J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved. |
| 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | * |
| 5 | * This code is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 only, as |
| 7 | * published by the Free Software Foundation. Sun designates this |
| 8 | * particular file as subject to the "Classpath" exception as provided |
| 9 | * by Sun in the LICENSE file that accompanied this code. |
| 10 | * |
| 11 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 12 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 13 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 14 | * version 2 for more details (a copy is included in the LICENSE file that |
| 15 | * accompanied this code). |
| 16 | * |
| 17 | * You should have received a copy of the GNU General Public License version |
| 18 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 19 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 20 | * |
| 21 | * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 22 | * CA 95054 USA or visit www.sun.com if you need additional information or |
| 23 | * have any questions. |
| 24 | */ |
| 25 | |
| 26 | package sun.security.x509; |
| 27 | |
| 28 | import java.io.*; |
| 29 | |
| 30 | import sun.security.util.*; |
| 31 | |
| 32 | /** |
| 33 | * Lists all the object identifiers of the X509 extensions of the PKIX profile. |
| 34 | * |
| 35 | * <p>Extensions are addiitonal attributes which can be inserted in a X509 |
| 36 | * v3 certificate. For example a "Driving License Certificate" could have |
| 37 | * the driving license number as a extension. |
| 38 | * |
| 39 | * <p>Extensions are represented as a sequence of the extension identifier |
| 40 | * (Object Identifier), a boolean flag stating whether the extension is to |
| 41 | * be treated as being critical and the extension value itself (this is again |
| 42 | * a DER encoding of the extension value). |
| 43 | * |
| 44 | * @see Extension |
| 45 | * |
| 46 | * |
| 47 | * @author Amit Kapoor |
| 48 | * @author Hemma Prafullchandra |
| 49 | */ |
| 50 | public class PKIXExtensions { |
| 51 | // The object identifiers |
| 52 | private static final int AuthorityKey_data [] = { 2, 5, 29, 35 }; |
| 53 | private static final int SubjectKey_data [] = { 2, 5, 29, 14 }; |
| 54 | private static final int KeyUsage_data [] = { 2, 5, 29, 15 }; |
| 55 | private static final int PrivateKeyUsage_data [] = { 2, 5, 29, 16 }; |
| 56 | private static final int CertificatePolicies_data [] = { 2, 5, 29, 32 }; |
| 57 | private static final int PolicyMappings_data [] = { 2, 5, 29, 33 }; |
| 58 | private static final int SubjectAlternativeName_data [] = { 2, 5, 29, 17 }; |
| 59 | private static final int IssuerAlternativeName_data [] = { 2, 5, 29, 18 }; |
| 60 | private static final int SubjectDirectoryAttributes_data [] = { 2, 5, 29, 9 }; |
| 61 | private static final int BasicConstraints_data [] = { 2, 5, 29, 19 }; |
| 62 | private static final int NameConstraints_data [] = { 2, 5, 29, 30 }; |
| 63 | private static final int PolicyConstraints_data [] = { 2, 5, 29, 36 }; |
| 64 | private static final int CRLDistributionPoints_data [] = { 2, 5, 29, 31 }; |
| 65 | private static final int CRLNumber_data [] = { 2, 5, 29, 20 }; |
| 66 | private static final int IssuingDistributionPoint_data [] = { 2, 5, 29, 28 }; |
| 67 | private static final int DeltaCRLIndicator_data [] = { 2, 5, 29, 27 }; |
| 68 | private static final int ReasonCode_data [] = { 2, 5, 29, 21 }; |
| 69 | private static final int HoldInstructionCode_data [] = { 2, 5, 29, 23 }; |
| 70 | private static final int InvalidityDate_data [] = { 2, 5, 29, 24 }; |
| 71 | private static final int ExtendedKeyUsage_data [] = { 2, 5, 29, 37 }; |
| 72 | private static final int InhibitAnyPolicy_data [] = { 2, 5, 29, 54 }; |
| 73 | private static final int CertificateIssuer_data [] = { 2, 5, 29, 29 }; |
| 74 | private static final int AuthInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 1}; |
| 75 | private static final int SubjectInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 11}; |
| 76 | private static final int FreshestCRL_data [] = { 2, 5, 29, 46 }; |
| 77 | |
| 78 | /** |
| 79 | * Identifies the particular public key used to sign the certificate. |
| 80 | */ |
| 81 | public static final ObjectIdentifier AuthorityKey_Id; |
| 82 | |
| 83 | /** |
| 84 | * Identifies the particular public key used in an application. |
| 85 | */ |
| 86 | public static final ObjectIdentifier SubjectKey_Id; |
| 87 | |
| 88 | /** |
| 89 | * Defines the purpose of the key contained in the certificate. |
| 90 | */ |
| 91 | public static final ObjectIdentifier KeyUsage_Id; |
| 92 | |
| 93 | /** |
| 94 | * Allows the certificate issuer to specify a different validity period |
| 95 | * for the private key than the certificate. |
| 96 | */ |
| 97 | public static final ObjectIdentifier PrivateKeyUsage_Id; |
| 98 | |
| 99 | /** |
| 100 | * Contains the sequence of policy information terms. |
| 101 | */ |
| 102 | public static final ObjectIdentifier CertificatePolicies_Id; |
| 103 | |
| 104 | /** |
| 105 | * Lists pairs of objectidentifiers of policies considered equivalent by the |
| 106 | * issuing CA to the subject CA. |
| 107 | */ |
| 108 | public static final ObjectIdentifier PolicyMappings_Id; |
| 109 | |
| 110 | /** |
| 111 | * Allows additional identities to be bound to the subject of the certificate. |
| 112 | */ |
| 113 | public static final ObjectIdentifier SubjectAlternativeName_Id; |
| 114 | |
| 115 | /** |
| 116 | * Allows additional identities to be associated with the certificate issuer. |
| 117 | */ |
| 118 | public static final ObjectIdentifier IssuerAlternativeName_Id; |
| 119 | |
| 120 | /** |
| 121 | * Identifies additional directory attributes. |
| 122 | * This extension is always non-critical. |
| 123 | */ |
| 124 | public static final ObjectIdentifier SubjectDirectoryAttributes_Id; |
| 125 | |
| 126 | /** |
| 127 | * Identifies whether the subject of the certificate is a CA and how deep |
| 128 | * a certification path may exist through that CA. |
| 129 | */ |
| 130 | public static final ObjectIdentifier BasicConstraints_Id; |
| 131 | |
| 132 | /** |
| 133 | * Provides for permitted and excluded subtrees that place restrictions |
| 134 | * on names that may be included within a certificate issued by a given CA. |
| 135 | */ |
| 136 | public static final ObjectIdentifier NameConstraints_Id; |
| 137 | |
| 138 | /** |
| 139 | * Used to either prohibit policy mapping or limit the set of policies |
| 140 | * that can be in subsequent certificates. |
| 141 | */ |
| 142 | public static final ObjectIdentifier PolicyConstraints_Id; |
| 143 | |
| 144 | /** |
| 145 | * Identifies how CRL information is obtained. |
| 146 | */ |
| 147 | public static final ObjectIdentifier CRLDistributionPoints_Id; |
| 148 | |
| 149 | /** |
| 150 | * Conveys a monotonically increasing sequence number for each CRL |
| 151 | * issued by a given CA. |
| 152 | */ |
| 153 | public static final ObjectIdentifier CRLNumber_Id; |
| 154 | |
| 155 | /** |
| 156 | * Identifies the CRL distribution point for a particular CRL. |
| 157 | */ |
| 158 | public static final ObjectIdentifier IssuingDistributionPoint_Id; |
| 159 | |
| 160 | /** |
| 161 | * Identifies the delta CRL. |
| 162 | */ |
| 163 | public static final ObjectIdentifier DeltaCRLIndicator_Id; |
| 164 | |
| 165 | /** |
| 166 | * Identifies the reason for the certificate revocation. |
| 167 | */ |
| 168 | public static final ObjectIdentifier ReasonCode_Id; |
| 169 | |
| 170 | /** |
| 171 | * This extension provides a registered instruction identifier indicating |
| 172 | * the action to be taken, after encountering a certificate that has been |
| 173 | * placed on hold. |
| 174 | */ |
| 175 | public static final ObjectIdentifier HoldInstructionCode_Id; |
| 176 | |
| 177 | /** |
| 178 | * Identifies the date on which it is known or suspected that the private |
| 179 | * key was compromised or that the certificate otherwise became invalid. |
| 180 | */ |
| 181 | public static final ObjectIdentifier InvalidityDate_Id; |
| 182 | /** |
| 183 | * Identifies one or more purposes for which the certified public key |
| 184 | * may be used, in addition to or in place of the basic purposes |
| 185 | * indicated in the key usage extension field. |
| 186 | */ |
| 187 | public static final ObjectIdentifier ExtendedKeyUsage_Id; |
| 188 | |
| 189 | /** |
| 190 | * Specifies whether any-policy policy OID is permitted |
| 191 | */ |
| 192 | public static final ObjectIdentifier InhibitAnyPolicy_Id; |
| 193 | |
| 194 | /** |
| 195 | * Identifies the certificate issuer associated with an entry in an |
| 196 | * indirect CRL. |
| 197 | */ |
| 198 | public static final ObjectIdentifier CertificateIssuer_Id; |
| 199 | |
| 200 | /** |
| 201 | * This extension indicates how to access CA information and services for |
| 202 | * the issuer of the certificate in which the extension appears. |
| 203 | * This information may be used for on-line certification validation |
| 204 | * services. |
| 205 | */ |
| 206 | public static final ObjectIdentifier AuthInfoAccess_Id; |
| 207 | |
| 208 | /** |
| 209 | * This extension indicates how to access CA information and services for |
| 210 | * the subject of the certificate in which the extension appears. |
| 211 | */ |
| 212 | public static final ObjectIdentifier SubjectInfoAccess_Id; |
| 213 | |
| 214 | /** |
| 215 | * Identifies how delta CRL information is obtained. |
| 216 | */ |
| 217 | public static final ObjectIdentifier FreshestCRL_Id; |
| 218 | |
| 219 | static { |
| 220 | AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data); |
| 221 | SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data); |
| 222 | KeyUsage_Id = ObjectIdentifier.newInternal(KeyUsage_data); |
| 223 | PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data); |
| 224 | CertificatePolicies_Id = |
| 225 | ObjectIdentifier.newInternal(CertificatePolicies_data); |
| 226 | PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data); |
| 227 | SubjectAlternativeName_Id = |
| 228 | ObjectIdentifier.newInternal(SubjectAlternativeName_data); |
| 229 | IssuerAlternativeName_Id = |
| 230 | ObjectIdentifier.newInternal(IssuerAlternativeName_data); |
| 231 | ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data); |
| 232 | InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data); |
| 233 | SubjectDirectoryAttributes_Id = |
| 234 | ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data); |
| 235 | BasicConstraints_Id = |
| 236 | ObjectIdentifier.newInternal(BasicConstraints_data); |
| 237 | ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data); |
| 238 | HoldInstructionCode_Id = |
| 239 | ObjectIdentifier.newInternal(HoldInstructionCode_data); |
| 240 | InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data); |
| 241 | |
| 242 | NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data); |
| 243 | PolicyConstraints_Id = |
| 244 | ObjectIdentifier.newInternal(PolicyConstraints_data); |
| 245 | CRLDistributionPoints_Id = |
| 246 | ObjectIdentifier.newInternal(CRLDistributionPoints_data); |
| 247 | CRLNumber_Id = |
| 248 | ObjectIdentifier.newInternal(CRLNumber_data); |
| 249 | IssuingDistributionPoint_Id = |
| 250 | ObjectIdentifier.newInternal(IssuingDistributionPoint_data); |
| 251 | DeltaCRLIndicator_Id = |
| 252 | ObjectIdentifier.newInternal(DeltaCRLIndicator_data); |
| 253 | CertificateIssuer_Id = |
| 254 | ObjectIdentifier.newInternal(CertificateIssuer_data); |
| 255 | AuthInfoAccess_Id = |
| 256 | ObjectIdentifier.newInternal(AuthInfoAccess_data); |
| 257 | SubjectInfoAccess_Id = |
| 258 | ObjectIdentifier.newInternal(SubjectInfoAccess_data); |
| 259 | FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data); |
| 260 | } |
| 261 | } |