com.rsa.certj.cert.extensions

Class CertPolicies

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.CertPolicies

All Implemented Interfaces:

CertExtension, Cloneable, Serializable

public class CertPolicies

extends X509V3Extension

implements Cloneable, Serializable, CertExtension

This class builds and holds the certificate policy extension. It contains one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. These policy information terms indicate the policy under which the certificate was issued and the purposes for which the certificate may be used. Optional qualifiers, which may be present, are not expected to change the definition of the policy. Applications with specific policy requirements are expected to have a list of those policies which they will accept and to compare the policy OIDs in the certificate to that list. If this extension is critical, the path validation software must be able to interpret this extension (including any optional qualifiers), or must reject the certificate.

The ASN.1 definition is as follows:

 certificatePolicies EXTENSION ::= {
	SYNTAX	CertificatePoliciesSyntax
	IDENTIFIED BY id-ce-certificatePolicies }

 CertificatePoliciesSyntax ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation

 PolicyInformation ::= SEQUENCE {
	policyIdentifier   CertPolicyId,
	policyQualifiers   SEQUENCE SIZE (1..MAX) OF 
		PolicyQualifierInfo OPTIONAL }

 CertPolicyId ::= OBJECT IDENTIFIER

 PolicyQualifierInfo ::= SEQUENCE {
       policyQualifierId  PolicyQualifierId,
       qualifier          ANY DEFINED BY policyQualifierId }

A value of the PolicyInformation type identifies and conveys qualifier information for one certificate policy. The policyIdentifier component contains an identifier of a certificate policy and the policyQualifiers component contains policy qualifier values for that element.

As an example, the PKIX Profile Specification (RFC.2459) defines two policy qualifier types for use by certificate policy writers and certificate issuers. One of the qualifier types is the CPS pointer qualifier. The CPS pointer qualifier contains a pointer to a Certification Practice Statement (CPS) published by the CA. The pointer is in the form of a uniform resource indicator (URI). The PKIX definition is as follows:

 -- policyQualifierId
 id-qt-cps  OBJECT IDENTIFIER ::=  { id-pkix 2 1}
 -- qualifier
 CPSuri ::= IA5String

This extension may, at the option of the certificate issuer, be either critical or non-critical.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

See Also

Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

CertPolicies()

Constructs an empty CertPolicies object.

CertPolicies(byte[] oid, int oidOffset, int oidLen, PolicyQualifiers qualifier, boolean criticality)

Constructs a CertPolicies object and initializes it with the given values.

Method Summary

void	addCertPolicy(byte[] oid, int oidOffset, int oidLen, PolicyQualifiers qualifier) Adds a certificate policy to this extension.
Object	clone() Overrides the default clone method to get a deeper clone.
void	decodeValue(byte[] valueBER, int offset) Decode the value.
int	derEncodeValue(byte[] encoding, int offset) Place the encoding of the value into encoding, beginning at offset.
int	derEncodeValueInit() Initialize for encoding the value.
byte[]	getCertPolicyId(int Index) Gets the OID of the certificate policy specified by Index.
int	getPoliciesCount() Gets the number of certificate policy elements in this extension.
PolicyQualifiers	getPolicyQualifiers(int Index) Gets the PolicyQualifiers of the policy information specified by Index.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertPolicies

public CertPolicies()

Constructs an empty CertPolicies object.

CertPolicies

public CertPolicies(byte[] oid,
                    int oidOffset,
                    int oidLen,
                    PolicyQualifiers qualifier,
                    boolean criticality)

Constructs a CertPolicies object and initializes it with the given values.

Parameters

	oid		A byte array that contains the OID that specifies this certificate policy.
	oidOffset		The offset into the oid array.
	oidLen		The length of the data in the oid array.
	qualifier		The policy qualifier for this certificate policy.
	criticality		The user-specified criticality.

Method Detail

addCertPolicy

public void addCertPolicy(byte[] oid,
                          int oidOffset,
                          int oidLen,
                          PolicyQualifiers qualifier)

Adds a certificate policy to this extension.

Parameters

	oid		A byte array that contains the OID that specifies this certificate policy.
	oidOffset		The offset into the oid array.
	oidLen		The length of the data in the oid array.
	qualifier		The policy qualifier for this certificate policy.

getCertPolicyId

public byte[] getCertPolicyId(int Index)
                       throws CertificateException

Gets the OID of the certificate policy specified by Index.

Parameters

Index

An index to the specified policy information.

Returns

The OID of the specified certificate policy information.

Throws

CertificateException - If the specified index is invalid.

getPolicyQualifiers

public PolicyQualifiers getPolicyQualifiers(int Index)
                                     throws CertificateException

Gets the PolicyQualifiers of the policy information specified by Index.

Parameters

Index

An index to the specified policy information.

Returns

The PolicyQualifiers of the specified policy information.

Throws

CertificateException - If the specified index is invalid.

getPoliciesCount

public int getPoliciesCount()

Gets the number of certificate policy elements in this extension.

Returns

The number of certificate policy information elements in this object.

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value.

Overrides

decodeValue in class X509V3Extension

Parameters

	valueBER		The BER encoding of the extension's value.
	offset		The offset into valueBER where the encoding actually begins.

Throws

CertificateException - If the encoding is invalid for this extension.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides

derEncodeValueInit in class X509V3Extension

Returns

How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides

derEncodeValue in class X509V3Extension

Parameters

	encoding		The byte array into which the result will be placed.
	offset		The offest into encoding where the writing is to begin.

Returns

The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides

clone in class X509V3Extension

Returns

A new CertPolicies object, a copy of this object.

Throws

CloneNotSupportedException - If the cloning operation is not successful.