1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; version 2 of the License.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License along
// with this program; if not, write to the Free Software Foundation, Inc.,
// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package netscape.security.x509;
import netscape.security.util.ObjectIdentifier;
/**
* Lists all the object identifiers of the X509 extensions of the PKIX profile.
*
* <p>Extensions are addiitonal attributes which can be inserted in a X509
* v3 certificate. For example a "Driving License Certificate" could have
* the driving license number as a extension.
*
* <p>Extensions are represented as a sequence of the extension identifier
* (Object Identifier), a boolean flag stating whether the extension is to
* be treated as being critical and the extension value itself (this is again
* a DER encoding of the extension value).
*
* @see Extension
*
* @version 1.4
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public class PKIXExtensions {
// The object identifiers
private static final int AuthorityKey_data [] = { 2, 5, 29, 35 };
private static final int SubjectKey_data [] = { 2, 5, 29, 14 };
private static final int KeyUsage_data [] = { 2, 5, 29, 15 };
private static final int PrivateKeyUsage_data [] = { 2, 5, 29, 16 };
private static final int CertificatePolicies_data [] = { 2, 5, 29, 32 };
private static final int PolicyMappings_data [] = { 2, 5, 29, 33 };
private static final int SubjectAlternativeName_data [] = { 2, 5, 29, 17 };
private static final int IssuerAlternativeName_data [] = { 2, 5, 29, 18 };
private static final int SubjectDirectoryAttributes_data [] = { 2, 5, 29, 9 };
private static final int BasicConstraints_data [] = { 2, 5, 29, 19 };
private static final int NameConstraints_data [] = { 2, 5, 29, 30 };
private static final int PolicyConstraints_data [] = { 2, 5, 29, 36 };
private static final int CRLDistributionPoints_data [] = { 2, 5, 29, 31 };
private static final int CRLNumber_data [] = { 2, 5, 29, 20 };
private static final int IssuingDistributionPoint_data [] = { 2, 5, 29, 28 };
private static final int DeltaCRLIndicator_data [] = { 2, 5, 29, 27 };
private static final int ReasonCode_data [] = { 2, 5, 29, 21 };
private static final int HoldInstructionCode_data [] = { 2, 5, 29, 23 };
private static final int InvalidityDate_data [] = { 2, 5, 29, 24 };
private static final int CertificateIssuer_data [] = { 2, 5, 29, 29 };
private static final int FreshestCRL_data [] = { 2, 5, 29, 46 };
/**
* Identifies the particular public key used to sign the certificate.
*/
public static final ObjectIdentifier AuthorityKey_Id
= new ObjectIdentifier(AuthorityKey_data);
/**
* Identifies the particular public key used in an application.
*/
public static final ObjectIdentifier SubjectKey_Id
= new ObjectIdentifier(SubjectKey_data);
/**
* Defines the purpose of the key contained in the certificate.
*/
public static final ObjectIdentifier KeyUsage_Id
= new ObjectIdentifier(KeyUsage_data);
/**
* Allows the certificate issuer to specify a different validity period
* for the private key than the certificate.
*/
public static final ObjectIdentifier PrivateKeyUsage_Id
= new ObjectIdentifier(PrivateKeyUsage_data);
/**
* Contains the sequence of policy information terms.
*/
public static final ObjectIdentifier CertificatePolicies_Id
= new ObjectIdentifier(CertificatePolicies_data);
/**
* Lists pairs of objectidentifiers of policies considered equivalent by the
* issuing CA to the subject CA.
*/
public static final ObjectIdentifier PolicyMappings_Id
= new ObjectIdentifier(PolicyMappings_data);
/**
* Allows additional identities to be bound to the subject of the certificate.
*/
public static final ObjectIdentifier SubjectAlternativeName_Id
= new ObjectIdentifier(SubjectAlternativeName_data);
/**
* Allows additional identities to be associated with the certificate issuer.
*/
public static final ObjectIdentifier IssuerAlternativeName_Id =
new ObjectIdentifier(IssuerAlternativeName_data);
/**
* Identifies additional directory attributes.
* This extension is always non-critical.
*/
public static final ObjectIdentifier SubjectDirectoryAttributes_Id
= new ObjectIdentifier(SubjectDirectoryAttributes_data);
/**
* Identifies whether the subject of the certificate is a CA and how deep
* a certification path may exist through that CA.
*/
public static final ObjectIdentifier BasicConstraints_Id =
new ObjectIdentifier(BasicConstraints_data);
/**
* Provides for permitted and excluded subtrees that place restrictions
* on names that may be included within a certificate issued by a given CA.
*/
public static final ObjectIdentifier NameConstraints_Id
= new ObjectIdentifier(NameConstraints_data);
/**
* Used to either prohibit policy mapping or limit the set of policies
* that can be in subsequent certificates.
*/
public static final ObjectIdentifier PolicyConstraints_Id
= new ObjectIdentifier(PolicyConstraints_data);
/**
* Identifies how CRL information is obtained.
*/
public static final ObjectIdentifier CRLDistributionPoints_Id
= new ObjectIdentifier(CRLDistributionPoints_data);
/**
* Conveys a monotonically increasing sequence number for each CRL
* issued by a given CA.
*/
public static final ObjectIdentifier CRLNumber_Id
= new ObjectIdentifier(CRLNumber_data);
/**
* Identifies the CRL distribution point for a particular CRL.
*/
public static final ObjectIdentifier IssuingDistributionPoint_Id
= new ObjectIdentifier(IssuingDistributionPoint_data);
/**
* Identifies the delta CRL.
*/
public static final ObjectIdentifier DeltaCRLIndicator_Id
= new ObjectIdentifier(DeltaCRLIndicator_data);
/**
* Identifies the reason for the certificate revocation.
*/
public static final ObjectIdentifier ReasonCode_Id
= new ObjectIdentifier(ReasonCode_data);
/**
* This extension provides a registered instruction identifier indicating
* the action to be taken, after encountering a certificate that has been
* placed on hold.
*/
public static final ObjectIdentifier HoldInstructionCode_Id
= new ObjectIdentifier(HoldInstructionCode_data);
/**
* Identifies the date on which it is known or suspected that the private
* key was compromised or that the certificate otherwise became invalid.
*/
public static final ObjectIdentifier InvalidityDate_Id
= new ObjectIdentifier(InvalidityDate_data);
/**
* Identifies the date on which it is known or suspected that the private
* key was compromised or that the certificate otherwise became invalid.
*/
public static final ObjectIdentifier CertificateIssuer_Id
= new ObjectIdentifier(CertificateIssuer_data);
/**
* Identifies how delta CRL information is obtained.
*/
public static final ObjectIdentifier FreshestCRL_Id
= new ObjectIdentifier(FreshestCRL_data);
}
|
