Update KeyPurposeID from bc-java
- obsolete old-style names
- add Kerberos entries (see https://github.com/bcgit/bc-csharp/pull/256)
3 files changed, 76 insertions, 18 deletions
diff --git a/crypto/src/asn1/x509/KeyPurposeId.cs b/crypto/src/asn1/x509/KeyPurposeId.cs
index 1a564b97a..d0b9bb7e6 100644
--- a/crypto/src/asn1/x509/KeyPurposeId.cs
+++ b/crypto/src/asn1/x509/KeyPurposeId.cs
@@ -1,3 +1,5 @@
+using System;
+
namespace Org.BouncyCastle.Asn1.X509
{
/**
@@ -9,30 +11,86 @@ namespace Org.BouncyCastle.Asn1.X509
public sealed class KeyPurposeID
: DerObjectIdentifier
{
- private const string IdKP = "1.3.6.1.5.5.7.3";
+ private const string id_kp = "1.3.6.1.5.5.7.3";
- private KeyPurposeID(
- string id)
+ private KeyPurposeID(string id)
: base(id)
{
}
public static readonly KeyPurposeID AnyExtendedKeyUsage = new KeyPurposeID(X509Extensions.ExtendedKeyUsage.Id + ".0");
- public static readonly KeyPurposeID IdKPServerAuth = new KeyPurposeID(IdKP + ".1");
- public static readonly KeyPurposeID IdKPClientAuth = new KeyPurposeID(IdKP + ".2");
- public static readonly KeyPurposeID IdKPCodeSigning = new KeyPurposeID(IdKP + ".3");
- public static readonly KeyPurposeID IdKPEmailProtection = new KeyPurposeID(IdKP + ".4");
- public static readonly KeyPurposeID IdKPIpsecEndSystem = new KeyPurposeID(IdKP + ".5");
- public static readonly KeyPurposeID IdKPIpsecTunnel = new KeyPurposeID(IdKP + ".6");
- public static readonly KeyPurposeID IdKPIpsecUser = new KeyPurposeID(IdKP + ".7");
- public static readonly KeyPurposeID IdKPTimeStamping = new KeyPurposeID(IdKP + ".8");
- public static readonly KeyPurposeID IdKPOcspSigning = new KeyPurposeID(IdKP + ".9");
-
- //
+
+ public static readonly KeyPurposeID id_kp_serverAuth = new KeyPurposeID(id_kp + ".1");
+ public static readonly KeyPurposeID id_kp_clientAuth = new KeyPurposeID(id_kp + ".2");
+ public static readonly KeyPurposeID id_kp_codeSigning = new KeyPurposeID(id_kp + ".3");
+ public static readonly KeyPurposeID id_kp_emailProtection = new KeyPurposeID(id_kp + ".4");
+ public static readonly KeyPurposeID id_kp_ipsecEndSystem = new KeyPurposeID(id_kp + ".5");
+ public static readonly KeyPurposeID id_kp_ipsecTunnel = new KeyPurposeID(id_kp + ".6");
+ public static readonly KeyPurposeID id_kp_ipsecUser = new KeyPurposeID(id_kp + ".7");
+ public static readonly KeyPurposeID id_kp_timeStamping = new KeyPurposeID(id_kp + ".8");
+ public static readonly KeyPurposeID id_kp_OCSPSigning = new KeyPurposeID(id_kp + ".9");
+ public static readonly KeyPurposeID id_kp_dvcs = new KeyPurposeID(id_kp + ".10");
+ public static readonly KeyPurposeID id_kp_sbgpCertAAServerAuth = new KeyPurposeID(id_kp + ".11");
+ public static readonly KeyPurposeID id_kp_scvp_responder = new KeyPurposeID(id_kp + ".12");
+ public static readonly KeyPurposeID id_kp_eapOverPPP = new KeyPurposeID(id_kp + ".13");
+ public static readonly KeyPurposeID id_kp_eapOverLAN = new KeyPurposeID(id_kp + ".14");
+ public static readonly KeyPurposeID id_kp_scvpServer = new KeyPurposeID(id_kp + ".15");
+ public static readonly KeyPurposeID id_kp_scvpClient = new KeyPurposeID(id_kp + ".16");
+ public static readonly KeyPurposeID id_kp_ipsecIKE = new KeyPurposeID(id_kp + ".17");
+ public static readonly KeyPurposeID id_kp_capwapAC = new KeyPurposeID(id_kp + ".18");
+ public static readonly KeyPurposeID id_kp_capwapWTP = new KeyPurposeID(id_kp + ".19");
+
+ public static readonly KeyPurposeID id_kp_cmcCA = new KeyPurposeID(id_kp + ".27");
+ public static readonly KeyPurposeID id_kp_cmcRA = new KeyPurposeID(id_kp + ".28");
+ public static readonly KeyPurposeID id_kp_cmKGA = new KeyPurposeID(id_kp + ".32");
+
+ //
// microsoft key purpose ids
//
- public static readonly KeyPurposeID IdKPSmartCardLogon = new KeyPurposeID("1.3.6.1.4.1.311.20.2.2");
+ public static readonly KeyPurposeID id_kp_smartcardlogon = new KeyPurposeID("1.3.6.1.4.1.311.20.2.2");
+
+ public static readonly KeyPurposeID id_kp_macAddress = new KeyPurposeID("1.3.6.1.1.1.1.22");
+
+ /// <summary>Microsoft Server Gated Crypto (msSGC).</summary>
+ /// <remarks>see https://www.alvestrand.no/objectid/1.3.6.1.4.1.311.10.3.3.html</remarks>
+ public static readonly KeyPurposeID id_kp_msSGC = new KeyPurposeID("1.3.6.1.4.1.311.10.3.3");
+
+ private const string id_pkinit = "1.3.6.1.5.2.3";
+
+ public static readonly KeyPurposeID scSysNodeNumber = new KeyPurposeID(id_pkinit + ".0");
+ public static readonly KeyPurposeID id_pkinit_authData = new KeyPurposeID(id_pkinit + ".1");
+ public static readonly KeyPurposeID id_pkinit_DHKeyData = new KeyPurposeID(id_pkinit + ".2");
+ public static readonly KeyPurposeID id_pkinit_rkeyData = new KeyPurposeID(id_pkinit + ".3");
+ public static readonly KeyPurposeID keyPurposeClientAuth = new KeyPurposeID(id_pkinit + ".4");
+ public static readonly KeyPurposeID keyPurposeKdc = new KeyPurposeID(id_pkinit + ".5");
+
+ /// <summary>Netscape Server Gated Crypto (nsSGC).</summary>
+ /// <remarks>see https://www.alvestrand.no/objectid/2.16.840.1.113730.4.1.html</remarks>
+ public static readonly KeyPurposeID id_kp_nsSGC = new KeyPurposeID("2.16.840.1.113730.4.1");
+
+ [Obsolete("Use 'id_kp_serverAuth' instead")]
+ public static readonly KeyPurposeID IdKPServerAuth = id_kp_serverAuth;
+ [Obsolete("Use 'id_kp_clientAuth' instead")]
+ public static readonly KeyPurposeID IdKPClientAuth = id_kp_clientAuth;
+ [Obsolete("Use 'id_kp_codeSigning' instead")]
+ public static readonly KeyPurposeID IdKPCodeSigning = id_kp_codeSigning;
+ [Obsolete("Use 'id_kp_emailProtection' instead")]
+ public static readonly KeyPurposeID IdKPEmailProtection = id_kp_emailProtection;
+ [Obsolete("Use 'id_kp_ipsecEndSystem' instead")]
+ public static readonly KeyPurposeID IdKPIpsecEndSystem = id_kp_ipsecEndSystem;
+ [Obsolete("Use 'id_kp_ipsecTunnel' instead")]
+ public static readonly KeyPurposeID IdKPIpsecTunnel = id_kp_ipsecTunnel;
+ [Obsolete("Use 'id_kp_ipsecUser' instead")]
+ public static readonly KeyPurposeID IdKPIpsecUser = id_kp_ipsecUser;
+ [Obsolete("Use 'id_kp_timeStamping' instead")]
+ public static readonly KeyPurposeID IdKPTimeStamping = id_kp_timeStamping;
+ [Obsolete("Use 'id_kp_OCSPSigning' instead")]
+ public static readonly KeyPurposeID IdKPOcspSigning = id_kp_OCSPSigning;
+
+ [Obsolete("Use 'id_kp_smartcardlogon' instead")]
+ public static readonly KeyPurposeID IdKPSmartCardLogon = id_kp_smartcardlogon;
- public static readonly KeyPurposeID IdKPMacAddress = new KeyPurposeID("1.3.6.1.1.1.1.22");
+ [Obsolete("Use 'id_kp_macAddress' instead")]
+ public static readonly KeyPurposeID IdKPMacAddress = id_kp_macAddress;
}
}
diff --git a/crypto/src/tsp/TSPUtil.cs b/crypto/src/tsp/TSPUtil.cs
index a9402ac6d..1ba289ae6 100644
--- a/crypto/src/tsp/TSPUtil.cs
+++ b/crypto/src/tsp/TSPUtil.cs
@@ -145,7 +145,7 @@ namespace Org.BouncyCastle.Tsp
ExtendedKeyUsage extKey = ExtendedKeyUsage.GetInstance(
Asn1Object.FromByteArray(ext.GetOctets()));
- if (!extKey.HasKeyPurposeId(KeyPurposeID.IdKPTimeStamping) || extKey.Count != 1)
+ if (!extKey.HasKeyPurposeId(KeyPurposeID.id_kp_timeStamping) || extKey.Count != 1)
throw new TspValidationException("ExtendedKeyUsage not solely time stamping.");
}
catch (IOException)
diff --git a/crypto/test/src/tsp/test/TSPTestUtil.cs b/crypto/test/src/tsp/test/TSPTestUtil.cs
index abe153ac1..4e08bd76d 100644
--- a/crypto/test/src/tsp/test/TSPTestUtil.cs
+++ b/crypto/test/src/tsp/test/TSPTestUtil.cs
@@ -347,7 +347,7 @@ namespace Org.BouncyCastle.Tsp.Tests
else
{
_v3CertGen.AddExtension(X509Extensions.ExtendedKeyUsage, true,
- ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.IdKPTimeStamping)));
+ ExtendedKeyUsage.GetInstance(new DerSequence(KeyPurposeID.id_kp_timeStamping)));
}
X509Certificate _cert = _v3CertGen.Generate(
|
