0N/A<HTML>

0N/A<BODY>

0N/A<HEAD>

0N/A<TITLE>Certificate Attributes</TITLE>

0N/A</HEAD>

0N/A<h2><center>Certificate Attributes</center></h2>

0N/A<font size=3><center>July 1998</font></center>

0N/A<p>

0N/AIn JDK1.2 we provide an implementation of X.509 (version 3).

0N/AThe X509CertImpl class supports the following methods to

0N/Amanipulate the various attributes of a certificate:

0N/A<pre>

0N/A Object get(String name)

0N/A void set(String name, Object value), and

0N/A void delete(String name)

0N/A</pre>

0N/AA list of all the X.509 v3 Certificate attributes that can be manipulated

0N/Ais provided in the following table.

0N/AFor example, if you want to get the signature component of

0N/Athe certificate:

0N/A<pre>

0N/A X509CertImpl cert;

0N/A // get the certificate object

0N/A byte[] sig = (byte[])cert.get("x509.signature");

0N/A // using the fully-qualified identifier

0N/AOR

0N/A byte[] sig = (byte[])cert.get(X509CertImpl.SIG);

0N/A // using defined constants

0N/A</pre>

0N/A<p>

0N/A<table border=1>

0N/A<caption>sun.security.x509.X509CertImpl</caption>

0N/A<tr>

0N/A<td><strong>Attribute</strong></td>

0N/A<td><strong>Fully-qualified identifier</strong></td>

0N/A<td><strong>Defined constants</strong></td>

0N/A<td><strong>Type of Object returned</strong><br>

0N/A(in sun.security.x509 unless fully-qualified)</td>

0N/A</tr>

0N/A<tr>

0N/A<td>signatureAlgorithm</td>

0N/A<td>x509.algorithm</td>

0N/A<td>X509CertImpl.SIG_ALG</td>

0N/A<td>AlgorithmId</td>

0N/A</tr>

0N/A<tr>

0N/A<td>signature</td>

0N/A<td>x509.signature</td>

0N/A<td>X509CertImpl.SIG</td>

0N/A<td>byte[]</td>

0N/A</tr>

0N/A<tr>

0N/A<td>tbsCertificate</td>

0N/A<td>x509.info</td>

0N/A<td>X509CertInfo.IDENT</td>

0N/A<td>X509CertInfo</td>

0N/A</tr>

0N/A<tr>

0N/A<td>version</td>

0N/A<td>x509.info.version<br>

0N/Ax509.info.version.number</td>

0N/A<td>CertificateVersion.IDENT<br>

0N/Anone</td>

0N/A<td>CertificateVersion<br>

0N/Ajava.lang.Integer</td>

0N/A</tr>

0N/A<tr>

0N/A<td>serialNumber</td>

0N/A<td>x509.info.serialNumber<br>

0N/Ax509.info.serialNumber.number</td>

0N/A<td>CertificateSerialNumber.IDENT<br>

0N/AX509CertImpl.SERIAL_ID</td>

0N/A<td>CertificateSerialNumber<br>

0N/ASerialNumber</td>

0N/A</tr>

0N/A<tr>

0N/A<td>signature</td>

0N/A<td>x509.info.algorithmID<br>

0N/Ax509.info.algorithmID.algorithm</td>

0N/A<td>CertificateAlgorithmId.IDENT<br>

0N/Anone</td>

0N/A<td>CertificateAlgorithmId<br>

0N/AAlgorithmId</td>

0N/A</tr>

0N/A<tr>

0N/A<td>issuer</td>

0N/A<td>x509.info.issuer<br>

0N/Ax509.info.issuer.dname</td>

0N/A<td>CertificateIssuerName.IDENT<br>

0N/AX509CertImpl.ISSUER_DN</td>

0N/A<td>CertificateIssuerName<br>

0N/AX500Name</td>

0N/A</tr>

0N/A<tr>

0N/A<td>validity<br>

0N/Avalidity.notAfter<br>

0N/Avalidity.notBefore</td>

0N/A<td>x509.info.validity<br>

0N/Ax509.info.validity.notAfter<br>

0N/Ax509.info.validity.notBefore</td>

0N/A<td>CertificateValidity.IDENT<br>

0N/Anone<br>

0N/Anone</td>

0N/A<td>CertificateValidity<br>

0N/Ajava.util.Date<br>

0N/Ajava.util.Date</td>

0N/A</tr>

0N/A<tr>

0N/A<td>subject</td>

0N/A<td>x509.info.subject<br>

0N/Ax509.info.subject.dname</td>

0N/A<td>CertificateSubjectName.IDENT<br>

0N/AX509CertImpl.SUBJECT_DN</td>

0N/A<td>CertificateSubjectName<br>

0N/AX500Name</td>

0N/A</tr>

0N/A<tr>

0N/A<td>subjectPublicKeyInfo</td>

0N/A<td>x509.info.key<br>

0N/Ax509.info.key.value</td>

0N/A<td>CertificateX509Key.IDENT<br>

0N/AX509CertImpl.PUBLIC_KEY</td>

0N/A<td>CertificateX509Key<br>

0N/AX509Key</td>

0N/A</tr>

0N/A<tr>

0N/A<td>issuerUniqueID</td>

0N/A<td>x509.info.issuerID<br>

0N/Ax509.info.issuerID.id</td>

0N/A<td>CertificateIssuerUniqueIdentity.IDENT<br>

0N/Anone</td>

0N/A<td>CertificateIssuerUniqueIdentity<br>

0N/AUniqueIdentity</td>

0N/A</tr>

0N/A<tr>

0N/A<td>subjectUniqueID</td>

0N/A<td>x509.info.subjectID<br>

0N/Ax509.info.subjectID.id</td>

0N/A<td>CertificateSubjectUniqueIdentity.IDENT<br>

0N/Anone</td>

0N/A<td>CertificateSubjectUniqueIdentity<br>

0N/AUniqueIdentity</td>

0N/A</tr>

0N/A<tr>

0N/A<td>extensions</td>

0N/A<td>x509.info.extensions</td>

0N/A<td>CertificateExtensions.IDENT</td>

0N/A<td>CertificateExtensions</td>

0N/A</tr>

0N/A</table>

0N/A<br>

0N/A<br>

0N/A<table border=1>

0N/A<caption>X.509 V3 certificate extensions</caption>

0N/A<tr>

0N/A<td><strong>Extension</strong></td>

0N/A<td><strong>Extension attribute identifier</strong></td>

0N/A<td><strong>Short form</strong></td>

0N/A<td><strong>Type of Object returned</strong></td>

0N/A</tr>

0N/A<tr>

0N/A<td>Authority Key Identifier</td>

0N/A<td>x509.info.extensions.AuthorityKeyIdentifier</td>

0N/A<td>AuthorityKeyIdentifierExtension.IDENT</td>

0N/A<td>AuthorityKeyIdentifierExtension</td>

0N/A</tr>

0N/A<tr>

0N/A<td>Subject Key Identifier</td>

0N/A<td>x509.info.extensions.SubjectKeyIdentifier</td>

0N/A<td>SubjectKeyIdentifierExtension.IDENT</td>

0N/A<td>SubjectKeyIdentifierExtension</td>

0N/A</tr>

0N/A<tr>

0N/A<td>Key Usage</td>

0N/A<td>x509.info.extensions.KeyUsage</td>

0N/A<td>KeyUsageExtension.IDENT</td>

0N/A<td>KeyUsageExtension</td>

0N/A</tr>

0N/A<tr>

0N/A<td>Private Key Usage Period</td>

0N/A<td>x509.info.extensions.PrivateKeyUsage</td>

0N/A<td>PrivateKeyUsageExtension.IDENT</td>

0N/A<td>PrivateKeyUsageExtension</td>

0N/A</tr>

0N/A<tr>

0N/A<td>Policy Mappings</td>

0N/A<td>x509.info.extensions.PolicyMappings</td>

0N/A<td>PolicyMappingsExtension.IDENT</td>

0N/A<td>PolicyMappingsExtension</td>

0N/A</tr>

0N/A<tr>

0N/A<td>Subject Alternative Name</td>

0N/A<td>x509.info.extensions.SubjectAlternativeName</td>

0N/A<td>SubjectAlternativeNameExtension.IDENT</td>

0N/A<td>SubjectAlternativeNameExtension</td>

0N/A</tr>

0N/A<tr>

0N/A<td>Issuer Alternative Name</td>

0N/A<td>x509.info.extensions.IssuerAlternativeName</td>

0N/A<td>IssuerAlternativeNameExtension.IDENT</td>

0N/A<td>IssuerAlternativeNameExtension</td>

0N/A</tr>

0N/A<tr>

0N/A<td>Basic Constraints</td>

0N/A<td>x509.info.extensions.BasicConstraints</td>

0N/A<td>BasicConstraintsExtension.IDENT</td>

0N/A<td>BasicConstraintsExtension</td>

0N/A</tr>

0N/A<tr>

0N/A<td>Name Constraints</td>

0N/A<td>x509.info.extensions.NameConstraints</td>

0N/A<td>NameConstraintsExtension.IDENT</td>

0N/A<td>NameConstraintsExtension</td>

0N/A</tr>

0N/A<tr>

0N/A<td>Policy Constraints</td>

0N/A<td>x509.info.extensions.PolicyConstraints</td>

0N/A<td>PolicyConstraintsExtension.IDENT</td>

0N/A<td>PolicyConstraintsExtension</td>

0N/A</tr>

0N/A<tr>

0N/A<td>Netscape Certificate Type</td>

0N/A<td>x509.info.extensions.NetscapeCertType</td>

0N/A<td>NetscapeCertTypeExtension.IDENT</td>

0N/A<td>NetscapeCertTypeExtension</td>

0N/A</tr>

0N/A</table>

0N/A<p>

0N/AExtensions can be added by implementing the

0N/A<code>sun.security.x509.CertAttrSet</code> interface and

0N/Asubclassing <code>sun.security.x509.Extension</code> class.

0N/ARegister the new extension using the OIDMap class.

0N/AThe following extensions are not currently supported from the

0N/APKIX profile:

0N/A<table>

0N/A<tr>

0N/A<td>Name</td>

0N/A<td>ObjectIdentifier</td>

0N/A</tr>

0N/A<tr>

0N/A<td>CertificatePolicies</td>

0N/A<td>2.5.29.32</td>

0N/A</tr>

0N/A</table>

0N/A</BODY>

0N/A</HTML>