[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] custom certificate V3Extensions


> I assume this is supposed to be an ObjectID, e.g.:
>  public static ObjectID oid = new ObjectID("9.45.12345.17.8",

Yes. Even when customed, please be careful to specify a correct OID (i.e.
has to start with 0 or 1 or 2, ... see, for instance, Kaliski´s Layman´s
Guide for further rules (http://www.rsasecurity.com/rsalabs/pkcs/).

> V3Extension ext = m_cert.getExtension(CustomExtension.oid);

> I get a NullPointerException.

Don´t know what´s going wrong. May you provide a source sample?

Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Aaron Haspel
Gesendet: Dienstag, 22. August 2000 20:14
An: Dieter Bratko; iaik-jce@iaik.tu-graz.ac.at
Betreff: [iaik-jce] custom certificate V3Extensions


Thanks for your reply.  There is one point i don't understand:

  public static oid = new ObjectIdentifier("...", "...");

I assume this is supposed to be an ObjectID, e.g.:

  public static ObjectID oid = new ObjectID("9.45.12345.17.8",

I create the CustomExtension class extending the V3Extension class no
problem. I also register it with X509Extensions as you advised.  But when I
try to access the custom extension using the following code:

  V3Extension ext = m_cert.getExtension(CustomExtension.oid);

I get a NullPointerException.  Obviously it can't find the CustomExtension,
even though it's in the certificate when I examine it (albeit under a
different string value).  Any thoughts on what I'm doing wrong?


----- Original Message -----
From: "Dieter Bratko" <Dieter.Bratko@iaik.at>
To: "Aaron Haspel" <aaron@eredyne.com>; <iaik-jce@iaik.tu-graz.ac.at>
Sent: Tuesday, August 22, 2000 11:49 AM
Subject: AW: [iaik-jce] V3 extensions

You should not use UnknownExtension for implementing private extensions.
Rather extend the
V3Extension class for each extension you´re wishing to implement. When doing
so, implement the abstract toASN1Object() method in a way that it returns an
ASN.1 representation of
your extension (do not include the critical specification and the OID in the
ASN.1 representation). The, for instance, KeyUsage extension is defined as:

KeyUsage ::= BIT STRING

     digitalSignature        (0),
    nonRepudiation          (1),
    keyEncipherment         (2),
    dataEncipherment        (3),
     keyAgreement            (4),
    keyCertSign             (5),
    cRLSign                 (6),
    encipherOnly            (7),
   decipherOnly            (8) }

and so the toASN1Object() method of the KeyUsage class just returns a
BIT_STRING with the value that has been set when creating the KeyUsage
object. In the same way, the ASN1Object supplied for the init(..) method of
the KeyUsage extension will be a BIT_STRING object.

In this way, you may proceed as follows: define an ASN.1 representation for
your private extension properly representing your string,  e.g.:

      MyPrivateExtension  ::= PrintableString,

and subsequently write a new class for this extension (by extending
V3Extension) and statically set the OID. Use the toASN1Object() method for
returning the ASN.1 representation you have defined (you also must include
the empty default constructor for
dynamic object generation), e.g.:

MyPrivateExtension  extends iaik.x509.V3Extension {

    public static oid = new ObjectIdentifier("...", "...");

    private String value;

    public MyPrivateExtension() {

    public MyPrivateExtension(String value) {
       this.value = value;

    public String getValue() {
      return this.value;

    public ASN1Object toASN1Object() {
       return new IA5StringString(value);


   public void init(ASN1Object obj) {
      value = (String)obj.getValue();



  public ObjectID getObjectID() {
    return oid;


  public int hashCode() {
    return oid.hashCode();


  public String toString() {


For using your new extension in the way accustumed from the standard
extensions, statically register it in class X509Extensions:

X509Extensions.register(MyPrivateExtension.oid, MyPrivateExtension.class);