IAIK-JCE ME 3.04 API Documentation: Class X509Extension

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

iaik.me.x509
Class X509Extension

java.lang.Object
  |
  +--iaik.me.x509.X509Extension

public class X509Extension
extends Object

This is the central class for X.509 certificate extensions. It may be used for creating some extension from its ASN.1 representation.

Objects of this class are immutable, i.e. they cannot be modified once they have been created. The values contained in the object can be retrieved using the appropriate get*() method using one of the X_* constants valid for the object, i.e.

getByteArray() for byte[] values (e.g. SubjectKeyIdentiifer, etc.),
getInteger() for Integer values (e.g. pathLenConstraint of BasicConstraints, etc.)
getBoolean() for Boolean values (e.g. pathLenConstraint of BasicConstraints, etc.)
getEnumeration() if an extension holds more than value (e.g. extended key usage OIDs)

Example:
To create a secret key:

   // the ASN1 representation of a BasicConstraints extension
   ASN1 asn1 = ...;
   // create the X509Extension object
   X509Extension basicConstraints = new X509Extension(asn1);
   // get the cA value
   boolean cA = basicConstraints.getBoolean(X509Extension.X_BC_IS_CA);
   // get the pathLenConstraint value
   boolean pathLenConstraint = basicConstraints.getInteger(X509Extension.X_BC_LENGTH);

The following extensions are supported (i.e. can be parsed by this class):

BASIC_CONSTRAINTS
KEY_USAGE
EXTENDED_KEY_USAGE
SUBJECT_ALT_NAME
ISSUER_ALT_NAME
SUBJECT_KEY_IDENTIFIER
AUTHORITY_KEY_IDENTIFIER
NETSCAPE_CERT_TYPE
NETSCAPE_COMMENT
NETSCAPE_SSL_SERVER_NAME

Any not support extension will be treated as unknown extension for which the encoding may be retrieved by callling method getByteArray using the X_ENCODING key as parameter:

 byte[] enc = ext.getByteArray(X509Extension.X_ENCODING);

The same applies if errors in extensions (which cannot be parsed properly) occur. To get the keyusage have a look at this:

 
    X509Extension ex1= x509.getExtension(X509Extension.OID_KEY_USAGE);		
	   int a = ex1.getInteger(ex1.X_KEY_USAGE);
	
		if ( b && X509Extension.KU_CRL_SIGN) {
				System.out.println("CRL SIGN");
				break;
	    }
			
		case X509Extension.KU_DATA_ENCIPHERMENT: {
     		 System.out.println("DATA ENC");
			break; 
		}
		case X509Extension.KU_DECIPHER_ONLY:{
			System.out.println("DEC ONLY");
			break;
   	}
		case X509Extension.KU_DIGITAL_SIGNATURE:{
			System.out.println("DIGITAL SIG");
			break;
		}
		case X509Extension.KU_ENCIPHER_ONLY: {
			System.out.println("ENC ONLY");
			break;
		}
		case X509Extension.KU_KEY_AGREEMENT: {
			System.out.println("CRL SIGN");
			break;
		}
		case X509Extension.KU_KEY_CERT_SIGN: {
			System.out.println("CET SIGN");
			break;
		}
		case X509Extension.KU_KEY_ENCIPHERMENT: {
			System.out.println("KEY_ENC");
			break;
		}
		case X509Extension.KU_NON_REPUDIATION: {
		System.out.println("NON REP");
			break;
		}
		default: {
			System.out.println("Unknown EXT!");
		b = b >> 1;	
	}













Field Summary



static int
KU_CRL_SIGN



           



static int
KU_DATA_ENCIPHERMENT



           



static int
KU_DECIPHER_ONLY



           



static int
KU_DIGITAL_SIGNATURE



           



static int
KU_ENCIPHER_ONLY



           



static int
KU_KEY_AGREEMENT



           



static int
KU_KEY_CERT_SIGN



           



static int
KU_KEY_ENCIPHERMENT



           



static int
KU_NON_REPUDIATION



           



static int
NSTYPE_OBJECT_SIGNING



           



static int
NSTYPE_OBJECT_SIGNING_CA



           



static int
NSTYPE_SMIME



           



static int
NSTYPE_SMIME_CA



           



static int
NSTYPE_SSL_CA



           



static int
NSTYPE_SSL_CLIENT



           



static int
NSTYPE_SSL_SERVER



           



static String
OID_AUTHORITY_KEY_IDENTIFIER



           



static String
OID_BASIC_CONSTRAINTS



           



static String
OID_CERTIFICATE_POLICIES



           



static String
OID_EKU_CLIENT_AUTH



           



static String
OID_EKU_CODE_SIGNING



           



static String
OID_EKU_EMAIL_PROTECTION



           



static String
OID_EKU_SERVER_AUTH



           



static String
OID_EKU_TIME_STAMPING



           



static String
OID_ERROR



           



static String
OID_EXTENDED_KEY_USAGE



           



static String
OID_ISSUER_ALT_NAME



           



static String
OID_KEY_USAGE



           



static String
OID_NETSCAPE_CERT_TYPE



           



static String
OID_NETSCAPE_COMMENT



           



static String
OID_NETSCAPE_SSL_SERVER_NAME



           



static String
OID_QCSTATEMENTS



           



static String
OID_SUBJECT_ALT_NAME



           



static String
OID_SUBJECT_KEY_IDENTIFIER



           



static int
X_ALT_NAME_DNS



           



static int
X_ALT_NAME_EMAIL



           



static int
X_ALT_NAME_URI



           



static int
X_BC_IS_CA



           



static int
X_BC_LENGTH



           



static int
X_ENCODING



           



static int
X_EXT_KEY_USAGE



           



static int
X_KEY_ID



           



static int
X_KEY_USAGE



           



static int
X_NS_CERT_TYPE



           



static int
X_NS_COMMENT



           



static int
X_NS_SERVER_NAME



           



static int
X_ORIGINAL_OID



           


 






Constructor Summary


X509Extension(ASN1 ext)



           


 






Method Summary



 boolean
getBoolean(int param)



          Returns an extension value as Boolean. 



 byte[]
getByteArray(int param)



          This method returns a specific extension value as Object. 



 Enumeration
getEnumeration(int param)



          This method returns an enumeration of all values a parameter can have.




 int
getInteger(int param)



          Returns an extension value as Integer. 



 String
getObjectID()



          Returns the Object ID of the current Extension.



 String
getString(int param)



          Returns an extension value as String. 



 Object
getValue(int param)



          This method returns a specific extension value as Object. 



 boolean
isCritical()



          This method returns the critical flag if the extension.
 



 String
toString()



          This method returns information about the extension including:

 critical flag and the extension parameters and values.


 


Methods inherited from class java.lang.Object


clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait


 








Field Detail




OID_ERROR
public static final String OID_ERROR





OID_BASIC_CONSTRAINTS
public static final String OID_BASIC_CONSTRAINTS





OID_KEY_USAGE
public static final String OID_KEY_USAGE





OID_EXTENDED_KEY_USAGE
public static final String OID_EXTENDED_KEY_USAGE





OID_SUBJECT_ALT_NAME
public static final String OID_SUBJECT_ALT_NAME





OID_ISSUER_ALT_NAME
public static final String OID_ISSUER_ALT_NAME





OID_SUBJECT_KEY_IDENTIFIER
public static final String OID_SUBJECT_KEY_IDENTIFIER





OID_AUTHORITY_KEY_IDENTIFIER
public static final String OID_AUTHORITY_KEY_IDENTIFIER





OID_CERTIFICATE_POLICIES
public static final String OID_CERTIFICATE_POLICIES





OID_QCSTATEMENTS
public static final String OID_QCSTATEMENTS





OID_NETSCAPE_CERT_TYPE
public static final String OID_NETSCAPE_CERT_TYPE





OID_NETSCAPE_COMMENT
public static final String OID_NETSCAPE_COMMENT





OID_NETSCAPE_SSL_SERVER_NAME
public static final String OID_NETSCAPE_SSL_SERVER_NAME





OID_EKU_SERVER_AUTH
public static final String OID_EKU_SERVER_AUTH





OID_EKU_CLIENT_AUTH
public static final String OID_EKU_CLIENT_AUTH





OID_EKU_CODE_SIGNING
public static final String OID_EKU_CODE_SIGNING





OID_EKU_EMAIL_PROTECTION
public static final String OID_EKU_EMAIL_PROTECTION





OID_EKU_TIME_STAMPING
public static final String OID_EKU_TIME_STAMPING





X_ENCODING
public static final int X_ENCODING





X_ORIGINAL_OID
public static final int X_ORIGINAL_OID





X_BC_IS_CA
public static final int X_BC_IS_CA





X_BC_LENGTH
public static final int X_BC_LENGTH





X_KEY_USAGE
public static final int X_KEY_USAGE





X_EXT_KEY_USAGE
public static final int X_EXT_KEY_USAGE





X_ALT_NAME_EMAIL
public static final int X_ALT_NAME_EMAIL





X_ALT_NAME_DNS
public static final int X_ALT_NAME_DNS





X_ALT_NAME_URI
public static final int X_ALT_NAME_URI





X_KEY_ID
public static final int X_KEY_ID





X_NS_CERT_TYPE
public static final int X_NS_CERT_TYPE





X_NS_COMMENT
public static final int X_NS_COMMENT





X_NS_SERVER_NAME
public static final int X_NS_SERVER_NAME





KU_DIGITAL_SIGNATURE
public static final int KU_DIGITAL_SIGNATURE





KU_NON_REPUDIATION
public static final int KU_NON_REPUDIATION





KU_KEY_ENCIPHERMENT
public static final int KU_KEY_ENCIPHERMENT





KU_DATA_ENCIPHERMENT
public static final int KU_DATA_ENCIPHERMENT





KU_KEY_AGREEMENT
public static final int KU_KEY_AGREEMENT





KU_KEY_CERT_SIGN
public static final int KU_KEY_CERT_SIGN





KU_CRL_SIGN
public static final int KU_CRL_SIGN





KU_ENCIPHER_ONLY
public static final int KU_ENCIPHER_ONLY





KU_DECIPHER_ONLY
public static final int KU_DECIPHER_ONLY





NSTYPE_SSL_CLIENT
public static final int NSTYPE_SSL_CLIENT





NSTYPE_SSL_SERVER
public static final int NSTYPE_SSL_SERVER





NSTYPE_SMIME
public static final int NSTYPE_SMIME





NSTYPE_OBJECT_SIGNING
public static final int NSTYPE_OBJECT_SIGNING





NSTYPE_SSL_CA
public static final int NSTYPE_SSL_CA





NSTYPE_SMIME_CA
public static final int NSTYPE_SMIME_CA





NSTYPE_OBJECT_SIGNING_CA
public static final int NSTYPE_OBJECT_SIGNING_CA









Constructor Detail




X509Extension
public X509Extension(ASN1 ext)
              throws IOException









Method Detail




getObjectID
public String getObjectID()

Returns the Object ID of the current Extension.

Returns:
the OID as String object
Since: 
3.0






isCritical
public boolean isCritical()

This method returns the critical flag if the extension.
 Note: if the extension is marked critical, the application has to be able to deal with this extension. Otherwise the certificate has to be rejected.

Returns:
true if the extension is critical
Since: 
3.0






getValue
public Object getValue(int param)

This method returns a specific extension value as Object. The values has to be typecasted by the developer.

Returns:
object
Since: 
3.0






getByteArray
public byte[] getByteArray(int param)

This method returns a specific extension value as Object. The values has to be typecasted by the developer himself.

Returns:
object
Since: 
3.0






getInteger
public int getInteger(int param)

Returns an extension value as Integer. If the parameter was no String a ClassCastException is thrown.

Parameters:
param - the value of the extension:
Returns:
the value





getBoolean
public boolean getBoolean(int param)

Returns an extension value as Boolean. If the parameter was no Boolean a ClassCastException is thrown.

Parameters:
param - the value of the extension
Returns:
the value





getString
public String getString(int param)

Returns an extension value as String. If the parameter was no String a ClassCastException is thrown.   *

Parameters:
param - the value of the extension
Returns:
the value





getEnumeration
public Enumeration getEnumeration(int param)

This method returns an enumeration of all values a parameter can have.

 Subject alt name has three values:  X_ALT_NAME_EMAIL, X_ALT_NAME_DNS and X_ALT_NAME_URI.
 The enumeration point to this values which can now be processed.

Parameters:
param - the X_...id of the param for e.g: X_KEY_USAGE
Returns:
an enumeration of this elements
Since: 
3.0






toString
public String toString()

This method returns information about the extension including:

 critical flag and the extension parameters and values.

Overrides:
toString in class Object


Returns:
a String containing the extension information
Since: 
3.0













  
      Overview 
      Package 
    Class 
      Tree 
      Deprecated 
      Index 
      Help 
  



This Javadoc may contain text parts from IETF Internet Standard specifications, see copyright note) and RSA Data Security Public-Key Cryptography Standards (see copyright note).





 PREV CLASS 
 NEXT CLASS

  FRAMES   
 NO FRAMES



  SUMMARY:  INNER | FIELD | CONSTR | METHOD

DETAIL:  FIELD | CONSTR | METHOD





  IAIK-JCE ME 3.04, (c) 2002 IAIK, (c) 2003 to 2006 Stiftung SIC

Field Summary
`static int`	`KU_CRL_SIGN`
`static int`	`KU_DATA_ENCIPHERMENT`
`static int`	`KU_DECIPHER_ONLY`
`static int`	`KU_DIGITAL_SIGNATURE`
`static int`	`KU_ENCIPHER_ONLY`
`static int`	`KU_KEY_AGREEMENT`
`static int`	`KU_KEY_CERT_SIGN`
`static int`	`KU_KEY_ENCIPHERMENT`
`static int`	`KU_NON_REPUDIATION`
`static int`	`NSTYPE_OBJECT_SIGNING`
`static int`	`NSTYPE_OBJECT_SIGNING_CA`
`static int`	`NSTYPE_SMIME`
`static int`	`NSTYPE_SMIME_CA`
`static int`	`NSTYPE_SSL_CA`
`static int`	`NSTYPE_SSL_CLIENT`
`static int`	`NSTYPE_SSL_SERVER`
`static String`	`OID_AUTHORITY_KEY_IDENTIFIER`
`static String`	`OID_BASIC_CONSTRAINTS`
`static String`	`OID_CERTIFICATE_POLICIES`
`static String`	`OID_EKU_CLIENT_AUTH`
`static String`	`OID_EKU_CODE_SIGNING`
`static String`	`OID_EKU_EMAIL_PROTECTION`
`static String`	`OID_EKU_SERVER_AUTH`
`static String`	`OID_EKU_TIME_STAMPING`
`static String`	`OID_ERROR`
`static String`	`OID_EXTENDED_KEY_USAGE`
`static String`	`OID_ISSUER_ALT_NAME`
`static String`	`OID_KEY_USAGE`
`static String`	`OID_NETSCAPE_CERT_TYPE`
`static String`	`OID_NETSCAPE_COMMENT`
`static String`	`OID_NETSCAPE_SSL_SERVER_NAME`
`static String`	`OID_QCSTATEMENTS`
`static String`	`OID_SUBJECT_ALT_NAME`
`static String`	`OID_SUBJECT_KEY_IDENTIFIER`
`static int`	`X_ALT_NAME_DNS`
`static int`	`X_ALT_NAME_EMAIL`
`static int`	`X_ALT_NAME_URI`
`static int`	`X_BC_IS_CA`
`static int`	`X_BC_LENGTH`
`static int`	`X_ENCODING`
`static int`	`X_EXT_KEY_USAGE`
`static int`	`X_KEY_ID`
`static int`	`X_KEY_USAGE`
`static int`	`X_NS_CERT_TYPE`
`static int`	`X_NS_COMMENT`
`static int`	`X_NS_SERVER_NAME`
`static int`	`X_ORIGINAL_OID`

Method Summary
`boolean`	`getBoolean(int param)` Returns an extension value as Boolean.
`byte[]`	`getByteArray(int param)` This method returns a specific extension value as Object.
`Enumeration`	`getEnumeration(int param)` This method returns an enumeration of all values a parameter can have.
`int`	`getInteger(int param)` Returns an extension value as Integer.
`String`	`getObjectID()` Returns the Object ID of the current Extension.
`String`	`getString(int param)` Returns an extension value as String.
`Object`	`getValue(int param)` This method returns a specific extension value as Object.
`boolean`	`isCritical()` This method returns the critical flag if the extension.
`String`	`toString()` This method returns information about the extension including: critical flag and the extension parameters and values.

Constructor Summary
`X509Extension(ASN1 ext)`

iaik.me.x509 Class X509Extension

OID_ERROR

OID_BASIC_CONSTRAINTS

OID_KEY_USAGE

OID_EXTENDED_KEY_USAGE

OID_SUBJECT_ALT_NAME

OID_ISSUER_ALT_NAME

OID_SUBJECT_KEY_IDENTIFIER

OID_AUTHORITY_KEY_IDENTIFIER

OID_CERTIFICATE_POLICIES

OID_QCSTATEMENTS

OID_NETSCAPE_CERT_TYPE

OID_NETSCAPE_COMMENT

OID_NETSCAPE_SSL_SERVER_NAME

OID_EKU_SERVER_AUTH

OID_EKU_CLIENT_AUTH

OID_EKU_CODE_SIGNING

OID_EKU_EMAIL_PROTECTION

OID_EKU_TIME_STAMPING

X_ENCODING

X_ORIGINAL_OID

X_BC_IS_CA

X_BC_LENGTH

X_KEY_USAGE

X_EXT_KEY_USAGE

X_ALT_NAME_EMAIL

X_ALT_NAME_DNS

X_ALT_NAME_URI

X_KEY_ID

X_NS_CERT_TYPE

X_NS_COMMENT

X_NS_SERVER_NAME

KU_DIGITAL_SIGNATURE

KU_NON_REPUDIATION

KU_KEY_ENCIPHERMENT

KU_DATA_ENCIPHERMENT

KU_KEY_AGREEMENT

KU_KEY_CERT_SIGN

KU_CRL_SIGN

KU_ENCIPHER_ONLY

KU_DECIPHER_ONLY

NSTYPE_SSL_CLIENT

NSTYPE_SSL_SERVER

NSTYPE_SMIME

NSTYPE_OBJECT_SIGNING

NSTYPE_SSL_CA

NSTYPE_SMIME_CA

NSTYPE_OBJECT_SIGNING_CA

X509Extension

getObjectID

isCritical

getValue

getByteArray

getInteger

getBoolean

getString

getEnumeration

toString

iaik.me.x509
Class X509Extension