RSA BSAFE ® Cert-J 2.1.1 JAVA COMPONENTS: Class PolicyConstraints

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.rsa.certj.cert.extensions

Class PolicyConstraints

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.PolicyConstraints

All Implemented Interfaces:: CertExtension, Cloneable, Serializable

public class PolicyConstraints
extends X509V3Extension
implements Cloneable, Serializable, CertExtension

This class builds and holds the PolicyConstraints extension. It can be used in certificates issued to CAs. The policy constraints extension constrains path validation in two ways: to prohibit policy mapping or to require that each certificate in a path contains an acceptable policy identifier.

If the inhibitPolicyMapping field is present, the value indicates the number of additional certificates that might appear in the path before policy mapping is no longer permitted. For example, a value of one indicates that policy mapping might be processed in certificates issued by the subject of this certificate, but not in additional certificates in the path.

If the requireExplicitPolicy field is present, subsequent certificates must include an acceptable policy identifier. The value of requireExplicitPolicy indicates the number of additional certificates that might appear in the path before an explicit policy is required. An acceptable policy identifier is the identifier of a policy required by the user of the certification path or the identifier of a policy that has been declared equivalent, through policy mapping.

Conforming CAs must not issue certificates when policy constraints is a null sequence. That is, at least one of the inhibitPolicyMapping fields or requireExplicitPolicy fields must be present. This extension may be critical or non-critical.

The ASN.1 definition is as follows:

 
 policyConstraints EXTENSION ::= {
 	SYNTAX	PolicyConstraintsSyntax
	IDENTIFIED BY id-ce-policyConstraints }

 PolicyConstraintsSyntax ::= SEQUENCE {
	requireExplicitPolicy 	[0] SkipCerts OPTIONAL,
	inhibitPolicyMapping	[1] SkipCerts OPTIONAL }

 SkipCerts ::= INTEGER (0..MAX)

See Also: Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

PolicyConstraints()

Constructs an empty PolicyConstraints object.

PolicyConstraints(int requireExplicitPolicy, int inhibitPolicyMapping, boolean criticality)

Creates a PolicyConstraints object and initializes it with the given values.

Method Summary

Object
clone()

Overrides the default clone method to get a deeper clone.

void
decodeValue(byte[] valueBER, int offset)

Decode the value.

int
derEncodeValue(byte[] encoding, int offset)

Place the encoding of the value into encoding, beginning at offset.

int
derEncodeValueInit()

Initialize for encoding the value.

int
getExplicitPolicy()

Gets the value of the requireExplicitPolicy field.

int
getPolicyMapping()

Gets the value of the inhibitPolicyMapping value.

void
setExplicitPolicy(int value)

Sets the value of the requireExplicitPolicy field.

void
setPolicyMapping(int value)

Sets the value of the inhibitPolicyMapping value.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PolicyConstraints

public PolicyConstraints()

Constructs an empty PolicyConstraints object.

PolicyConstraints

public PolicyConstraints(int requireExplicitPolicy,
                         int inhibitPolicyMapping,
                         boolean criticality)

Creates a PolicyConstraints object and initializes it with the given values.

Parameters

	`requireExplicitPolicy`		A field that indicates whether all certificates should contain an acceptable policy identifier. Its value indicates the number of certificates in the certification path to skip before a constraint becomes effective.
	`inhibitPolicyMapping`		A field that indicates that in all certificates starting from a nominated CA in the certification path until the end of the certification path, policy mapping is not permitted. Its value indicates the number of certificates in the certification path to skip before a constraint becomes effective.
	`criticality`		The user-specified criticality.

Method Detail

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides: decodeValue in class X509V3Extension

Throws: CertificateException - If the encoding is invalid for this extension.

setExplicitPolicy

public void setExplicitPolicy(int value)

Sets the value of the requireExplicitPolicy field.

Parameters

value

The number of additional certificates that can appear in the path before an explicit policy is required.

setPolicyMapping

public void setPolicyMapping(int value)

Sets the value of the inhibitPolicyMapping value.

Parameters

value

The number of additional certificates that can appear in the path before policy mapping is no longer permitted.

getExplicitPolicy

public int getExplicitPolicy()

Gets the value of the requireExplicitPolicy field.

Returns: A value that indicates the number of additional certificates that can appear in the path before an explicit policy is required.

getPolicyMapping

public int getPolicyMapping()

Gets the value of the inhibitPolicyMapping value.

Returns: A value that indicates the number of additional certificates that can appear in the path before policy mapping is no longer permitted.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides: derEncodeValueInit in class X509V3Extension

Returns: How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides: derEncodeValue in class X509V3Extension

Returns: The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides: clone in class X509V3Extension

Returns: A new PolicyConstraints object, a copy of this object.
Throws: CloneNotSupportedException - If the cloning operation is not successful.

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

RSA BSAFE ® Cert-J 2.1.1 001-047007-211-001-000

	`encoding`		The byte array into which the result will be placed.
	`offset`		The offest into encoding where the writing is to begin.

Constructor Summary
`PolicyConstraints()` Constructs an empty `PolicyConstraints` object.
`PolicyConstraints(int requireExplicitPolicy, int inhibitPolicyMapping, boolean criticality)` Creates a `PolicyConstraints` object and initializes it with the given values.

Method Summary
Object	`clone()` Overrides the default `clone` method to get a deeper clone.
void	`decodeValue(byte[] valueBER, int offset)` Decode the value.
int	`derEncodeValue(byte[] encoding, int offset)` Place the encoding of the value into encoding, beginning at offset.
int	`derEncodeValueInit()` Initialize for encoding the value.
int	`getExplicitPolicy()` Gets the value of the `requireExplicitPolicy` field.
int	`getPolicyMapping()` Gets the value of the `inhibitPolicyMapping` value.
void	`setExplicitPolicy(int value)` Sets the value of the `requireExplicitPolicy` field.
void	`setPolicyMapping(int value)` Sets the value of the `inhibitPolicyMapping` value.