1 /* 2 * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.x509; 27 28 import java.io.*; 29 30 import sun.security.util.*; 31 32 /** 33 * Lists all the object identifiers of the X509 extensions of the PKIX profile. 34 * 35 * <p>Extensions are addiitonal attributes which can be inserted in a X509 36 * v3 certificate. For example a "Driving License Certificate" could have 37 * the driving license number as a extension. 38 * 39 * <p>Extensions are represented as a sequence of the extension identifier 40 * (Object Identifier), a boolean flag stating whether the extension is to 41 * be treated as being critical and the extension value itself (this is again 42 * a DER encoding of the extension value). 43 * 44 * @see Extension 45 * 46 * 47 * @author Amit Kapoor 48 * @author Hemma Prafullchandra 49 */ 50 public class PKIXExtensions { 51 // The object identifiers 52 private static final int[] AuthorityKey_data = { 2, 5, 29, 35 }; 53 private static final int[] SubjectKey_data = { 2, 5, 29, 14 }; 54 private static final int[] KeyUsage_data = { 2, 5, 29, 15 }; 55 private static final int[] PrivateKeyUsage_data = { 2, 5, 29, 16 }; 56 private static final int[] CertificatePolicies_data = { 2, 5, 29, 32 }; 57 private static final int[] PolicyMappings_data = { 2, 5, 29, 33 }; 58 private static final int[] SubjectAlternativeName_data = { 2, 5, 29, 17 }; 59 private static final int[] IssuerAlternativeName_data = { 2, 5, 29, 18 }; 60 private static final int[] SubjectDirectoryAttributes_data = { 2, 5, 29, 9 }; 61 private static final int[] BasicConstraints_data = { 2, 5, 29, 19 }; 62 private static final int[] NameConstraints_data = { 2, 5, 29, 30 }; 63 private static final int[] PolicyConstraints_data = { 2, 5, 29, 36 }; 64 private static final int[] CRLDistributionPoints_data = { 2, 5, 29, 31 }; 65 private static final int[] CRLNumber_data = { 2, 5, 29, 20 }; 66 private static final int[] IssuingDistributionPoint_data = { 2, 5, 29, 28 }; 67 private static final int[] DeltaCRLIndicator_data = { 2, 5, 29, 27 }; 68 private static final int[] ReasonCode_data = { 2, 5, 29, 21 }; 69 private static final int[] HoldInstructionCode_data = { 2, 5, 29, 23 }; 70 private static final int[] InvalidityDate_data = { 2, 5, 29, 24 }; 71 private static final int[] ExtendedKeyUsage_data = { 2, 5, 29, 37 }; 72 private static final int[] InhibitAnyPolicy_data = { 2, 5, 29, 54 }; 73 private static final int[] CertificateIssuer_data = { 2, 5, 29, 29 }; 74 private static final int[] AuthInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 1}; 75 private static final int[] SubjectInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 11}; 76 private static final int[] FreshestCRL_data = { 2, 5, 29, 46 }; 77 private static final int[] OCSPNoCheck_data = { 1, 3, 6, 1, 5, 5, 7, 78 48, 1, 5}; 79 80 // Additional extensions under the PKIX arc that are not necessarily 81 // used in X.509 Certificates or CRLs. 82 private static final int OCSPNonce_data [] = { 1, 3, 6, 1, 5, 5, 7, 83 48, 1, 2}; 84 85 /** 86 * Identifies the particular public key used to sign the certificate. 87 */ 88 public static final ObjectIdentifier AuthorityKey_Id; 89 90 /** 91 * Identifies the particular public key used in an application. 92 */ 93 public static final ObjectIdentifier SubjectKey_Id; 94 95 /** 96 * Defines the purpose of the key contained in the certificate. 97 */ 98 public static final ObjectIdentifier KeyUsage_Id; 99 100 /** 101 * Allows the certificate issuer to specify a different validity period 102 * for the private key than the certificate. 103 */ 104 public static final ObjectIdentifier PrivateKeyUsage_Id; 105 106 /** 107 * Contains the sequence of policy information terms. 108 */ 109 public static final ObjectIdentifier CertificatePolicies_Id; 110 111 /** 112 * Lists pairs of object identifiers of policies considered equivalent by 113 * the issuing CA to the subject CA. 114 */ 115 public static final ObjectIdentifier PolicyMappings_Id; 116 117 /** 118 * Allows additional identities to be bound to the subject of the 119 * certificate. 120 */ 121 public static final ObjectIdentifier SubjectAlternativeName_Id; 122 123 /** 124 * Allows additional identities to be associated with the certificate 125 * issuer. 126 */ 127 public static final ObjectIdentifier IssuerAlternativeName_Id; 128 129 /** 130 * Identifies additional directory attributes. 131 * This extension is always non-critical. 132 */ 133 public static final ObjectIdentifier SubjectDirectoryAttributes_Id; 134 135 /** 136 * Identifies whether the subject of the certificate is a CA and how deep 137 * a certification path may exist through that CA. 138 */ 139 public static final ObjectIdentifier BasicConstraints_Id; 140 141 /** 142 * Provides for permitted and excluded subtrees that place restrictions 143 * on names that may be included within a certificate issued by a given CA. 144 */ 145 public static final ObjectIdentifier NameConstraints_Id; 146 147 /** 148 * Used to either prohibit policy mapping or limit the set of policies 149 * that can be in subsequent certificates. 150 */ 151 public static final ObjectIdentifier PolicyConstraints_Id; 152 153 /** 154 * Identifies how CRL information is obtained. 155 */ 156 public static final ObjectIdentifier CRLDistributionPoints_Id; 157 158 /** 159 * Conveys a monotonically increasing sequence number for each CRL 160 * issued by a given CA. 161 */ 162 public static final ObjectIdentifier CRLNumber_Id; 163 164 /** 165 * Identifies the CRL distribution point for a particular CRL. 166 */ 167 public static final ObjectIdentifier IssuingDistributionPoint_Id; 168 169 /** 170 * Identifies the delta CRL. 171 */ 172 public static final ObjectIdentifier DeltaCRLIndicator_Id; 173 174 /** 175 * Identifies the reason for the certificate revocation. 176 */ 177 public static final ObjectIdentifier ReasonCode_Id; 178 179 /** 180 * This extension provides a registered instruction identifier indicating 181 * the action to be taken, after encountering a certificate that has been 182 * placed on hold. 183 */ 184 public static final ObjectIdentifier HoldInstructionCode_Id; 185 186 /** 187 * Identifies the date on which it is known or suspected that the private 188 * key was compromised or that the certificate otherwise became invalid. 189 */ 190 public static final ObjectIdentifier InvalidityDate_Id; 191 /** 192 * Identifies one or more purposes for which the certified public key 193 * may be used, in addition to or in place of the basic purposes 194 * indicated in the key usage extension field. 195 */ 196 public static final ObjectIdentifier ExtendedKeyUsage_Id; 197 198 /** 199 * Specifies whether any-policy policy OID is permitted 200 */ 201 public static final ObjectIdentifier InhibitAnyPolicy_Id; 202 203 /** 204 * Identifies the certificate issuer associated with an entry in an 205 * indirect CRL. 206 */ 207 public static final ObjectIdentifier CertificateIssuer_Id; 208 209 /** 210 * This extension indicates how to access CA information and services for 211 * the issuer of the certificate in which the extension appears. 212 * This information may be used for on-line certification validation 213 * services. 214 */ 215 public static final ObjectIdentifier AuthInfoAccess_Id; 216 217 /** 218 * This extension indicates how to access CA information and services for 219 * the subject of the certificate in which the extension appears. 220 */ 221 public static final ObjectIdentifier SubjectInfoAccess_Id; 222 223 /** 224 * Identifies how delta CRL information is obtained. 225 */ 226 public static final ObjectIdentifier FreshestCRL_Id; 227 228 /** 229 * Identifies the OCSP client can trust the responder for the 230 * lifetime of the responder's certificate. 231 */ 232 public static final ObjectIdentifier OCSPNoCheck_Id; 233 234 /** 235 * This extension is used to provide nonce data for OCSP requests 236 * or responses. 237 */ 238 public static final ObjectIdentifier OCSPNonce_Id; 239 240 static { 241 AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data); 242 SubjectKey_Id = ObjectIdentifier.newInternal(SubjectKey_data); 243 KeyUsage_Id = ObjectIdentifier.newInternal(KeyUsage_data); 244 PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data); 245 CertificatePolicies_Id = 246 ObjectIdentifier.newInternal(CertificatePolicies_data); 247 PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data); 248 SubjectAlternativeName_Id = 249 ObjectIdentifier.newInternal(SubjectAlternativeName_data); 250 IssuerAlternativeName_Id = 251 ObjectIdentifier.newInternal(IssuerAlternativeName_data); 252 ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data); 253 InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data); 254 SubjectDirectoryAttributes_Id = 255 ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data); 256 BasicConstraints_Id = 257 ObjectIdentifier.newInternal(BasicConstraints_data); 258 ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data); 259 HoldInstructionCode_Id = 260 ObjectIdentifier.newInternal(HoldInstructionCode_data); 261 InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data); 262 263 NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data); 264 PolicyConstraints_Id = 265 ObjectIdentifier.newInternal(PolicyConstraints_data); 266 CRLDistributionPoints_Id = 267 ObjectIdentifier.newInternal(CRLDistributionPoints_data); 268 CRLNumber_Id = 269 ObjectIdentifier.newInternal(CRLNumber_data); 270 IssuingDistributionPoint_Id = 271 ObjectIdentifier.newInternal(IssuingDistributionPoint_data); 272 DeltaCRLIndicator_Id = 273 ObjectIdentifier.newInternal(DeltaCRLIndicator_data); 274 CertificateIssuer_Id = 275 ObjectIdentifier.newInternal(CertificateIssuer_data); 276 AuthInfoAccess_Id = 277 ObjectIdentifier.newInternal(AuthInfoAccess_data); 278 SubjectInfoAccess_Id = 279 ObjectIdentifier.newInternal(SubjectInfoAccess_data); 280 FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data); 281 OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data); 282 OCSPNonce_Id = ObjectIdentifier.newInternal(OCSPNonce_data); 283 } 284 } 285