iaik.x509.extensions
Class PrivateKeyUsagePeriod

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.extensions.PrivateKeyUsagePeriod

public class PrivateKeyUsagePeriod

extends V3Extension

This class implements the PrivateKeyUsagePeriod extension.

The PrivateKeyUsagePeriod extension is a standard X509v3 extension, which may or may not be marked as being critical.

Each extension is associated with a specific certificateExtension object identifier, derived from:

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension
 

The object identifier for the PrivateKeyUsagePeriod extension is defined as:

id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 }

which corresponds to the OID string "2.5.29.16".

The X.509 Certificate and CRL profile presented in RFC 2459 specifies the private key usage period extension for allowing the certificate issuer to specify a different validity period for the private key than the certificate. This extension is intended for use with digital signature keys. This extension consists of two optional components notBefore and notAfter. The private key associated with the certificate should not be used to sign objects before or after the times specified by the two components, respectively. CAs conforming to this profile shall not generate certificates with private key usage period extensions unless at least one of the two components is present.

This profile recommends against the use of this extension. CAs conforming to this profile shall not generate certificates with critical private key usage period extensions.

ASN.1 definition:

 PrivateKeyUsagePeriod ::= SEQUENCE {
    notBefore       [0]     GeneralizedTime OPTIONAL,
    notAfter        [1]     GeneralizedTime OPTIONAL }
 

For adding a PrivateKeyUsagePeriod extension object to a X509Certificate, use the addExtension method of the iaik.x509.X509Certificate class, e.g.:

 GregorianCalendar gc = new GregorianCalendar();
 gc.add(Calendar.YEAR, 1);
 PrivateKeyUsagePeriod privateKeyUsagePeriod = new PrivateKeyUsagePeriod(new Date(), gc.getTime());
 X509Certificate cert = new X509Certificate();
  ...
 cert.addExtension(cert_policy);
 

When intending to mark this extension as critical, use the setCritical method of the iaik.x509.V3Extension parent class (note that you have to mark an extension as critical before adding the extension to a certificate):

 privateKeyUsagePeriod.setCritical(true);
 

Version:

File Revision 26

See Also:

GeneralizedTime, V3Extension, X509Extensions, X509Certificate

Field Summary

static ObjectID

oid The object identifier of this PrivateKeyUsagePeriod extension.

Fields inherited from class iaik.x509.V3Extension

critical

Constructor Summary

PrivateKeyUsagePeriod()
Default constructor.

PrivateKeyUsagePeriod(Date notBefore, Date notAfter)
Creates a new PrivateKeyUsagePeriod from 2 Dates defining the validity period of the private key.

Method Summary

Date	getNotAfter() Returns the notAfter date indicating the date the private key cannot be used after.
Date	getNotBefore() Returns the notBefore date indicating the date the private key cannot be used before.
ObjectID	getObjectID() Returns the object ID of this PrivateKeyUsagePeriod extension.
int	hashCode() Returns a hashcode for this identity.
void	init(ASN1Object obj) Inits this PrivateKeyUsagePeriod implementation with an ASN1Object representing the value of this extension.
ASN1Object	toASN1Object() Returns an ASN1Object representing the value of this PrivateKeyUsagePeriod extension object.
String	toString() Returns a string that represents the contents of this PrivateKeyUsagePeriod extension.

Methods inherited from class iaik.x509.V3Extension

getName, isCritical, setCritical

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

oid

public static final ObjectID oid

The object identifier of this PrivateKeyUsagePeriod extension. The corresponding OID string is "2.5.29.16".

Constructor Detail

PrivateKeyUsagePeriod

public PrivateKeyUsagePeriod()

Default constructor.

Creates an empty PrivateKeyUsagePeriod object setting the notBefore and notAfter values per default to null. An application shall not use this constructor for creating a PrivateKeyUsagePeriod constructor. It shall use the PrivateKeyUsagePeriod(Date notBefore, Date notAfter) constructor for immediately supplying notBefore and notAfter date.

PrivateKeyUsagePeriod

public PrivateKeyUsagePeriod(Date notBefore,
                             Date notAfter)

Creates a new PrivateKeyUsagePeriod from 2 Dates defining the validity period of the private key. A parameter of null does not set the corresponding value.

For instance:

 GregorianCalendar gc = new GregorianCalendar();
 gc.add(Calendar.YEAR, 1);
 PrivateKeyUsagePeriod privateKeyUsagePeriod = new PrivateKeyUsagePeriod(new Date(), gc.getTime());
 

Parameters:

notBefore - indicating the date the private key cannot be used before

notAfter - indicating the date the private key cannot be used after

Method Detail

getObjectID

public ObjectID getObjectID()

Returns the object ID of this PrivateKeyUsagePeriod extension.

Overrides:

getObjectID in class V3Extension

Returns:

the object ID

init

public void init(ASN1Object obj)
          throws X509ExtensionException

Inits this PrivateKeyUsagePeriod implementation with an ASN1Object representing the value of this extension.

The given ASN1Object represents a sequence specifying the notBefore and/or notAfter values defining the validity period of the private key.

The given ASN1Object is the one created by toASN1Object.

This method is used by the X509Extensions class when parsing the ASN.1 representation of a certificate for properly initializing an included PrivateKeyUsagePeriod extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.

Overrides:

init in class V3Extension

Parameters:

obj - the PrivateKeyUsage as ASN1Object

Throws:

X509ExtensionException - if the extension could not be parsed

toASN1Object

public ASN1Object toASN1Object()

Returns an ASN1Object representing the value of this PrivateKeyUsagePeriod extension object.

The returned ASN1Object is an ASN.1 Sequence representing the notBefore and/or notAfter values defining the validity period of the private key:

 PrivateKeyUsagePeriod ::= SEQUENCE {
    notBefore       [0]     GeneralizedTime OPTIONAL,
    notAfter        [1]     GeneralizedTime OPTIONAL }
 

Overrides:

toASN1Object in class V3Extension

Returns:

the value of this PrivateKeyUsagePeriod as ASN1Object

getNotBefore

public Date getNotBefore()

Returns the notBefore date indicating the date the private key cannot be used before.

Returns:

the date the private key cannot be used before, or null if the notBefore value has yet not be set.

getNotAfter

public Date getNotAfter()

Returns the notAfter date indicating the date the private key cannot be used after.

Returns:

the date the private key cannot be used after, or null if the notAfter value has yet not be set.

hashCode

public int hashCode()

Returns a hashcode for this identity.

Overrides:

hashCode in class V3Extension

Returns:

a hash code for this identity

toString

public String toString()

Returns a string that represents the contents of this PrivateKeyUsagePeriod extension.

Overrides:

toString in class Object

Returns:

the string representation