com.rsa.certj.cert.extensions

Class IssuerAltName

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.IssuerAltName

All Implemented Interfaces:

CertExtension, Cloneable, CRLExtension, Serializable

public class IssuerAltName

extends X509V3Extension

implements Cloneable, Serializable, CertExtension, CRLExtension

This class builds and holds the IssuerAltName extension. It allows additional identities to be bound to the issuer of the certificate. Defined options include an Internet electronic mail address, a DNS name, an IP address, and a uniform resource identifier (URI). Other options exist, including completely local definitions. Multiple name forms, and multiple instances of each name form, may be included. Whenever such identities are to be bound into a certificate, you must use the IssuerAltName extension.

Furthermore, if the only issuer identity included in the certificate is an alternative name form (for example, an electronic mail address), then the issuer distinguished name must be empty (an empty sequence), and the IssuerAltName extension must be present. If the certificate’s issuer field contains an empty sequence, the IssuerAltName extension must be marked critical. Issuer alternative names may be constrained in the same manner as issuer distinguished names, using the name constraints extension. If the IssuerAltName extension is present, the sequence must contain at least one entry. Unlike the issuer field, conforming CAs must not issue certificates with issuerAltNames that contain empty GeneralName fields.

The ASN.1 definition is as follows:

     issuerAltName EXTENSION ::= {
         SYNTAX GeneralNames
         IDENTIFIED BY id-ce-IssuerAltName
     }

     GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

     GeneralName ::= CHOICE {
         otherName                   [0]     OCTET STRING
         rfc822Name                  [1]     IA5String
         dNSName                     [2]     IA5String
         x400Address                 [3]     OCTET STRING
         directoryName               [4]     Name
         ediPartyName                [5]     EDIPartyName
         uniformResourceIdentifier   [6]     IA5String
         iPAddress                   [7]     OCTET STRING
         registeredID                [8]     OBJECT IDENTIFIER
     }

Copyright © RSA Security Inc., 1998-2001. All rights reserved.

See Also

Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

IssuerAltName()

Constructs an empty IssuerAltName object.

IssuerAltName(GeneralNames name, boolean criticality)

Constructs an IssuerAltName object and initializes it with the given values.

Method Summary

void	addGeneralName(GeneralName name) Adds the GeneralName object to the GeneralNames field in this extension.
Object	clone() Overrides the default clone method to get a deeper clone.
void	decodeValue(byte[] valueBER, int offset) Decode the value.
int	derEncodeValue(byte[] encoding, int offset) Place the encoding of the value into encoding, beginning at offset.
int	derEncodeValueInit() Initialize for encoding the value.
GeneralNames	getGeneralNames() Gets the GeneralNames object from this extension.
void	setGeneralNames(GeneralNames names) Sets this extension to the value of names.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

IssuerAltName

public IssuerAltName()

Constructs an empty IssuerAltName object.

IssuerAltName

public IssuerAltName(GeneralNames name,
                     boolean criticality)
              throws CertificateException

Constructs an IssuerAltName object and initializes it with the given values.

Parameters

	name		A GeneralNames object that is used to hold the issuer's additional identities.
	criticality		The user-specified criticality.

Throws

CertificateException - If there is a cloning error.

Method Detail

addGeneralName

public void addGeneralName(GeneralName name)

Adds the GeneralName object to the GeneralNames field in this extension.

Parameters

name

The issuer's alternative name to add.

setGeneralNames

public void setGeneralNames(GeneralNames names)
                     throws CertificateException

Sets this extension to the value of names. If this field has a value, then this method deletes it and sets it to the new value.

Parameters

names

The issuer alternative name.

Throws

CertificateException - If there is a cloning error.

getGeneralNames

public GeneralNames getGeneralNames()

Gets the GeneralNames object from this extension.

Returns

The issuer's additional identities.

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value.

Overrides

decodeValue in class X509V3Extension

Parameters

	valueBER		The BER encoding of the extension's value.
	offset		The offset into valueBER where the encoding begins.

Throws

CertificateException - If the encoding is invalid for this extension.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides

derEncodeValueInit in class X509V3Extension

Returns

How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides

derEncodeValue in class X509V3Extension

Parameters

	encoding		The byte array into which the result will be placed.
	offset		The offest into encoding where the writing is to begin.

Returns

The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides

clone in class X509V3Extension

Returns

A new IssuerAltName object, a copy of this object.

Throws

CloneNotSupportedException - If the cloning operation is not successful.