|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension
This class is the superclass of all X.509 V3 extension objects. X.509 V3 extensions are extensions that are used with X.509 version 3 certificatea and CRLs. The ASN.1 definition is defined as follows:
Extension ::= SEQUENCE {
extnId EXTENSION.&id ({ExtensionSet}),
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING
-- contains a DER encoding of a value of type &ExtnType
-- for the extension object identified by extnId -- }
|
See Also
|
Field Summary |
|
static int |
ARCHIVE_CUTOFF
Indicates the archive cutoff extension. |
static byte[] |
ARCHIVE_CUTOFF_OID
The archive cutoff OID. |
static int |
AUTHORITY_INFO_ACCESS
Indicates the authority info access extension. |
static byte[] |
AUTHORITY_INFO_OID
The authority info access OID. |
static int |
AUTHORITY_KEY_ID
The last byte in the authority key ID OID that identifies the authority key ID extension. |
static int |
BASIC_CONSTRAINTS
The last byte in the basic constraints OID that identifies the basic constraints extension. |
static int |
BIO_INFO
Indicates the Biometric Info extension. |
static byte[] |
BIO_INFO_OID
The Biometric Info OID. |
static int |
CERT_POLICIES
The last byte in the cert policies OID that identifies the cert policies extension. |
static int |
CERTIFICATE_ISSUER
The last byte in the certificate issuer OID that identifies the certificate issuer extension. |
static int |
CRL_DISTRIBUTION_POINTS
The last byte in the CRL distribution points OID that identifies the CRL distribution points extension. |
static int |
CRL_NUMBER
The last byte in the CRL number OID that identifies the CRL number extension. |
static int |
CRL_REFERENCE
Indicates the CRL reference extension. |
static byte[] |
CRL_REFERENCE_OID
The CRL reference OID. |
static int |
DELTA_CRL_INDICATOR
The last byte in the delta CRL indicator OID that identifies the delta CRL indicator extension. |
static int |
EXTENDED_KEY_USAGE
The last byte in the extended key usage OID that identifies the extended key usage extension. |
static int |
HOLD_INSTRUCTION_CODE
The last byte in the hold instruction code OID that identifies the hold instruction code extension. |
static int |
INHIBIT_ANY_POLICY
The last byte in the Inhibit Any-Policy OID that identifies the Inhibit Any-Policy OID extension. |
static int |
INVALIDITY_DATE
The last byte in the invalidity date OID that identifies the invalidity date extension. |
static int |
ISSUER_ALT_NAME
The last byte in the issuer alt name OID that identifies the issuer alt name extension. |
static int |
ISSUING_DISTRIBUTION_POINT
The last byte in the issuing distribution point OID, that identifies the issuing distribution point extension. |
static int |
KEY_USAGE
The last byte in the key usage OID that identifies the key usage extension. |
static int |
NAME_CONSTRAINTS
The last byte in the name constraints OID that identifies the name constraints extension. |
static int |
NETSCAPE_BASE_URL
Indicates the Netscape base URL extension. |
static byte[] |
NETSCAPE_BASE_URL_OID
The Netscape base URL OID. |
static int |
NETSCAPE_CA_POLICY_URL
Indicates the Netscape CA policy URL extension. |
static byte[] |
NETSCAPE_CA_POLICY_URL_OID
The Netscape CA policy URL OID. |
static int |
NETSCAPE_CA_REVOCATION_URL
Indicates the Netscape CA revocation URL extension. |
static byte[] |
NETSCAPE_CA_REVOCATION_URL_OID
The Netscape CA revocation URL OID. |
static int |
NETSCAPE_CERT_RENEWAL_URL
Indicates the Netscape cert renewal URL extension. |
static byte[] |
NETSCAPE_CERT_RENEWAL_URL_OID
The Netscape cert renewal URL OID. |
static int |
NETSCAPE_CERT_TYPE
Indicates the Netscape cert type extension. |
static byte[] |
NETSCAPE_CERT_TYPE_OID
The Netscape cert type OID. |
static int |
NETSCAPE_COMMENT
Indicates the Netscape comment extension. |
static byte[] |
NETSCAPE_COMMENT_OID
The Netscape comment OID. |
static int |
NETSCAPE_REVOCATION_URL
Indicates the Netscape revocation URL extension. |
static byte[] |
NETSCAPE_REVOCATION_URL_OID
The Netscape revocation URL OID. |
static int |
NETSCAPE_SSL_SERVER_NAME
Indicates the Netscape SSL server name extension. |
static byte[] |
NETSCAPE_SSL_SERVER_NAME_OID
The Netscape SSL server name OID. |
static int |
NON_STANDARD_EXTENSION
Use this flag to get an extension by type, or to determine what kind of extension an unknown object contains. |
static int |
OCSP_ACCEPTABLE_RESPONSES
Indicates the OCSP acceptable responses extension. |
static byte[] |
OCSP_ACCEPTABLE_RESPONSES_OID
The OCSP acceptable responses OID. |
static int |
OCSP_NOCHECK
Indicates the OCSP no check extension. |
static byte[] |
OCSP_NOCHECK_OID
The OCSP no check OID. |
static int |
OCSP_NONCE
Indicates the OCSP nonce extension. |
static byte[] |
OCSP_NONCE_OID
The OCSP nonce OID. |
static int |
OCSP_SERVICE_LOCATOR
Indicates the OCSP service locator extension. |
static byte[] |
OCSP_SERVICE_LOCATOR_OID
The OCSP service locator OID. |
static int |
POLICY_CONSTRAINTS
The last byte in the policy constraint OID that identifies the policy constraint extension. |
static int |
POLICY_MAPPINGS
The last byte in the policy mapping OID that identifies the policy mapping extension. |
static int |
PRIVATE_KEY_USAGE_PERIOD
The last byte in the private key usage period OID that identifies the private key usage period extension. |
static int |
QC_STATEMENTS
Indicates the QCStatements extension. |
static byte[] |
QC_STATEMENTS_OID
The QCStatements OID. |
static int |
REASON_CODE
The last byte in the reason code OID that identifies the reason code extension. |
static int |
SUBJECT_ALT_NAME
The last byte in the subject alt name OID that identifies the subject alt name extension. |
static int |
SUBJECT_DIRECTORY_ATTRIBUTES
The last byte in the subject directory attributes OID that identifies the subject directory attributes extension. |
static int |
SUBJECT_KEY_ID
The last byte in the subject key ID OID that identifies the subject key ID extension. |
static int |
VERISIGN_CZAG
Indicates the VeriSign CZAG extension. |
static byte[] |
VERISIGN_CZAG_OID
The VeriSign CZAG OID. |
static int |
VERISIGN_FIDELITY_ID
Indicates the VeriSign Fidelity unique ID extension. |
static byte[] |
VERISIGN_FIDELITY_ID_OID
The VeriSign Fidelity unique ID OID. |
static int |
VERISIGN_JURISDICTION_HASH
Indicates the VeriSign jurisdiction hash extension. |
static byte[] |
VERISIGN_JURISDICTION_HASH_OID
The VeriSign jurisdiction hash OID. |
static int |
VERISIGN_NETSCAPE_INBOX_V1
Indicates the VeriSign Netscape Inbox V1 extension. |
static byte[] |
VERISIGN_NETSCAPE_INBOX_V1_OID
The VeriSign Netscape Inbox V1 OID. |
static int |
VERISIGN_NETSCAPE_INBOX_V2
Indicates the VeriSign Netscape Inbox V2 extension. |
static byte[] |
VERISIGN_NETSCAPE_INBOX_V2_OID
The VeriSign Netscape Inbox V2 OID. |
static int |
VERISIGN_NON_VERIFIED
Indicates the VeriSign non-verified elements extension. |
static byte[] |
VERISIGN_NON_VERIFIED_OID
The VeriSign non-verified elements OID. |
static int |
VERISIGN_SERIAL_NUMBER
Indicates the VeriSign serial number rollover extension. |
static byte[] |
VERISIGN_SERIAL_NUMBER_OID
The VeriSign serial number rollover OID. |
static int |
VERISIGN_TOKEN_TYPE
Indicates the VeriSign token type extension. |
static byte[] |
VERISIGN_TOKEN_TYPE_OID
The VeriSign token type OID. |
|
Constructor Summary |
|
X509V3Extension()
|
|
|
Method Summary |
|
abstract Object |
clone()
Overrides the default |
abstract void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
abstract int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
abstract int |
derEncodeValueInit()
Initialize for encoding the value. |
static void |
extend(byte[] oid,
X509V3Extension extension)
Extends this class to accept a new extension type. |
boolean |
getCriticality()
Gets the criticality. |
int |
getDEREncoding(byte[] encoding,
int offset,
int special)
Places the DER encoding of the extension in this object into encoding, beginning at offset. |
int |
getDERLen(int special)
Returns the number of bytes of the DER encoding of this extension. |
int |
getExtensionType()
Gets the flag that describes the extension type. |
getExtensionTypeString()
Gets the name of the extension type. |
|
static X509V3Extension |
getInstance(byte[] extensionBER,
int offset)
Given extensionBER, the BER of an extension beginning at offset, this method determines which extension it is and then instantiates the appropriate subclass. |
static int |
getNextBEROffset(byte[] extensionBER,
int offset)
Given extensionBER, the BER encoding of an
|
boolean |
isExtensionType(int type)
Checks to see if this object is a extension type represented by the given type, which should be one of the extension type fields previously defined in this class. |
void |
setCriticality(boolean proposedCriticality)
Sets the criticality. |
void |
setEncoding(byte[] data,
int offset,
int len)
Sets the encoding of the value. |
void |
setSpecialOID(byte[] extOID)
Set the OID to be the special one. |
void |
setStandardOID(int lastByte)
Set the OID to be the standard one. |
| Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
public static final int SUBJECT_KEY_ID
public static final int AUTHORITY_KEY_ID
public static final int KEY_USAGE
public static final int PRIVATE_KEY_USAGE_PERIOD
public static final int SUBJECT_ALT_NAME
public static final int ISSUER_ALT_NAME
public static final int BASIC_CONSTRAINTS
public static final int SUBJECT_DIRECTORY_ATTRIBUTES
public static final int NAME_CONSTRAINTS
public static final int CERT_POLICIES
public static final int POLICY_MAPPINGS
public static final int POLICY_CONSTRAINTS
public static final int EXTENDED_KEY_USAGE
public static final int CRL_NUMBER
public static final int REASON_CODE
public static final int HOLD_INSTRUCTION_CODE
public static final int INVALIDITY_DATE
public static final int DELTA_CRL_INDICATOR
public static final int ISSUING_DISTRIBUTION_POINT
public static final int CERTIFICATE_ISSUER
public static final int CRL_DISTRIBUTION_POINTS
public static final int INHIBIT_ANY_POLICY
public static final int AUTHORITY_INFO_ACCESS
public static final byte[] AUTHORITY_INFO_OID
public static final int NETSCAPE_CERT_TYPE
public static final byte[] NETSCAPE_CERT_TYPE_OID
public static final int NETSCAPE_BASE_URL
public static final byte[] NETSCAPE_BASE_URL_OID
public static final int NETSCAPE_REVOCATION_URL
public static final byte[] NETSCAPE_REVOCATION_URL_OID
public static final int NETSCAPE_CA_REVOCATION_URL
public static final byte[] NETSCAPE_CA_REVOCATION_URL_OID
public static final int NETSCAPE_CERT_RENEWAL_URL
public static final byte[] NETSCAPE_CERT_RENEWAL_URL_OID
public static final int NETSCAPE_CA_POLICY_URL
public static final byte[] NETSCAPE_CA_POLICY_URL_OID
public static final int NETSCAPE_SSL_SERVER_NAME
public static final byte[] NETSCAPE_SSL_SERVER_NAME_OID
public static final int NETSCAPE_COMMENT
public static final byte[] NETSCAPE_COMMENT_OID
public static final int VERISIGN_CZAG
public static final byte[] VERISIGN_CZAG_OID
public static final int VERISIGN_FIDELITY_ID
public static final byte[] VERISIGN_FIDELITY_ID_OID
public static final int VERISIGN_NETSCAPE_INBOX_V1
public static final byte[] VERISIGN_NETSCAPE_INBOX_V1_OID
public static final int VERISIGN_NETSCAPE_INBOX_V2
public static final byte[] VERISIGN_NETSCAPE_INBOX_V2_OID
public static final int VERISIGN_JURISDICTION_HASH
public static final byte[] VERISIGN_JURISDICTION_HASH_OID
public static final int VERISIGN_TOKEN_TYPE
public static final byte[] VERISIGN_TOKEN_TYPE_OID
public static final int VERISIGN_SERIAL_NUMBER
public static final byte[] VERISIGN_SERIAL_NUMBER_OID
public static final int VERISIGN_NON_VERIFIED
public static final byte[] VERISIGN_NON_VERIFIED_OID
public static final int OCSP_NOCHECK
public static final byte[] OCSP_NOCHECK_OID
public static final int ARCHIVE_CUTOFF
public static final byte[] ARCHIVE_CUTOFF_OID
public static final int CRL_REFERENCE
public static final byte[] CRL_REFERENCE_OID
public static final int OCSP_NONCE
public static final byte[] OCSP_NONCE_OID
public static final int OCSP_ACCEPTABLE_RESPONSES
public static final byte[] OCSP_ACCEPTABLE_RESPONSES_OID
public static final int OCSP_SERVICE_LOCATOR
public static final byte[] OCSP_SERVICE_LOCATOR_OID
public static final int QC_STATEMENTS
public static final byte[] QC_STATEMENTS_OID
public static final int BIO_INFO
public static final byte[] BIO_INFO_OID
public static final int NON_STANDARD_EXTENSION
| Constructor Detail |
public X509V3Extension()
| Method Detail |
public static void extend(byte[] oid,
X509V3Extension extension)
throws CertificateException
Parameters
oid | A | ||
extension | An
public class MyExtension
extends X509V3Extension
implements Cloneable, Serializable, CertExtension
{
// Constructs an instance of the class.
public MyExtension (......)
{
this.extensionTypeFlag = NON_STANDARD_EXTENSION;
extensionTypeString = "My Extension";
......
}
// Initializes for encoding the value.
// Returns many bytes the encoding will be.
public int derEncodeValueInit ()
{
......
}
// Places the encoding of the value into the encoding
// array, beginning at the offset index. This is
// the actual contents that are wrapped in
// the OCTET STRING (not the surrounding OCTET STRING tag
// and length).
// It returns the number of bytes actually placed into
// the encoding array.
public int derEncodeValue (byte[] encoding, int offset)
{
......
}
// Decodes the value. The valueBER is the BER encoding
// that was wrapped in the OCTET STRING.
public void decodeValue (byte[] valueBER, int offset)
throws CertificateException
{
......
}
// Overrides the default clone method.
public Object clone ()
throws CloneNotSupportedException
{
......
}
|
Throws
CertificateException - If any of
the arguments is null, or the oid
is already used..
public static X509V3Extension getInstance(byte[] extensionBER,
int offset)
throws CertificateException
Parameters
extensionBER | The BER encoding of an extension. | ||
offset | The offset into extensionBER where the encoding begins. |
Returns
X509V3Extension object
that contains the extension.
Throws
CertificateException
public void setEncoding(byte[] data,
int offset,
int len)
Parameters
data | The | ||
offset | The offset into encoding where the encoding to use starts. | ||
len | The length of the encoding. |
public static int getNextBEROffset(byte[] extensionBER,
int offset)
throws CertificateException
X509V3Extension object, beginning at
offset, finds the index to the next element
in the encoding. Gets the next offset after the name.
For example, if the offset is 120 and the length of the
BER encoding of the X509V3Extension object is 1819
bytes, this method returns 1939, the index
immediately following the X509V3Extension
object. That is, extensionBER>[120] is the first
byte in the encoding of the X509V3Extension
object, extensionBER[1938] is the last byte in the
encoding of the X509V3Extension object, and the
next element begins at index 1939.Parameters
extensionBER | The BER encoding of a
| ||
offset | The offset into extensionBER where the encoding begins. |
Returns
Throws
NameExceptionpublic void setStandardOID(int lastByte)
Parameters
lastByte | The last byte of the OID. |
public void setSpecialOID(byte[] extOID)
Parameters
extensionOID | the OID. |
public void setCriticality(boolean proposedCriticality)
true
means that the extension is to be marked critical.
Parameters
proposedCriticality | The criticality to set. |
public boolean getCriticality()
true
means that the extension has been marked critical.
Returns
public abstract void decodeValue(byte[] valueBER,
int offset)
throws CertificateException
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding begins. |
Throws
CertificateExceptionpublic int getExtensionType()
Returns
public String getExtensionTypeString()
Returns
String that contains the name of
the extension type.public boolean isExtensionType(int type)
Parameters
type | The extension-type flag to check. |
Returns
boolean, indicating whether this
object is of the type contained in type.public int getDERLen(int special)
Extension ::= SEQUENCE { . . . }
That ASN.1 definition means the tag will be 0x30.
However, an extension object can be part of some other
construct, and it may have a different tag caused by
IMPLICIT or EXPLICIT. For
example, suppose the definition is as follows:
extension [1] IMPLICIT Extension
In this case, the tag will change from 0x30
to 0xa1.
To indicate that the DER encoding of
Extension should follow special
circumstances, use the special argument.
Set special to any special
instructions of the DER encoding. For example, to
indicate the following:
extension [1] IMPLICIT Extension
Pass in the following:
special = (ASN1.CONTEXT_IMPLICIT | 1);
If there are no special circumstances, pass in the following:
special = 0
The following ASN.1 constants are
possible values for special:
APP_IMPLICIT, APP_EXPLICIT,
PRIVATE_IMPLICIT, PRIVATE_EXPLICIT,
OPTIONAL, DEFAULT,
CONTEXT_IMPLICIT,
or CONTEXT_EXPLICIT.Parameters
special | The special DER circumstances of the encoding, if there
are any.
The following ASN.1 constants are
possible values for special:
|
Returns
public abstract int derEncodeValueInit()
Returns
public int getDEREncoding(byte[] encoding,
int offset,
int special)
getDERLen. If this object
is not yet set with values, then this method places
nothing into the byte array and returns
zero.
The ASN.1 definition of Extensions is
extension ::= SEQUENCE { . . .
That ASN.1 definition means the tag will be 0x30.
However, an extension object can be part of some other
construct, and it may have a different tag caused by
IMPLICIT or EXPLICIT. For
example, suppose the definition is as follows:
extension [1] IMPLICIT Extension
In this case, the tag will change from 0x30
to 0xa1.
To indicate that the DER encoding of
Extension should follow special
circumstances, use the special argument.
Set special to any special
instructions of the DER encoding. For example, to
indicate the following:
extension [1] IMPLICIT Extension
Pass in the following:
special = (ASN1.CONTEXT_IMPLICIT | 1);
If there are no special circumstances, pass in the following:
special = 0
The following ASN.1 constants are
possible values for special:
APP_IMPLICIT, APP_EXPLICIT,
PRIVATE_IMPLICIT, PRIVATE_EXPLICIT,
OPTIONAL, DEFAULT,
CONTEXT_IMPLICIT,
or CONTEXT_EXPLICIT.Parameters
encoding | A | ||
offset | The offset into encoding where writing begins. | ||
special | The special DER circumstances of the encoding, if
there are any.
The following ASN.1 constants are
possible values for special:
|
Returns
public abstract int derEncodeValue(byte[] encoding,
int offset)
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public abstract Object clone()
throws CloneNotSupportedException
clone method
to get a deeper clone.
Returns
X509V3Extension object,
a copy of this object.
Throws
CloneNotSupportedException
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||