ExtendedKeyUsage

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

be.cardon.asn1.x509.extensions
Class ExtendedKeyUsage

java.lang.Object
  org.bouncycastle.asn1.ASN1Encodable
      be.cardon.asn1.x509.extensions.ExtendedKeyUsage

All Implemented Interfaces:: org.bouncycastle.asn1.DEREncodable

public class ExtendedKeyUsage
extends org.bouncycastle.asn1.ASN1Encodable
extends org.bouncycastle.asn1.ASN1Encodable

Extension ExtendedKeyUsage.

Documentation from RFC 3280:

This extension indicates one or more purposes for which the certified public key may be used, in addition to or in place of the basic purposes indicated in the key usage extension. In general, this extension will appear only in end entity certificates. This extension is defined as follows:

   id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }

   ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId

   KeyPurposeId ::= OBJECT IDENTIFIER

Key purposes may be defined by any organization with a need. Object identifiers used to identify key purposes MUST be assigned in accordance with IANA or ITU-T Recommendation X.660 [X.660].

This extension MAY, at the option of the certificate issuer, be either critical or non-critical.

If the extension is present, then the certificate MUST only be used for one of the purposes indicated. If multiple purposes are indicated the application need not recognize all purposes indicated, as long as the intended purpose is present. Certificate using applications MAY require that a particular purpose be indicated in order for the certificate to be acceptable to that application.

If a CA includes extended key usages to satisfy such applications, but does not wish to restrict usages of the key, the CA can include the special keyPurposeID anyExtendedKeyUsage. If the anyExtendedKeyUsage keyPurposeID is present, the extension SHOULD NOT be critical.

If a certificate contains both a key usage extension and an extended key usage extension, then both extensions MUST be processed independently and the certificate MUST only be used for a purpose consistent with both extensions. If there is no purpose consistent with both extensions, then the certificate MUST NOT be used for any purpose.

The following key usage purposes are defined:

   anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }

   id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }

   id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
   -- TLS WWW server authentication
   -- Key usage bits that may be consistent: digitalSignature,
   -- keyEncipherment or keyAgreement

   id-kp-clientAuth             OBJECT IDENTIFIER ::= { id-kp 2 }
   -- TLS WWW client authentication
   -- Key usage bits that may be consistent: digitalSignature
   -- and/or keyAgreement

   id-kp-codeSigning             OBJECT IDENTIFIER ::= { id-kp 3 }
   -- Signing of downloadable executable code
   -- Key usage bits that may be consistent: digitalSignature

   id-kp-emailProtection         OBJECT IDENTIFIER ::= { id-kp 4 }
   -- E-mail protection
   -- Key usage bits that may be consistent: digitalSignature,
   -- nonRepudiation, and/or (keyEncipherment or keyAgreement)

   id-kp-timeStamping            OBJECT IDENTIFIER ::= { id-kp 8 }
   -- Binding the hash of an object to a time
   -- Key usage bits that may be consistent: digitalSignature
   -- and/or nonRepudiation

   id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
   -- Signing OCSP responses
   -- Key usage bits that may be consistent: digitalSignature
   -- and/or nonRepudiation

Field Summary
`static org.bouncycastle.asn1.DERObjectIdentifier`	`clientAuth` Usage `clientAuth`.
`static org.bouncycastle.asn1.DERObjectIdentifier`	`codeSigning` Usage `codeSigning`.
`static org.bouncycastle.asn1.DERObjectIdentifier`	`emailProtection` Usage `emailProtection`.
`static org.bouncycastle.asn1.DERObjectIdentifier`	`OCSPSigning` Usage `OCSPSigning`.
`static org.bouncycastle.asn1.DERObjectIdentifier`	`serverAuth` Usage `serverAuth`.
`static org.bouncycastle.asn1.DERObjectIdentifier`	`timeStamping` Usage `timeStamping`.

Fields inherited from class org.bouncycastle.asn1.ASN1Encodable
`BER, DER`

Constructor Summary
`ExtendedKeyUsage(org.bouncycastle.asn1.ASN1Sequence seq)` Creates a new instance from a `ASN1Sequence` object.
`ExtendedKeyUsage(java.util.Vector<org.bouncycastle.asn1.DERObjectIdentifier> keyPurposeIds)` Creates a new instance with the given `keyPurposeIds`.

Method Summary
`static ExtendedKeyUsage`	`getInstance(org.bouncycastle.asn1.ASN1TaggedObject obj, boolean explicit)` Returns an instance from a ASN.1tagged object.
`static ExtendedKeyUsage`	`getInstance(java.lang.Object obj)` Returns an instance from a `ASN1Sequence`, or a `ExtendedKeyUsage` object.
`java.util.Vector<org.bouncycastle.asn1.DERObjectIdentifier>`	`getKeyPurposeIds()` Returns the `keyPurposeIds` value.
`org.bouncycastle.asn1.DERObject`	`toASN1Object()`

Methods inherited from class org.bouncycastle.asn1.ASN1Encodable
`equals, getDEREncoded, getDERObject, getEncoded, getEncoded, hashCode`

Methods inherited from class java.lang.Object
`clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait`

Field Detail

serverAuth

public static final org.bouncycastle.asn1.DERObjectIdentifier serverAuth

Usage serverAuth.

clientAuth

public static final org.bouncycastle.asn1.DERObjectIdentifier clientAuth

Usage clientAuth.

codeSigning

public static final org.bouncycastle.asn1.DERObjectIdentifier codeSigning

Usage codeSigning.

emailProtection

public static final org.bouncycastle.asn1.DERObjectIdentifier emailProtection

Usage emailProtection.

timeStamping

public static final org.bouncycastle.asn1.DERObjectIdentifier timeStamping

Usage timeStamping.

OCSPSigning

public static final org.bouncycastle.asn1.DERObjectIdentifier OCSPSigning

Usage OCSPSigning.

Constructor Detail