Bouncy Castle Cryptography Library 1.85

org.bouncycastle.asn1.x509
Interface X509ObjectIdentifiers

All Known Implementing Classes:
TBSCertificateStructure, X509CertificateStructure

public interface X509ObjectIdentifiers


Field Summary
static ASN1ObjectIdentifier attributeType
           
static ASN1ObjectIdentifier commonName
          Subject RDN components: commonName = 2.5.4.3
static ASN1ObjectIdentifier countryName
          Subject RDN components: countryName = 2.5.4.6
static ASN1ObjectIdentifier crlAccessMethod
          OID for crl uri in AuthorityInformationAccess extension
static ASN1ObjectIdentifier id_ad
          id-pkix OID: 1.3.6.1.5.5.7.48
static ASN1ObjectIdentifier id_ad_caIssuers
          id-ad-caIssuers OID: 1.3.6.1.5.5.7.48.2
static ASN1ObjectIdentifier id_ad_ocsp
          id-ad-ocsp OID: 1.3.6.1.5.5.7.48.1
static ASN1ObjectIdentifier id_alg_noSignature
          id-alg-noSignature OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 2}
static ASN1ObjectIdentifier id_alg_unsigned
          id-alg-unsigned OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 36}
static ASN1ObjectIdentifier id_at_name
          Subject RDN components: name = 2.5.4.41
static ASN1ObjectIdentifier id_at_organizationIdentifier
          Subject RDN components: organizationIdentifier = 2.5.4.97
static ASN1ObjectIdentifier id_at_telephoneNumber
          Subject RDN components: telephone_number = 2.5.4.20
static ASN1ObjectIdentifier id_ce
          ISO ARC for standard certificate and CRL extensions OID: 2.5.29
static ASN1ObjectIdentifier id_ce_ct_embeddedSCTList
          RFC 6962 sec. 3.3 / RFC 9162 sec. 4.1 — certificate extension carrying the TLS-encoded for a server certificate.
static ASN1ObjectIdentifier id_ce_ct_precertPoison
          RFC 6962 sec. 3.1 / RFC 9162 sec. 4.2 — the precertificate-poison critical extension that marks a CMS as a precertificate (i.e. not a valid TLS certificate, used only for CT log submission).
static ASN1ObjectIdentifier id_ce_ct_transparencyInformation
          RFC 9162 sec. 7.1 — the Transparency Information X.509v3 extension, the CT v2 replacement for id_ce_ct_embeddedSCTList.
static ASN1ObjectIdentifier id_ct
          Google's Certificate Transparency arc, the parent of the OIDs defined by RFC 6962.
static ASN1ObjectIdentifier id_ct_precertificate
          RFC 9162 sec. 3.2 — the CMS for a CT v2 precertificate.
static ASN1ObjectIdentifier id_ea_rsa
          OID: 2.5.8.1.1
static ASN1ObjectIdentifier id_ecdsa_with_shake128
          id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) algorithms(6) 32 }
static ASN1ObjectIdentifier id_ecdsa_with_shake256
          id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) algorithms(6) 33 }
static ASN1ObjectIdentifier id_kp_ct_precertSigning
          RFC 6962 sec. 3.1 — Extended Key Usage identifier for an intermediate CA delegated to sign precertificates.
static ASN1ObjectIdentifier id_ocsp_ct_sctList
          RFC 6962 sec. 3.3 — OCSP response extension carrying a TLS-encoded when SCTs are delivered through an OCSP stapling response rather than embedded in the certificate.
static ASN1ObjectIdentifier id_PasswordBasedMac
          Deprecated. Use CRMFObjectIdentifiers.passwordBasedMac instead
static ASN1ObjectIdentifier id_pda
          1.3.6.1.5.5.7.9
static ASN1ObjectIdentifier id_pe
          private internet extensions; OID = 1.3.6.1.5.5.7.1
static ASN1ObjectIdentifier id_pe_relatedCert
          id-pe-relatedCert OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pe(1) 36 } Per RFC 9763 sec. 3, the certificate extension.
static ASN1ObjectIdentifier id_pkix
          id-pkix OID: 1.3.6.1.5.5.7
static ASN1ObjectIdentifier id_rsassa_pss_shake128
          id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) algorithms(6) 30 }
static ASN1ObjectIdentifier id_rsassa_pss_shake256
          id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) algorithms(6) 31 }
static ASN1ObjectIdentifier id_SHA1
          id-SHA1 OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } OID: 1.3.14.3.2.26
static ASN1ObjectIdentifier localityName
          Subject RDN components: localityName = 2.5.4.7
static ASN1ObjectIdentifier ocspAccessMethod
          OID for ocsp uri in AuthorityInformationAccess extension
static ASN1ObjectIdentifier organization
          Subject RDN components: organization = 2.5.4.10
static ASN1ObjectIdentifier organizationalUnitName
          Subject RDN components: organizationalUnitName = 2.5.4.11
static ASN1ObjectIdentifier pkix_algorithms
          1.3.6.1.5.5.7.6
static ASN1ObjectIdentifier ripemd160
          ripemd160 OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) hashAlgorithm(2) RIPEMD-160(1)} OID: 1.3.36.3.2.1
static ASN1ObjectIdentifier ripemd160WithRSAEncryption
          ripemd160WithRSAEncryption OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) rsaSignatureWithripemd160(2) } OID: 1.3.36.3.3.1.2
static ASN1ObjectIdentifier stateOrProvinceName
          Subject RDN components: stateOrProvinceName = 2.5.4.8
 

Field Detail

attributeType

public static final ASN1ObjectIdentifier attributeType

commonName

public static final ASN1ObjectIdentifier commonName
Subject RDN components: commonName = 2.5.4.3


countryName

public static final ASN1ObjectIdentifier countryName
Subject RDN components: countryName = 2.5.4.6


localityName

public static final ASN1ObjectIdentifier localityName
Subject RDN components: localityName = 2.5.4.7


stateOrProvinceName

public static final ASN1ObjectIdentifier stateOrProvinceName
Subject RDN components: stateOrProvinceName = 2.5.4.8


organization

public static final ASN1ObjectIdentifier organization
Subject RDN components: organization = 2.5.4.10


organizationalUnitName

public static final ASN1ObjectIdentifier organizationalUnitName
Subject RDN components: organizationalUnitName = 2.5.4.11


id_at_telephoneNumber

public static final ASN1ObjectIdentifier id_at_telephoneNumber
Subject RDN components: telephone_number = 2.5.4.20


id_at_name

public static final ASN1ObjectIdentifier id_at_name
Subject RDN components: name = 2.5.4.41


id_at_organizationIdentifier

public static final ASN1ObjectIdentifier id_at_organizationIdentifier
Subject RDN components: organizationIdentifier = 2.5.4.97


id_SHA1

public static final ASN1ObjectIdentifier id_SHA1
id-SHA1 OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 }

OID: 1.3.14.3.2.26


ripemd160

public static final ASN1ObjectIdentifier ripemd160
ripemd160 OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) hashAlgorithm(2) RIPEMD-160(1)}

OID: 1.3.36.3.2.1


ripemd160WithRSAEncryption

public static final ASN1ObjectIdentifier ripemd160WithRSAEncryption
ripemd160WithRSAEncryption OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) TeleTrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) rsaSignatureWithripemd160(2) }

OID: 1.3.36.3.3.1.2


id_ea_rsa

public static final ASN1ObjectIdentifier id_ea_rsa
OID: 2.5.8.1.1


id_pkix

public static final ASN1ObjectIdentifier id_pkix
id-pkix OID: 1.3.6.1.5.5.7


id_pe

public static final ASN1ObjectIdentifier id_pe
private internet extensions; OID = 1.3.6.1.5.5.7.1


id_pe_relatedCert

public static final ASN1ObjectIdentifier id_pe_relatedCert
id-pe-relatedCert OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) pe(1) 36 }

Per RFC 9763 sec. 3, the certificate extension. The extension MUST appear in an end-entity certificate only, SHOULD NOT be marked critical, and carries a digest of one previously-issued certificate (the "related certificate") that the CA is asserting belongs to the same end entity — the mechanism that lets a verifier link a classical and a post-quantum certificate during hybrid PQ migration without requiring composite signature algorithms.


pkix_algorithms

public static final ASN1ObjectIdentifier pkix_algorithms
1.3.6.1.5.5.7.6


id_rsassa_pss_shake128

public static final ASN1ObjectIdentifier id_rsassa_pss_shake128
id-RSASSA-PSS-SHAKE128 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) algorithms(6) 30 }


id_rsassa_pss_shake256

public static final ASN1ObjectIdentifier id_rsassa_pss_shake256
id-RSASSA-PSS-SHAKE256 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) algorithms(6) 31 }


id_ecdsa_with_shake128

public static final ASN1ObjectIdentifier id_ecdsa_with_shake128
id-ecdsa-with-shake128 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) algorithms(6) 32 }


id_ecdsa_with_shake256

public static final ASN1ObjectIdentifier id_ecdsa_with_shake256
id-ecdsa-with-shake256 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) algorithms(6) 33 }


id_alg_noSignature

public static final ASN1ObjectIdentifier id_alg_noSignature
id-alg-noSignature OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 2}


id_alg_unsigned

public static final ASN1ObjectIdentifier id_alg_unsigned
id-alg-unsigned OBJECT IDENTIFIER ::= {id-pkix id-alg(6) 36}


id_pda

public static final ASN1ObjectIdentifier id_pda
1.3.6.1.5.5.7.9


id_ad

public static final ASN1ObjectIdentifier id_ad
id-pkix OID: 1.3.6.1.5.5.7.48


id_ad_caIssuers

public static final ASN1ObjectIdentifier id_ad_caIssuers
id-ad-caIssuers OID: 1.3.6.1.5.5.7.48.2


id_ad_ocsp

public static final ASN1ObjectIdentifier id_ad_ocsp
id-ad-ocsp OID: 1.3.6.1.5.5.7.48.1


ocspAccessMethod

public static final ASN1ObjectIdentifier ocspAccessMethod
OID for ocsp uri in AuthorityInformationAccess extension


crlAccessMethod

public static final ASN1ObjectIdentifier crlAccessMethod
OID for crl uri in AuthorityInformationAccess extension


id_ce

public static final ASN1ObjectIdentifier id_ce
ISO ARC for standard certificate and CRL extensions

OID: 2.5.29


id_ct

public static final ASN1ObjectIdentifier id_ct
Google's Certificate Transparency arc, the parent of the OIDs defined by RFC 6962. Not under the standard PKIX id-pe / id-ce trees because the values predate RFC 6962's transition to IETF process.

OID: 1.3.6.1.4.1.11129.2.4


id_ce_ct_embeddedSCTList

public static final ASN1ObjectIdentifier id_ce_ct_embeddedSCTList
RFC 6962 sec. 3.3 / RFC 9162 sec. 4.1 — certificate extension carrying the TLS-encoded for a server certificate.

OID: 1.3.6.1.4.1.11129.2.4.2


id_ce_ct_precertPoison

public static final ASN1ObjectIdentifier id_ce_ct_precertPoison
RFC 6962 sec. 3.1 / RFC 9162 sec. 4.2 — the precertificate-poison critical extension that marks a CMS as a precertificate (i.e. not a valid TLS certificate, used only for CT log submission).

OID: 1.3.6.1.4.1.11129.2.4.3


id_kp_ct_precertSigning

public static final ASN1ObjectIdentifier id_kp_ct_precertSigning
RFC 6962 sec. 3.1 — Extended Key Usage identifier for an intermediate CA delegated to sign precertificates.

OID: 1.3.6.1.4.1.11129.2.4.4


id_ocsp_ct_sctList

public static final ASN1ObjectIdentifier id_ocsp_ct_sctList
RFC 6962 sec. 3.3 — OCSP response extension carrying a TLS-encoded when SCTs are delivered through an OCSP stapling response rather than embedded in the certificate.

OID: 1.3.6.1.4.1.11129.2.4.5


id_ce_ct_transparencyInformation

public static final ASN1ObjectIdentifier id_ce_ct_transparencyInformation
RFC 9162 sec. 7.1 — the Transparency Information X.509v3 extension, the CT v2 replacement for id_ce_ct_embeddedSCTList. Carries a TLS-encoded whose entries are typed under the registry. RFC 9162 deliberately drops the poison extension and precertificate-signing EKU concepts from v1; those constants (id_ce_ct_precertPoison and id_kp_ct_precertSigning) have no v2 counterpart.

OID: 1.3.101.75


id_ct_precertificate

public static final ASN1ObjectIdentifier id_ct_precertificate
RFC 9162 sec. 3.2 — the CMS for a CT v2 precertificate. The v2 precertificate is wrapped as a CMS SignedData object whose encapContentInfo carries this content type, replacing the v1 approach of issuing a separate precertificate with a critical poison extension.

OID: 1.3.101.78


id_PasswordBasedMac

public static final ASN1ObjectIdentifier id_PasswordBasedMac
Deprecated. Use CRMFObjectIdentifiers.passwordBasedMac instead

id-PasswordBasedMac OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) nt(113533) nsn(7) algorithms(66) 13 }


Bouncy Castle Cryptography Library 1.85