001/* X509Extension.java --- X.509 Extension
002   Copyright (C) 1999 Free Software Foundation, Inc.
003
004This file is part of GNU Classpath.
005
006GNU Classpath is free software; you can redistribute it and/or modify
007it under the terms of the GNU General Public License as published by
008the Free Software Foundation; either version 2, or (at your option)
009any later version.
010
011GNU Classpath is distributed in the hope that it will be useful, but
012WITHOUT ANY WARRANTY; without even the implied warranty of
013MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
014General Public License for more details.
015
016You should have received a copy of the GNU General Public License
017along with GNU Classpath; see the file COPYING.  If not, write to the
018Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
01902110-1301 USA.
020
021Linking this library statically or dynamically with other modules is
022making a combined work based on this library.  Thus, the terms and
023conditions of the GNU General Public License cover the whole
024combination.
025
026As a special exception, the copyright holders of this library give you
027permission to link this library with independent modules to produce an
028executable, regardless of the license terms of these independent
029modules, and to copy and distribute the resulting executable under
030terms of your choice, provided that you also meet, for each linked
031independent module, the terms and conditions of the license of that
032module.  An independent module is a module which is not derived from
033or based on this library.  If you modify this library, you may extend
034this exception to your version of the library, but you are not
035obligated to do so.  If you do not wish to do so, delete this
036exception statement from your version. */
037
038
039package java.security.cert;
040import java.util.Set;
041
042/**
043        Public interface for the X.509 Extension.
044
045        This is used for X.509 v3 Certificates and CRL v2 (Certificate
046        Revocation Lists) for managing attributes assoicated with
047        Certificates, for managing the hierarchy of certificates,
048        and for managing the distribution of CRL. This extension
049        format is used to define private extensions.
050
051        Each extensions for a certificate or CRL must be marked
052        either critical or non-critical. If the certificate/CRL
053        system encounters a critical extension not recognized then
054        it must reject the certificate. A non-critical extension
055        may be just ignored if not recognized.
056
057
058        The ASN.1 definition for this class is:
059
060         Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
061
062         Extension  ::=  SEQUENCE  {
063             extnId        OBJECT IDENTIFIER,
064             critical      BOOLEAN DEFAULT FALSE,
065             extnValue     OCTET STRING
066                           -- contains a DER encoding of a value
067                           -- of the type registered for use with
068                           -- the extnId object identifier value
069         }
070
071        @author Mark Benvenuto
072
073        @since 1.2
074*/
075public interface X509Extension
076{
077
078  /**
079     Returns true if the certificate contains a critical extension
080     that is not supported.
081
082     @return true if has unsupported extension, false otherwise
083  */
084  boolean hasUnsupportedCriticalExtension();
085
086  /**
087     Returns a set of the CRITICAL extension OIDs from the
088     certificate/CRL that the object implementing this interface
089     manages.
090
091     @return A Set containing the OIDs. If there are no CRITICAL
092     extensions or extensions at all this returns null.
093  */
094  Set<String> getCriticalExtensionOIDs();
095
096  /**
097     Returns a set of the NON-CRITICAL extension OIDs from the
098     certificate/CRL that the object implementing this interface
099     manages.
100
101     @return A Set containing the OIDs. If there are no NON-CRITICAL
102     extensions or extensions at all this returns null.
103  */
104  Set<String> getNonCriticalExtensionOIDs();
105
106  /**
107     Returns the DER encoded OCTET string for the specified
108     extension value identified by a OID. The OID is a string
109     of number separated by periods. Ex: 12.23.45.67
110  */
111  byte[] getExtensionValue(String oid);
112
113}