Message-Id: <199904280141.SAA29876@shorter.eng.sun.com>
Date: Tue, 27 Apr 1999 18:41:49 -0700 (PDT)
From: Jeff Nisewanger <Jeff.Nisewanger@eng.sun.com>
Subject: Re: Acess to certificate extensions in X.509 certificates?
To: java-security@java.sun.com, DavidTaylor@forge.com.au
> We're looking at using X.509 certificates in our application and want to
> use extensions.
>
> Looking through the JDK1.2 java.security.cert.Certificate and
> java.security.cert.X509Certificate javadocs there does not seem to be
> any obvious way to get an enumeration or collection of the extensions,
> despite there being a java.security.cert.X509Extension interface.
You can seperately enumerate all of the critical and
non-critical extensions via the getCriticalExtensionOIDs() and
getNonCriticalExtensionOIDs() methods in X509Extension. These methods
return the java.util.Set instance which you can use to iterate through
the names of the extensions which are present in the certificate. You can then
fetch each of the extensions using the enumerated name via the
getExtensionValue() method. The extension value returned is the DER
encoding for that specific extension which your code can then parse.
In addition, the getKeyUsage() and getBasicConstraints() methods in
X509Certificate provide convenient access to those 2 extensions.
Convenience methods for additional common extensions may be added
in future releases.
Jeff