java.security.cert.X509Extension Maven / Gradle / Ivy

Neither this file nor any files generated from it describe a complete specification, and they may only be used as described below. For example, no permission is given for you to incorporate this file, in whole or in part, in an implementation of a Java specification.

Sun Microsystems Inc. owns the copyright in this file and it is provided to you for informative, as opposed to normative, use. The file and any files generated from it may be used to generate other informative documentation, such as a unified set of documents of API signatures for a platform that includes technologies expressed as Java APIs. The file may also be used to produce "compilation stubs," which allow applications to be compiled and validated for such platforms.

Any work generated from this file, such as unified javadocs or compiled stub files, must be accompanied by this notice in its entirety.

This work corresponds to the API signatures of JSR 219: Foundation Profile 1.1. In the event of a discrepency between this work and the JSR 219 specification, which is available at http://www.jcp.org/en/jsr/detail?id=219, the latter takes precedence. */ package java.security.cert; import java.util.Set; /** * Interface for an X.509 extension. * *

The extensions defined for X.509 v3 * {@link X509Certificate Certificates} and v2 * {@link X509CRL CRLs} (Certificate Revocation * Lists) provide methods * for associating additional attributes with users or public keys, * for managing the certification hierarchy, and for managing CRL * distribution. The X.509 extensions format also allows communities * to define private extensions to carry information unique to those * communities. * *

Each extension in a certificate/CRL may be designated as * critical or non-critical. A certificate/CRL-using system (an application * validating a certificate/CRL) must reject the certificate/CRL if it * encounters a critical extension it does not recognize. A non-critical * extension may be ignored if it is not recognized. *

* The ASN.1 definition for this is: *

 * Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
 *
 * Extension  ::=  SEQUENCE  {
 *     extnId        OBJECT IDENTIFIER,
 *     critical      BOOLEAN DEFAULT FALSE,
 *     extnValue     OCTET STRING
 *                   -- contains a DER encoding of a value
 *                   -- of the type registered for use with
 *                   -- the extnId object identifier value
 * }
 * 

     * InputStream inStrm = new FileInputStream("DER-encoded-Cert");
     * CertificateFactory cf = CertificateFactory.getInstance("X.509");
     * X509Certificate cert = (X509Certificate)cf.generateCertificate(inStrm);
     * inStrm.close();

     *
     * Set critSet = cert.getCriticalExtensionOIDs();
     * if (critSet != null && !critSet.isEmpty()) {
     *     System.out.println("Set of critical extensions:");
     *     for (Iterator i = critSet.iterator(); i.hasNext();) {
     *         String oid = (String)i.next();
     *         System.out.println(oid);
     *     }
     * }
     * 

     * InputStream inStrm = new FileInputStream("DER-encoded-CRL");
     * CertificateFactory cf = CertificateFactory.getInstance("X.509");
     * X509CRL crl = (X509CRL)cf.generateCRL(inStrm);
     * inStrm.close();

     *
     * byte[] certData = <DER-encoded certificate data>
     * ByteArrayInputStream bais = new ByteArrayInputStream(certData);
     * X509Certificate cert = (X509Certificate)cf.generateCertificate(bais);
     * bais.close();
     * X509CRLEntry badCert =
     *              crl.getRevokedCertificate(cert.getSerialNumber());

     *
     * if (badCert != null) {
     *     Set nonCritSet = badCert.getNonCriticalExtensionOIDs();

     *     if (nonCritSet != null)
     *         for (Iterator i = nonCritSet.iterator(); i.hasNext();) {
     *             String oid = (String)i.next();
     *             System.out.println(oid);
     *         }
     * }
     * 

For example:
*