|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension | +--com.rsa.certj.cert.extensions.CertPolicies
This class builds and holds the certificate policy extension. It contains one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. These policy information terms indicate the policy under which the certificate was issued and the purposes for which the certificate may be used. Optional qualifiers, which may be present, are not expected to change the definition of the policy. Applications with specific policy requirements are expected to have a list of those policies which they will accept and to compare the policy OIDs in the certificate to that list. If this extension is critical, the path validation software must be able to interpret this extension (including any optional qualifiers), or must reject the certificate.
The ASN.1 definition is as follows:certificatePolicies EXTENSION ::= { SYNTAX CertificatePoliciesSyntax IDENTIFIED BY id-ce-certificatePolicies } CertificatePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL } CertPolicyId ::= OBJECT IDENTIFIER PolicyQualifierInfo ::= SEQUENCE { policyQualifierId PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId } |
PolicyInformation
type identifies and conveys
qualifier information for one certificate policy. The policyIdentifier
component contains an identifier of a certificate policy
and the policyQualifiers
component contains
policy qualifier values for that element.
As an example, the PKIX Profile Specification (RFC.2459) defines
two policy qualifier types for use by certificate policy
writers and certificate issuers. One of the qualifier types
is the CPS pointer qualifier. The CPS pointer qualifier
contains a pointer to a Certification Practice Statement
(CPS) published by the CA. The pointer is in the form of a
uniform resource indicator (URI). The PKIX definition is as
follows:
-- policyQualifierId id-qt-cps OBJECT IDENTIFIER ::= { id-pkix 2 1} -- qualifier CPSuri ::= IA5String |
See Also
Constructor Summary |
|
CertPolicies()
Constructs an empty |
|
CertPolicies(byte[] oid,
int oidOffset,
int oidLen,
PolicyQualifiers qualifier,
boolean criticality)
Constructs a |
Method Summary |
|
void |
addCertPolicy(byte[] oid,
int oidOffset,
int oidLen,
PolicyQualifiers qualifier)
Adds a certificate policy to this extension. |
clone()
Overrides the default |
|
void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
int |
derEncodeValueInit()
Initialize for encoding the value. |
byte[] |
getCertPolicyId(int Index)
Gets the OID of the certificate policy specified by Index. |
int |
getPoliciesCount()
Gets the number of certificate policy elements in this extension. |
getPolicyQualifiers(int Index)
Gets the |
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension |
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public CertPolicies()
CertPolicies
object.public CertPolicies(byte[] oid, int oidOffset, int oidLen, PolicyQualifiers qualifier, boolean criticality)
CertPolicies
object and
initializes it with the given values.Parameters
oid | A | ||
oidOffset | The offset into the oid array. | ||
oidLen | The length of the data in the oid array. | ||
qualifier | The policy qualifier for this certificate policy. | ||
criticality | The user-specified criticality. |
Method Detail |
public void addCertPolicy(byte[] oid, int oidOffset, int oidLen, PolicyQualifiers qualifier)
Parameters
oid | A | ||
oidOffset | The offset into the oid array. | ||
oidLen | The length of the data in the oid array. | ||
qualifier | The policy qualifier for this certificate policy. |
public byte[] getCertPolicyId(int Index) throws CertificateException
Parameters
Index | An index to the specified policy information. |
Returns
Throws
CertificateException
- If the
specified index is invalid.public PolicyQualifiers getPolicyQualifiers(int Index) throws CertificateException
PolicyQualifiers
of the policy
information specified by Index.Parameters
Index | An index to the specified policy information. |
Returns
PolicyQualifiers
of the
specified policy information.
Throws
CertificateException
- If the
specified index is invalid.public int getPoliciesCount()
Returns
public void decodeValue(byte[] valueBER, int offset) throws CertificateException
Overrides
decodeValue
in class X509V3Extension
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding actually begins. |
Throws
CertificateException
- If the encoding is invalid for this
extension.public int derEncodeValueInit()
Overrides
derEncodeValueInit
in class X509V3Extension
Returns
public int derEncodeValue(byte[] encoding, int offset)
Overrides
derEncodeValue
in class X509V3Extension
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public Object clone() throws CloneNotSupportedException
clone
method to get a deeper clone.
Overrides
clone
in class X509V3Extension
Returns
CertPolicies
object,
a copy of this object.
Throws
CloneNotSupportedException
- If the
cloning operation is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |