RSA BSAFE ® Cert-J 2.1.1 JAVA COMPONENTS: Class NetscapeCertType

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.rsa.certj.cert.extensions

Class NetscapeCertType

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.NetscapeCertType

All Implemented Interfaces:: CertExtension, Cloneable, Serializable

public class NetscapeCertType
extends X509V3Extension
implements Cloneable, Serializable, CertExtension

This class builds and holds the NetscapeCertType extension. It can be used to limit the applications for a certificate. If this extension exists in a certificate, it will limit the uses of the certificate to those specified. If the extension is not present, then the certificate can be used for all applications except object signing. The value of this extension is a bit-string.

The individual bit positions are defined as follows:

 bit-0    SSL client - this cert is certified for SSL client authentication use
 bit-1    SSL server - this cert is certified for SSL server authentication use
 bit-2    S/MIME - this cert is certified for use by clients
 bit-3    Object Signing - this cert is certified for signing objects 
          such as Java applets and plugins
 bit-4    Reserved - this bit is reserved for future use
 bit-5    SSL CA - this cert is certified for issuing certs for SSL use
 bit-6    S/MIME CA - this cert is certified for issuing certs for S/MIME use
 bit-7    Object Signing CA - this cert is certified for issuing certs 
          for Object Signing

The ASN.1 definition is as follows:

 netscape OBJECT IDENTIFIER ::= { 2 16 840 1 113730 } 
 netscape-cert-extension OBJECT IDENTIFIER :: = { netscape 1 } 
 netscape-cert-type OBJECT IDENTIFIER ::= { netscape-cert-extension 1 }

See Also: Serialized Form

Field Summary

static int
CERT_TYPE_BITS

Indicates how many possible CertType bits there are.

static int
CERT_TYPE_MASK

A mask that indicates which bits are seen.

static int
OBJECT_SIGNING

Indicates that this certificate is certified for signing objects such as Java applets and plug-ins.

static int
OBJECT_SIGNING_CA

Indicates that this certificate is certified to issue certificates for object signing.

static int
RESERVED

Indicates that this bit is reserved for future use.

static int
SMIME_CA

Indicates that this certificate is certified to issue certificates for S/MIME use.

static int
SMIME_CLIENT

Indicates that this certificate is certified for use by clients for S/MIME use.

static int
SSL_CA

Indicates that this certificate is certified for issuing certs for SSL use.

static int
SSL_CLIENT

Indicates that this certificate is certified for SSL client authentication use.

static int
SSL_SERVER

Indicates that this certificate is certified for SSL server authentication use.

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

NetscapeCertType()

Constructs an empty NetscapeCertType object.

NetscapeCertType(int certType, boolean criticality)

Constructs a NetscapeCertType object and initializes it with the given values and the specified criticality.

Method Summary

Object
clone()

Overrides the default clone method to get a deeper clone.

void
decodeValue(byte[] valueBER, int offset)

Decode the value.

int
derEncodeValue(byte[] encoding, int offset)

Place the encoding of the value into encoding, beginning at offset.

int
derEncodeValueInit()

Initialize for encoding the value.

int
getCertType()

Gets the value of this object, the certificate type bits.

void
setCertType(int certType)

Sets the certificate type value.

boolean
verifyCertType(int typeToVerify)

Given typeToVerify, an int set with flags of the proposed type, this method verifies that the extension is set to at least the proposed type.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CERT_TYPE_BITS

public static final int CERT_TYPE_BITS

Indicates how many possible CertType bits there are. In this implementation there are eight bits.

CERT_TYPE_MASK

public static final int CERT_TYPE_MASK

A mask that indicates which bits are seen. In this implementation the eight left-most bits are used.

SSL_CLIENT

public static final int SSL_CLIENT

Indicates that this certificate is certified for SSL client authentication use.

SSL_SERVER

public static final int SSL_SERVER

Indicates that this certificate is certified for SSL server authentication use.

SMIME_CLIENT

public static final int SMIME_CLIENT

Indicates that this certificate is certified for use by clients for S/MIME use.

OBJECT_SIGNING

public static final int OBJECT_SIGNING

Indicates that this certificate is certified for signing objects such as Java applets and plug-ins.

RESERVED

public static final int RESERVED

Indicates that this bit is reserved for future use.

SSL_CA

public static final int SSL_CA

Indicates that this certificate is certified for issuing certs for SSL use.

SMIME_CA

public static final int SMIME_CA

Indicates that this certificate is certified to issue certificates for S/MIME use.

OBJECT_SIGNING_CA

public static final int OBJECT_SIGNING_CA

Indicates that this certificate is certified to issue certificates for object signing.

Constructor Detail

NetscapeCertType

public NetscapeCertType()

Constructs an empty NetscapeCertType object.

NetscapeCertType

public NetscapeCertType(int certType,
                        boolean criticality)

Constructs a NetscapeCertType object and initializes it with the given values and the specified criticality.

The value of certType is the logical bitwise-ORing of the static field values previously specified in this class.

Parameters

	`certType`		The Netscape certificate type value.
	`criticality`		The user-specified criticality.

Method Detail

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides: decodeValue in class X509V3Extension

Throws: CertificateException - If the encoding is invalid for this extension.

setCertType

public void setCertType(int certType)

Sets the certificate type value.

Parameters

certType

The certificate type value, the result of combining the flags to set for this object with a bitwise OR operation.

getCertType

public int getCertType()

Gets the value of this object, the certificate type bits. If this object does not have an ID, this method returns 0.

Returns: The certificate type bits, the result of combining the flags set for this object with a bitwise OR operation.

verifyCertType

public boolean verifyCertType(int typeToVerify)

Given typeToVerify, an int set with flags of the proposed type, this method verifies that the extension is set to at least the proposed type. It is possible to set more bits than those in typeToVerify.

Returns: A boolean indicating whether the flags in this extension are set to the value passed in this method.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides: derEncodeValueInit in class X509V3Extension

Returns: How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides: derEncodeValue in class X509V3Extension

Returns: The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides: clone in class X509V3Extension

Returns: A new NetscapeCertType object, a copy of this object.
Throws: CloneNotSupportedException - If the cloning operation is not successful.