Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / 319a3b994703aac84df7bcde272adfcb3cdbbbf0 / . / jdk / src / share / classes / sun / security / x509 / certAttributes.html
blob: 088538e5cabcc4bf3b9bce78ed13495a947113fc [file] [log] [blame]
J. Duke319a3b92007-12-01 00:00:00 +0000[diff] [blame^]1<HTML>
2<BODY>
3<HEAD>
4<TITLE>Certificate Attributes</TITLE>
5</HEAD>
6<h2><center>Certificate Attributes</center></h2>
7<font size=3><center>July 1998</font></center>
8<p>
9In JDK1.2 we provide an implementation of X.509 (version 3).
10The X509CertImpl class supports the following methods to
11manipulate the various attributes of a certificate:
12<pre>
13 Object get(String name)
14 void set(String name, Object value), and
15 void delete(String name)
16</pre>
17A list of all the X.509 v3 Certificate attributes that can be manipulated
18is provided in the following table.
19For example, if you want to get the signature component of
20the certificate:
21<pre>
22 X509CertImpl cert;
23 // get the certificate object
24 byte[] sig = (byte[])cert.get("x509.signature");
25 // using the fully-qualified identifier
26OR
27 byte[] sig = (byte[])cert.get(X509CertImpl.SIG);
28 // using defined constants
29</pre>
30<p>
31<table border=1>
32<caption>sun.security.x509.X509CertImpl</caption>
33<tr>
34<td><strong>Attribute</strong></td>
35<td><strong>Fully-qualified identifier</strong></td>
36<td><strong>Defined constants</strong></td>
37<td><strong>Type of Object returned</strong><br>
38(in sun.security.x509 unless fully-qualified)</td>
39</tr>
40<tr>
41<td>signatureAlgorithm</td>
42<td>x509.algorithm</td>
43<td>X509CertImpl.SIG_ALG</td>
44<td>AlgorithmId</td>
45</tr>
46<tr>
47<td>signature</td>
48<td>x509.signature</td>
49<td>X509CertImpl.SIG</td>
50<td>byte[]</td>
51</tr>
52<tr>
53<td>tbsCertificate</td>
54<td>x509.info</td>
55<td>X509CertInfo.IDENT</td>
56<td>X509CertInfo</td>
57</tr>
58<tr>
59<td>version</td>
60<td>x509.info.version<br>
61x509.info.version.number</td>
62<td>CertificateVersion.IDENT<br>
63none</td>
64<td>CertificateVersion<br>
65java.lang.Integer</td>
66</tr>
67<tr>
68<td>serialNumber</td>
69<td>x509.info.serialNumber<br>
70x509.info.serialNumber.number</td>
71<td>CertificateSerialNumber.IDENT<br>
72X509CertImpl.SERIAL_ID</td>
73<td>CertificateSerialNumber<br>
74SerialNumber</td>
75</tr>
76<tr>
77<td>signature</td>
78<td>x509.info.algorithmID<br>
79x509.info.algorithmID.algorithm</td>
80<td>CertificateAlgorithmId.IDENT<br>
81none</td>
82<td>CertificateAlgorithmId<br>
83AlgorithmId</td>
84</tr>
85<tr>
86<td>issuer</td>
87<td>x509.info.issuer<br>
88x509.info.issuer.dname</td>
89<td>CertificateIssuerName.IDENT<br>
90X509CertImpl.ISSUER_DN</td>
91<td>CertificateIssuerName<br>
92X500Name</td>
93</tr>
94<tr>
95<td>validity<br>
96validity.notAfter<br>
97validity.notBefore</td>
98<td>x509.info.validity<br>
99x509.info.validity.notAfter<br>
100x509.info.validity.notBefore</td>
101<td>CertificateValidity.IDENT<br>
102none<br>
103none</td>
104<td>CertificateValidity<br>
105java.util.Date<br>
106java.util.Date</td>
107</tr>
108<tr>
109<td>subject</td>
110<td>x509.info.subject<br>
111x509.info.subject.dname</td>
112<td>CertificateSubjectName.IDENT<br>
113X509CertImpl.SUBJECT_DN</td>
114<td>CertificateSubjectName<br>
115X500Name</td>
116</tr>
117<tr>
118<td>subjectPublicKeyInfo</td>
119<td>x509.info.key<br>
120x509.info.key.value</td>
121<td>CertificateX509Key.IDENT<br>
122X509CertImpl.PUBLIC_KEY</td>
123<td>CertificateX509Key<br>
124X509Key</td>
125</tr>
126<tr>
127<td>issuerUniqueID</td>
128<td>x509.info.issuerID<br>
129x509.info.issuerID.id</td>
130<td>CertificateIssuerUniqueIdentity.IDENT<br>
131none</td>
132<td>CertificateIssuerUniqueIdentity<br>
133UniqueIdentity</td>
134</tr>
135<tr>
136<td>subjectUniqueID</td>
137<td>x509.info.subjectID<br>
138x509.info.subjectID.id</td>
139<td>CertificateSubjectUniqueIdentity.IDENT<br>
140none</td>
141<td>CertificateSubjectUniqueIdentity<br>
142UniqueIdentity</td>
143</tr>
144<tr>
145<td>extensions</td>
146<td>x509.info.extensions</td>
147<td>CertificateExtensions.IDENT</td>
148<td>CertificateExtensions</td>
149</tr>
150</table>
151<br>
152<br>
153<table border=1>
154<caption>X.509 V3 certificate extensions</caption>
155<tr>
156<td><strong>Extension</strong></td>
157<td><strong>Extension attribute identifier</strong></td>
158<td><strong>Short form</strong></td>
159<td><strong>Type of Object returned</strong></td>
160</tr>
161<tr>
162<td>Authority Key Identifier</td>
163<td>x509.info.extensions.AuthorityKeyIdentifier</td>
164<td>AuthorityKeyIdentifierExtension.IDENT</td>
165<td>AuthorityKeyIdentifierExtension</td>
166</tr>
167<tr>
168<td>Subject Key Identifier</td>
169<td>x509.info.extensions.SubjectKeyIdentifier</td>
170<td>SubjectKeyIdentifierExtension.IDENT</td>
171<td>SubjectKeyIdentifierExtension</td>
172</tr>
173<tr>
174<td>Key Usage</td>
175<td>x509.info.extensions.KeyUsage</td>
176<td>KeyUsageExtension.IDENT</td>
177<td>KeyUsageExtension</td>
178</tr>
179<tr>
180<td>Private Key Usage Period</td>
181<td>x509.info.extensions.PrivateKeyUsage</td>
182<td>PrivateKeyUsageExtension.IDENT</td>
183<td>PrivateKeyUsageExtension</td>
184</tr>
185<tr>
186<td>Policy Mappings</td>
187<td>x509.info.extensions.PolicyMappings</td>
188<td>PolicyMappingsExtension.IDENT</td>
189<td>PolicyMappingsExtension</td>
190</tr>
191<tr>
192<td>Subject Alternative Name</td>
193<td>x509.info.extensions.SubjectAlternativeName</td>
194<td>SubjectAlternativeNameExtension.IDENT</td>
195<td>SubjectAlternativeNameExtension</td>
196</tr>
197<tr>
198<td>Issuer Alternative Name</td>
199<td>x509.info.extensions.IssuerAlternativeName</td>
200<td>IssuerAlternativeNameExtension.IDENT</td>
201<td>IssuerAlternativeNameExtension</td>
202</tr>
203<tr>
204<td>Basic Constraints</td>
205<td>x509.info.extensions.BasicConstraints</td>
206<td>BasicConstraintsExtension.IDENT</td>
207<td>BasicConstraintsExtension</td>
208</tr>
209<tr>
210<td>Name Constraints</td>
211<td>x509.info.extensions.NameConstraints</td>
212<td>NameConstraintsExtension.IDENT</td>
213<td>NameConstraintsExtension</td>
214</tr>
215<tr>
216<td>Policy Constraints</td>
217<td>x509.info.extensions.PolicyConstraints</td>
218<td>PolicyConstraintsExtension.IDENT</td>
219<td>PolicyConstraintsExtension</td>
220</tr>
221<tr>
222<td>Netscape Certificate Type</td>
223<td>x509.info.extensions.NetscapeCertType</td>
224<td>NetscapeCertTypeExtension.IDENT</td>
225<td>NetscapeCertTypeExtension</td>
226</tr>
227</table>
228<p>
229Extensions can be added by implementing the
230<code>sun.security.x509.CertAttrSet</code> interface and
231subclassing <code>sun.security.x509.Extension</code> class.
232Register the new extension using the OIDMap class.
233The following extensions are not currently supported from the
234PKIX profile:
235<table>
236<tr>
237<td>Name</td>
238<td>ObjectIdentifier</td>
239</tr>
240<tr>
241<td>CertificatePolicies</td>
242<td>2.5.29.32</td>
243</tr>
244</table>
245</BODY>
246</HTML>