RSA BSAFE ® Cert-J 2.1.1 JAVA COMPONENTS: Class SubjectAltName

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.rsa.certj.cert.extensions

Class SubjectAltName

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.SubjectAltName

All Implemented Interfaces:: CertExtension, Cloneable, Serializable

public class SubjectAltName
extends X509V3Extension
implements Cloneable, Serializable, CertExtension

This class builds and holds the SubjectAltName extension. It allows additional identities to be bound to the subject of the certificate. Defined options include an Internet electronic mail address, a DNS name, an IP address, and a uniform resource identifier (URI). Other options exist, including completely local definitions. Multiple name forms, and multiple instances of each name form, may be included. Whenever such identities are to be bound into a certificate, the subject alternative name (or issuer alternative name) extension should be used.

Because the subject alternative name is considered to be definitively bound to the public key, all parts of the subject alternative name must be verified by the CA. If the only subject identity included in the certificate is an alternative name form (for example, an electronic mail address), then the subject distinguished name must be empty (an empty sequence), and the subjectAltName extension must be present. If the certificate’s subject field contains an empty sequence, then the subjectAltName extension must be marked critical. Subject alternative names may be constrained in the same manner as subject distinguished names using the name constraints extension. Unlike the certificate’s subject field, conforming CAs must not issue certificates with subjectAltNames containing empty GeneralName fields.

The ASN.1 definition is defined as follows:

     subjectAltName EXTENSION ::= {
         SYNTAX GeneralNames
         IDENTIFIED BY id-ce-subjectAltName
     }

     GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

     GeneralName ::= CHOICE {
         otherName                   [0]     OCTET STRING
         rfc822Name                  [1]     IA5String
         dNSName                     [2]     IA5String
         x400Address                 [3]     OCTET STRING
         directoryName               [4]     Name
         ediPartyName                [5]     EDIPartyName
         uniformResourceIdentifier   [6]     IA5String
         iPAddress                   [7]     OCTET STRING
         registeredID                [8]     OBJECT IDENTIFIER
     }

See Also: Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

SubjectAltName()

Constructs an empty subjectAltName object.

SubjectAltName(GeneralNames name, boolean criticality)

Constructs a SubjectAltName object and initializes it with the given values.

Method Summary

void
addGeneralName(GeneralName name)

Adds an alternative name to the subject of the certificate.

Object
clone()

Overrides the default clone method to get a deeper clone.

void
decodeValue(byte[] valueBER, int offset)

Decode the value.

int
derEncodeValue(byte[] encoding, int offset)

Place the encoding of the value into encoding, beginning at offset.

int
derEncodeValueInit()

Initialize for encoding the value.

GeneralNames
getGeneralNames()

Gets the alternative names for the subject from this extension.

void
setGeneralNames(GeneralNames names)

Sets the alternative names for the subject and resets any alternative names previously set.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SubjectAltName

public SubjectAltName()

Constructs an empty subjectAltName object.

SubjectAltName

public SubjectAltName(GeneralNames name,
                      boolean criticality)
               throws CertificateException

Constructs a SubjectAltName object and initializes it with the given values.

Throws: CertificateException - If there is cloning error, or if name is null.

Method Detail

addGeneralName

public void addGeneralName(GeneralName name)

Adds an alternative name to the subject of the certificate.

Parameters

name

The alternative subject name to add.

setGeneralNames

public void setGeneralNames(GeneralNames names)
                     throws CertificateException

Sets the alternative names for the subject and resets any alternative names previously set.

Throws: CertificateException - If there is cloning error.

getGeneralNames

public GeneralNames getGeneralNames()

Gets the alternative names for the subject from this extension.

Returns: The alternative names for the subject.

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value.

Overrides: decodeValue in class X509V3Extension

Throws: CertificateException - If the encoding is invalid for this extension.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides: derEncodeValueInit in class X509V3Extension

Returns: How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides: derEncodeValue in class X509V3Extension

Returns: The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides: clone in class X509V3Extension

Returns: A new SubjectAltName object, a copy of this object.
Throws: CloneNotSupportedException - If the cloning operation is not successful.