Blame - jdk/src/share/classes/sun/security/x509/PKIXExtensions.java - platform/libcore

blob: 78177944c08bfbe1376111531156bd41860289a2 [file] [log] [blame]

J. Duke	319a3b9	2007-12-01 00:00:00 +0000	[diff] [blame^]	1	/*
				2	* Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved.
				3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
				4	*
				5	* This code is free software; you can redistribute it and/or modify it
				6	* under the terms of the GNU General Public License version 2 only, as
				7	* published by the Free Software Foundation. Sun designates this
				8	* particular file as subject to the "Classpath" exception as provided
				9	* by Sun in the LICENSE file that accompanied this code.
				10	*
				11	* This code is distributed in the hope that it will be useful, but WITHOUT
				12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
				13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
				14	* version 2 for more details (a copy is included in the LICENSE file that
				15	* accompanied this code).
				16	*
				17	* You should have received a copy of the GNU General Public License version
				18	* 2 along with this work; if not, write to the Free Software Foundation,
				19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
				20	*
				21	* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
				22	* CA 95054 USA or visit www.sun.com if you need additional information or
				23	* have any questions.
				24	*/
				25
				26	package sun.security.x509;
				27
				28	import java.io.*;
				29
				30	import sun.security.util.*;
				31
				32	/**
				33	* Lists all the object identifiers of the X509 extensions of the PKIX profile.
				34	*
				35	* <p>Extensions are addiitonal attributes which can be inserted in a X509
				36	* v3 certificate. For example a "Driving License Certificate" could have
				37	* the driving license number as a extension.
				38	*
				39	* <p>Extensions are represented as a sequence of the extension identifier
				40	* (Object Identifier), a boolean flag stating whether the extension is to
				41	* be treated as being critical and the extension value itself (this is again
				42	* a DER encoding of the extension value).
				43	*
				44	* @see Extension
				45	*
				46	*
				47	* @author Amit Kapoor
				48	* @author Hemma Prafullchandra
				49	*/
				50	public class PKIXExtensions {
				51	// The object identifiers
				52	private static final int AuthorityKey_data [] = { 2, 5, 29, 35 };
				53	private static final int SubjectKey_data [] = { 2, 5, 29, 14 };
				54	private static final int KeyUsage_data [] = { 2, 5, 29, 15 };
				55	private static final int PrivateKeyUsage_data [] = { 2, 5, 29, 16 };
				56	private static final int CertificatePolicies_data [] = { 2, 5, 29, 32 };
				57	private static final int PolicyMappings_data [] = { 2, 5, 29, 33 };
				58	private static final int SubjectAlternativeName_data [] = { 2, 5, 29, 17 };
				59	private static final int IssuerAlternativeName_data [] = { 2, 5, 29, 18 };
				60	private static final int SubjectDirectoryAttributes_data [] = { 2, 5, 29, 9 };
				61	private static final int BasicConstraints_data [] = { 2, 5, 29, 19 };
				62	private static final int NameConstraints_data [] = { 2, 5, 29, 30 };
				63	private static final int PolicyConstraints_data [] = { 2, 5, 29, 36 };
				64	private static final int CRLDistributionPoints_data [] = { 2, 5, 29, 31 };
				65	private static final int CRLNumber_data [] = { 2, 5, 29, 20 };
				66	private static final int IssuingDistributionPoint_data [] = { 2, 5, 29, 28 };
				67	private static final int DeltaCRLIndicator_data [] = { 2, 5, 29, 27 };
				68	private static final int ReasonCode_data [] = { 2, 5, 29, 21 };
				69	private static final int HoldInstructionCode_data [] = { 2, 5, 29, 23 };
				70	private static final int InvalidityDate_data [] = { 2, 5, 29, 24 };
				71	private static final int ExtendedKeyUsage_data [] = { 2, 5, 29, 37 };
				72	private static final int InhibitAnyPolicy_data [] = { 2, 5, 29, 54 };
				73	private static final int CertificateIssuer_data [] = { 2, 5, 29, 29 };
				74	private static final int AuthInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 1};
				75	private static final int SubjectInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 11};
				76	private static final int FreshestCRL_data [] = { 2, 5, 29, 46 };
				77
				78	/**
				79	* Identifies the particular public key used to sign the certificate.
				80	*/
				81	public static final ObjectIdentifier AuthorityKey_Id;
				82
				83	/**
				84	* Identifies the particular public key used in an application.
				85	*/
				86	public static final ObjectIdentifier SubjectKey_Id;
				87
				88	/**
				89	* Defines the purpose of the key contained in the certificate.
				90	*/
				91	public static final ObjectIdentifier KeyUsage_Id;
				92
				93	/**
				94	* Allows the certificate issuer to specify a different validity period
				95	* for the private key than the certificate.
				96	*/
				97	public static final ObjectIdentifier PrivateKeyUsage_Id;
				98
				99	/**
				100	* Contains the sequence of policy information terms.
				101	*/
				102	public static final ObjectIdentifier CertificatePolicies_Id;
				103
				104	/**
				105	* Lists pairs of objectidentifiers of policies considered equivalent by the
				106	* issuing CA to the subject CA.
				107	*/
				108	public static final ObjectIdentifier PolicyMappings_Id;
				109
				110	/**
				111	* Allows additional identities to be bound to the subject of the certificate.
				112	*/
				113	public static final ObjectIdentifier SubjectAlternativeName_Id;
				114
				115	/**
				116	* Allows additional identities to be associated with the certificate issuer.
				117	*/
				118	public static final ObjectIdentifier IssuerAlternativeName_Id;
				119
				120	/**
				121	* Identifies additional directory attributes.
				122	* This extension is always non-critical.
				123	*/
				124	public static final ObjectIdentifier SubjectDirectoryAttributes_Id;
				125
				126	/**
				127	* Identifies whether the subject of the certificate is a CA and how deep
				128	* a certification path may exist through that CA.
				129	*/
				130	public static final ObjectIdentifier BasicConstraints_Id;
				131
				132	/**
				133	* Provides for permitted and excluded subtrees that place restrictions
				134	* on names that may be included within a certificate issued by a given CA.
				135	*/
				136	public static final ObjectIdentifier NameConstraints_Id;
				137
				138	/**
				139	* Used to either prohibit policy mapping or limit the set of policies
				140	* that can be in subsequent certificates.
				141	*/
				142	public static final ObjectIdentifier PolicyConstraints_Id;
				143
				144	/**
				145	* Identifies how CRL information is obtained.
				146	*/
				147	public static final ObjectIdentifier CRLDistributionPoints_Id;
				148
				149	/**
				150	* Conveys a monotonically increasing sequence number for each CRL
				151	* issued by a given CA.
				152	*/
				153	public static final ObjectIdentifier CRLNumber_Id;
				154
				155	/**
				156	* Identifies the CRL distribution point for a particular CRL.
				157	*/
				158	public static final ObjectIdentifier IssuingDistributionPoint_Id;
				159
				160	/**
				161	* Identifies the delta CRL.
				162	*/
				163	public static final ObjectIdentifier DeltaCRLIndicator_Id;
				164
				165	/**
				166	* Identifies the reason for the certificate revocation.
				167	*/
				168	public static final ObjectIdentifier ReasonCode_Id;
				169
				170	/**
				171	* This extension provides a registered instruction identifier indicating
				172	* the action to be taken, after encountering a certificate that has been
				173	* placed on hold.
				174	*/
				175	public static final ObjectIdentifier HoldInstructionCode_Id;
				176
				177	/**
				178	* Identifies the date on which it is known or suspected that the private
				179	* key was compromised or that the certificate otherwise became invalid.
				180	*/
				181	public static final ObjectIdentifier InvalidityDate_Id;
				182	/**
				183	* Identifies one or more purposes for which the certified public key
				184	* may be used, in addition to or in place of the basic purposes
				185	* indicated in the key usage extension field.
				186	*/
				187	public static final ObjectIdentifier ExtendedKeyUsage_Id;
				188
				189	/**
				190	* Specifies whether any-policy policy OID is permitted
				191	*/
				192	public static final ObjectIdentifier InhibitAnyPolicy_Id;
				193
				194	/**
				195	* Identifies the certificate issuer associated with an entry in an
				196	* indirect CRL.
				197	*/
				198	public static final ObjectIdentifier CertificateIssuer_Id;
				199
				200	/**
				201	* This extension indicates how to access CA information and services for
				202	* the issuer of the certificate in which the extension appears.
				203	* This information may be used for on-line certification validation
				204	* services.
				205	*/
				206	public static final ObjectIdentifier AuthInfoAccess_Id;
				207
				208	/**
				209	* This extension indicates how to access CA information and services for
				210	* the subject of the certificate in which the extension appears.
				211	*/
				212	public static final ObjectIdentifier SubjectInfoAccess_Id;
				213
				214	/**
				215	* Identifies how delta CRL information is obtained.
				216	*/
				217	public static final ObjectIdentifier FreshestCRL_Id;
				218
				219	static {
				220	AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);
				221	SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data);
				222	KeyUsage_Id = ObjectIdentifier.newInternal(KeyUsage_data);
				223	PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data);
				224	CertificatePolicies_Id =
				225	ObjectIdentifier.newInternal(CertificatePolicies_data);
				226	PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data);
				227	SubjectAlternativeName_Id =
				228	ObjectIdentifier.newInternal(SubjectAlternativeName_data);
				229	IssuerAlternativeName_Id =
				230	ObjectIdentifier.newInternal(IssuerAlternativeName_data);
				231	ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data);
				232	InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data);
				233	SubjectDirectoryAttributes_Id =
				234	ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data);
				235	BasicConstraints_Id =
				236	ObjectIdentifier.newInternal(BasicConstraints_data);
				237	ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);
				238	HoldInstructionCode_Id =
				239	ObjectIdentifier.newInternal(HoldInstructionCode_data);
				240	InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data);
				241
				242	NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data);
				243	PolicyConstraints_Id =
				244	ObjectIdentifier.newInternal(PolicyConstraints_data);
				245	CRLDistributionPoints_Id =
				246	ObjectIdentifier.newInternal(CRLDistributionPoints_data);
				247	CRLNumber_Id =
				248	ObjectIdentifier.newInternal(CRLNumber_data);
				249	IssuingDistributionPoint_Id =
				250	ObjectIdentifier.newInternal(IssuingDistributionPoint_data);
				251	DeltaCRLIndicator_Id =
				252	ObjectIdentifier.newInternal(DeltaCRLIndicator_data);
				253	CertificateIssuer_Id =
				254	ObjectIdentifier.newInternal(CertificateIssuer_data);
				255	AuthInfoAccess_Id =
				256	ObjectIdentifier.newInternal(AuthInfoAccess_data);
				257	SubjectInfoAccess_Id =
				258	ObjectIdentifier.newInternal(SubjectInfoAccess_data);
				259	FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);
				260	}
				261	}