1 /* |
1 /* |
2 * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
57 * -- contains a DER encoding of a value |
57 * -- contains a DER encoding of a value |
58 * -- of the type registered for use with |
58 * -- of the type registered for use with |
59 * -- the extnId object identifier value |
59 * -- the extnId object identifier value |
60 * } |
60 * } |
61 * </pre> |
61 * </pre> |
62 * Since not all extensions are known, the <code>getExtensionValue</code> |
62 * Since not all extensions are known, the {@code getExtensionValue} |
63 * method returns the DER-encoded OCTET STRING of the |
63 * method returns the DER-encoded OCTET STRING of the |
64 * extension value (i.e., the <code>extnValue</code>). This can then |
64 * extension value (i.e., the {@code extnValue}). This can then |
65 * be handled by a <em>Class</em> that understands the extension. |
65 * be handled by a <em>Class</em> that understands the extension. |
66 * |
66 * |
67 * @author Hemma Prafullchandra |
67 * @author Hemma Prafullchandra |
68 */ |
68 */ |
69 |
69 |
70 public interface X509Extension { |
70 public interface X509Extension { |
71 |
71 |
72 /** |
72 /** |
73 * Check if there is a critical extension that is not supported. |
73 * Check if there is a critical extension that is not supported. |
74 * |
74 * |
75 * @return <tt>true</tt> if a critical extension is found that is |
75 * @return {@code true} if a critical extension is found that is |
76 * not supported, otherwise <tt>false</tt>. |
76 * not supported, otherwise {@code false}. |
77 */ |
77 */ |
78 public boolean hasUnsupportedCriticalExtension(); |
78 public boolean hasUnsupportedCriticalExtension(); |
79 |
79 |
80 /** |
80 /** |
81 * Gets a Set of the OID strings for the extension(s) marked |
81 * Gets a Set of the OID strings for the extension(s) marked |
111 * NON-CRITICAL in the certificate/CRL managed by the object |
111 * NON-CRITICAL in the certificate/CRL managed by the object |
112 * implementing this interface. |
112 * implementing this interface. |
113 * |
113 * |
114 * Here is sample code to get a Set of non-critical extensions from an |
114 * Here is sample code to get a Set of non-critical extensions from an |
115 * X509CRL revoked certificate entry and print the OIDs: |
115 * X509CRL revoked certificate entry and print the OIDs: |
116 * <pre><code> |
116 * <pre>{@code |
117 * CertificateFactory cf = null; |
117 * CertificateFactory cf = null; |
118 * X509CRL crl = null; |
118 * X509CRL crl = null; |
119 * try (InputStream inStrm = new FileInputStream("DER-encoded-CRL")) { |
119 * try (InputStream inStrm = new FileInputStream("DER-encoded-CRL")) { |
120 * cf = CertificateFactory.getInstance("X.509"); |
120 * cf = CertificateFactory.getInstance("X.509"); |
121 * crl = (X509CRL)cf.generateCRL(inStrm); |
121 * crl = (X509CRL)cf.generateCRL(inStrm); |
122 * }<p> |
122 * } |
123 * |
123 * |
124 * byte[] certData = <DER-encoded certificate data> |
124 * byte[] certData = <DER-encoded certificate data> |
125 * ByteArrayInputStream bais = new ByteArrayInputStream(certData); |
125 * ByteArrayInputStream bais = new ByteArrayInputStream(certData); |
126 * X509Certificate cert = (X509Certificate)cf.generateCertificate(bais); |
126 * X509Certificate cert = (X509Certificate)cf.generateCertificate(bais); |
127 * X509CRLEntry badCert = |
127 * X509CRLEntry badCert = |
128 * crl.getRevokedCertificate(cert.getSerialNumber());<p> |
128 * crl.getRevokedCertificate(cert.getSerialNumber()); |
129 * |
129 * |
130 * if (badCert != null) { |
130 * if (badCert != null) { |
131 * Set<String> nonCritSet = badCert.getNonCriticalExtensionOIDs();<p> |
131 * Set<String> nonCritSet = badCert.getNonCriticalExtensionOIDs(); |
132 * if (nonCritSet != null) |
132 * if (nonCritSet != null) |
133 * for (String oid : nonCritSet) { |
133 * for (String oid : nonCritSet) { |
134 * System.out.println(oid); |
134 * System.out.println(oid); |
135 * } |
135 * } |
136 * } |
136 * } |
137 * </code></pre> |
137 * }</pre> |
138 * |
138 * |
139 * @return a Set (or an empty Set if none are marked non-critical) of |
139 * @return a Set (or an empty Set if none are marked non-critical) of |
140 * the extension OID strings for extensions that are marked non-critical. |
140 * the extension OID strings for extensions that are marked non-critical. |
141 * If there are no extensions present at all, then this method returns |
141 * If there are no extensions present at all, then this method returns |
142 * null. |
142 * null. |
143 */ |
143 */ |
144 public Set<String> getNonCriticalExtensionOIDs(); |
144 public Set<String> getNonCriticalExtensionOIDs(); |
145 |
145 |
146 /** |
146 /** |
147 * Gets the DER-encoded OCTET string for the extension value |
147 * Gets the DER-encoded OCTET string for the extension value |
148 * (<em>extnValue</em>) identified by the passed-in <code>oid</code> |
148 * (<em>extnValue</em>) identified by the passed-in {@code oid} |
149 * String. |
149 * String. |
150 * The <code>oid</code> string is |
150 * The {@code oid} string is |
151 * represented by a set of nonnegative whole numbers separated |
151 * represented by a set of nonnegative whole numbers separated |
152 * by periods. |
152 * by periods. |
153 * |
153 * |
154 * <p>For example:<br> |
154 * <p>For example:<br> |
155 * <table border=groove summary="Examples of OIDs and extension names"> |
155 * <table border=groove summary="Examples of OIDs and extension names"> |