iaik.x509.extensions.netscape

Class NetscapeCertType

java.lang.Object

iaik.x509.V3Extension

iaik.x509.extensions.netscape.NetscapeCertType

public class NetscapeCertType
extends V3Extension

This class implements the NetscapeCertType Extension.

Each Netscape certificate extension is associated with a specific certificateExtension object identifier, derived from:

 netscape OBJECT IDENTIFIER ::= { 2 16 840 1 113730 }
 netscape-cert-extension OBJECT IDENTIFIER :: = { netscape 1 }
 

The object identifier for the NetscapeCertType extension is defined as:

netscape-cert-type OBJECT IDENTIFIER ::= { netscape-cert-extension 1 }

which corresponds to the OID string "2.16.840.1.113730.1.1".

The Netscape Certificate Specification specifies the NetscapeCertType extension for limting the applications for a certificate. If the extension exists in a certificate, it will limit the uses of the certificate to those specified. If the extension is not present, the certificate can be used for all applications except Object Signing.

The value is a bit-string, where the individual bit positions are defined as:

• bit-0 SSL client - this cert is certified for SSL client authentication use
• bit-1 SSL server - this cert is certified for SSL server authentication use
• bit-2 S/MIME - this cert is certified for use by clients (New in PR3)
• bit-3 Object Signing - this cert is certified for signing objects such as Java applets and plugins(New in PR3)
• bit-4 Reserved - this bit is reserved for future use
• bit-5 SSL CA - this cert is certified for issuing certs for SSL use
• bit-6 S/MIME CA - this cert is certified for issuing certs for S/MIME use (New in PR3)
• bit-7 Object Signing CA - this cert is certified for issuing certs for Object Signing (New in PR3)

You may specify some certificate usage type(s) directly when creating a NetscapeCertType extension, or you may use the default constructor and supply the type(s) by using the setCertType method, e.g.:

 NetscapeCertType netscapeCertType = new NetscapeCertType();
 netscapeCertType.setCertType(NetscapeCertType.SSL_CLIENT |
                              NetscapeCertType.SSL_SERVER);
 

Version:

File Revision 17

See Also:

V3Extension, X509Extensions

Field Summary

Fields

Modifier and Type	Field and Description
static int	OBJECT_SIGNING Indicates a certificate that is certified for signing objects such as Java applets ans plugins.
static int	OBJECT_SIGNING_CA Indicates a certificate that is certified for issuing certs for Object Signing.
static ObjectID	oid The object ID of the X.509 extension NetscapeCertType.
static int	S_MIME Indicates a certificate that is certified for use by clients.
static int	S_MIME_CA Indicates a certificate that is certified for issuing certs for S/MIME use.
static int	SSL_CA Indicates a certificate that is certified for issuing certs for SSL use.
static int	SSL_CLIENT Indicates a certificate that is certified for SSL client authentication use.
static int	SSL_SERVER Indicates a certificate that is certified for SSL server authentication use.

Fields inherited from class iaik.x509.V3Extension

critical

Constructor Summary

Constructors

Constructor and Description
NetscapeCertType() Default constructor.
NetscapeCertType(int type) Constructs a NetscapeCertType extension with a specified type parameter.

Method Summary

Methods

Modifier and Type	Method and Description
int	getCertType() Returns the usage type value of the certificate as an integer.
ObjectID	getObjectID() Returns the object ID of this NetscapeCertType extension
int	hashCode() Returns a hashcode for this identity.
void	init(ASN1Object obj) Inits this NetscapeCertType implementation with an ASN1object representing the value of this extension.
void	setCertType(int type) Sets the usage type of the certificate.
ASN1Object	toASN1Object() Returns an ASN1Object representing the value of this NetscapeCertType extension object.
java.lang.String	toString() Returns a string that represents the contents of this NetscapeCertType extension.

Methods inherited from class iaik.x509.V3Extension

getName, isCritical, setCritical

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

oid

public static final ObjectID oid

The object ID of the X.509 extension NetscapeCertType.

SSL_CLIENT

public static final int SSL_CLIENT

Indicates a certificate that is certified for SSL client authentication use.

See Also:

Constant Field Values

SSL_SERVER

public static final int SSL_SERVER

Indicates a certificate that is certified for SSL server authentication use.

See Also:

Constant Field Values

S_MIME

public static final int S_MIME

Indicates a certificate that is certified for use by clients.

See Also:

Constant Field Values

OBJECT_SIGNING

public static final int OBJECT_SIGNING

Indicates a certificate that is certified for signing objects such as Java applets ans plugins.

See Also:

Constant Field Values

SSL_CA

public static final int SSL_CA

Indicates a certificate that is certified for issuing certs for SSL use.

See Also:

Constant Field Values

S_MIME_CA

public static final int S_MIME_CA

Indicates a certificate that is certified for issuing certs for S/MIME use.

See Also:

Constant Field Values

OBJECT_SIGNING_CA

public static final int OBJECT_SIGNING_CA

Indicates a certificate that is certified for issuing certs for Object Signing.

See Also:

Constant Field Values

Constructor Detail

NetscapeCertType

public NetscapeCertType()

Default constructor. Creates an empty NetscapeCertType object.

Use the setCertType method for explicitly setting some particular certificate type(s), e.g.:

 NetscapeCertType netscapeCertType = new NetscapeCertType();
 netscapeCertType.setCertType(NetscapeCertType.SSL_CLIENT |
                              NetscapeCertType.SSL_SERVER);
 

NetscapeCertType

public NetscapeCertType(int type)

Constructs a NetscapeCertType extension with a specified type parameter.

For instance:

 NetscapeCertType netscapeCertType = new NetscapeCertType(NetscapeCertType.SSL_CLIENT |
                                                          NetscapeCertType.SSL_SERVER);
 

The following types are supported:

• SSL_CLIENT - certifcate for SSL client authentication use
• SSL_SERVER - certificate for SSL server authentication use
• S_MIME - certificate for use by clients
• OBJECT_SIGNING - certificate for signing objects such as Java applets and plugins
• SSL_CA - certificate for issuing certs for SSL use
• S_MIME_CA - certificate for issuing certs for S/MIME use
• OBJECT_SIGNING_CA - certificate for issuing certs for Object Signing

Parameters:

type - the usage type of the certificate

Method Detail

getObjectID

public ObjectID getObjectID()

Returns the object ID of this NetscapeCertType extension

Specified by:

getObjectID in class V3Extension

Returns:

the object ID

init

public void init(ASN1Object obj)

Inits this NetscapeCertType implementation with an ASN1object representing the value of this extension.

The ASN1Object represents a BIT STRING which specifies the particular type(s) of certificate usage.

The given ASN1Object is the one created by toASN1Object().

This method is used by the X509Extensions class when parsing the ASN.1 representation of a certificate for properly initializing an included NetscapeCertType extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.

Specified by:

init in class V3Extension

Parameters:

obj - the NetscapeCertType as ASN1Object

toASN1Object

public ASN1Object toASN1Object()

Returns an ASN1Object representing the value of this NetscapeCertType extension object.

The returned ASN1Object represents a BIT STRING which specifies the particular type(s) of certificate usage.

Specified by:

toASN1Object in class V3Extension

Returns:

the value of this NetscapeCertType as ASN1Object

setCertType

public void setCertType(int type)

Sets the usage type of the certificate.

For instance:

 NetscapeCertType netscapeCertType = new NetscapeCertType();
 netscapeCertType.setCertType(NetscapeCertType.SSL_CLIENT |
                              NetscapeCertType.SSL_SERVER);
 

The following types are supported:

• SSL_CLIENT - certifcate for SSL client authentication use
• SSL_SERVER - certificate for SSL server authentication use
• S_MIME - certificate for use by clients
• OBJECT_SIGNING - certificate for signing objects such as Java applets and plugins
• SSL_CA - certificate for issuing certs for SSL use
• S_MIME_CA - certificate for issuing certs for S/MIME use
• OBJECT_SIGNING_CA - certificate for issuing certs for Object Signing

Parameters:

type - the type of the certificate

getCertType

public int getCertType()

Returns the usage type value of the certificate as an integer.

Note the "little endian" representation of the BIT STRING representing the value of this NetscapeCertType extension: the most significant bit indicates the type with the lowest bit value, meaning that the integer value 128 (binary 10000000, hexadecimal 80) specifies the "SSL_CLIENT" type, and the integer value 1 specifies the "OBJECT_SIGNING_CA" type.

Returns:

the usage type value of the certificate, as int

hashCode

public int hashCode()

Returns a hashcode for this identity.

Specified by:

hashCode in class V3Extension

Returns:

a hash code for this identity

toString

public java.lang.String toString()

Returns a string that represents the contents of this NetscapeCertType extension.

Overrides:

toString in class java.lang.Object

Returns:

the string representation