com.rsa.certj.cert.extensions

Class HoldInstructionCode

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.HoldInstructionCode

All Implemented Interfaces:

Cloneable, CRLEntryExtension, OCSPSingleExtension, Serializable

public class HoldInstructionCode

extends X509V3Extension

implements Cloneable, Serializable, CRLEntryExtension, OCSPSingleExtension

This class holds, encodes, and decodes the HoldInstructionCode extension. This CRL entry extension field lets you include a registered instruction identifier that indicates what action should be taken for held certificates that have a certificateHold reason code.

The ASN.1 definition is as follows:

 holdInstructionCode EXTENSION ::= {
	SYNTAX	HoldInstruction
	IDENTIFIED BY id-ce-instructionCode }
 HoldInstruction ::= OBJECT IDENTIFIER

The following instruction codes have been defined in the PKIX Profile Specification (RFC2459). Conforming applications that process this extension MUST recognize the following instruction codes:

   holdInstruction    OBJECT IDENTIFIER ::=
                   { iso(1) member-body(2) us(840) x9-57(10040) 2 }

  id-holdinstruction-none   OBJECT IDENTIFIER ::= {holdInstruction 1}
  id-holdinstruction-callissuer
                            OBJECT IDENTIFIER ::= {holdInstruction 2}
  id-holdinstruction-reject OBJECT IDENTIFIER ::= {holdInstruction 3}

Conforming applications that encounter an id-holdinstruction-callissuer must call the certificate issuer or reject the certificate. Conforming applications that encounter an id- holdinstruction-reject must reject the certificate. The hold instruction, id- holdinstruction-none, is semantically equivalent to the absence of a holdInstructionCode, and its use is deprecated for the Internet PKI.

This extension should always be non-critical.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

See Also

Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

HoldInstructionCode()

Constructs an empty HoldInstructionCode object.

HoldInstructionCode(byte[] holdInstruction, int offset, int len, boolean criticality)

Constructs a HoldInstructionCode object and initializes it with the given values.

Method Summary

Object	clone() Overrides the default clone method to get a deeper clone.
void	decodeValue(byte[] valueBER, int offset) Decode the value.
int	derEncodeValue(byte[] encoding, int offset) Place the encoding of the value into encoding, beginning at offset.
int	derEncodeValueInit() Initialize for encoding the value.
byte[]	getCode() Gets the value of this object, holdInstruction.
void	setCode(byte[] holdInstruction, int offset, int len) Sets the value of this object to holdInstruction.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HoldInstructionCode

public HoldInstructionCode()

Constructs an empty HoldInstructionCode object.

HoldInstructionCode

public HoldInstructionCode(byte[] holdInstruction,
                           int offset,
                           int len,
                           boolean criticality)

Constructs a HoldInstructionCode object and initializes it with the given values. The holdInstruction parameter indicates what action should be taken for a held certificate.

Parameters

	holdInstruction		An identifier to indicate the action to take when a held certificate is encountered.
	offset		An offset into holdInstruction array.
	len		The length of the instruction code.
	criticality		The user-specified criticality.

Method Detail

setCode

public void setCode(byte[] holdInstruction,
                    int offset,
                    int len)

Sets the value of this object to holdInstruction. If this object already has a value, this method will replace it with the value given in this method.

Parameters

	holdInstruction		The value of the instruction code.
	offset		The offset into the holdInstruction array where the value begins.
	len		The length of the instruction code.

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides

decodeValue in class X509V3Extension

Parameters

	valueBER		The BER encoding of the extension's value.
	offset		The offset into valueBER where the encoding begins.

Throws

CertificateException - If the encoding is invalid for this extension.

getCode

public byte[] getCode()

Gets the value of this object, holdInstruction. If this object does not have a value, then this method returns null.

Returns

A new byte array containing the holdInstructionCode value.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides

derEncodeValueInit in class X509V3Extension

Returns

How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING

Overrides

derEncodeValue in class X509V3Extension

Parameters

	encoding		The byte array into which the result will be placed.
	offset		The offest into encoding where the writing is to begin.

Returns

The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides

clone in class X509V3Extension

Returns

A new HoldInstructionCode object, a copy of this object.

Throws

CloneNotSupportedException - If the cloning operation is not successful.