|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension | +--com.rsa.certj.cert.extensions.PolicyConstraints
This class builds and holds the
PolicyConstraints
extension. It can be
used in certificates issued to CAs. The policy
constraints extension constrains path validation in
two ways: to prohibit policy mapping or
to require that each certificate in a path contains an
acceptable policy identifier.
inhibitPolicyMapping
field is
present, the value indicates the number of additional
certificates that might appear in the path before
policy mapping is no longer permitted. For example, a
value of one indicates that policy mapping might be
processed in certificates issued by the subject of
this certificate, but not in additional certificates
in the path.
If the requireExplicitPolicy
field is
present, subsequent certificates must include an
acceptable policy identifier. The value of
requireExplicitPolicy
indicates the
number of additional certificates that might appear in
the path before an explicit policy is required. An
acceptable policy identifier is the identifier of a
policy required by the user of the certification path
or the identifier of a policy that has been declared
equivalent, through policy mapping.
Conforming CAs must not issue certificates when policy
constraints is a null
sequence. That is,
at least one of the inhibitPolicyMapping
fields or requireExplicitPolicy
fields
must be present. This extension may be critical or
non-critical.
The ASN.1 definition is as follows:
policyConstraints EXTENSION ::= { SYNTAX PolicyConstraintsSyntax IDENTIFIED BY id-ce-policyConstraints } PolicyConstraintsSyntax ::= SEQUENCE { requireExplicitPolicy [0] SkipCerts OPTIONAL, inhibitPolicyMapping [1] SkipCerts OPTIONAL } SkipCerts ::= INTEGER (0..MAX) |
See Also
Constructor Summary |
|
PolicyConstraints()
Constructs an empty |
|
PolicyConstraints(int requireExplicitPolicy,
int inhibitPolicyMapping,
boolean criticality)
Creates a |
Method Summary |
|
clone()
Overrides the default |
|
void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
int |
derEncodeValueInit()
Initialize for encoding the value. |
int |
getExplicitPolicy()
Gets the value of the
|
int |
getPolicyMapping()
Gets the value of the |
void |
setExplicitPolicy(int value)
Sets the value of the |
void |
setPolicyMapping(int value)
Sets the value of the |
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension |
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public PolicyConstraints()
PolicyConstraints
object.public PolicyConstraints(int requireExplicitPolicy, int inhibitPolicyMapping, boolean criticality)
PolicyConstraints
object and initializes it
with the given values.Parameters
requireExplicitPolicy | A field that indicates whether all certificates should contain an acceptable policy identifier. Its value indicates the number of certificates in the certification path to skip before a constraint becomes effective. | ||
inhibitPolicyMapping | A field that indicates that in all certificates starting from a nominated CA in the certification path until the end of the certification path, policy mapping is not permitted. Its value indicates the number of certificates in the certification path to skip before a constraint becomes effective. | ||
criticality | The user-specified criticality. |
Method Detail |
public void decodeValue(byte[] valueBER, int offset) throws CertificateException
Overrides
decodeValue
in class X509V3Extension
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding begins. |
Throws
CertificateException
- If the encoding is invalid for this
extension.public void setExplicitPolicy(int value)
requireExplicitPolicy
field.Parameters
value | The number of additional certificates that can appear in the path before an explicit policy is required. |
public void setPolicyMapping(int value)
inhibitPolicyMapping
value.Parameters
value | The number of additional certificates that can appear in the path before policy mapping is no longer permitted. |
public int getExplicitPolicy()
requireExplicitPolicy
field.
Returns
public int getPolicyMapping()
inhibitPolicyMapping
value.
Returns
public int derEncodeValueInit()
Overrides
derEncodeValueInit
in class X509V3Extension
Returns
public int derEncodeValue(byte[] encoding, int offset)
Overrides
derEncodeValue
in class X509V3Extension
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public Object clone() throws CloneNotSupportedException
clone
method
to get a deeper clone.
Overrides
clone
in class X509V3Extension
Returns
PolicyConstraints
object,
a copy of this object.
Throws
CloneNotSupportedException
- If the cloning operation
is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |