• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4  *
5  * This code is free software; you can redistribute it and/or modify it
6  * under the terms of the GNU General Public License version 2 only, as
7  * published by the Free Software Foundation.  Oracle designates this
8  * particular file as subject to the "Classpath" exception as provided
9  * by Oracle in the LICENSE file that accompanied this code.
10  *
11  * This code is distributed in the hope that it will be useful, but WITHOUT
12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14  * version 2 for more details (a copy is included in the LICENSE file that
15  * accompanied this code).
16  *
17  * You should have received a copy of the GNU General Public License version
18  * 2 along with this work; if not, write to the Free Software Foundation,
19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20  *
21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22  * or visit www.oracle.com if you need additional information or have any
23  * questions.
24  */
25 
26 package sun.security.x509;
27 
28 import java.io.*;
29 
30 import sun.security.util.*;
31 
32 /**
33  * Lists all the object identifiers of the X509 extensions of the PKIX profile.
34  *
35  * <p>Extensions are addiitonal attributes which can be inserted in a X509
36  * v3 certificate. For example a "Driving License Certificate" could have
37  * the driving license number as a extension.
38  *
39  * <p>Extensions are represented as a sequence of the extension identifier
40  * (Object Identifier), a boolean flag stating whether the extension is to
41  * be treated as being critical and the extension value itself (this is again
42  * a DER encoding of the extension value).
43  *
44  * @see Extension
45  *
46  *
47  * @author Amit Kapoor
48  * @author Hemma Prafullchandra
49  */
50 public class PKIXExtensions {
51     // The object identifiers
52     private static final int AuthorityKey_data [] = { 2, 5, 29, 35 };
53     private static final int SubjectKey_data [] = { 2, 5, 29, 14 };
54     private static final int KeyUsage_data [] = { 2, 5, 29, 15 };
55     private static final int PrivateKeyUsage_data [] = { 2, 5, 29, 16 };
56     private static final int CertificatePolicies_data [] = { 2, 5, 29, 32 };
57     private static final int PolicyMappings_data [] = { 2, 5, 29, 33 };
58     private static final int SubjectAlternativeName_data [] = { 2, 5, 29, 17 };
59     private static final int IssuerAlternativeName_data [] = { 2, 5, 29, 18 };
60     private static final int SubjectDirectoryAttributes_data [] = { 2, 5, 29, 9 };
61     private static final int BasicConstraints_data [] = { 2, 5, 29, 19 };
62     private static final int NameConstraints_data [] = { 2, 5, 29, 30 };
63     private static final int PolicyConstraints_data [] = { 2, 5, 29, 36 };
64     private static final int CRLDistributionPoints_data [] = { 2, 5, 29, 31 };
65     private static final int CRLNumber_data [] = { 2, 5, 29, 20 };
66     private static final int IssuingDistributionPoint_data [] = { 2, 5, 29, 28 };
67     private static final int DeltaCRLIndicator_data [] = { 2, 5, 29, 27 };
68     private static final int ReasonCode_data [] = { 2, 5, 29, 21 };
69     private static final int HoldInstructionCode_data [] = { 2, 5, 29, 23 };
70     private static final int InvalidityDate_data [] = { 2, 5, 29, 24 };
71     private static final int ExtendedKeyUsage_data [] = { 2, 5, 29, 37 };
72     private static final int InhibitAnyPolicy_data [] = { 2, 5, 29, 54 };
73     private static final int CertificateIssuer_data [] = { 2, 5, 29, 29 };
74     private static final int AuthInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 1};
75     private static final int SubjectInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 11};
76     private static final int FreshestCRL_data [] = { 2, 5, 29, 46 };
77     private static final int OCSPNoCheck_data [] = { 1, 3, 6, 1, 5, 5, 7,
78                                                     48, 1, 5};
79 
80     /**
81      * Identifies the particular public key used to sign the certificate.
82      */
83     public static final ObjectIdentifier AuthorityKey_Id;
84 
85     /**
86      * Identifies the particular public key used in an application.
87      */
88     public static final ObjectIdentifier SubjectKey_Id;
89 
90     /**
91      * Defines the purpose of the key contained in the certificate.
92      */
93     public static final ObjectIdentifier KeyUsage_Id;
94 
95     /**
96      * Allows the certificate issuer to specify a different validity period
97      * for the private key than the certificate.
98      */
99     public static final ObjectIdentifier PrivateKeyUsage_Id;
100 
101     /**
102      * Contains the sequence of policy information terms.
103      */
104     public static final ObjectIdentifier CertificatePolicies_Id;
105 
106     /**
107      * Lists pairs of objectidentifiers of policies considered equivalent by the
108      * issuing CA to the subject CA.
109      */
110     public static final ObjectIdentifier PolicyMappings_Id;
111 
112     /**
113      * Allows additional identities to be bound to the subject of the certificate.
114      */
115     public static final ObjectIdentifier SubjectAlternativeName_Id;
116 
117     /**
118      * Allows additional identities to be associated with the certificate issuer.
119      */
120     public static final ObjectIdentifier IssuerAlternativeName_Id;
121 
122     /**
123      * Identifies additional directory attributes.
124      * This extension is always non-critical.
125      */
126     public static final ObjectIdentifier SubjectDirectoryAttributes_Id;
127 
128     /**
129      * Identifies whether the subject of the certificate is a CA and how deep
130      * a certification path may exist through that CA.
131      */
132     public static final ObjectIdentifier BasicConstraints_Id;
133 
134     /**
135      * Provides for permitted and excluded subtrees that place restrictions
136      * on names that may be included within a certificate issued by a given CA.
137      */
138     public static final ObjectIdentifier NameConstraints_Id;
139 
140     /**
141      * Used to either prohibit policy mapping or limit the set of policies
142      * that can be in subsequent certificates.
143      */
144     public static final ObjectIdentifier PolicyConstraints_Id;
145 
146     /**
147      * Identifies how CRL information is obtained.
148      */
149     public static final ObjectIdentifier CRLDistributionPoints_Id;
150 
151     /**
152      * Conveys a monotonically increasing sequence number for each CRL
153      * issued by a given CA.
154      */
155     public static final ObjectIdentifier CRLNumber_Id;
156 
157     /**
158      * Identifies the CRL distribution point for a particular CRL.
159      */
160     public static final ObjectIdentifier IssuingDistributionPoint_Id;
161 
162     /**
163      * Identifies the delta CRL.
164      */
165     public static final ObjectIdentifier DeltaCRLIndicator_Id;
166 
167     /**
168      * Identifies the reason for the certificate revocation.
169      */
170     public static final ObjectIdentifier ReasonCode_Id;
171 
172     /**
173      * This extension provides a registered instruction identifier indicating
174      * the action to be taken, after encountering a certificate that has been
175      * placed on hold.
176      */
177     public static final ObjectIdentifier HoldInstructionCode_Id;
178 
179     /**
180      * Identifies the date on which it is known or suspected that the private
181      * key was compromised or that the certificate otherwise became invalid.
182      */
183     public static final ObjectIdentifier InvalidityDate_Id;
184     /**
185      * Identifies one or more purposes for which the certified public key
186      * may be used, in addition to or in place of the basic purposes
187      * indicated in the key usage extension field.
188      */
189     public static final ObjectIdentifier ExtendedKeyUsage_Id;
190 
191     /**
192      * Specifies whether any-policy policy OID is permitted
193      */
194     public static final ObjectIdentifier InhibitAnyPolicy_Id;
195 
196     /**
197      * Identifies the certificate issuer associated with an entry in an
198      * indirect CRL.
199      */
200     public static final ObjectIdentifier CertificateIssuer_Id;
201 
202     /**
203      * This extension indicates how to access CA information and services for
204      * the issuer of the certificate in which the extension appears.
205      * This information may be used for on-line certification validation
206      * services.
207      */
208     public static final ObjectIdentifier AuthInfoAccess_Id;
209 
210     /**
211      * This extension indicates how to access CA information and services for
212      * the subject of the certificate in which the extension appears.
213      */
214     public static final ObjectIdentifier SubjectInfoAccess_Id;
215 
216     /**
217      * Identifies how delta CRL information is obtained.
218      */
219     public static final ObjectIdentifier FreshestCRL_Id;
220 
221     /**
222      * Identifies the OCSP client can trust the responder for the
223      * lifetime of the responder's certificate.
224      */
225     public static final ObjectIdentifier OCSPNoCheck_Id;
226 
227     static {
228         AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);
229         SubjectKey_Id   = ObjectIdentifier.newInternal(SubjectKey_data);
230         KeyUsage_Id     = ObjectIdentifier.newInternal(KeyUsage_data);
231         PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data);
232         CertificatePolicies_Id =
233             ObjectIdentifier.newInternal(CertificatePolicies_data);
234         PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data);
235         SubjectAlternativeName_Id =
236             ObjectIdentifier.newInternal(SubjectAlternativeName_data);
237         IssuerAlternativeName_Id =
238             ObjectIdentifier.newInternal(IssuerAlternativeName_data);
239         ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data);
240         InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data);
241         SubjectDirectoryAttributes_Id =
242             ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data);
243         BasicConstraints_Id =
244             ObjectIdentifier.newInternal(BasicConstraints_data);
245         ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);
246         HoldInstructionCode_Id  =
247             ObjectIdentifier.newInternal(HoldInstructionCode_data);
248         InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data);
249 
250         NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data);
251         PolicyConstraints_Id =
252             ObjectIdentifier.newInternal(PolicyConstraints_data);
253         CRLDistributionPoints_Id =
254             ObjectIdentifier.newInternal(CRLDistributionPoints_data);
255         CRLNumber_Id =
256             ObjectIdentifier.newInternal(CRLNumber_data);
257         IssuingDistributionPoint_Id =
258             ObjectIdentifier.newInternal(IssuingDistributionPoint_data);
259         DeltaCRLIndicator_Id =
260             ObjectIdentifier.newInternal(DeltaCRLIndicator_data);
261         CertificateIssuer_Id =
262             ObjectIdentifier.newInternal(CertificateIssuer_data);
263         AuthInfoAccess_Id =
264             ObjectIdentifier.newInternal(AuthInfoAccess_data);
265         SubjectInfoAccess_Id =
266             ObjectIdentifier.newInternal(SubjectInfoAccess_data);
267         FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);
268         OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data);
269     }
270 }
271