001: /*
002: * @(#)PKIXExtensions.java 1.15 06/10/10
003: *
004: * Copyright 1990-2006 Sun Microsystems, Inc. All Rights Reserved.
005: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License version
009: * 2 only, as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful, but
012: * WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * General Public License version 2 for more details (a copy is
015: * included at /legal/license.txt).
016: *
017: * You should have received a copy of the GNU General Public License
018: * version 2 along with this work; if not, write to the Free Software
019: * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA
021: *
022: * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
023: * Clara, CA 95054 or visit www.sun.com if you need additional
024: * information or have any questions.
025: *
026: */
027:
028: package sun.security.x509;
029:
030: import java.io.*;
031:
032: import sun.security.util.*;
033:
034: /**
035: * Lists all the object identifiers of the X509 extensions of the PKIX profile.
036: *
037: * <p>Extensions are addiitonal attributes which can be inserted in a X509
038: * v3 certificate. For example a "Driving License Certificate" could have
039: * the driving license number as a extension.
040: *
041: * <p>Extensions are represented as a sequence of the extension identifier
042: * (Object Identifier), a boolean flag stating whether the extension is to
043: * be treated as being critical and the extension value itself (this is again
044: * a DER encoding of the extension value).
045: *
046: * @see Extension
047: *
048: * @version 1.8
049: *
050: * @author Amit Kapoor
051: * @author Hemma Prafullchandra
052: */
053: public class PKIXExtensions {
054: // The object identifiers
055: private static final int AuthorityKey_data[] = { 2, 5, 29, 35 };
056: private static final int SubjectKey_data[] = { 2, 5, 29, 14 };
057: private static final int KeyUsage_data[] = { 2, 5, 29, 15 };
058: private static final int PrivateKeyUsage_data[] = { 2, 5, 29, 16 };
059: private static final int CertificatePolicies_data[] = { 2, 5, 29,
060: 32 };
061: private static final int PolicyMappings_data[] = { 2, 5, 29, 33 };
062: private static final int SubjectAlternativeName_data[] = { 2, 5,
063: 29, 17 };
064: private static final int IssuerAlternativeName_data[] = { 2, 5, 29,
065: 18 };
066: private static final int SubjectDirectoryAttributes_data[] = { 2,
067: 5, 29, 9 };
068: private static final int BasicConstraints_data[] = { 2, 5, 29, 19 };
069: private static final int NameConstraints_data[] = { 2, 5, 29, 30 };
070: private static final int PolicyConstraints_data[] = { 2, 5, 29, 36 };
071: private static final int CRLDistributionPoints_data[] = { 2, 5, 29,
072: 31 };
073: private static final int CRLNumber_data[] = { 2, 5, 29, 20 };
074: private static final int IssuingDistributionPoint_data[] = { 2, 5,
075: 29, 28 };
076: private static final int DeltaCRLIndicator_data[] = { 2, 5, 29, 27 };
077: private static final int ReasonCode_data[] = { 2, 5, 29, 21 };
078: private static final int HoldInstructionCode_data[] = { 2, 5, 29,
079: 23 };
080: private static final int InvalidityDate_data[] = { 2, 5, 29, 24 };
081: private static final int ExtendedKeyUsage_data[] = { 2, 5, 29, 37 };
082: private static final int InhibitAnyPolicy_data[] = { 2, 5, 29, 54 };
083:
084: /**
085: * Identifies the particular public key used to sign the certificate.
086: */
087: public static final ObjectIdentifier AuthorityKey_Id;
088:
089: /**
090: * Identifies the particular public key used in an application.
091: */
092: public static final ObjectIdentifier SubjectKey_Id;
093:
094: /**
095: * Defines the purpose of the key contained in the certificate.
096: */
097: public static final ObjectIdentifier KeyUsage_Id;
098:
099: /**
100: * Allows the certificate issuer to specify a different validity period
101: * for the private key than the certificate.
102: */
103: public static final ObjectIdentifier PrivateKeyUsage_Id;
104:
105: /**
106: * Contains the sequence of policy information terms.
107: */
108: public static final ObjectIdentifier CertificatePolicies_Id;
109:
110: /**
111: * Lists pairs of objectidentifiers of policies considered equivalent by the
112: * issuing CA to the subject CA.
113: */
114: public static final ObjectIdentifier PolicyMappings_Id;
115:
116: /**
117: * Allows additional identities to be bound to the subject of the certificate.
118: */
119: public static final ObjectIdentifier SubjectAlternativeName_Id;
120:
121: /**
122: * Allows additional identities to be associated with the certificate issuer.
123: */
124: public static final ObjectIdentifier IssuerAlternativeName_Id;
125:
126: /**
127: * Identifies additional directory attributes.
128: * This extension is always non-critical.
129: */
130: public static final ObjectIdentifier SubjectDirectoryAttributes_Id;
131:
132: /**
133: * Identifies whether the subject of the certificate is a CA and how deep
134: * a certification path may exist through that CA.
135: */
136: public static final ObjectIdentifier BasicConstraints_Id;
137:
138: /**
139: * Provides for permitted and excluded subtrees that place restrictions
140: * on names that may be included within a certificate issued by a given CA.
141: */
142: public static final ObjectIdentifier NameConstraints_Id;
143:
144: /**
145: * Used to either prohibit policy mapping or limit the set of policies
146: * that can be in subsequent certificates.
147: */
148: public static final ObjectIdentifier PolicyConstraints_Id;
149:
150: /**
151: * Identifies how CRL information is obtained.
152: */
153: public static final ObjectIdentifier CRLDistributionPoints_Id;
154:
155: /**
156: * Conveys a monotonically increasing sequence number for each CRL
157: * issued by a given CA.
158: */
159: public static final ObjectIdentifier CRLNumber_Id;
160:
161: /**
162: * Identifies the CRL distribution point for a particular CRL.
163: */
164: public static final ObjectIdentifier IssuingDistributionPoint_Id;
165:
166: /**
167: * Identifies the delta CRL.
168: */
169: public static final ObjectIdentifier DeltaCRLIndicator_Id;
170:
171: /**
172: * Identifies the reason for the certificate revocation.
173: */
174: public static final ObjectIdentifier ReasonCode_Id;
175:
176: /**
177: * This extension provides a registered instruction identifier indicating
178: * the action to be taken, after encountering a certificate that has been
179: * placed on hold.
180: */
181: public static final ObjectIdentifier HoldInstructionCode_Id;
182:
183: /**
184: * Identifies the date on which it is known or suspected that the private
185: * key was compromised or that the certificate otherwise became invalid.
186: */
187: public static final ObjectIdentifier InvalidityDate_Id;
188: /**
189: * Identifies one or more purposes for which the certified public key
190: * may be used, in addition to or in place of the basic purposes
191: * indicated in the key usage extension field.
192: */
193: public static final ObjectIdentifier ExtendedKeyUsage_Id;
194:
195: /**
196: * Specifies whether any-policy policy OID is permitted
197: */
198: public static final ObjectIdentifier InhibitAnyPolicy_Id;
199:
200: static {
201: AuthorityKey_Id = ObjectIdentifier
202: .newInternal(AuthorityKey_data);
203: SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data);
204: KeyUsage_Id = ObjectIdentifier.newInternal(KeyUsage_data);
205: PrivateKeyUsage_Id = ObjectIdentifier
206: .newInternal(PrivateKeyUsage_data);
207: CertificatePolicies_Id = ObjectIdentifier
208: .newInternal(CertificatePolicies_data);
209: PolicyMappings_Id = ObjectIdentifier
210: .newInternal(PolicyMappings_data);
211: SubjectAlternativeName_Id = ObjectIdentifier
212: .newInternal(SubjectAlternativeName_data);
213: IssuerAlternativeName_Id = ObjectIdentifier
214: .newInternal(IssuerAlternativeName_data);
215: ExtendedKeyUsage_Id = ObjectIdentifier
216: .newInternal(ExtendedKeyUsage_data);
217: InhibitAnyPolicy_Id = ObjectIdentifier
218: .newInternal(InhibitAnyPolicy_data);
219: SubjectDirectoryAttributes_Id = ObjectIdentifier
220: .newInternal(SubjectDirectoryAttributes_data);
221: BasicConstraints_Id = ObjectIdentifier
222: .newInternal(BasicConstraints_data);
223: ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);
224: HoldInstructionCode_Id = ObjectIdentifier
225: .newInternal(HoldInstructionCode_data);
226: InvalidityDate_Id = ObjectIdentifier
227: .newInternal(InvalidityDate_data);
228:
229: NameConstraints_Id = ObjectIdentifier
230: .newInternal(NameConstraints_data);
231: PolicyConstraints_Id = ObjectIdentifier
232: .newInternal(PolicyConstraints_data);
233: CRLDistributionPoints_Id = ObjectIdentifier
234: .newInternal(CRLDistributionPoints_data);
235: CRLNumber_Id = ObjectIdentifier.newInternal(CRLNumber_data);
236: IssuingDistributionPoint_Id = ObjectIdentifier
237: .newInternal(IssuingDistributionPoint_data);
238: DeltaCRLIndicator_Id = ObjectIdentifier
239: .newInternal(DeltaCRLIndicator_data);
240: }
241:
242: }
|