1 /*
2 * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
32 /**
33 * Lists all the object identifiers of the X509 extensions of the PKIX profile.
34 *
35 * <p>Extensions are addiitonal attributes which can be inserted in a X509
36 * v3 certificate. For example a "Driving License Certificate" could have
37 * the driving license number as a extension.
38 *
39 * <p>Extensions are represented as a sequence of the extension identifier
40 * (Object Identifier), a boolean flag stating whether the extension is to
41 * be treated as being critical and the extension value itself (this is again
42 * a DER encoding of the extension value).
43 *
44 * @see Extension
45 *
46 *
47 * @author Amit Kapoor
48 * @author Hemma Prafullchandra
49 */
50 public class PKIXExtensions {
51 // The object identifiers
52 private static final int AuthorityKey_data [] = { 2, 5, 29, 35 };
53 private static final int SubjectKey_data [] = { 2, 5, 29, 14 };
54 private static final int KeyUsage_data [] = { 2, 5, 29, 15 };
55 private static final int PrivateKeyUsage_data [] = { 2, 5, 29, 16 };
56 private static final int CertificatePolicies_data [] = { 2, 5, 29, 32 };
57 private static final int PolicyMappings_data [] = { 2, 5, 29, 33 };
58 private static final int SubjectAlternativeName_data [] = { 2, 5, 29, 17 };
59 private static final int IssuerAlternativeName_data [] = { 2, 5, 29, 18 };
60 private static final int SubjectDirectoryAttributes_data [] = { 2, 5, 29, 9 };
61 private static final int BasicConstraints_data [] = { 2, 5, 29, 19 };
62 private static final int NameConstraints_data [] = { 2, 5, 29, 30 };
63 private static final int PolicyConstraints_data [] = { 2, 5, 29, 36 };
64 private static final int CRLDistributionPoints_data [] = { 2, 5, 29, 31 };
65 private static final int CRLNumber_data [] = { 2, 5, 29, 20 };
66 private static final int IssuingDistributionPoint_data [] = { 2, 5, 29, 28 };
67 private static final int DeltaCRLIndicator_data [] = { 2, 5, 29, 27 };
68 private static final int ReasonCode_data [] = { 2, 5, 29, 21 };
69 private static final int HoldInstructionCode_data [] = { 2, 5, 29, 23 };
70 private static final int InvalidityDate_data [] = { 2, 5, 29, 24 };
71 private static final int ExtendedKeyUsage_data [] = { 2, 5, 29, 37 };
72 private static final int InhibitAnyPolicy_data [] = { 2, 5, 29, 54 };
73 private static final int CertificateIssuer_data [] = { 2, 5, 29, 29 };
74 private static final int AuthInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 1};
75 private static final int SubjectInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 11};
76 private static final int FreshestCRL_data [] = { 2, 5, 29, 46 };
77 private static final int OCSPNoCheck_data [] = { 1, 3, 6, 1, 5, 5, 7,
78 48, 1, 5};
79
80 /**
81 * Identifies the particular public key used to sign the certificate.
82 */
83 public static final ObjectIdentifier AuthorityKey_Id;
84
85 /**
86 * Identifies the particular public key used in an application.
87 */
88 public static final ObjectIdentifier SubjectKey_Id;
89
90 /**
91 * Defines the purpose of the key contained in the certificate.
92 */
93 public static final ObjectIdentifier KeyUsage_Id;
94
95 /**
96 * Allows the certificate issuer to specify a different validity period
97 * for the private key than the certificate.
98 */
99 public static final ObjectIdentifier PrivateKeyUsage_Id;
100
101 /**
102 * Contains the sequence of policy information terms.
103 */
104 public static final ObjectIdentifier CertificatePolicies_Id;
105
106 /**
107 * Lists pairs of objectidentifiers of policies considered equivalent by the
108 * issuing CA to the subject CA.
109 */
110 public static final ObjectIdentifier PolicyMappings_Id;
111
112 /**
113 * Allows additional identities to be bound to the subject of the certificate.
114 */
115 public static final ObjectIdentifier SubjectAlternativeName_Id;
116
117 /**
118 * Allows additional identities to be associated with the certificate issuer.
119 */
120 public static final ObjectIdentifier IssuerAlternativeName_Id;
121
122 /**
123 * Identifies additional directory attributes.
124 * This extension is always non-critical.
125 */
126 public static final ObjectIdentifier SubjectDirectoryAttributes_Id;
127
128 /**
129 * Identifies whether the subject of the certificate is a CA and how deep
130 * a certification path may exist through that CA.
131 */
132 public static final ObjectIdentifier BasicConstraints_Id;
133
134 /**
135 * Provides for permitted and excluded subtrees that place restrictions
136 * on names that may be included within a certificate issued by a given CA.
137 */
138 public static final ObjectIdentifier NameConstraints_Id;
207 */
208 public static final ObjectIdentifier AuthInfoAccess_Id;
209
210 /**
211 * This extension indicates how to access CA information and services for
212 * the subject of the certificate in which the extension appears.
213 */
214 public static final ObjectIdentifier SubjectInfoAccess_Id;
215
216 /**
217 * Identifies how delta CRL information is obtained.
218 */
219 public static final ObjectIdentifier FreshestCRL_Id;
220
221 /**
222 * Identifies the OCSP client can trust the responder for the
223 * lifetime of the responder's certificate.
224 */
225 public static final ObjectIdentifier OCSPNoCheck_Id;
226
227 static {
228 AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);
229 SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data);
230 KeyUsage_Id = ObjectIdentifier.newInternal(KeyUsage_data);
231 PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data);
232 CertificatePolicies_Id =
233 ObjectIdentifier.newInternal(CertificatePolicies_data);
234 PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data);
235 SubjectAlternativeName_Id =
236 ObjectIdentifier.newInternal(SubjectAlternativeName_data);
237 IssuerAlternativeName_Id =
238 ObjectIdentifier.newInternal(IssuerAlternativeName_data);
239 ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data);
240 InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data);
241 SubjectDirectoryAttributes_Id =
242 ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data);
243 BasicConstraints_Id =
244 ObjectIdentifier.newInternal(BasicConstraints_data);
245 ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);
246 HoldInstructionCode_Id =
249
250 NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data);
251 PolicyConstraints_Id =
252 ObjectIdentifier.newInternal(PolicyConstraints_data);
253 CRLDistributionPoints_Id =
254 ObjectIdentifier.newInternal(CRLDistributionPoints_data);
255 CRLNumber_Id =
256 ObjectIdentifier.newInternal(CRLNumber_data);
257 IssuingDistributionPoint_Id =
258 ObjectIdentifier.newInternal(IssuingDistributionPoint_data);
259 DeltaCRLIndicator_Id =
260 ObjectIdentifier.newInternal(DeltaCRLIndicator_data);
261 CertificateIssuer_Id =
262 ObjectIdentifier.newInternal(CertificateIssuer_data);
263 AuthInfoAccess_Id =
264 ObjectIdentifier.newInternal(AuthInfoAccess_data);
265 SubjectInfoAccess_Id =
266 ObjectIdentifier.newInternal(SubjectInfoAccess_data);
267 FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);
268 OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data);
269 }
270 }
|
1 /*
2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
32 /**
33 * Lists all the object identifiers of the X509 extensions of the PKIX profile.
34 *
35 * <p>Extensions are addiitonal attributes which can be inserted in a X509
36 * v3 certificate. For example a "Driving License Certificate" could have
37 * the driving license number as a extension.
38 *
39 * <p>Extensions are represented as a sequence of the extension identifier
40 * (Object Identifier), a boolean flag stating whether the extension is to
41 * be treated as being critical and the extension value itself (this is again
42 * a DER encoding of the extension value).
43 *
44 * @see Extension
45 *
46 *
47 * @author Amit Kapoor
48 * @author Hemma Prafullchandra
49 */
50 public class PKIXExtensions {
51 // The object identifiers
52 private static final int[] AuthorityKey_data = { 2, 5, 29, 35 };
53 private static final int[] SubjectKey_data = { 2, 5, 29, 14 };
54 private static final int[] KeyUsage_data = { 2, 5, 29, 15 };
55 private static final int[] PrivateKeyUsage_data = { 2, 5, 29, 16 };
56 private static final int[] CertificatePolicies_data = { 2, 5, 29, 32 };
57 private static final int[] PolicyMappings_data = { 2, 5, 29, 33 };
58 private static final int[] SubjectAlternativeName_data = { 2, 5, 29, 17 };
59 private static final int[] IssuerAlternativeName_data = { 2, 5, 29, 18 };
60 private static final int[] SubjectDirectoryAttributes_data = { 2, 5, 29, 9 };
61 private static final int[] BasicConstraints_data = { 2, 5, 29, 19 };
62 private static final int[] NameConstraints_data = { 2, 5, 29, 30 };
63 private static final int[] PolicyConstraints_data = { 2, 5, 29, 36 };
64 private static final int[] CRLDistributionPoints_data = { 2, 5, 29, 31 };
65 private static final int[] CRLNumber_data = { 2, 5, 29, 20 };
66 private static final int[] IssuingDistributionPoint_data = { 2, 5, 29, 28 };
67 private static final int[] DeltaCRLIndicator_data = { 2, 5, 29, 27 };
68 private static final int[] ReasonCode_data = { 2, 5, 29, 21 };
69 private static final int[] HoldInstructionCode_data = { 2, 5, 29, 23 };
70 private static final int[] InvalidityDate_data = { 2, 5, 29, 24 };
71 private static final int[] ExtendedKeyUsage_data = { 2, 5, 29, 37 };
72 private static final int[] InhibitAnyPolicy_data = { 2, 5, 29, 54 };
73 private static final int[] CertificateIssuer_data = { 2, 5, 29, 29 };
74 private static final int[] AuthInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 1};
75 private static final int[] SubjectInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 11};
76 private static final int[] FreshestCRL_data = { 2, 5, 29, 46 };
77 private static final int[] OCSPNoCheck_data = { 1, 3, 6, 1, 5, 5, 7,
78 48, 1, 5};
79
80 // Additional extensions under the PKIX arc that are not necessarily
81 // used in X.509 Certificates or CRLs.
82 private static final int[] OCSPNonce_data = { 1, 3, 6, 1, 5, 5, 7,
83 48, 1, 2};
84
85 /**
86 * Identifies the particular public key used to sign the certificate.
87 */
88 public static final ObjectIdentifier AuthorityKey_Id;
89
90 /**
91 * Identifies the particular public key used in an application.
92 */
93 public static final ObjectIdentifier SubjectKey_Id;
94
95 /**
96 * Defines the purpose of the key contained in the certificate.
97 */
98 public static final ObjectIdentifier KeyUsage_Id;
99
100 /**
101 * Allows the certificate issuer to specify a different validity period
102 * for the private key than the certificate.
103 */
104 public static final ObjectIdentifier PrivateKeyUsage_Id;
105
106 /**
107 * Contains the sequence of policy information terms.
108 */
109 public static final ObjectIdentifier CertificatePolicies_Id;
110
111 /**
112 * Lists pairs of object identifiers of policies considered equivalent by
113 * the issuing CA to the subject CA.
114 */
115 public static final ObjectIdentifier PolicyMappings_Id;
116
117 /**
118 * Allows additional identities to be bound to the subject of the
119 * certificate.
120 */
121 public static final ObjectIdentifier SubjectAlternativeName_Id;
122
123 /**
124 * Allows additional identities to be associated with the certificate
125 * issuer.
126 */
127 public static final ObjectIdentifier IssuerAlternativeName_Id;
128
129 /**
130 * Identifies additional directory attributes.
131 * This extension is always non-critical.
132 */
133 public static final ObjectIdentifier SubjectDirectoryAttributes_Id;
134
135 /**
136 * Identifies whether the subject of the certificate is a CA and how deep
137 * a certification path may exist through that CA.
138 */
139 public static final ObjectIdentifier BasicConstraints_Id;
140
141 /**
142 * Provides for permitted and excluded subtrees that place restrictions
143 * on names that may be included within a certificate issued by a given CA.
144 */
145 public static final ObjectIdentifier NameConstraints_Id;
214 */
215 public static final ObjectIdentifier AuthInfoAccess_Id;
216
217 /**
218 * This extension indicates how to access CA information and services for
219 * the subject of the certificate in which the extension appears.
220 */
221 public static final ObjectIdentifier SubjectInfoAccess_Id;
222
223 /**
224 * Identifies how delta CRL information is obtained.
225 */
226 public static final ObjectIdentifier FreshestCRL_Id;
227
228 /**
229 * Identifies the OCSP client can trust the responder for the
230 * lifetime of the responder's certificate.
231 */
232 public static final ObjectIdentifier OCSPNoCheck_Id;
233
234 /**
235 * This extension is used to provide nonce data for OCSP requests
236 * or responses.
237 */
238 public static final ObjectIdentifier OCSPNonce_Id;
239
240 static {
241 AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);
242 SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data);
243 KeyUsage_Id = ObjectIdentifier.newInternal(KeyUsage_data);
244 PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data);
245 CertificatePolicies_Id =
246 ObjectIdentifier.newInternal(CertificatePolicies_data);
247 PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data);
248 SubjectAlternativeName_Id =
249 ObjectIdentifier.newInternal(SubjectAlternativeName_data);
250 IssuerAlternativeName_Id =
251 ObjectIdentifier.newInternal(IssuerAlternativeName_data);
252 ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data);
253 InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data);
254 SubjectDirectoryAttributes_Id =
255 ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data);
256 BasicConstraints_Id =
257 ObjectIdentifier.newInternal(BasicConstraints_data);
258 ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);
259 HoldInstructionCode_Id =
262
263 NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data);
264 PolicyConstraints_Id =
265 ObjectIdentifier.newInternal(PolicyConstraints_data);
266 CRLDistributionPoints_Id =
267 ObjectIdentifier.newInternal(CRLDistributionPoints_data);
268 CRLNumber_Id =
269 ObjectIdentifier.newInternal(CRLNumber_data);
270 IssuingDistributionPoint_Id =
271 ObjectIdentifier.newInternal(IssuingDistributionPoint_data);
272 DeltaCRLIndicator_Id =
273 ObjectIdentifier.newInternal(DeltaCRLIndicator_data);
274 CertificateIssuer_Id =
275 ObjectIdentifier.newInternal(CertificateIssuer_data);
276 AuthInfoAccess_Id =
277 ObjectIdentifier.newInternal(AuthInfoAccess_data);
278 SubjectInfoAccess_Id =
279 ObjectIdentifier.newInternal(SubjectInfoAccess_data);
280 FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);
281 OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data);
282 OCSPNonce_Id = ObjectIdentifier.newInternal(OCSPNonce_data);
283 }
284 }
|