|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--iaik.x509.V3Extension | +--iaik.x509.extensions.CertificatePolicies
This class implements the CertificatePolicies
Extension.
The CertificatePolicies
extension is a standard X509v3 extension, which
may or may not be marked as being critical.
Each extension is associated with a specific certificateExtension
object identifier, derived from:
certificateExtension OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} id-ce OBJECT IDENTIFIER ::= certificateExtension
The object identifier for the CertificatePolicies
extension
is defined as:
id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
which corresponds to the OID string "2.5.29.32".
The X.509 Certificate and CRL profile presented in RFC 2459 specifies the certificate policies extension for indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used, defined by a sequence of policy information terms, each consisting of an object identifier (OID) and optional qualifiers:
certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformationPolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL }
CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE { policyQualifierId PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId }
The X.509 Certificate and CRL profile specification defines two policy qualifiers types:
Qualifier ::= CHOICE { cPSuri CPSuri, -- CPS Pointer qualifier userNotice UserNotice -- User Notice qualifier }
The CPS Pointer qualifier indicates a (URI) pointer to a Certification Practice Statement (CPS) published by the CA:
CPSuri ::= IA5String
The User Notice qualifier may include a noticeRef
field
identifying an organization and a particular textual statement prepared by that
organization, or/and an explicitText
string field of up to 200
characters including the textual statement directly into the certificate:
UserNotice ::= SEQUENCE { noticeRef NoticeReference OPTIONAL, explicitText DisplayText OPTIONAL}
NoticeReference ::= SEQUENCE { organization DisplayText, noticeNumbers SEQUENCE OF INTEGER }
DisplayText ::= CHOICE { visibleString VisibleString (SIZE (1..200)), bmpString BMPString (SIZE (1..200)), utf8String UTF8String (SIZE (1..200)) }
More information can be found in RFC 2459, section 4.2.1.5 "Certificate Policies".
For adding a CertificatePolicies
extension object to
a X509Certificate, use the addExtension
method of the
iaik.x509.X509Certificate
class.
The policy informations supplied when creating a CertificatePolicies
object have to be of type PolicyInformation
, which itself represents a sequence of policy qualifier
infos of type PolicyQualifierInfo
, e.g.:
int[] notice_nr = {12, 35}; ObjectID iaik_policy_id = new ObjectID("1.2.3.4.5", "iaik_policy_id"); PolicyQualifierInfo[] policy_qualifier = new PolicyQualifierInfo[1]; policy_qualifier[0] = new PolicyQualifierInfo("IAIK", notice_nr, null); PolicyInformation[] policy_info = new PolicyInformation[1]; policy_info[0] = new PolicyInformation(iaik_policy_id, policy_qualifier); CertificatePolicies cert_policy = new CertificatePolicies(policy_info); X509Certificate cert = new X509Certificate(); ... cert.addExtension(cert_policy);
When intending to mark this extension as critical, use the setCritical
method of the V3Extension
parent class (note that you have to mark an extension as critical before adding the
extension to a certificate):
cert_policy.setCritical(true);
PolicyQualifierInfo
,
PolicyInformation
,
V3Extension
,
X509Extensions
,
X509Certificate
Field Summary | |
static ObjectID |
oid
The object identifier of this CertificatePolicies extension. |
Fields inherited from class iaik.x509.V3Extension |
critical |
Constructor Summary | |
CertificatePolicies()
Default Constructor. |
|
CertificatePolicies(PolicyInformation[] certificatePolicies)
Creates a new CertificatePolicies extension from
the given policy information terms indicating the policy under
which the certificate has been issued and the purposes for
which the certificate may be used.
|
Method Summary | |
ObjectID |
getObjectID()
Returns the object id of this CertificatePolicies extension. |
PolicyInformation[] |
getPolicyInformation()
Returns the certifcate policies. |
int |
hashCode()
Returns a hashcode for this identity. |
void |
init(ASN1Object obj)
Inits this CertificatePolicies implementation with an ASN1object
representing the value of this extension.
|
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this CertificatePolicies
extension object.
|
String |
toString()
Returns a string that represents the contents of this CertificatePolicies extension. |
Methods inherited from class iaik.x509.V3Extension |
getName, isCritical, setCritical |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
public static final ObjectID oid
Constructor Detail |
public CertificatePolicies()
Creates an empty CertificatePolicies
object
setting the critical
value per default to false
.
If you want to specify this extension as critical before adding it to a
certificate, use the setCritical
method of the
V3Extension
parent class:
cert_policy.setCritical(true); cert.addExtension(cert_policy);
V3Extension.setCritical(boolean)
public CertificatePolicies(PolicyInformation[] certificatePolicies)
CertificatePolicies
extension from
the given policy information terms indicating the policy under
which the certificate has been issued and the purposes for
which the certificate may be used.
The critical
value per default is set to false
.
If you want to specify this extension as critical before adding it to a
certificate, use the setCritical
method of the
V3Extension
parent class, e.g.:
int[] notice_nr = {12, 35}; ObjectID iaik_policy_id = new ObjectID("1.2.3.4.5", "iaik_policy_id"); PolicyQualifierInfo[] policy_qualifier = new PolicyQualifierInfo[1]; policy_qualifier[0] = new PolicyQualifierInfo("IAIK", notice_nr, null); PolicyInformation[] policy_info = new PolicyInformation[1]; policy_info[0] = new PolicyInformation(iaik_policy_id, policy_qualifier); CertificatePolicies cert_policy = new CertificatePolicies(policy_info); cert_policy.setCritical(true); X509Certificate cert = new X509Certificate(); ... cert.addExtension(cert_policy);
certificatePolicies
- one or more certificate policy informationsV3Extension.setCritical(boolean)
Method Detail |
public ObjectID getObjectID()
CertificatePolicies
extension.getObjectID
in class V3Extension
public void init(ASN1Object obj) throws X509ExtensionException
CertificatePolicies
implementation with an ASN1object
representing the value of this extension.
The given ASN1Object represents a sequence of policy informations indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used.
The given ASN1Object is the one created by toASN1Object()
.
This method is used by the X509Extensions
class when parsing the ASN.1 representation
of a certificate for properly initializing an included
CertificatePolicies extension. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
init
in class V3Extension
obj
- the CertificatePolicies as ASN1ObjectX509ExtensionException
- if the extension could not be parsedpublic ASN1Object toASN1Object()
CertificatePolicies
extension object.
The returned ASN1Object represents a sequence of policy informations indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used.
certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
toASN1Object
in class V3Extension
CertificatePolicies
as ASN1Objectpublic PolicyInformation[] getPolicyInformation()
public int hashCode()
hashCode
in class V3Extension
public String toString()
CertificatePolicies
extension.toString
in class Object
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |