Home | History | Annotate | Download | only in x509 
      1 /*
      2  * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
      3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
      4  *
      5  * This code is free software; you can redistribute it and/or modify it
      6  * under the terms of the GNU General Public License version 2 only, as
      7  * published by the Free Software Foundation.  Oracle designates this
      8  * particular file as subject to the "Classpath" exception as provided
      9  * by Oracle in the LICENSE file that accompanied this code.
     10  *
     11  * This code is distributed in the hope that it will be useful, but WITHOUT
     12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
     13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
     14  * version 2 for more details (a copy is included in the LICENSE file that
     15  * accompanied this code).
     16  *
     17  * You should have received a copy of the GNU General Public License version
     18  * 2 along with this work; if not, write to the Free Software Foundation,
     19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
     20  *
     21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
     22  * or visit www.oracle.com if you need additional information or have any
     23  * questions.
     24  */
     25 
     26 package sun.security.x509;
     27 
     28 import java.io.*;
     29 
     30 import sun.security.util.*;
     31 
     32 /**
     33  * Lists all the object identifiers of the X509 extensions of the PKIX profile.
     34  *
     35  * <p>Extensions are addiitonal attributes which can be inserted in a X509
     36  * v3 certificate. For example a "Driving License Certificate" could have
     37  * the driving license number as a extension.
     38  *
     39  * <p>Extensions are represented as a sequence of the extension identifier
     40  * (Object Identifier), a boolean flag stating whether the extension is to
     41  * be treated as being critical and the extension value itself (this is again
     42  * a DER encoding of the extension value).
     43  *
     44  * @see Extension
     45  *
     46  *
     47  * @author Amit Kapoor
     48  * @author Hemma Prafullchandra
     49  */
     50 public class PKIXExtensions {
     51     // The object identifiers
     52     private static final int AuthorityKey_data [] = { 2, 5, 29, 35 };
     53     private static final int SubjectKey_data [] = { 2, 5, 29, 14 };
     54     private static final int KeyUsage_data [] = { 2, 5, 29, 15 };
     55     private static final int PrivateKeyUsage_data [] = { 2, 5, 29, 16 };
     56     private static final int CertificatePolicies_data [] = { 2, 5, 29, 32 };
     57     private static final int PolicyMappings_data [] = { 2, 5, 29, 33 };
     58     private static final int SubjectAlternativeName_data [] = { 2, 5, 29, 17 };
     59     private static final int IssuerAlternativeName_data [] = { 2, 5, 29, 18 };
     60     private static final int SubjectDirectoryAttributes_data [] = { 2, 5, 29, 9 };
     61     private static final int BasicConstraints_data [] = { 2, 5, 29, 19 };
     62     private static final int NameConstraints_data [] = { 2, 5, 29, 30 };
     63     private static final int PolicyConstraints_data [] = { 2, 5, 29, 36 };
     64     private static final int CRLDistributionPoints_data [] = { 2, 5, 29, 31 };
     65     private static final int CRLNumber_data [] = { 2, 5, 29, 20 };
     66     private static final int IssuingDistributionPoint_data [] = { 2, 5, 29, 28 };
     67     private static final int DeltaCRLIndicator_data [] = { 2, 5, 29, 27 };
     68     private static final int ReasonCode_data [] = { 2, 5, 29, 21 };
     69     private static final int HoldInstructionCode_data [] = { 2, 5, 29, 23 };
     70     private static final int InvalidityDate_data [] = { 2, 5, 29, 24 };
     71     private static final int ExtendedKeyUsage_data [] = { 2, 5, 29, 37 };
     72     private static final int InhibitAnyPolicy_data [] = { 2, 5, 29, 54 };
     73     private static final int CertificateIssuer_data [] = { 2, 5, 29, 29 };
     74     private static final int AuthInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 1};
     75     private static final int SubjectInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 11};
     76     private static final int FreshestCRL_data [] = { 2, 5, 29, 46 };
     77     private static final int OCSPNoCheck_data [] = { 1, 3, 6, 1, 5, 5, 7,
     78                                                     48, 1, 5};
     79 
     80     /**
     81      * Identifies the particular public key used to sign the certificate.
     82      */
     83     public static final ObjectIdentifier AuthorityKey_Id;
     84 
     85     /**
     86      * Identifies the particular public key used in an application.
     87      */
     88     public static final ObjectIdentifier SubjectKey_Id;
     89 
     90     /**
     91      * Defines the purpose of the key contained in the certificate.
     92      */
     93     public static final ObjectIdentifier KeyUsage_Id;
     94 
     95     /**
     96      * Allows the certificate issuer to specify a different validity period
     97      * for the private key than the certificate.
     98      */
     99     public static final ObjectIdentifier PrivateKeyUsage_Id;
    100 
    101     /**
    102      * Contains the sequence of policy information terms.
    103      */
    104     public static final ObjectIdentifier CertificatePolicies_Id;
    105 
    106     /**
    107      * Lists pairs of objectidentifiers of policies considered equivalent by the
    108      * issuing CA to the subject CA.
    109      */
    110     public static final ObjectIdentifier PolicyMappings_Id;
    111 
    112     /**
    113      * Allows additional identities to be bound to the subject of the certificate.
    114      */
    115     public static final ObjectIdentifier SubjectAlternativeName_Id;
    116 
    117     /**
    118      * Allows additional identities to be associated with the certificate issuer.
    119      */
    120     public static final ObjectIdentifier IssuerAlternativeName_Id;
    121 
    122     /**
    123      * Identifies additional directory attributes.
    124      * This extension is always non-critical.
    125      */
    126     public static final ObjectIdentifier SubjectDirectoryAttributes_Id;
    127 
    128     /**
    129      * Identifies whether the subject of the certificate is a CA and how deep
    130      * a certification path may exist through that CA.
    131      */
    132     public static final ObjectIdentifier BasicConstraints_Id;
    133 
    134     /**
    135      * Provides for permitted and excluded subtrees that place restrictions
    136      * on names that may be included within a certificate issued by a given CA.
    137      */
    138     public static final ObjectIdentifier NameConstraints_Id;
    139 
    140     /**
    141      * Used to either prohibit policy mapping or limit the set of policies
    142      * that can be in subsequent certificates.
    143      */
    144     public static final ObjectIdentifier PolicyConstraints_Id;
    145 
    146     /**
    147      * Identifies how CRL information is obtained.
    148      */
    149     public static final ObjectIdentifier CRLDistributionPoints_Id;
    150 
    151     /**
    152      * Conveys a monotonically increasing sequence number for each CRL
    153      * issued by a given CA.
    154      */
    155     public static final ObjectIdentifier CRLNumber_Id;
    156 
    157     /**
    158      * Identifies the CRL distribution point for a particular CRL.
    159      */
    160     public static final ObjectIdentifier IssuingDistributionPoint_Id;
    161 
    162     /**
    163      * Identifies the delta CRL.
    164      */
    165     public static final ObjectIdentifier DeltaCRLIndicator_Id;
    166 
    167     /**
    168      * Identifies the reason for the certificate revocation.
    169      */
    170     public static final ObjectIdentifier ReasonCode_Id;
    171 
    172     /**
    173      * This extension provides a registered instruction identifier indicating
    174      * the action to be taken, after encountering a certificate that has been
    175      * placed on hold.
    176      */
    177     public static final ObjectIdentifier HoldInstructionCode_Id;
    178 
    179     /**
    180      * Identifies the date on which it is known or suspected that the private
    181      * key was compromised or that the certificate otherwise became invalid.
    182      */
    183     public static final ObjectIdentifier InvalidityDate_Id;
    184     /**
    185      * Identifies one or more purposes for which the certified public key
    186      * may be used, in addition to or in place of the basic purposes
    187      * indicated in the key usage extension field.
    188      */
    189     public static final ObjectIdentifier ExtendedKeyUsage_Id;
    190 
    191     /**
    192      * Specifies whether any-policy policy OID is permitted
    193      */
    194     public static final ObjectIdentifier InhibitAnyPolicy_Id;
    195 
    196     /**
    197      * Identifies the certificate issuer associated with an entry in an
    198      * indirect CRL.
    199      */
    200     public static final ObjectIdentifier CertificateIssuer_Id;
    201 
    202     /**
    203      * This extension indicates how to access CA information and services for
    204      * the issuer of the certificate in which the extension appears.
    205      * This information may be used for on-line certification validation
    206      * services.
    207      */
    208     public static final ObjectIdentifier AuthInfoAccess_Id;
    209 
    210     /**
    211      * This extension indicates how to access CA information and services for
    212      * the subject of the certificate in which the extension appears.
    213      */
    214     public static final ObjectIdentifier SubjectInfoAccess_Id;
    215 
    216     /**
    217      * Identifies how delta CRL information is obtained.
    218      */
    219     public static final ObjectIdentifier FreshestCRL_Id;
    220 
    221     /**
    222      * Identifies the OCSP client can trust the responder for the
    223      * lifetime of the responder's certificate.
    224      */
    225     public static final ObjectIdentifier OCSPNoCheck_Id;
    226 
    227     static {
    228         AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);
    229         SubjectKey_Id   = ObjectIdentifier.newInternal(SubjectKey_data);
    230         KeyUsage_Id     = ObjectIdentifier.newInternal(KeyUsage_data);
    231         PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data);
    232         CertificatePolicies_Id =
    233             ObjectIdentifier.newInternal(CertificatePolicies_data);
    234         PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data);
    235         SubjectAlternativeName_Id =
    236             ObjectIdentifier.newInternal(SubjectAlternativeName_data);
    237         IssuerAlternativeName_Id =
    238             ObjectIdentifier.newInternal(IssuerAlternativeName_data);
    239         ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data);
    240         InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data);
    241         SubjectDirectoryAttributes_Id =
    242             ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data);
    243         BasicConstraints_Id =
    244             ObjectIdentifier.newInternal(BasicConstraints_data);
    245         ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);
    246         HoldInstructionCode_Id  =
    247             ObjectIdentifier.newInternal(HoldInstructionCode_data);
    248         InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data);
    249 
    250         NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data);
    251         PolicyConstraints_Id =
    252             ObjectIdentifier.newInternal(PolicyConstraints_data);
    253         CRLDistributionPoints_Id =
    254             ObjectIdentifier.newInternal(CRLDistributionPoints_data);
    255         CRLNumber_Id =
    256             ObjectIdentifier.newInternal(CRLNumber_data);
    257         IssuingDistributionPoint_Id =
    258             ObjectIdentifier.newInternal(IssuingDistributionPoint_data);
    259         DeltaCRLIndicator_Id =
    260             ObjectIdentifier.newInternal(DeltaCRLIndicator_data);
    261         CertificateIssuer_Id =
    262             ObjectIdentifier.newInternal(CertificateIssuer_data);
    263         AuthInfoAccess_Id =
    264             ObjectIdentifier.newInternal(AuthInfoAccess_data);
    265         SubjectInfoAccess_Id =
    266             ObjectIdentifier.newInternal(SubjectInfoAccess_data);
    267         FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);
    268         OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data);
    269     }
    270 }
    271