|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
|
+--iaik.x509.V3Extension
|
+--iaik.x509.extensions.ExtendedKeyUsage
This class implements the ExtendedKeyUsage Extension.
The ExtendedKeyUsage extension is a standard X509v3 extension, which
may or may not be marked as being critical.
Each extension is associated with a specific certificateExtension
object identifier, derived from:
certificateExtension OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) 29}
id-ce OBJECT IDENTIFIER ::= certificateExtension
The object identifier for the ExtendedKeyUsage extension
is defined as:
id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
which corresponds to the OID string "2.5.29.37".
The X.509 Certificate and CRL profile presented in RFC 2459 specifies the extended key usage extension for defining purposes for which the subject´s public key may be used. These purposes may be specified in addition to those of the KeyUsage extension, or in place of those.
The ASN.1 definition of the ExtendedKeyUsage extension is specified
as follows:
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId KeyPurposeId ::= OBJECT IDENTIFIER
Key purposes may be defined by any organization with a need. Object identifiers used to identify key purposes shall be assigned in accordance with IANA or ITU-T Rec. X.660 | ISO/IEC/ITU 9834-1.
More information can be found in RFC 2459, section 4.2.1.13 "Extended Key Usage".
The following extended key usage purposes are defined by RFC 2459:
ExtendedKeyUsage extension object to a X509Certificate, use the
addExtension method of the iaik.x509.X509Certificate class, e.g.:
X509Certificate cert = new X509Certificate(); ... ExtendedKeyUsage extKeyUsage = new ExtendedKeyUsage(); //add purposes extKeyUsage.addKeyPurposeID(ExtendedKeyUsage.codeSigning); extKeyUsage.addKeyPurposeID(ExtendedKeyUsage.timeStamping); extKeyUsage.setCritical(true); cert.addExtension(keyUsage);
ObjectID,
X509Certificate,
X509Extensions,
V3Extension| Field Summary | |
static ObjectID |
anyExtendedKeyUsage
The "Any extended key usage" ExtendedKeyUsage purpose id. |
static ObjectID |
clientAuth
The "TLS Web client authentication" ExtendedKeyUsage purpose id. |
static ObjectID |
codeSigning
The "Code Signing" ExtendedKeyUsage purpose id. |
static ObjectID |
emailProtection
The "E-mail protection" ExtendedKeyUsage purpose id. |
static ObjectID |
iKEIntermediate
The "iKEIntermediate" ExtendedKeyUsage purpose id. |
static ObjectID |
ipsecEndSystem
The "IP security end system" ExtendedKeyUsage purpose id. |
static ObjectID |
ipsecTunnel
The "IP security tunnel termination" ExtendedKeyUsage purpose id. |
static ObjectID |
ipsecUser
The "IP security user" ExtendedKeyUsage purpose id. |
static ObjectID |
microsoftSGC
The "Microsoft Server Gated Cryptography" ExtendedKeyUsage purpose id. |
static ObjectID |
netscapeSGC
The "Netscape Server Gated Cryptography" ExtendedKeyUsage purpose id. |
static ObjectID |
ocspSigning
The OCSP signing ExtendedKeyUsage purpose id. |
static ObjectID |
oid
The object identifier of this ExtendedKeyUsage extension. |
static ObjectID |
serverAuth
The "TLS Web server authentication" ExtendedKeyUsage purpose id. |
static ObjectID |
timeStamping
The "Timestamping" ExtendedKeyUsage purpose id. |
| Fields inherited from class iaik.x509.V3Extension |
critical |
| Constructor Summary | |
ExtendedKeyUsage()
Creates a new ExtendedKeyUsage extension. |
|
ExtendedKeyUsage(ObjectID keyPurposeID)
Create an ExtendedKeyUsage with a given key purpose. |
|
ExtendedKeyUsage(ObjectID[] keyPurposes)
Create an ExtendedKeyUsage with an array of key purposes. |
|
| Method Summary | |
void |
addKeyPurposeID(ObjectID keyPurposeID)
Adds a KeyPurposeID to this extension. |
ObjectID[] |
getKeyPurposeIDs()
Returns all KeyPurposeIDs included in this extension. |
ObjectID |
getObjectID()
Returns the object ID of this ExtendedKeyUsage extension. |
int |
hashCode()
Returns a hashcode for this identity. |
void |
init(ASN1Object obj)
Inits this ExtendedKeyUsage implementation with an ASN1Object
representing the value of this extension.
|
void |
removeAllKeyPurposeIDs()
Removes all KeyPurposeIDs from this extension. |
boolean |
removeKeyPurposeID(ObjectID keyPurposeID)
Removes a KeyPurposeID from this extension. |
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this ExtendedKeyUsage
extension object.
|
String |
toString()
Returns a string that represents the contents of this ExtendedKeyUsage extension. |
| Methods inherited from class iaik.x509.V3Extension |
getName, isCritical, setCritical |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait |
| Field Detail |
public static final ObjectID oid
public static final ObjectID anyExtendedKeyUsage
public static final ObjectID serverAuth
public static final ObjectID clientAuth
public static final ObjectID codeSigning
public static final ObjectID emailProtection
public static final ObjectID ipsecEndSystem
public static final ObjectID ipsecTunnel
public static final ObjectID ipsecUser
public static final ObjectID timeStamping
public static final ObjectID ocspSigning
public static final ObjectID iKEIntermediate
public static final ObjectID microsoftSGC
public static final ObjectID netscapeSGC
| Constructor Detail |
public ExtendedKeyUsage()
addKeyUsagePurposeID
method for adding some purpose, e.g.:
ExtendedKeyUsage extKeyUsage = new ExtendedKeyUsage(); extKeyUsage.addKeyPurposeID(ExtendedKeyUsage.codeSigning); extKeyUsage.addKeyPurposeID(ExtendedKeyUsage.timeStamping);
public ExtendedKeyUsage(ObjectID keyPurposeID)
public ExtendedKeyUsage(ObjectID[] keyPurposes)
| Method Detail |
public void addKeyPurposeID(ObjectID keyPurposeID)
keyPurposeID - the KeyPurposeID to addpublic boolean removeKeyPurposeID(ObjectID keyPurposeID)
keyPurposeID - the KeyPurposeID to removepublic void removeAllKeyPurposeIDs()
public ObjectID[] getKeyPurposeIDs()
public ASN1Object toASN1Object()
throws X509ExtensionException
ExtendedKeyUsage
extension object.
The returned ASN1Object is an ASN.1 Sequence representing the several purpose ids:
ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId KeyPurposeId ::= OBJECT IDENTIFIER
toASN1Object in class V3ExtensionExtendedKeyUsage as ASN1Object
public void init(ASN1Object obj)
throws X509ExtensionException
ExtendedKeyUsage implementation with an ASN1Object
representing the value of this extension.
The given ASN1Object is the one created by toASN1Object().
This method is used by the X509Extensions class when parsing the ASN.1 representation
of a certificate for properly initializing an included
ExtendedKeyUsage extension. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
init in class V3Extensionobj - the ExtendedKeyUsage as ASN1ObjectX509ExtensionException - if the extension could not be parsedpublic int hashCode()
hashCode in class V3Extensionpublic ObjectID getObjectID()
ExtendedKeyUsage extension.getObjectID in class V3Extensionpublic String toString()
ExtendedKeyUsage extension.toString in class Object
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK