sun.security.x509.PKIXExtensions Maven / Gradle / Ivy
/*
* Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package sun.security.x509;
import sun.security.util.*;
/**
* Lists all the object identifiers of the X509 extensions of the PKIX profile.
*
* Extensions are addiitonal attributes which can be inserted in a X509
* v3 certificate. For example a "Driving License Certificate" could have
* the driving license number as a extension.
*
*
Extensions are represented as a sequence of the extension identifier
* (Object Identifier), a boolean flag stating whether the extension is to
* be treated as being critical and the extension value itself (this is again
* a DER encoding of the extension value).
*
* @see Extension
*
*
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public class PKIXExtensions {
/**
* Identifies the particular public key used to sign the certificate.
*/
public static final ObjectIdentifier AuthorityKey_Id =
ObjectIdentifier.of(KnownOIDs.AuthorityKeyID);
/**
* Identifies the particular public key used in an application.
*/
public static final ObjectIdentifier SubjectKey_Id =
ObjectIdentifier.of(KnownOIDs.SubjectKeyID);
/**
* Defines the purpose of the key contained in the certificate.
*/
public static final ObjectIdentifier KeyUsage_Id =
ObjectIdentifier.of(KnownOIDs.KeyUsage);
/**
* Allows the certificate issuer to specify a different validity period
* for the private key than the certificate.
*/
public static final ObjectIdentifier PrivateKeyUsage_Id =
ObjectIdentifier.of(KnownOIDs.PrivateKeyUsage);
/**
* Contains the sequence of policy information terms.
*/
public static final ObjectIdentifier CertificatePolicies_Id =
ObjectIdentifier.of(KnownOIDs.CertificatePolicies);
/**
* Lists pairs of object identifiers of policies considered equivalent by
* the issuing CA to the subject CA.
*/
public static final ObjectIdentifier PolicyMappings_Id =
ObjectIdentifier.of(KnownOIDs.PolicyMappings);
/**
* Allows additional identities to be bound to the subject of the
* certificate.
*/
public static final ObjectIdentifier SubjectAlternativeName_Id =
ObjectIdentifier.of(KnownOIDs.SubjectAlternativeName);
/**
* Allows additional identities to be associated with the certificate
* issuer.
*/
public static final ObjectIdentifier IssuerAlternativeName_Id =
ObjectIdentifier.of(KnownOIDs.IssuerAlternativeName);
/**
* Identifies additional directory attributes.
* This extension is always non-critical.
*/
public static final ObjectIdentifier SubjectDirectoryAttributes_Id =
ObjectIdentifier.of(KnownOIDs.SubjectDirectoryAttributes);
/**
* Identifies whether the subject of the certificate is a CA and how deep
* a certification path may exist through that CA.
*/
public static final ObjectIdentifier BasicConstraints_Id =
ObjectIdentifier.of(KnownOIDs.BasicConstraints);
/**
* Provides for permitted and excluded subtrees that place restrictions
* on names that may be included within a certificate issued by a given CA.
*/
public static final ObjectIdentifier NameConstraints_Id =
ObjectIdentifier.of(KnownOIDs.NameConstraints);
/**
* Used to either prohibit policy mapping or limit the set of policies
* that can be in subsequent certificates.
*/
public static final ObjectIdentifier PolicyConstraints_Id =
ObjectIdentifier.of(KnownOIDs.PolicyConstraints);
/**
* Identifies how CRL information is obtained.
*/
public static final ObjectIdentifier CRLDistributionPoints_Id =
ObjectIdentifier.of(KnownOIDs.CRLDistributionPoints);
/**
* Conveys a monotonically increasing sequence number for each CRL
* issued by a given CA.
*/
public static final ObjectIdentifier CRLNumber_Id =
ObjectIdentifier.of(KnownOIDs.CRLNumber);
/**
* Identifies the CRL distribution point for a particular CRL.
*/
public static final ObjectIdentifier IssuingDistributionPoint_Id =
ObjectIdentifier.of(KnownOIDs.IssuingDistributionPoint);
/**
* Identifies the delta CRL.
*/
public static final ObjectIdentifier DeltaCRLIndicator_Id =
ObjectIdentifier.of(KnownOIDs.DeltaCRLIndicator);
/**
* Identifies the reason for the certificate revocation.
*/
public static final ObjectIdentifier ReasonCode_Id =
ObjectIdentifier.of(KnownOIDs.ReasonCode);
/**
* This extension provides a registered instruction identifier indicating
* the action to be taken, after encountering a certificate that has been
* placed on hold.
*/
public static final ObjectIdentifier HoldInstructionCode_Id =
ObjectIdentifier.of(KnownOIDs.HoldInstructionCode);
/**
* Identifies the date on which it is known or suspected that the private
* key was compromised or that the certificate otherwise became invalid.
*/
public static final ObjectIdentifier InvalidityDate_Id =
ObjectIdentifier.of(KnownOIDs.InvalidityDate);
/**
* Identifies one or more purposes for which the certified public key
* may be used, in addition to or in place of the basic purposes
* indicated in the key usage extension field.
*/
public static final ObjectIdentifier ExtendedKeyUsage_Id =
ObjectIdentifier.of(KnownOIDs.extendedKeyUsage);
/**
* Specifies whether any-policy policy OID is permitted
*/
public static final ObjectIdentifier InhibitAnyPolicy_Id =
ObjectIdentifier.of(KnownOIDs.InhibitAnyPolicy);
/**
* Identifies the certificate issuer associated with an entry in an
* indirect CRL.
*/
public static final ObjectIdentifier CertificateIssuer_Id =
ObjectIdentifier.of(KnownOIDs.CertificateIssuer);
/**
* This extension indicates how to access CA information and services for
* the issuer of the certificate in which the extension appears.
* This information may be used for on-line certification validation
* services.
*/
public static final ObjectIdentifier AuthInfoAccess_Id =
ObjectIdentifier.of(KnownOIDs.AuthInfoAccess);
/**
* This extension indicates how to access CA information and services for
* the subject of the certificate in which the extension appears.
*/
public static final ObjectIdentifier SubjectInfoAccess_Id =
ObjectIdentifier.of(KnownOIDs.SubjectInfoAccess);
/**
* Identifies how delta CRL information is obtained.
*/
public static final ObjectIdentifier FreshestCRL_Id =
ObjectIdentifier.of(KnownOIDs.FreshestCRL);
/**
* Identifies the OCSP client can trust the responder for the
* lifetime of the responder's certificate.
*/
public static final ObjectIdentifier OCSPNoCheck_Id =
ObjectIdentifier.of(KnownOIDs.OCSPNoCheck);
/**
* This extension is used to provide nonce data for OCSP requests
* or responses.
*/
public static final ObjectIdentifier OCSPNonce_Id =
ObjectIdentifier.of(KnownOIDs.OCSPNonceExt);
}