/*

 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Oracle designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Oracle in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

 * or visit www.oracle.com if you need additional information or have any

 * questions.

 */

package sun.security.x509;

import java.io.*;

import sun.security.util.*;

/**

 * Lists all the object identifiers of the X509 extensions of the PKIX profile.

 *

 * <p>Extensions are addiitonal attributes which can be inserted in a X509

 * v3 certificate. For example a "Driving License Certificate" could have

 * the driving license number as a extension.

 *

 * <p>Extensions are represented as a sequence of the extension identifier

 * (Object Identifier), a boolean flag stating whether the extension is to

 * be treated as being critical and the extension value itself (this is again

 * a DER encoding of the extension value).

 *

 * @see Extension

 *

 *

 * @author Amit Kapoor

 * @author Hemma Prafullchandra

 */

public class PKIXExtensions {

    // The object identifiers

    private static final int[] AuthorityKey_data = { 2, 5, 29, 35 };

    private static final int[] SubjectKey_data = { 2, 5, 29, 14 };

    private static final int[] KeyUsage_data = { 2, 5, 29, 15 };

    private static final int[] PrivateKeyUsage_data = { 2, 5, 29, 16 };

    private static final int[] CertificatePolicies_data = { 2, 5, 29, 32 };

    private static final int[] PolicyMappings_data = { 2, 5, 29, 33 };

    private static final int[] SubjectAlternativeName_data = { 2, 5, 29, 17 };

    private static final int[] IssuerAlternativeName_data = { 2, 5, 29, 18 };

    private static final int[] SubjectDirectoryAttributes_data = { 2, 5, 29, 9 };

    private static final int[] BasicConstraints_data = { 2, 5, 29, 19 };

    private static final int[] NameConstraints_data = { 2, 5, 29, 30 };

    private static final int[] PolicyConstraints_data = { 2, 5, 29, 36 };

    private static final int[] CRLDistributionPoints_data = { 2, 5, 29, 31 };

    private static final int[] CRLNumber_data = { 2, 5, 29, 20 };

    private static final int[] IssuingDistributionPoint_data = { 2, 5, 29, 28 };

    private static final int[] DeltaCRLIndicator_data = { 2, 5, 29, 27 };

    private static final int[] ReasonCode_data = { 2, 5, 29, 21 };

    private static final int[] HoldInstructionCode_data = { 2, 5, 29, 23 };

    private static final int[] InvalidityDate_data = { 2, 5, 29, 24 };

    private static final int[] ExtendedKeyUsage_data = { 2, 5, 29, 37 };

    private static final int[] InhibitAnyPolicy_data = { 2, 5, 29, 54 };

    private static final int[] CertificateIssuer_data = { 2, 5, 29, 29 };

    private static final int[] AuthInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 1};

    private static final int[] SubjectInfoAccess_data = { 1, 3, 6, 1, 5, 5, 7, 1, 11};

    private static final int[] FreshestCRL_data = { 2, 5, 29, 46 };

    private static final int[] OCSPNoCheck_data = { 1, 3, 6, 1, 5, 5, 7,

                                                    48, 1, 5};

    // Additional extensions under the PKIX arc that are not necessarily

    // used in X.509 Certificates or CRLs.

    private static final int[] OCSPNonce_data = { 1, 3, 6, 1, 5, 5, 7,

                                                  48, 1, 2};

    /**

     * Identifies the particular public key used to sign the certificate.

     */

    public static final ObjectIdentifier AuthorityKey_Id;

    /**

     * Identifies the particular public key used in an application.

     */

    public static final ObjectIdentifier SubjectKey_Id;

    /**

     * Defines the purpose of the key contained in the certificate.

     */

    public static final ObjectIdentifier KeyUsage_Id;

    /**

     * Allows the certificate issuer to specify a different validity period

     * for the private key than the certificate.

     */

    public static final ObjectIdentifier PrivateKeyUsage_Id;

    /**

     * Contains the sequence of policy information terms.

     */

    public static final ObjectIdentifier CertificatePolicies_Id;

    /**

     * Lists pairs of object identifiers of policies considered equivalent by

     * the issuing CA to the subject CA.

     */

    public static final ObjectIdentifier PolicyMappings_Id;

    /**

     * Allows additional identities to be bound to the subject of the

     * certificate.

     */

    public static final ObjectIdentifier SubjectAlternativeName_Id;

    /**

     * Allows additional identities to be associated with the certificate

     * issuer.

     */

    public static final ObjectIdentifier IssuerAlternativeName_Id;

    /**

     * Identifies additional directory attributes.

     * This extension is always non-critical.

     */

    public static final ObjectIdentifier SubjectDirectoryAttributes_Id;

    /**

     * Identifies whether the subject of the certificate is a CA and how deep

     * a certification path may exist through that CA.

     */

    public static final ObjectIdentifier BasicConstraints_Id;

    /**

     * Provides for permitted and excluded subtrees that place restrictions

     * on names that may be included within a certificate issued by a given CA.

     */

    public static final ObjectIdentifier NameConstraints_Id;

    /**

     * Used to either prohibit policy mapping or limit the set of policies

     * that can be in subsequent certificates.

     */

    public static final ObjectIdentifier PolicyConstraints_Id;

    /**

     * Identifies how CRL information is obtained.

     */

    public static final ObjectIdentifier CRLDistributionPoints_Id;

    /**

     * Conveys a monotonically increasing sequence number for each CRL

     * issued by a given CA.

     */

    public static final ObjectIdentifier CRLNumber_Id;

    /**

     * Identifies the CRL distribution point for a particular CRL.

     */

    public static final ObjectIdentifier IssuingDistributionPoint_Id;

    /**

     * Identifies the delta CRL.

     */

    public static final ObjectIdentifier DeltaCRLIndicator_Id;

    /**

     * Identifies the reason for the certificate revocation.

     */

    public static final ObjectIdentifier ReasonCode_Id;

    /**

     * This extension provides a registered instruction identifier indicating

     * the action to be taken, after encountering a certificate that has been

     * placed on hold.

     */

    public static final ObjectIdentifier HoldInstructionCode_Id;

    /**

     * Identifies the date on which it is known or suspected that the private

     * key was compromised or that the certificate otherwise became invalid.

     */

    public static final ObjectIdentifier InvalidityDate_Id;

    /**

     * Identifies one or more purposes for which the certified public key

     * may be used, in addition to or in place of the basic purposes

     * indicated in the key usage extension field.

     */

    public static final ObjectIdentifier ExtendedKeyUsage_Id;

    /**

     * Specifies whether any-policy policy OID is permitted

     */

    public static final ObjectIdentifier InhibitAnyPolicy_Id;

    /**

     * Identifies the certificate issuer associated with an entry in an

     * indirect CRL.

     */

    public static final ObjectIdentifier CertificateIssuer_Id;

    /**

     * This extension indicates how to access CA information and services for

     * the issuer of the certificate in which the extension appears.

     * This information may be used for on-line certification validation

     * services.

     */

    public static final ObjectIdentifier AuthInfoAccess_Id;

    /**

     * This extension indicates how to access CA information and services for

     * the subject of the certificate in which the extension appears.

     */

    public static final ObjectIdentifier SubjectInfoAccess_Id;

    /**

     * Identifies how delta CRL information is obtained.

     */

    public static final ObjectIdentifier FreshestCRL_Id;

    /**

     * Identifies the OCSP client can trust the responder for the

     * lifetime of the responder's certificate.

     */

    public static final ObjectIdentifier OCSPNoCheck_Id;

    /**

     * This extension is used to provide nonce data for OCSP requests

     * or responses.

     */

    public static final ObjectIdentifier OCSPNonce_Id;

    static {

        AuthorityKey_Id = ObjectIdentifier.newInternal(AuthorityKey_data);

        SubjectKey_Id   = ObjectIdentifier.newInternal(SubjectKey_data);

        KeyUsage_Id     = ObjectIdentifier.newInternal(KeyUsage_data);

        PrivateKeyUsage_Id = ObjectIdentifier.newInternal(PrivateKeyUsage_data);

        CertificatePolicies_Id =

            ObjectIdentifier.newInternal(CertificatePolicies_data);

        PolicyMappings_Id = ObjectIdentifier.newInternal(PolicyMappings_data);

        SubjectAlternativeName_Id =

            ObjectIdentifier.newInternal(SubjectAlternativeName_data);

        IssuerAlternativeName_Id =

            ObjectIdentifier.newInternal(IssuerAlternativeName_data);

        ExtendedKeyUsage_Id = ObjectIdentifier.newInternal(ExtendedKeyUsage_data);

        InhibitAnyPolicy_Id = ObjectIdentifier.newInternal(InhibitAnyPolicy_data);

        SubjectDirectoryAttributes_Id =

            ObjectIdentifier.newInternal(SubjectDirectoryAttributes_data);

        BasicConstraints_Id =

            ObjectIdentifier.newInternal(BasicConstraints_data);

        ReasonCode_Id = ObjectIdentifier.newInternal(ReasonCode_data);

        HoldInstructionCode_Id  =

            ObjectIdentifier.newInternal(HoldInstructionCode_data);

        InvalidityDate_Id = ObjectIdentifier.newInternal(InvalidityDate_data);

        NameConstraints_Id = ObjectIdentifier.newInternal(NameConstraints_data);

        PolicyConstraints_Id =

            ObjectIdentifier.newInternal(PolicyConstraints_data);

        CRLDistributionPoints_Id =

            ObjectIdentifier.newInternal(CRLDistributionPoints_data);

        CRLNumber_Id =

            ObjectIdentifier.newInternal(CRLNumber_data);

        IssuingDistributionPoint_Id =

            ObjectIdentifier.newInternal(IssuingDistributionPoint_data);

        DeltaCRLIndicator_Id =

            ObjectIdentifier.newInternal(DeltaCRLIndicator_data);

        CertificateIssuer_Id =

            ObjectIdentifier.newInternal(CertificateIssuer_data);

        AuthInfoAccess_Id =

            ObjectIdentifier.newInternal(AuthInfoAccess_data);

        SubjectInfoAccess_Id =

            ObjectIdentifier.newInternal(SubjectInfoAccess_data);

        FreshestCRL_Id = ObjectIdentifier.newInternal(FreshestCRL_data);

        OCSPNoCheck_Id = ObjectIdentifier.newInternal(OCSPNoCheck_data);

        OCSPNonce_Id = ObjectIdentifier.newInternal(OCSPNonce_data);

    }

}