ExtendedKeyUsage (6.0 API Documentation)

java.lang.Object
- iaik.x509.V3Extension
- - iaik.x509.extensions.ExtendedKeyUsage

```
public class ExtendedKeyUsage
extends V3Extension
```
This class implements the ExtendedKeyUsage Extension.
The ExtendedKeyUsage extension is a standard X509v3 extension, which may or may not be marked as being critical.
Each extension is associated with a specific certificateExtension object identifier, derived from:
```
 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension
 
```
The object identifier for the ExtendedKeyUsage extension is defined as:
id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
which corresponds to the OID string "2.5.29.37".
The X.509 Certificate and CRL profile presented in RFC 3280 specifies the extended key usage extension for defining purposes for which the subject's public key may be used. These purposes may be specified in addition to those of the KeyUsage extension, or in place of those.
The ASN.1 definition of the ExtendedKeyUsage extension is specified as follows:
```
 ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId

 KeyPurposeId ::= OBJECT IDENTIFIER
 
```
Key purposes may be defined by any organization with a need. Object identifiers used to identify key purposes shall be assigned in accordance with IANA or ITU-T Rec. X.660 | ISO/IEC/ITU 9834-1.
More information can be found in RFC 3280, section 4.2.1.13 "Extended Key Usage".
The following extended key usage purposes are defined by RFC 3280:
- serverAuth (1.3.6.1.5.5.7.3.1) -- TLS Web server authentication
- clientAuth (1.3.6.1.5.5.7.3.2) -- TLS Web client authentication
- codeSigning (1.3.6.1.5.5.7.3.3) -- Code signing
- emailProtection (1.3.6.1.5.5.7.3.4) -- E-mail protection
- timeStamping (1.3.6.1.5.5.7.3.8) -- Timestamping
- ocspSigning (1.3.6.1.5.5.7.3.9) -- OCSPstamping
The following purposes have been included in a predecessor draft of RFC 3280 and therefore continue to be registrated by this implementation:
- ipsecEndSystem (1.3.6.1.5.5.7.3.5) -- IP security end system
- ipsecTunnel (1.3.6.1.5.5.7.3.6) -- IP security tunnel termination
- ipsecUser (1.3.6.1.5.5.7.3.7) -- IP security user
Note that these three key usages are deprecated by the PKIX profile for IKE. Instead the iKEIntermediate extended key usage (1.3.6.1.5.5.8.2.2) may be used in a certificate for an IPsec end entity. However, iKEIntermediate was also only specified by an internet draft (draft-ietf-ipsec-pki-req-05.txt) which has not become an RFC. Nevertheless iKEIntermediate may be required by an IpSec service.
For adding a ExtendedKeyUsage extension object to a X509Certificate, use the addExtension method of the iaik.x509.X509Certificate class, e.g.:
```
 X509Certificate cert = new X509Certificate();
  ...
 ExtendedKeyUsage extKeyUsage = new ExtendedKeyUsage();
 //add purposes
 extKeyUsage.addKeyPurposeID(ExtendedKeyUsage.codeSigning);
 extKeyUsage.addKeyPurposeID(ExtendedKeyUsage.timeStamping);
 extKeyUsage.setCritical(true);
 cert.addExtension(keyUsage);
 
```
Version:

File Revision 25

See Also:
ObjectID, X509Certificate, X509Extensions, V3Extension

Field Summary

Fields
Modifier and Type	Field and Description
`static ObjectID`	`anyExtendedKeyUsage` The "Any extended key usage" ExtendedKeyUsage purpose id.
`static ObjectID`	`clientAuth` The "TLS Web client authentication" ExtendedKeyUsage purpose id.
`static ObjectID`	`codeSigning` The "Code Signing" ExtendedKeyUsage purpose id.
`static ObjectID`	`emailProtection` The "E-mail protection" ExtendedKeyUsage purpose id.
`static ObjectID`	`iKEIntermediate` The "iKEIntermediate" ExtendedKeyUsage purpose id.
`static ObjectID`	`ipsecEndSystem` The "IP security end system" ExtendedKeyUsage purpose id.
`static ObjectID`	`ipsecTunnel` The "IP security tunnel termination" ExtendedKeyUsage purpose id.
`static ObjectID`	`ipsecUser` The "IP security user" ExtendedKeyUsage purpose id.
`static ObjectID`	`microsoftSGC` The "Microsoft Server Gated Cryptography" ExtendedKeyUsage purpose id.
`static ObjectID`	`netscapeSGC` The "Netscape Server Gated Cryptography" ExtendedKeyUsage purpose id.
`static ObjectID`	`ocspSigning` The OCSP signing ExtendedKeyUsage purpose id.
`static ObjectID`	`oid` The object identifier of this ExtendedKeyUsage extension.
`static ObjectID`	`serverAuth` The "TLS Web server authentication" ExtendedKeyUsage purpose id.
`static ObjectID`	`timeStamping` The "Timestamping" ExtendedKeyUsage purpose id.
`static ObjectID`	`tslSigning` The TSL signing ExtendedKeyUsage purpose id.

Fields inherited from class iaik.x509.V3Extension
critical

Constructor Summary

Constructors
Constructor and Description
`ExtendedKeyUsage()` Creates a new ExtendedKeyUsage extension.
`ExtendedKeyUsage(ObjectID keyPurposeID)` Create an ExtendedKeyUsage with a given key purpose.
`ExtendedKeyUsage(ObjectID[] keyPurposes)` Create an ExtendedKeyUsage with an array of key purposes.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`addKeyPurposeID(ObjectID keyPurposeID)` Adds a KeyPurposeID to this extension.
`boolean`	`contains(ObjectID keyPurposeID)` Checks if the given key purpose id is included.
`ObjectID[]`	`getKeyPurposeIDs()` Returns all KeyPurposeIDs included in this extension.
`ObjectID`	`getObjectID()` Returns the object ID of this `ExtendedKeyUsage` extension.
`int`	`hashCode()` Returns a hashcode for this identity.
`void`	`init(ASN1Object obj)` Inits this `ExtendedKeyUsage` implementation with an ASN1Object representing the value of this extension.
`void`	`removeAllKeyPurposeIDs()` Removes all KeyPurposeIDs from this extension.
`boolean`	`removeKeyPurposeID(ObjectID keyPurposeID)` Removes a KeyPurposeID from this extension.
`ASN1Object`	`toASN1Object()` Returns an ASN1Object representing the value of this `ExtendedKeyUsage` extension object.
`java.lang.String`	`toString()` Returns a string that represents the contents of this `ExtendedKeyUsage` extension.

Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - oid
```
public static final ObjectID oid
```
    The object identifier of this ExtendedKeyUsage extension. The corresponding OID string is "2.5.29.37".
  - anyExtendedKeyUsage
```
public static final ObjectID anyExtendedKeyUsage
```
    The "Any extended key usage" ExtendedKeyUsage purpose id. OID string: "2.5.29.37.0".
  - serverAuth
```
public static final ObjectID serverAuth
```
    The "TLS Web server authentication" ExtendedKeyUsage purpose id. OID string: "1.3.6.1.5.5.7.3.1".
  - clientAuth
```
public static final ObjectID clientAuth
```
    The "TLS Web client authentication" ExtendedKeyUsage purpose id. OID string: "1.3.6.1.5.5.7.3.2".
  - codeSigning
```
public static final ObjectID codeSigning
```
    The "Code Signing" ExtendedKeyUsage purpose id. OID string: "1.3.6.1.5.5.7.3.3".
  - emailProtection
```
public static final ObjectID emailProtection
```
    The "E-mail protection" ExtendedKeyUsage purpose id. OID string: "1.3.6.1.5.5.7.3.4".
  - ipsecEndSystem
```
public static final ObjectID ipsecEndSystem
```
    The "IP security end system" ExtendedKeyUsage purpose id. OID string: "1.3.6.1.5.5.7.3.5".
  - ipsecTunnel
```
public static final ObjectID ipsecTunnel
```
    The "IP security tunnel termination" ExtendedKeyUsage purpose id. OID string: "1.3.6.1.5.5.7.3.6".
  - ipsecUser
```
public static final ObjectID ipsecUser
```
    The "IP security user" ExtendedKeyUsage purpose id. OID string: "1.3.6.1.5.5.7.3.7".
  - timeStamping
```
public static final ObjectID timeStamping
```
    The "Timestamping" ExtendedKeyUsage purpose id. OID string: "1.3.6.1.5.5.7.3.8".
  - ocspSigning
```
public static final ObjectID ocspSigning
```
    The OCSP signing ExtendedKeyUsage purpose id. OID string: "1.3.6.1.5.5.7.3.9".
  - iKEIntermediate
```
public static final ObjectID iKEIntermediate
```
    The "iKEIntermediate" ExtendedKeyUsage purpose id. OID string: "1.3.6.1.5.5.8.2.2".
  - microsoftSGC
```
public static final ObjectID microsoftSGC
```
    The "Microsoft Server Gated Cryptography" ExtendedKeyUsage purpose id. OID string: "1.3.6.1.4.1.311.10.3.3".
  - netscapeSGC
```
public static final ObjectID netscapeSGC
```
    The "Netscape Server Gated Cryptography" ExtendedKeyUsage purpose id. OID string: "2.16.840.1.113730.4.1".
  - tslSigning
```
public static final ObjectID tslSigning
```
    The TSL signing ExtendedKeyUsage purpose id. Specified by ETSI TS 102 231 V3.1.2 for the purpose of signing Trust-service Status Lists.
```
 * -- OID for TSL signing KeyPurposeID for ExtKeyUsageSyntax
 id-tsl OBJECT IDENTIFIER { itu-t(0) identified-organization(4)
              etsi(0) tsl-specification (2231) }
 id-tsl-kp OBJECT IDENTIFIER ::= { id-tsl kp(3) }
 id-tsl-kp-tslSigning OBJECT IDENTIFIER ::= { id-tsl-kp tsl-signing(0) }
 
```
    OID string: "0.4.0.2231.3.0".
- Constructor Detail
  - ExtendedKeyUsage
```
public ExtendedKeyUsage()
```
    Creates a new ExtendedKeyUsage extension. Use the addKeyUsagePurposeID method for adding some purpose, e.g.:
```
 ExtendedKeyUsage extKeyUsage = new ExtendedKeyUsage();
 extKeyUsage.addKeyPurposeID(ExtendedKeyUsage.codeSigning);
 extKeyUsage.addKeyPurposeID(ExtendedKeyUsage.timeStamping);
 
```
  - ExtendedKeyUsage
```
public ExtendedKeyUsage(ObjectID keyPurposeID)
```
    Create an ExtendedKeyUsage with a given key purpose.
  - ExtendedKeyUsage
```
public ExtendedKeyUsage(ObjectID[] keyPurposes)
```
    Create an ExtendedKeyUsage with an array of key purposes.
- Method Detail
  - addKeyPurposeID
```
public void addKeyPurposeID(ObjectID keyPurposeID)
```
    Adds a KeyPurposeID to this extension.
    
    Parameters:
    keyPurposeID - the KeyPurposeID to add
  - removeKeyPurposeID
```
public boolean removeKeyPurposeID(ObjectID keyPurposeID)
```
    Removes a KeyPurposeID from this extension.
    
    Parameters:
    keyPurposeID - the KeyPurposeID to remove
  - removeAllKeyPurposeIDs
```
public void removeAllKeyPurposeIDs()
```
    Removes all KeyPurposeIDs from this extension.
  - getKeyPurposeIDs
```
public ObjectID[] getKeyPurposeIDs()
```
    Returns all KeyPurposeIDs included in this extension.
    
    Returns:
    all KeyPurposeIDs included in this extension
  - contains
```
public boolean contains(ObjectID keyPurposeID)
```
    Checks if the given key purpose id is included.
    
    Parameters:
    keyPurposeID - the key purpose id to be checked
    
    Returns:
    true if the given key purpose id is included false if it is not included
  - toASN1Object
```
public ASN1Object toASN1Object()
                        throws X509ExtensionException
```
    Returns an ASN1Object representing the value of this ExtendedKeyUsage extension object.
    The returned ASN1Object is an ASN.1 Sequence representing the several purpose ids:
```
 ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId

 KeyPurposeId ::= OBJECT IDENTIFIER
 
```
    Specified by:
    
    toASN1Object in class V3Extension
    
    Returns:
    the value of this ExtendedKeyUsage as ASN1Object
    
    Throws:
    
    X509ExtensionException - if the extension could not be created
  - init
```
public void init(ASN1Object obj)
          throws X509ExtensionException
```
    Inits this ExtendedKeyUsage implementation with an ASN1Object representing the value of this extension.
    The given ASN1Object is the one created by toASN1Object().
    This method is used by the X509Extensions class when parsing the ASN.1 representation of a certificate for properly initializing an included ExtendedKeyUsage extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.
    
    Specified by:
    
    init in class V3Extension
    
    Parameters:
    obj - the ExtendedKeyUsage as ASN1Object
    
    Throws:
    
    X509ExtensionException - if the extension could not be parsed
  - hashCode
```
public int hashCode()
```
    Returns a hashcode for this identity.
    
    Specified by:
    
    hashCode in class V3Extension
    
    Returns:
    a hash code for this identity
  - getObjectID
```
public ObjectID getObjectID()
```
    Returns the object ID of this ExtendedKeyUsage extension.
    
    Specified by:
    
    getObjectID in class V3Extension
    
    Returns:
    the object ID
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents the contents of this ExtendedKeyUsage extension.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class ExtendedKeyUsage

Field Summary

Fields inherited from class iaik.x509.V3Extension

Constructor Summary

Method Summary

Methods inherited from class iaik.x509.V3Extension

Methods inherited from class java.lang.Object

Field Detail

oid

anyExtendedKeyUsage

serverAuth

clientAuth

codeSigning

emailProtection

ipsecEndSystem

ipsecTunnel

ipsecUser

timeStamping

ocspSigning

iKEIntermediate

microsoftSGC

netscapeSGC

tslSigning

Constructor Detail

ExtendedKeyUsage

ExtendedKeyUsage

ExtendedKeyUsage

Method Detail

addKeyPurposeID

removeKeyPurposeID

removeAllKeyPurposeIDs

getKeyPurposeIDs

contains

toASN1Object

init

hashCode

getObjectID

toString