com.rsa.certj.cert.extensions

Class PrivateKeyUsagePeriod

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.PrivateKeyUsagePeriod

All Implemented Interfaces:

CertExtension, Cloneable, Serializable

public class PrivateKeyUsagePeriod

extends X509V3Extension

implements Cloneable, Serializable, CertExtension

This class builds and holds the PrivateKeyUsagePeriod extension. It allows the certificate issuer to specify a different validity period for the private key than the certificate. This extension is intended for use with digital signature keys. This extension consists of two optional components; notBefore and notAfter. The private key associated with the certificate should not be used to sign objects before or after the times specified by the two components, respectively. CAs conforming to this profile must not generate certificates with private key usage period extensions unless at least one of the two components is present.

The ASN.1 definition is as follows:

 
 privateKeyUsagePeriod EXTENSION ::= {
	SYNTAX	PrivateKeyUsagePeriod
	IDENTIFIED BY id-ce-privateKeyUsagePeriod }

 PrivateKeyUsagePeriod ::= SEQUENCE {
	notBefore	[0]	GeneralizedTime OPTIONAL,
	notAfter	[1]	GeneralizedTime OPTIONAL }
	( WITH COMPONENTS {..., notBefore PRESENT} |
	WITH COMPONENTS 	{..., notAfter PRESENT} )

The notBefore component indicates the earliest date and time at which the private key can be used for signing. The notAfter component indicates the latest date and time at which the private key can be used for signing.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

See Also

Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

PrivateKeyUsagePeriod()

Constructs an empty PrivateKeyUsagePeriod object.

PrivateKeyUsagePeriod(Date notBefore, Date notAfter, boolean criticality)

Constructs a PrivateKeyUsagePeriod object and initializes it with the given values.

Method Summary

Object	clone() Overrides the default clone method to get a deeper clone.
void	decodeValue(byte[] valueBER, int offset) Decode the value.
int	derEncodeValue(byte[] encoding, int offset) Place the encoding of the value into encoding, beginning at offset.
int	derEncodeValueInit() Initialize for encoding the value.
Date	getNotAfter() Gets the notAfter value.
Date	getNotBefore() Gets the notBefore value.
void	setNotAfter(Date theTime) Sets the notAfter value.
void	setNotBefore(Date theTime) Sets the notBefore value.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PrivateKeyUsagePeriod

public PrivateKeyUsagePeriod()

Constructs an empty PrivateKeyUsagePeriod object.

PrivateKeyUsagePeriod

public PrivateKeyUsagePeriod(Date notBefore,
                             Date notAfter,
                             boolean criticality)

Constructs a PrivateKeyUsagePeriod object and initializes it with the given values.

Parameters

	notBefore		A Date that indicates the earliest date.
	notAfter		A Date that indicates the latest date.
	criticality		The user-specified criticality.

Method Detail

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides

decodeValue in class X509V3Extension

Parameters

	valueBER		The BER encoding of the extension's value.
	offset		The offset into valueBER where the encoding begins.

Throws

CertificateException - If the encoding is invalid for this extension.

setNotBefore

public void setNotBefore(Date theTime)

Sets the notBefore value.

Parameters

theTime

A Date that indicates the earliest date and time at which the private key can be used for signing.

getNotBefore

public Date getNotBefore()

Gets the notBefore value.

Returns

A Date that indicates the earliest date and time at which the private key can be used for signing.

setNotAfter

public void setNotAfter(Date theTime)

Sets the notAfter value.

Parameters

theTime

A Date that indicates the latest date and time at which the private key can be used for signing.

getNotAfter

public Date getNotAfter()

Gets the notAfter value.

Returns

A Date that indicates the latest date and time at which the private key can be used for signing.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides

derEncodeValueInit in class X509V3Extension

Returns

How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides

derEncodeValue in class X509V3Extension

Parameters

	encoding		The byte array into which the result will be placed.
	offset		The offest into encoding where the writing is to begin.

Returns

The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides

clone in class X509V3Extension

Returns

A new PrivateKeyUsagePeriod object, a copy of this object.

Throws

CloneNotSupportedException - If the cloning operation is not successful.