increasing sequence number for each CRL
* issued by a given CA.
*/
public static final ObjectIdentifier CRLNumber_Id;
Identifies the CRL distribution point for a particular CRL.
/**
* Identifies the CRL distribution point for a particular CRL.
*/
public static final ObjectIdentifier IssuingDistributionPoint_Id;
Identifies the delta CRL.
/**
* Identifies the delta CRL.
*/
public static final ObjectIdentifier DeltaCRLIndicator_Id;
Identifies the reason for the certificate revocation.
/**
* Identifies the reason for the certificate revocation.
*/
public static final ObjectIdentifier ReasonCode_Id;
This extension provides a registered instruction identifier indicating
the action to be taken, after encountering a certificate that has been
placed on hold.
/**
* This extension provides a registered instruction identifier indicating
* the action to be taken, after encountering a certificate that has been
* placed on hold.
*/
public static final ObjectIdentifier HoldInstructionCode_Id;
Identifies the date on which it is known or suspected that the private
key was compromised or that the certificate otherwise became invalid.
/**
* Identifies the date on which it is known or suspected that the private
* key was compromised or that the certificate otherwise became invalid.
*/
public static final ObjectIdentifier InvalidityDate_Id;
Identifies one or more purposes for which the certified public key
may be used, in addition to or in place of the basic purposes
indicated in the key usage extension field.
/**
* Identifies one or more purposes for which the certified public key
* may be used, in addition to or in place of the basic purposes
* indicated in the key usage extension field.
*/
public static final ObjectIdentifier ExtendedKeyUsage_Id;
Specifies whether any-policy policy OID is permitted
/**
* Specifies whether any-policy policy OID is permitted
*/
public static final ObjectIdentifier InhibitAnyPolicy_Id;
Identifies the certificate issuer associated with an entry in an
indirect CRL.
/**
* Identifies the certificate issuer associated with an entry in an
* indirect CRL.
*/
public static final ObjectIdentifier CertificateIssuer_Id;
This extension indicates how to access CA information and services for
the issuer of the certificate in which the extension appears.
This information may be used for on-line certification validation
services.
/**
* This extension indicates how to access CA information and services for
* the issuer of the certificate in which the extension appears.
* This information may be used for on-line certification validation
* services.
*/
public static final ObjectIdentifier AuthInfoAccess_Id;
This extension indicates how to access CA information and services for
the subject of the certificate in which the extension appears.
/**
* This extension indicates how to access CA information and services for
* the subject of the certificate in which the extension appears.
*/
public static final ObjectIdentifier SubjectInfoAccess_Id;
Identifies how delta CRL information is obtained.
/**
* Identifies how delta CRL information is obtained.
*/
public static final ObjectIdentifier FreshestCRL_Id;
Identifies the OCSP client can trust the responder for the
lifetime of the responder's certificate.
/**
* Identifies the OCSP client can trust the responder for the
* lifetime of the responder's certificate.
*/
public static final ObjectIdentifier OCSPNoCheck_Id;
This extension is used to provide nonce data for OCSP requests
or responses.
/**
* This extension is used to provide nonce data for OCSP requests
* or responses.
*/
public static final ObjectIdentifier OCSPNonce_Id;
static {
AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);
SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data);
KeyUsage_Id = ObjectIdentifier.newInternal(KeyUsage_data);
PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data);
CertificatePolicies_Id =
ObjectIdentifier.newInternal(CertificatePolicies_data);
PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data);
SubjectAlternativeName_Id =
ObjectIdentifier.newInternal(SubjectAlternativeName_data);
IssuerAlternativeName_Id =
ObjectIdentifier.newInternal(IssuerAlternativeName_data);
ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data);
InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data);
SubjectDirectoryAttributes_Id =
ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data);
BasicConstraints_Id =
ObjectIdentifier.newInternal(BasicConstraints_data);
ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);
HoldInstructionCode_Id =
ObjectIdentifier.newInternal(HoldInstructionCode_data);
InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data);
NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data);
PolicyConstraints_Id =
ObjectIdentifier.newInternal(PolicyConstraints_data);
CRLDistributionPoints_Id =
ObjectIdentifier.newInternal(CRLDistributionPoints_data);
CRLNumber_Id =
ObjectIdentifier.newInternal(CRLNumber_data);
IssuingDistributionPoint_Id =
ObjectIdentifier.newInternal(IssuingDistributionPoint_data);
DeltaCRLIndicator_Id =
ObjectIdentifier.newInternal(DeltaCRLIndicator_data);
CertificateIssuer_Id =
ObjectIdentifier.newInternal(CertificateIssuer_data);
AuthInfoAccess_Id =
ObjectIdentifier.newInternal(AuthInfoAccess_data);
SubjectInfoAccess_Id =
ObjectIdentifier.newInternal(SubjectInfoAccess_data);
FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);
OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data);
OCSPNonce_Id = ObjectIdentifier.newInternal(OCSPNonce_data);
}
}