J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | <HTML> |
| 2 | <BODY> |
| 3 | <HEAD> |
| 4 | <TITLE>Certificate Attributes</TITLE> |
| 5 | </HEAD> |
| 6 | <h2><center>Certificate Attributes</center></h2> |
| 7 | <font size=3><center>July 1998</font></center> |
| 8 | <p> |
| 9 | In JDK1.2 we provide an implementation of X.509 (version 3). |
| 10 | The X509CertImpl class supports the following methods to |
| 11 | manipulate the various attributes of a certificate: |
| 12 | <pre> |
| 13 | Object get(String name) |
| 14 | void set(String name, Object value), and |
| 15 | void delete(String name) |
| 16 | </pre> |
| 17 | A list of all the X.509 v3 Certificate attributes that can be manipulated |
| 18 | is provided in the following table. |
| 19 | For example, if you want to get the signature component of |
| 20 | the certificate: |
| 21 | <pre> |
| 22 | X509CertImpl cert; |
| 23 | // get the certificate object |
| 24 | byte[] sig = (byte[])cert.get("x509.signature"); |
| 25 | // using the fully-qualified identifier |
| 26 | OR |
| 27 | byte[] sig = (byte[])cert.get(X509CertImpl.SIG); |
| 28 | // using defined constants |
| 29 | </pre> |
| 30 | <p> |
| 31 | <table border=1> |
| 32 | <caption>sun.security.x509.X509CertImpl</caption> |
| 33 | <tr> |
| 34 | <td><strong>Attribute</strong></td> |
| 35 | <td><strong>Fully-qualified identifier</strong></td> |
| 36 | <td><strong>Defined constants</strong></td> |
| 37 | <td><strong>Type of Object returned</strong><br> |
| 38 | (in sun.security.x509 unless fully-qualified)</td> |
| 39 | </tr> |
| 40 | <tr> |
| 41 | <td>signatureAlgorithm</td> |
| 42 | <td>x509.algorithm</td> |
| 43 | <td>X509CertImpl.SIG_ALG</td> |
| 44 | <td>AlgorithmId</td> |
| 45 | </tr> |
| 46 | <tr> |
| 47 | <td>signature</td> |
| 48 | <td>x509.signature</td> |
| 49 | <td>X509CertImpl.SIG</td> |
| 50 | <td>byte[]</td> |
| 51 | </tr> |
| 52 | <tr> |
| 53 | <td>tbsCertificate</td> |
| 54 | <td>x509.info</td> |
| 55 | <td>X509CertInfo.IDENT</td> |
| 56 | <td>X509CertInfo</td> |
| 57 | </tr> |
| 58 | <tr> |
| 59 | <td>version</td> |
| 60 | <td>x509.info.version<br> |
| 61 | x509.info.version.number</td> |
| 62 | <td>CertificateVersion.IDENT<br> |
| 63 | none</td> |
| 64 | <td>CertificateVersion<br> |
| 65 | java.lang.Integer</td> |
| 66 | </tr> |
| 67 | <tr> |
| 68 | <td>serialNumber</td> |
| 69 | <td>x509.info.serialNumber<br> |
| 70 | x509.info.serialNumber.number</td> |
| 71 | <td>CertificateSerialNumber.IDENT<br> |
| 72 | X509CertImpl.SERIAL_ID</td> |
| 73 | <td>CertificateSerialNumber<br> |
| 74 | SerialNumber</td> |
| 75 | </tr> |
| 76 | <tr> |
| 77 | <td>signature</td> |
| 78 | <td>x509.info.algorithmID<br> |
| 79 | x509.info.algorithmID.algorithm</td> |
| 80 | <td>CertificateAlgorithmId.IDENT<br> |
| 81 | none</td> |
| 82 | <td>CertificateAlgorithmId<br> |
| 83 | AlgorithmId</td> |
| 84 | </tr> |
| 85 | <tr> |
| 86 | <td>issuer</td> |
| 87 | <td>x509.info.issuer<br> |
| 88 | x509.info.issuer.dname</td> |
| 89 | <td>CertificateIssuerName.IDENT<br> |
| 90 | X509CertImpl.ISSUER_DN</td> |
| 91 | <td>CertificateIssuerName<br> |
| 92 | X500Name</td> |
| 93 | </tr> |
| 94 | <tr> |
| 95 | <td>validity<br> |
| 96 | validity.notAfter<br> |
| 97 | validity.notBefore</td> |
| 98 | <td>x509.info.validity<br> |
| 99 | x509.info.validity.notAfter<br> |
| 100 | x509.info.validity.notBefore</td> |
| 101 | <td>CertificateValidity.IDENT<br> |
| 102 | none<br> |
| 103 | none</td> |
| 104 | <td>CertificateValidity<br> |
| 105 | java.util.Date<br> |
| 106 | java.util.Date</td> |
| 107 | </tr> |
| 108 | <tr> |
| 109 | <td>subject</td> |
| 110 | <td>x509.info.subject<br> |
| 111 | x509.info.subject.dname</td> |
| 112 | <td>CertificateSubjectName.IDENT<br> |
| 113 | X509CertImpl.SUBJECT_DN</td> |
| 114 | <td>CertificateSubjectName<br> |
| 115 | X500Name</td> |
| 116 | </tr> |
| 117 | <tr> |
| 118 | <td>subjectPublicKeyInfo</td> |
| 119 | <td>x509.info.key<br> |
| 120 | x509.info.key.value</td> |
| 121 | <td>CertificateX509Key.IDENT<br> |
| 122 | X509CertImpl.PUBLIC_KEY</td> |
| 123 | <td>CertificateX509Key<br> |
| 124 | X509Key</td> |
| 125 | </tr> |
| 126 | <tr> |
| 127 | <td>issuerUniqueID</td> |
| 128 | <td>x509.info.issuerID<br> |
| 129 | x509.info.issuerID.id</td> |
| 130 | <td>CertificateIssuerUniqueIdentity.IDENT<br> |
| 131 | none</td> |
| 132 | <td>CertificateIssuerUniqueIdentity<br> |
| 133 | UniqueIdentity</td> |
| 134 | </tr> |
| 135 | <tr> |
| 136 | <td>subjectUniqueID</td> |
| 137 | <td>x509.info.subjectID<br> |
| 138 | x509.info.subjectID.id</td> |
| 139 | <td>CertificateSubjectUniqueIdentity.IDENT<br> |
| 140 | none</td> |
| 141 | <td>CertificateSubjectUniqueIdentity<br> |
| 142 | UniqueIdentity</td> |
| 143 | </tr> |
| 144 | <tr> |
| 145 | <td>extensions</td> |
| 146 | <td>x509.info.extensions</td> |
| 147 | <td>CertificateExtensions.IDENT</td> |
| 148 | <td>CertificateExtensions</td> |
| 149 | </tr> |
| 150 | </table> |
| 151 | <br> |
| 152 | <br> |
| 153 | <table border=1> |
| 154 | <caption>X.509 V3 certificate extensions</caption> |
| 155 | <tr> |
| 156 | <td><strong>Extension</strong></td> |
| 157 | <td><strong>Extension attribute identifier</strong></td> |
| 158 | <td><strong>Short form</strong></td> |
| 159 | <td><strong>Type of Object returned</strong></td> |
| 160 | </tr> |
| 161 | <tr> |
| 162 | <td>Authority Key Identifier</td> |
| 163 | <td>x509.info.extensions.AuthorityKeyIdentifier</td> |
| 164 | <td>AuthorityKeyIdentifierExtension.IDENT</td> |
| 165 | <td>AuthorityKeyIdentifierExtension</td> |
| 166 | </tr> |
| 167 | <tr> |
| 168 | <td>Subject Key Identifier</td> |
| 169 | <td>x509.info.extensions.SubjectKeyIdentifier</td> |
| 170 | <td>SubjectKeyIdentifierExtension.IDENT</td> |
| 171 | <td>SubjectKeyIdentifierExtension</td> |
| 172 | </tr> |
| 173 | <tr> |
| 174 | <td>Key Usage</td> |
| 175 | <td>x509.info.extensions.KeyUsage</td> |
| 176 | <td>KeyUsageExtension.IDENT</td> |
| 177 | <td>KeyUsageExtension</td> |
| 178 | </tr> |
| 179 | <tr> |
| 180 | <td>Private Key Usage Period</td> |
| 181 | <td>x509.info.extensions.PrivateKeyUsage</td> |
| 182 | <td>PrivateKeyUsageExtension.IDENT</td> |
| 183 | <td>PrivateKeyUsageExtension</td> |
| 184 | </tr> |
| 185 | <tr> |
| 186 | <td>Policy Mappings</td> |
| 187 | <td>x509.info.extensions.PolicyMappings</td> |
| 188 | <td>PolicyMappingsExtension.IDENT</td> |
| 189 | <td>PolicyMappingsExtension</td> |
| 190 | </tr> |
| 191 | <tr> |
| 192 | <td>Subject Alternative Name</td> |
| 193 | <td>x509.info.extensions.SubjectAlternativeName</td> |
| 194 | <td>SubjectAlternativeNameExtension.IDENT</td> |
| 195 | <td>SubjectAlternativeNameExtension</td> |
| 196 | </tr> |
| 197 | <tr> |
| 198 | <td>Issuer Alternative Name</td> |
| 199 | <td>x509.info.extensions.IssuerAlternativeName</td> |
| 200 | <td>IssuerAlternativeNameExtension.IDENT</td> |
| 201 | <td>IssuerAlternativeNameExtension</td> |
| 202 | </tr> |
| 203 | <tr> |
| 204 | <td>Basic Constraints</td> |
| 205 | <td>x509.info.extensions.BasicConstraints</td> |
| 206 | <td>BasicConstraintsExtension.IDENT</td> |
| 207 | <td>BasicConstraintsExtension</td> |
| 208 | </tr> |
| 209 | <tr> |
| 210 | <td>Name Constraints</td> |
| 211 | <td>x509.info.extensions.NameConstraints</td> |
| 212 | <td>NameConstraintsExtension.IDENT</td> |
| 213 | <td>NameConstraintsExtension</td> |
| 214 | </tr> |
| 215 | <tr> |
| 216 | <td>Policy Constraints</td> |
| 217 | <td>x509.info.extensions.PolicyConstraints</td> |
| 218 | <td>PolicyConstraintsExtension.IDENT</td> |
| 219 | <td>PolicyConstraintsExtension</td> |
| 220 | </tr> |
| 221 | <tr> |
| 222 | <td>Netscape Certificate Type</td> |
| 223 | <td>x509.info.extensions.NetscapeCertType</td> |
| 224 | <td>NetscapeCertTypeExtension.IDENT</td> |
| 225 | <td>NetscapeCertTypeExtension</td> |
| 226 | </tr> |
| 227 | </table> |
| 228 | <p> |
| 229 | Extensions can be added by implementing the |
| 230 | <code>sun.security.x509.CertAttrSet</code> interface and |
| 231 | subclassing <code>sun.security.x509.Extension</code> class. |
| 232 | Register the new extension using the OIDMap class. |
| 233 | The following extensions are not currently supported from the |
| 234 | PKIX profile: |
| 235 | <table> |
| 236 | <tr> |
| 237 | <td>Name</td> |
| 238 | <td>ObjectIdentifier</td> |
| 239 | </tr> |
| 240 | <tr> |
| 241 | <td>CertificatePolicies</td> |
| 242 | <td>2.5.29.32</td> |
| 243 | </tr> |
| 244 | </table> |
| 245 | </BODY> |
| 246 | </HTML> |