|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension | +--com.rsa.certj.cert.extensions.ExtendedKeyUsage
This class builds and holds the
ExtendedKeyUsage
extension. It
indicates one or more purposes for which the
certified public key may be used, in addition to,
or in place of, the basic purposes indicated in
the key usage extension field. Key purposes may
be defined by any organization, as needed. This
extension may, at the option of the certificate
issuer, be either critical or non-critical. If
the extension is flagged critical, then the
certificate must be used only for one of the
purposes indicated.
extKeyUsage EXTENSION ::= { SYNTAX SEQUENCE SIZE (1..MAX) OF KeyPurposeId IDENTIFIED BY id-ce-extKeyUsage } KeyPurposeId ::= OBJECT IDENTIFIER |
id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } id-kp-ipsecEndSystem OBJECT IDENTIFIER ::= { id-kp 5 } id-kp-ipsecTunnel OBJECT IDENTIFIER ::= { id-kp 6 } id-kp-ipsecUser OBJECT IDENTIFIER ::= { id-kp 7 } id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } |
See Also
Field Summary |
|
static byte[] |
ID_KP_CLIENT_AUTH
Holds the PKIX extended key purpose OID for TLS Web client authentication. |
static byte[] |
ID_KP_CODE_SIGNING
Holds the PKIX extended key purpose OID for signing downloadable executable code. |
static byte[] |
ID_KP_EMAIL_PROTECTION
Holds the PKIX extended key purpose OID for e-mail protection. |
static byte[] |
ID_KP_OCSP_SIGNING
Holds the PKIX extended key purpose OID for signing OCSP responses. |
static byte[] |
ID_KP_SERVER_AUTH
Holds the PKIX extended key purpose OID for TLS Web server authentication. |
static byte[] |
ID_KP_TIME_STAMPING
Holds the PKIX extended key purpose OID for binding the hash of an object to a time from an agreed-upon time source. |
Constructor Summary |
|
ExtendedKeyUsage()
Constructs an empty |
|
ExtendedKeyUsage(byte[] keyPurpose,
int offset,
int len,
boolean criticality)
Constructs an |
Method Summary |
|
void |
addExtendedKeyUsage(byte[] data,
int offset,
int len)
Adds an extended key usage to this extension. |
clone()
Overrides the default |
|
void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
int |
derEncodeValueInit()
Initialize for encoding the value. |
byte[] |
getExtendedKeyUsage(int index)
Gets the specified key purpose value. |
int |
getKeyUsageCount()
Gets Key Usage Count. |
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension |
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static byte[] ID_KP_SERVER_AUTH
digitalSignature
, keyEncipherment
,
or keyAgreement
.
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) 7 } id-kp OBJECT IDENTIFIER ::= {id-pkix 3} id-kp-serverAuth = OBJECT IDENTIFIER ::= {id-kp 1}
public static byte[] ID_KP_CLIENT_AUTH
digitalSignature
and/or keyAgreement
.
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) 7 } id-kp OBJECT IDENTIFIER ::= {id-pkix 3} id-kp-clientAuth = OBJECT IDENTIFIER ::= {id-kp 2}
public static byte[] ID_KP_CODE_SIGNING
digitalSignature
.
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) 7 } id-kp OBJECT IDENTIFIER ::= {id-pkix 3} id-kp-codeSigning = OBJECT IDENTIFIER ::= {id-kp 3}
public static byte[] ID_KP_EMAIL_PROTECTION
digitalSignature
, noRepudication
,
and/or (keyEncipherment
or
keyAgreement
).
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) 7 } id-kp OBJECT IDENTIFIER ::= {id-pkix 3} id-kp-emailProtection = OBJECT IDENTIFIER ::= {id-kp 4}
public static byte[] ID_KP_TIME_STAMPING
digitalSignature
, nonRepudiation
.
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) 7 } id-kp OBJECT IDENTIFIER ::= {id-pkix 3} id-kp-timeStamping = OBJECT IDENTIFIER ::= {id-kp 8}
public static byte[] ID_KP_OCSP_SIGNING
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) 7 } id-kp OBJECT IDENTIFIER ::= {id-pkix 3} id-kp-OCSPSigning = OBJECT IDENTIFIER ::= {id-kp 9}
Constructor Detail |
public ExtendedKeyUsage()
ExtendedKeyUsage
object.public ExtendedKeyUsage(byte[] keyPurpose, int offset, int len, boolean criticality)
ExtendedKeyUsage
object
and initializes it with the given values.Parameters
keyPurpose | A | ||
offset | The offset into the keyPurpose array. | ||
len | The length of the data in the keyPurpose array. | ||
criticality | The user-specified criticality. |
Method Detail |
public void decodeValue(byte[] valueBER, int offset) throws CertificateException
Overrides
decodeValue
in class X509V3Extension
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding actually begins. |
Throws
CertificateException
- If the encoding is invalid for this
extension.public void addExtendedKeyUsage(byte[] data, int offset, int len)
Parameters
data | A | ||
offset | The offset in the data array. | ||
len | The length of the data array. |
public byte[] getExtendedKeyUsage(int index) throws CertificateException
Parameters
index | The index to the specified key purpose value. |
Returns
byte
array containing the key
purpose ID value.
Throws
CertificateException
- If the
specified index is larger
than the number of key usage elements in this
extension.public int getKeyUsageCount()
Returns
public int derEncodeValueInit()
Overrides
derEncodeValueInit
in class X509V3Extension
Returns
public int derEncodeValue(byte[] encoding, int offset)
Overrides
derEncodeValue
in class X509V3Extension
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public Object clone() throws CloneNotSupportedException
clone
method
to get a deeper clone.
Overrides
clone
in class X509V3Extension
Returns
ExtendedKeyUsage
object,
a copy of this object.
Throws
CloneNotSupportedException
- If
the cloning operation is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |