com.rsa.certj.cert.extensions

Class QCStatements

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.QCStatements

All Implemented Interfaces:

CertExtension, Cloneable, Serializable

public class QCStatements

extends X509V3Extension

implements Cloneable, Serializable, CertExtension

This class builds and holds the QCStatements extension, which is used for inclusion of defined statements related to Qualified Certificates. A typical statement suitable for inclusion in this extension MAY be a statement by the issuer that the certificate is issued as a Qualified Certificate in accordance with a particular legal system.

Other statements suitable for inclusion in this extension can be statements related to the applicable legal jurisdiction within which the certificate is issued. As an example this can include a maximum reliance limit for the certificate indicating restrictions on CA's liability.

Each statement must include an object identifier for the statement and can also include optional qualifying data contained in the statementInfo parameter.

If the statementInfo parameter is included, the object identifier of the statement must define the syntax and should define the semantics of this parameter. If the object identifier does not define the semantics, a relying party may have to consult a relevant certificate policy or CPS to determine the exact semantics.

RFC 3039 includes one predefined object identifier (id-qcs- pkixQCSyntax-v1), identifying conformance with syntax and semantics defined in this profile. This Qualified Certificate profile is referred to as version 1.

   qcStatement-1 QC-STATEMENT ::= { SYNTAX SemanticsInformation
        IDENTIFIED BY id-qcs-pkixQCSyntax-v1 }
   --  This statement identifies conformance with syntax and
   --  semantics defined in this Qualified Certificate profile
   --  (RFC 3039 Version 1). The SemanticsInformation
   --  may optionally contain additional semantics information.
 

This extension may be critical or non-critical. If the extension is critical, this means that all statements included in the extension are regarded as critical.

The ASN.1 definition is as follows:

 qcStatements  EXTENSION ::= {
         SYNTAX             QCStatements
         IDENTIFIED BY      id-pe-qcStatements }

 id-pe-qcStatements OBJECT IDENTIFIER ::= { id-pe 3}
 id-pe  OBJECT IDENTIFIER  ::=  { id-pkix 1 }
 id-pkix  OBJECT IDENTIFIER  ::=
              { iso(1) identified-organization(3) dod(6) internet(1)
                      security(5) mechanisms(5) pkix(7) }

 QCStatements ::= SEQUENCE OF QCStatement

 QCStatement ::= SEQUENCE {
   statementId        OBJECT IDENTIFIER,
   statementInfo      ANY DEFINED BY statementId OPTIONAL}
 

Copyright © RSA Security Inc., 2002. All rights reserved.

See Also

Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

QCStatements()

Constructs an empty QCStatements object.

QCStatements(byte[] statementID, int idOffset, int idLen, byte[] statementInfo, int infoOffset, int infoLen, boolean criticality)

Constructs a QCStatements object and initializes it with the given values and the specified criticality.

Method Summary

void	addQCStatement(byte[] statementID, int idOffset, int idLen, byte[] statementInfo, int infoOffset, int infoLen) Adds a QC statement
Object	clone() Overrrides the default clone method to get a deeper clone.
void	decodeValue(byte[] valueBER, int offset) Decode the value.
int	derEncodeValue(byte[] encoding, int offset) Place the encoding of the value into encoding, beginning at offset.
int	derEncodeValueInit() Initialize for encoding the value.
int	getQCStatementCount() Gets the number of QC statements in this object.
byte[]	getQCStatementID(int index) Gets the QCStatementID value at the specified index.
byte[]	getQCStatementInfo(int index) Gets the QCStatementInfo value at the specified index.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

QCStatements

public QCStatements()

Constructs an empty QCStatements object.

QCStatements

public QCStatements(byte[] statementID,
                    int idOffset,
                    int idLen,
                    byte[] statementInfo,
                    int infoOffset,
                    int infoLen,
                    boolean criticality)
             throws CertificateException

Constructs a QCStatements object and initializes it with the given values and the specified criticality.

Parameters

	statementID		An object identifier for the statement.
	idOffset		An offset into statementID array.
	idLen		The length of the statement ID.
	statementInfo		An optional qualifying statement data. This parameter contains the BER-encoding of the value and can be null. Be sure to pass this encoding in the proper object; for example, pass SemanticsInformation to decode.
	infoOffset		An offset into statementinfo array
	infoLen		The length of the statement info
	criticality		A Boolean that specifies whether this extension is critical.

Throws

CertificateException - If statementID is null.

Method Detail

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides

decodeValue in class X509V3Extension

Parameters

	valueBER		The BER encoding of the extension's value.
	offset		The offset into valueBER where the encoding actually begins.

Throws

CertificateException - If the encoding is invalid for this extension.

addQCStatement

public void addQCStatement(byte[] statementID,
                           int idOffset,
                           int idLen,
                           byte[] statementInfo,
                           int infoOffset,
                           int infoLen)
                    throws CertificateException

Adds a QC statement

Parameters

	statementID		An object identifier for the statement.
	idOffset		An offset into statementID array.
	idLen		The length of the statement ID.
	statementInfo		An optional qualifying statement data. This parameter contains the BER-encoding of the value and can be null. Be sure to pass this encoding in the proper object; for example, SemanticsInformation to decode.
	infoOffset		An offset into statementinfo array.
	infoLen		The length of the statement info.

Throws

CertificateException - If statementID is null.

getQCStatementID

public byte[] getQCStatementID(int index)
                        throws CertificateException

Gets the QCStatementID value at the specified index.

Parameters

index

An index that specifies the QCStatement

Returns

the ID of the specified QCStatement.

Throws

CertificateException - if specified index is invalid

getQCStatementInfo

public byte[] getQCStatementInfo(int index)
                          throws CertificateException

Gets the QCStatementInfo value at the specified index.

Parameters

index

An index that specifies the QCStatement

Returns

the BER-encoding of the info of the specified QCStatement.

Throws

CertificateException - if specified index is invalid

getQCStatementCount

public int getQCStatementCount()

Gets the number of QC statements in this object.

Returns

The number of QC statements in this extension.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides

derEncodeValueInit in class X509V3Extension

Returns

How many bytes the encoding will be. It returns 0 if there is an error in encoding

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides

derEncodeValue in class X509V3Extension

Parameters

	encoding		The byte array into which the result will be placed.
	offset		The offest into encoding where the writing is to begin.

Returns

The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrrides the default clone method to get a deeper clone.

Overrides

clone in class X509V3Extension

Returns

A new QCStatements object, a copy of this object.

Throws

CloneNotSupportedException - If the cloning operation is not successful.