1/*
2 * Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.  Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26package sun.security.x509;
27
28import java.io.*;
29
30import sun.security.util.*;
31
32/**
33 * Lists all the object identifiers of the X509 extensions of the PKIX profile.
34 *
35 * <p>Extensions are addiitonal attributes which can be inserted in a X509
36 * v3 certificate. For example a "Driving License Certificate" could have
37 * the driving license number as a extension.
38 *
39 * <p>Extensions are represented as a sequence of the extension identifier
40 * (Object Identifier), a boolean flag stating whether the extension is to
41 * be treated as being critical and the extension value itself (this is again
42 * a DER encoding of the extension value).
43 *
44 * @see Extension
45 *
46 *
47 * @author Amit Kapoor
48 * @author Hemma Prafullchandra
49 */
50public class PKIXExtensions {
51    // The object identifiers
52    private static final int AuthorityKey_data [] = { 2, 5, 29, 35 };
53    private static final int SubjectKey_data [] = { 2, 5, 29, 14 };
54    private static final int KeyUsage_data [] = { 2, 5, 29, 15 };
55    private static final int PrivateKeyUsage_data [] = { 2, 5, 29, 16 };
56    private static final int CertificatePolicies_data [] = { 2, 5, 29, 32 };
57    private static final int PolicyMappings_data [] = { 2, 5, 29, 33 };
58    private static final int SubjectAlternativeName_data [] = { 2, 5, 29, 17 };
59    private static final int IssuerAlternativeName_data [] = { 2, 5, 29, 18 };
60    private static final int SubjectDirectoryAttributes_data [] = { 2, 5, 29, 9 };
61    private static final int BasicConstraints_data [] = { 2, 5, 29, 19 };
62    private static final int NameConstraints_data [] = { 2, 5, 29, 30 };
63    private static final int PolicyConstraints_data [] = { 2, 5, 29, 36 };
64    private static final int CRLDistributionPoints_data [] = { 2, 5, 29, 31 };
65    private static final int CRLNumber_data [] = { 2, 5, 29, 20 };
66    private static final int IssuingDistributionPoint_data [] = { 2, 5, 29, 28 };
67    private static final int DeltaCRLIndicator_data [] = { 2, 5, 29, 27 };
68    private static final int ReasonCode_data [] = { 2, 5, 29, 21 };
69    private static final int HoldInstructionCode_data [] = { 2, 5, 29, 23 };
70    private static final int InvalidityDate_data [] = { 2, 5, 29, 24 };
71    private static final int ExtendedKeyUsage_data [] = { 2, 5, 29, 37 };
72    private static final int InhibitAnyPolicy_data [] = { 2, 5, 29, 54 };
73    private static final int CertificateIssuer_data [] = { 2, 5, 29, 29 };
74    private static final int AuthInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 1};
75    private static final int SubjectInfoAccess_data [] = { 1, 3, 6, 1, 5, 5, 7, 1, 11};
76    private static final int FreshestCRL_data [] = { 2, 5, 29, 46 };
77    private static final int OCSPNoCheck_data [] = { 1, 3, 6, 1, 5, 5, 7,
78                                                    48, 1, 5};
79
80    /**
81     * Identifies the particular public key used to sign the certificate.
82     */
83    public static final ObjectIdentifier AuthorityKey_Id;
84
85    /**
86     * Identifies the particular public key used in an application.
87     */
88    public static final ObjectIdentifier SubjectKey_Id;
89
90    /**
91     * Defines the purpose of the key contained in the certificate.
92     */
93    public static final ObjectIdentifier KeyUsage_Id;
94
95    /**
96     * Allows the certificate issuer to specify a different validity period
97     * for the private key than the certificate.
98     */
99    public static final ObjectIdentifier PrivateKeyUsage_Id;
100
101    /**
102     * Contains the sequence of policy information terms.
103     */
104    public static final ObjectIdentifier CertificatePolicies_Id;
105
106    /**
107     * Lists pairs of objectidentifiers of policies considered equivalent by the
108     * issuing CA to the subject CA.
109     */
110    public static final ObjectIdentifier PolicyMappings_Id;
111
112    /**
113     * Allows additional identities to be bound to the subject of the certificate.
114     */
115    public static final ObjectIdentifier SubjectAlternativeName_Id;
116
117    /**
118     * Allows additional identities to be associated with the certificate issuer.
119     */
120    public static final ObjectIdentifier IssuerAlternativeName_Id;
121
122    /**
123     * Identifies additional directory attributes.
124     * This extension is always non-critical.
125     */
126    public static final ObjectIdentifier SubjectDirectoryAttributes_Id;
127
128    /**
129     * Identifies whether the subject of the certificate is a CA and how deep
130     * a certification path may exist through that CA.
131     */
132    public static final ObjectIdentifier BasicConstraints_Id;
133
134    /**
135     * Provides for permitted and excluded subtrees that place restrictions
136     * on names that may be included within a certificate issued by a given CA.
137     */
138    public static final ObjectIdentifier NameConstraints_Id;
139
140    /**
141     * Used to either prohibit policy mapping or limit the set of policies
142     * that can be in subsequent certificates.
143     */
144    public static final ObjectIdentifier PolicyConstraints_Id;
145
146    /**
147     * Identifies how CRL information is obtained.
148     */
149    public static final ObjectIdentifier CRLDistributionPoints_Id;
150
151    /**
152     * Conveys a monotonically increasing sequence number for each CRL
153     * issued by a given CA.
154     */
155    public static final ObjectIdentifier CRLNumber_Id;
156
157    /**
158     * Identifies the CRL distribution point for a particular CRL.
159     */
160    public static final ObjectIdentifier IssuingDistributionPoint_Id;
161
162    /**
163     * Identifies the delta CRL.
164     */
165    public static final ObjectIdentifier DeltaCRLIndicator_Id;
166
167    /**
168     * Identifies the reason for the certificate revocation.
169     */
170    public static final ObjectIdentifier ReasonCode_Id;
171
172    /**
173     * This extension provides a registered instruction identifier indicating
174     * the action to be taken, after encountering a certificate that has been
175     * placed on hold.
176     */
177    public static final ObjectIdentifier HoldInstructionCode_Id;
178
179    /**
180     * Identifies the date on which it is known or suspected that the private
181     * key was compromised or that the certificate otherwise became invalid.
182     */
183    public static final ObjectIdentifier InvalidityDate_Id;
184    /**
185     * Identifies one or more purposes for which the certified public key
186     * may be used, in addition to or in place of the basic purposes
187     * indicated in the key usage extension field.
188     */
189    public static final ObjectIdentifier ExtendedKeyUsage_Id;
190
191    /**
192     * Specifies whether any-policy policy OID is permitted
193     */
194    public static final ObjectIdentifier InhibitAnyPolicy_Id;
195
196    /**
197     * Identifies the certificate issuer associated with an entry in an
198     * indirect CRL.
199     */
200    public static final ObjectIdentifier CertificateIssuer_Id;
201
202    /**
203     * This extension indicates how to access CA information and services for
204     * the issuer of the certificate in which the extension appears.
205     * This information may be used for on-line certification validation
206     * services.
207     */
208    public static final ObjectIdentifier AuthInfoAccess_Id;
209
210    /**
211     * This extension indicates how to access CA information and services for
212     * the subject of the certificate in which the extension appears.
213     */
214    public static final ObjectIdentifier SubjectInfoAccess_Id;
215
216    /**
217     * Identifies how delta CRL information is obtained.
218     */
219    public static final ObjectIdentifier FreshestCRL_Id;
220
221    /**
222     * Identifies the OCSP client can trust the responder for the
223     * lifetime of the responder's certificate.
224     */
225    public static final ObjectIdentifier OCSPNoCheck_Id;
226
227    static {
228        AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);
229        SubjectKey_Id   = ObjectIdentifier.newInternal(SubjectKey_data);
230        KeyUsage_Id     = ObjectIdentifier.newInternal(KeyUsage_data);
231        PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data);
232        CertificatePolicies_Id =
233            ObjectIdentifier.newInternal(CertificatePolicies_data);
234        PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data);
235        SubjectAlternativeName_Id =
236            ObjectIdentifier.newInternal(SubjectAlternativeName_data);
237        IssuerAlternativeName_Id =
238            ObjectIdentifier.newInternal(IssuerAlternativeName_data);
239        ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data);
240        InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data);
241        SubjectDirectoryAttributes_Id =
242            ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data);
243        BasicConstraints_Id =
244            ObjectIdentifier.newInternal(BasicConstraints_data);
245        ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);
246        HoldInstructionCode_Id  =
247            ObjectIdentifier.newInternal(HoldInstructionCode_data);
248        InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data);
249
250        NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data);
251        PolicyConstraints_Id =
252            ObjectIdentifier.newInternal(PolicyConstraints_data);
253        CRLDistributionPoints_Id =
254            ObjectIdentifier.newInternal(CRLDistributionPoints_data);
255        CRLNumber_Id =
256            ObjectIdentifier.newInternal(CRLNumber_data);
257        IssuingDistributionPoint_Id =
258            ObjectIdentifier.newInternal(IssuingDistributionPoint_data);
259        DeltaCRLIndicator_Id =
260            ObjectIdentifier.newInternal(DeltaCRLIndicator_data);
261        CertificateIssuer_Id =
262            ObjectIdentifier.newInternal(CertificateIssuer_data);
263        AuthInfoAccess_Id =
264            ObjectIdentifier.newInternal(AuthInfoAccess_data);
265        SubjectInfoAccess_Id =
266            ObjectIdentifier.newInternal(SubjectInfoAccess_data);
267        FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);
268        OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data);
269    }
270}
271