|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension | +--com.rsa.certj.cert.extensions.NameConstraints
This class builds and holds the
NameConstraints
extension, which is used
only in a CA certificate. It indicates a name space
within which all subject names in subsequent
certificates in a certification path must be located.
Restrictions might apply to the subject distinguished
name or subject alternative names. Restrictions apply
only when the specified name form is present. If no name
of the type is in the certificate, the
certificate is acceptable. Restrictions are defined in
terms of permitted or excluded name subtrees. Any name
that matches a restriction in the
excludedSubtrees
field is invalid,
regardless of information appearing in
permittedSubtrees
.
nameConstraints EXTENSION ::= { SYNTAX NameConstraintsSyntax IDENTIFIED BY id-ce-nameConstraints } NameConstraintsSyntax ::= SEQUENCE { permittedSubtrees [0] GeneralSubtrees OPTIONAL, excludedSubtrees [1] GeneralSubtrees OPTIONAL } |
permittedSubtrees
and
excludedSubtrees
components each specify
one or more naming subtrees, each defined by the name
of the root of the subtree and, optionally, within
that subtree, an area that is bounded by upper and
lower levels. If permittedSubtrees
is
present, of all the certificates issued by the subject
CA and subsequent CAs in the certification path, only
those certificates with subject names within these
subtrees are acceptable. If
excludedSubtrees
is present, any
certificate issued by the subject CA or subsequent CAs
in the certification path that has a subject name
within these subtrees is unacceptable. If
permittedSubtrees
and
excludedSubtrees
are both present and the
name spaces overlap, the exclusion statement takes
precedence.
Copyright © RSA Security Inc., 1998-2001. All rights reserved.
See Also
Constructor Summary |
|
NameConstraints()
Constructs an empty |
|
NameConstraints(GeneralSubtrees permittedSubtrees,
GeneralSubtrees excludedSubtrees,
boolean criticality)
Constructs a |
Method Summary |
|
clone()
Overrides the default |
|
void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
int |
derEncodeValueInit()
Initialize for encoding the value. |
getExcludedSubtrees()
Gets the excluded subtrees value. |
|
getPermittedSubtrees()
Gets the permitted subtrees value. |
|
void |
setExcludedSubtrees(GeneralSubtrees subTree)
Sets the excluded subtrees value. |
void |
setPermittedSubtrees(GeneralSubtrees subTree)
Sets the permitted subtrees value. |
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension |
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public NameConstraints()
NameConstraints
object.public NameConstraints(GeneralSubtrees permittedSubtrees, GeneralSubtrees excludedSubtrees, boolean criticality)
NameConstraints
object and
initializes it with the given values. Either of the
GeneralSubtrees
parameters can be null
.Parameters
permittedSubtrees | The acceptable subtrees. | ||
excludedSubtrees | The unacceptable subtrees. | ||
criticality | The user-specified criticality. |
Method Detail |
public void decodeValue(byte[] valueBER, int offset) throws CertificateException
Overrides
decodeValue
in class X509V3Extension
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding begins. |
Throws
CertificateException
- If the encoding is invalid for this
extension.public void setPermittedSubtrees(GeneralSubtrees subTree)
Parameters
subTree | A permittedTrees component. |
public void setExcludedSubtrees(GeneralSubtrees subTree)
Parameters
subTree | An excludedTrees component. |
public GeneralSubtrees getPermittedSubtrees()
Returns
public GeneralSubtrees getExcludedSubtrees()
Returns
public int derEncodeValueInit()
Overrides
derEncodeValueInit
in class X509V3Extension
Returns
public int derEncodeValue(byte[] encoding, int offset)
Overrides
derEncodeValue
in class X509V3Extension
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public Object clone() throws CloneNotSupportedException
clone
method
to get a deeper clone.
Overrides
clone
in class X509V3Extension
Returns
NameConstraints
object,
a copy of this object.
Throws
CloneNotSupportedException
- If the cloning operation
is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |