| /* |
| * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. |
| * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| * |
| * This code is free software; you can redistribute it and/or modify it |
| * under the terms of the GNU General Public License version 2 only, as |
| * published by the Free Software Foundation. Oracle designates this |
| * particular file as subject to the "Classpath" exception as provided |
| * by Oracle in the LICENSE file that accompanied this code. |
| * |
| * This code is distributed in the hope that it will be useful, but WITHOUT |
| * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| * version 2 for more details (a copy is included in the LICENSE file that |
| * accompanied this code). |
| * |
| * You should have received a copy of the GNU General Public License version |
| * 2 along with this work; if not, write to the Free Software Foundation, |
| * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| * |
| * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
| * or visit www.oracle.com if you need additional information or have any |
| * questions. |
| */ |
| |
| package sun.security.x509; |
| |
| import java.io.*; |
| |
| import sun.security.util.*; |
| |
| /** |
| * Lists all the object identifiers of the X509 extensions of the PKIX profile. |
| * |
| * <p>Extensions are addiitonal attributes which can be inserted in a X509 |
| * v3 certificate. For example a "Driving License Certificate" could have |
| * the driving license number as a extension. |
| * |
| * <p>Extensions are represented as a sequence of the extension identifier |
| * (Object Identifier), a boolean flag stating whether the extension is to |
| * be treated as being critical and the extension value itself (this is again |
| * a DER encoding of the extension value). |
| * |
| * @see Extension |
| * |
| * |
| * @author Amit Kapoor |
| * @author Hemma Prafullchandra |
| */ |
| public class PKIXExtensions { |
| // The object identifiers |
| private static final int[] AuthorityKey_data = { 2, 5, 29, 35 }; |
| private static final int[] SubjectKey_data = { 2, 5, 29, 14 }; |
| private static final int[] KeyUsage_data = { 2, 5, 29, 15 }; |
| private static final int[] PrivateKeyUsage_data = { 2, 5, 29, 16 }; |
| private static final int[] CertificatePolicies_data = { 2, 5, 29, 32 }; |
| private static final int[] PolicyMappings_data = { 2, 5, 29, 33 }; |
| private static final int[] SubjectAlternativeName_data = { 2, 5, 29, 17 }; |
| private static final int[] IssuerAlternativeName_data = { 2, 5, 29, 18 }; |
| private static final int[] SubjectDirectoryAttributes_data = { 2, 5, 29, 9 }; |
| private static final int[] BasicConstraints_data = { 2, 5, 29, 19 }; |
| private static final int[] NameConstraints_data = { 2, 5, 29, 30 }; |
| private static final int[] PolicyConstraints_data = { 2, 5, 29, 36 }; |
| private static final int[] CRLDistributionPoints_data = { 2, 5, 29, 31 }; |
| private static final int[] CRLNumber_data = { 2, 5, 29, 20 }; |
| private static final int[] IssuingDistributionPoint_data = { 2, 5, 29, 28 }; |
| private static final int[] DeltaCRLIndicator_data = { 2, 5, 29, 27 }; |
| private static final int[] ReasonCode_data = { 2, 5, 29, 21 }; |
| private static final int[] HoldInstructionCode_data = { 2, 5, 29, 23 }; |
| private static final int[] InvalidityDate_data = { 2, 5, 29, 24 }; |
| private static final int[] ExtendedKeyUsage_data = { 2, 5, 29, 37 }; |
| private static final int[] InhibitAnyPolicy_data = { 2, 5, 29, 54 }; |
| private static final int[] CertificateIssuer_data = { 2, 5, 29, 29 }; |
| private static final int[] AuthInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 1}; |
| private static final int[] SubjectInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 11}; |
| private static final int[] FreshestCRL_data = { 2, 5, 29, 46 }; |
| private static final int[] OCSPNoCheck_data = { 1, 3, 6, 1, 5, 5, 7, |
| 48, 1, 5}; |
| |
| // Additional extensions under the PKIX arc that are not necessarily |
| // used in X.509 Certificates or CRLs. |
| private static final int OCSPNonce_data [] = { 1, 3, 6, 1, 5, 5, 7, |
| 48, 1, 2}; |
| |
| /** |
| * Identifies the particular public key used to sign the certificate. |
| */ |
| public static final ObjectIdentifier AuthorityKey_Id; |
| |
| /** |
| * Identifies the particular public key used in an application. |
| */ |
| public static final ObjectIdentifier SubjectKey_Id; |
| |
| /** |
| * Defines the purpose of the key contained in the certificate. |
| */ |
| public static final ObjectIdentifier KeyUsage_Id; |
| |
| /** |
| * Allows the certificate issuer to specify a different validity period |
| * for the private key than the certificate. |
| */ |
| public static final ObjectIdentifier PrivateKeyUsage_Id; |
| |
| /** |
| * Contains the sequence of policy information terms. |
| */ |
| public static final ObjectIdentifier CertificatePolicies_Id; |
| |
| /** |
| * Lists pairs of object identifiers of policies considered equivalent by |
| * the issuing CA to the subject CA. |
| */ |
| public static final ObjectIdentifier PolicyMappings_Id; |
| |
| /** |
| * Allows additional identities to be bound to the subject of the |
| * certificate. |
| */ |
| public static final ObjectIdentifier SubjectAlternativeName_Id; |
| |
| /** |
| * Allows additional identities to be associated with the certificate |
| * issuer. |
| */ |
| public static final ObjectIdentifier IssuerAlternativeName_Id; |
| |
| /** |
| * Identifies additional directory attributes. |
| * This extension is always non-critical. |
| */ |
| public static final ObjectIdentifier SubjectDirectoryAttributes_Id; |
| |
| /** |
| * Identifies whether the subject of the certificate is a CA and how deep |
| * a certification path may exist through that CA. |
| */ |
| public static final ObjectIdentifier BasicConstraints_Id; |
| |
| /** |
| * Provides for permitted and excluded subtrees that place restrictions |
| * on names that may be included within a certificate issued by a given CA. |
| */ |
| public static final ObjectIdentifier NameConstraints_Id; |
| |
| /** |
| * Used to either prohibit policy mapping or limit the set of policies |
| * that can be in subsequent certificates. |
| */ |
| public static final ObjectIdentifier PolicyConstraints_Id; |
| |
| /** |
| * Identifies how CRL information is obtained. |
| */ |
| public static final ObjectIdentifier CRLDistributionPoints_Id; |
| |
| /** |
| * Conveys a monotonically increasing sequence number for each CRL |
| * issued by a given CA. |
| */ |
| public static final ObjectIdentifier CRLNumber_Id; |
| |
| /** |
| * Identifies the CRL distribution point for a particular CRL. |
| */ |
| public static final ObjectIdentifier IssuingDistributionPoint_Id; |
| |
| /** |
| * Identifies the delta CRL. |
| */ |
| public static final ObjectIdentifier DeltaCRLIndicator_Id; |
| |
| /** |
| * Identifies the reason for the certificate revocation. |
| */ |
| public static final ObjectIdentifier ReasonCode_Id; |
| |
| /** |
| * This extension provides a registered instruction identifier indicating |
| * the action to be taken, after encountering a certificate that has been |
| * placed on hold. |
| */ |
| public static final ObjectIdentifier HoldInstructionCode_Id; |
| |
| /** |
| * Identifies the date on which it is known or suspected that the private |
| * key was compromised or that the certificate otherwise became invalid. |
| */ |
| public static final ObjectIdentifier InvalidityDate_Id; |
| /** |
| * Identifies one or more purposes for which the certified public key |
| * may be used, in addition to or in place of the basic purposes |
| * indicated in the key usage extension field. |
| */ |
| public static final ObjectIdentifier ExtendedKeyUsage_Id; |
| |
| /** |
| * Specifies whether any-policy policy OID is permitted |
| */ |
| public static final ObjectIdentifier InhibitAnyPolicy_Id; |
| |
| /** |
| * Identifies the certificate issuer associated with an entry in an |
| * indirect CRL. |
| */ |
| public static final ObjectIdentifier CertificateIssuer_Id; |
| |
| /** |
| * This extension indicates how to access CA information and services for |
| * the issuer of the certificate in which the extension appears. |
| * This information may be used for on-line certification validation |
| * services. |
| */ |
| public static final ObjectIdentifier AuthInfoAccess_Id; |
| |
| /** |
| * This extension indicates how to access CA information and services for |
| * the subject of the certificate in which the extension appears. |
| */ |
| public static final ObjectIdentifier SubjectInfoAccess_Id; |
| |
| /** |
| * Identifies how delta CRL information is obtained. |
| */ |
| public static final ObjectIdentifier FreshestCRL_Id; |
| |
| /** |
| * Identifies the OCSP client can trust the responder for the |
| * lifetime of the responder's certificate. |
| */ |
| public static final ObjectIdentifier OCSPNoCheck_Id; |
| |
| /** |
| * This extension is used to provide nonce data for OCSP requests |
| * or responses. |
| */ |
| public static final ObjectIdentifier OCSPNonce_Id; |
| |
| static { |
| AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data); |
| SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data); |
| KeyUsage_Id = ObjectIdentifier.newInternal(KeyUsage_data); |
| PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data); |
| CertificatePolicies_Id = |
| ObjectIdentifier.newInternal(CertificatePolicies_data); |
| PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data); |
| SubjectAlternativeName_Id = |
| ObjectIdentifier.newInternal(SubjectAlternativeName_data); |
| IssuerAlternativeName_Id = |
| ObjectIdentifier.newInternal(IssuerAlternativeName_data); |
| ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data); |
| InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data); |
| SubjectDirectoryAttributes_Id = |
| ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data); |
| BasicConstraints_Id = |
| ObjectIdentifier.newInternal(BasicConstraints_data); |
| ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data); |
| HoldInstructionCode_Id = |
| ObjectIdentifier.newInternal(HoldInstructionCode_data); |
| InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data); |
| |
| NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data); |
| PolicyConstraints_Id = |
| ObjectIdentifier.newInternal(PolicyConstraints_data); |
| CRLDistributionPoints_Id = |
| ObjectIdentifier.newInternal(CRLDistributionPoints_data); |
| CRLNumber_Id = |
| ObjectIdentifier.newInternal(CRLNumber_data); |
| IssuingDistributionPoint_Id = |
| ObjectIdentifier.newInternal(IssuingDistributionPoint_data); |
| DeltaCRLIndicator_Id = |
| ObjectIdentifier.newInternal(DeltaCRLIndicator_data); |
| CertificateIssuer_Id = |
| ObjectIdentifier.newInternal(CertificateIssuer_data); |
| AuthInfoAccess_Id = |
| ObjectIdentifier.newInternal(AuthInfoAccess_data); |
| SubjectInfoAccess_Id = |
| ObjectIdentifier.newInternal(SubjectInfoAccess_data); |
| FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data); |
| OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data); |
| OCSPNonce_Id = ObjectIdentifier.newInternal(OCSPNonce_data); |
| } |
| } |