|
5.24 (c) 2002 IAIK, (c) 2003 - 2014 SIC |
|
public class SubjectAltName extends V3Extension
SubjectAltName extension.
The SubjectAltName extension is a standard X509v3 extension,
which has to be marked as being critical if the certificate's subject field
contains an empty sequence.
Each extension is associated with a specific
certificateExtension object identifier, derived from:
certificateExtension OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) 29}
id-ce OBJECT IDENTIFIER ::= certificateExtension
The object identifier for the SubjectAltName extension is
defined as:
id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 }
which corresponds to the OID string "2.5.29.17".
The X.509 Certificate and CRL profile presented in RFC 3280 specifies the Subject Alternative Name extension for allowing to bind additional identities to the subject of the certificate. Defined options include an rfc822 name (electronic mail address), a DNS name, an IP address, and an URI:
SubjectAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
GeneralName ::= CHOICE { otherName [0] OtherName, rfc822Name [1] IA5String, dNSName [2] IA5String, x400Address [3] ORAddress, directoryName [4] Name, ediPartyName [5] EDIPartyName, uniformResourceIdentifier [6] IA5String, iPAddress [7] OCTET STRING, registeredID [8] OBJECT IDENTIFIER}
OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id }
EDIPartyName ::= SEQUENCE { nameAssigner [0] DirectoryString OPTIONAL, partyName [1] DirectoryString }
DirectoryString ::= CHOICE { teletexString TeletexString (SIZE (1..maxSize), printableString PrintableString (SIZE (1..maxSize)), universalString UniversalString (SIZE (1..maxSize)), utf8String UTF8String (SIZE (1.. MAX)), bmpString BMPString (SIZE(1..maxSIZE)) }
If the only subject identity included in the certificate is an alternative name form (e.g., an electronic mail address), then the subject distinguished name shall be empty (an empty sequence), and the subjectAltName extension shall be present. If the subject field contains an empty sequence, the subjectAltName extension shall be marked critical.
More information can be found in RFC 3280, section 4.2.1.7 "Subject Alternative Name".
For adding a SubjectAltName extension object to a
X509Certificate, use the addExtension method of the iaik.x509.X509Certificate class, e.g.:
X509Certificate cert = new X509Certificate(); ... GeneralNames generalNames = new GeneralNames(); generalNames.addName(new GeneralName(GeneralName.iPAddress, "127.0.0.1")); SubjectAltName subAltName = new SubjectAltName(generalNames); cert.addExtension(subAltName);
When intending to mark this extension as critical (which necessarily has to
be done if the certificate's subject field is an empty sequence), use the
setCritical method of the
iaik.x509.V3Extension parent class (note that
you have to mark an extension as critical before adding the extension to a
certificate), e.g.:
subAltName.setCritical(true);
GeneralNames,
GeneralName,
IA5String,
OCTET_STRING,
ObjectID,
Name,
T61String,
PrintableString,
UNIString,
BMPString,
V3Extension,
X509Extensions,
X509Certificate| Modifier and Type | Field and Description |
|---|---|
static ObjectID |
oid
The object identifier of this SubjectAltName extension.
|
critical| Constructor and Description |
|---|
SubjectAltName()
Default Constructor.
|
SubjectAltName(GeneralNames gn)
Constructs a
SubjectAltName extension with the given
GeneralNames as value. |
| Modifier and Type | Method and Description |
|---|---|
GeneralNames |
getGeneralNames()
Returns the alternative name of the subject.
|
ObjectID |
getObjectID()
Returns the object ID of this
SubjectAltName extension |
int |
hashCode()
Returns a hashcode for this identity.
|
void |
init(ASN1Object obj)
Inits this
SubjectAltName implementation with an ASN1object
representing the value of this extension. |
void |
setGeneralNames(GeneralNames gn)
Sets the alternative name of the subject.
|
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this
SubjectAltName extension object. |
java.lang.String |
toString()
Returns a string that represents the contents of this
SubjectAltName extension. |
getName, isCritical, setCriticalpublic static final ObjectID oid
public SubjectAltName()
Creates an empty SubjectAltName object. Use
setGeneralNames for supplying some GeneralNames
object to this SubjectAltName extension.
The critical value per default is set to false.
If you want to specify this extension as critical (which necessarily
has to be done if the certificate's subject field is an empty sequence)
before adding it to a certificate, use the
setCritical method of
the iaik.x509.V3Extension parent class, e.g.:
subAltName.setCritical(true); cert.addExtension(subAltName);
V3Extension.setCritical(boolean)public SubjectAltName(GeneralNames gn)
SubjectAltName extension with the given
GeneralNames as value.
The critical value per default is set to false.
If you want to specify this extension as critical (which necessarily
has to be done if the certificate's subject field is an empty sequence)
before adding it to a certificate, use the
setCritical method of
the iaik.x509.V3Extension parent class, e.g.:
X509Certificate cert = new X509Certificate(); ... GeneralNames generalNames = new GeneralNames(); generalNames.addName(new GeneralName(GeneralName.iPAddress, "127.0.0.1")); SubjectAltName subAltName = new SubjectAltName(generalNames); subAltName.setCritical(true); cert.addExtension(subAltName);
gn - the alternative name of the subject as GeneralNamesV3Extension.setCritical(boolean),
GeneralNamespublic ObjectID getObjectID()
SubjectAltName extensiongetObjectID in class V3Extensionpublic void init(ASN1Object obj) throws X509ExtensionException
SubjectAltName implementation with an ASN1object
representing the value of this extension.
The given ASN1Object represents a GeneralNames value (additionally) identifying the certificate subject.
The given ASN1Object is the one created by toASN1Object().
This method is used by the X509Extensions
class when parsing the ASN.1 representation of a certificate for properly
initializing an included SubjectAltName extension. This method initializes
the extension only with its value, but not with its critical specification.
For that reason, this method shall not be explicitly called by an
application.
init in class V3Extensionobj - the SubjectAltName as ASN1ObjectX509ExtensionException - if the extension could not be parsedpublic ASN1Object toASN1Object() throws X509ExtensionException
SubjectAltName extension object.
The returned ASN1Object represents a GeneralNames value (additionally) identifying the certificate subject:
SubjectAltName ::= GeneralNames
toASN1Object in class V3ExtensionSubjectAltName as ASN1ObjectX509ExtensionException - if the ASN1Object cannot be created because of an coding errorpublic void setGeneralNames(GeneralNames gn)
For instance:
GeneralNames generalNames = new GeneralNames(); generalNames.addName(new GeneralName(GeneralName.iPAddress, "127.0.0.1")); SubjectAltName subAltName = new SubjectAltName(); subAltName.setGeneralNames(generalNames);
gn - the alternative name of the subject as GeneralNamesgetGeneralNames(),
GeneralNamespublic GeneralNames getGeneralNames()
setGeneralNames(iaik.asn1.structures.GeneralNames),
GeneralNamespublic int hashCode()
hashCode in class V3Extensionpublic java.lang.String toString()
SubjectAltName extension.toString in class java.lang.Object