iaik.x509.extensions
Class CertificatePolicies

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.extensions.CertificatePolicies

public class CertificatePolicies
extends V3Extension

This class implements the CertificatePolicies Extension.

The CertificatePolicies extension is a standard X509v3 extension, which may or may not be marked as being critical.

Each extension is associated with a specific certificateExtension object identifier, derived from:

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension
 

The object identifier for the CertificatePolicies extension is defined as:

id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }

which corresponds to the OID string "2.5.29.32".

The X.509 Certificate and CRL profile presented in RFC 2459 specifies the certificate policies extension for indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used, defined by a sequence of policy information terms, each consisting of an object identifier (OID) and optional qualifiers:

 certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
 

PolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL }

CertPolicyId ::= OBJECT IDENTIFIER

PolicyQualifierInfo ::= SEQUENCE { policyQualifierId PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId }

The X.509 Certificate and CRL profile specification defines two policy qualifiers types:

 Qualifier ::= CHOICE {
    cPSuri         CPSuri,     -- CPS Pointer qualifier
    userNotice     UserNotice  -- User Notice qualifier
 }
 

The CPS Pointer qualifier indicates a (URI) pointer to a Certification Practice Statement (CPS) published by the CA:

CPSuri ::= IA5String

The User Notice qualifier may include a noticeRef field identifying an organization and a particular textual statement prepared by that organization, or/and an explicitText string field of up to 200 characters including the textual statement directly into the certificate:

 UserNotice ::= SEQUENCE {
   noticeRef     NoticeReference OPTIONAL,
   explicitText  DisplayText OPTIONAL}
 
NoticeReference ::= SEQUENCE { organization DisplayText, noticeNumbers SEQUENCE OF INTEGER }
DisplayText ::= CHOICE { visibleString VisibleString (SIZE (1..200)), bmpString BMPString (SIZE (1..200)), utf8String UTF8String (SIZE (1..200)) }

More information can be found in RFC 2459, section 4.2.1.5 "Certificate Policies".

For adding a CertificatePolicies extension object to a X509Certificate, use the addExtension method of the iaik.x509.X509Certificate class. The policy informations supplied when creating a CertificatePolicies object have to be of type PolicyInformation, which itself represents a sequence of policy qualifier infos of type PolicyQualifierInfo, e.g.:

 int[] notice_nr = {12, 35};
 ObjectID iaik_policy_id = new ObjectID("1.2.3.4.5", "iaik_policy_id");
 PolicyQualifierInfo[] policy_qualifier = new PolicyQualifierInfo[1];
 policy_qualifier[0] = new PolicyQualifierInfo("IAIK", notice_nr, null);
 PolicyInformation[] policy_info = new PolicyInformation[1];
 policy_info[0] = new PolicyInformation(iaik_policy_id, policy_qualifier);
 CertificatePolicies cert_policy = new CertificatePolicies(policy_info);
 X509Certificate cert = new X509Certificate();
  ...
 cert.addExtension(cert_policy);
 

When intending to mark this extension as critical, use the setCritical method of the V3Extension parent class (note that you have to mark an extension as critical before adding the extension to a certificate):

 cert_policy.setCritical(true);
 

Version:
File Revision 22
See Also:
PolicyQualifierInfo, PolicyInformation, V3Extension, X509Extensions, X509Certificate

Field Summary
static ObjectID oid
          The object identifier of this CertificatePolicies extension.
 
Fields inherited from class iaik.x509.V3Extension
critical
 
Constructor Summary
CertificatePolicies()
          Default Constructor.
CertificatePolicies(PolicyInformation[] certificatePolicies)
          Creates a new CertificatePolicies extension from the given policy information terms indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used.
 
Method Summary
 ObjectID getObjectID()
          Returns the object id of this CertificatePolicies extension.
 PolicyInformation[] getPolicyInformation()
          Returns the certifcate policies.
 int hashCode()
          Returns a hashcode for this identity.
 void init(ASN1Object obj)
          Inits this CertificatePolicies implementation with an ASN1object representing the value of this extension.
 ASN1Object toASN1Object()
          Returns an ASN1Object representing the value of this CertificatePolicies extension object.
 String toString()
          Returns a string that represents the contents of this CertificatePolicies extension.
 
Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

oid

public static final ObjectID oid
The object identifier of this CertificatePolicies extension. The corresponding OID string is "2.5.29.32".
Constructor Detail

CertificatePolicies

public CertificatePolicies()
Default Constructor.

Creates an empty CertificatePolicies object setting the critical value per default to false. If you want to specify this extension as critical before adding it to a certificate, use the setCritical method of the V3Extension parent class:

 cert_policy.setCritical(true);
 cert.addExtension(cert_policy);
 

See Also:
V3Extension.setCritical(boolean)

CertificatePolicies

public CertificatePolicies(PolicyInformation[] certificatePolicies)
Creates a new CertificatePolicies extension from the given policy information terms indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used.

The critical value per default is set to false. If you want to specify this extension as critical before adding it to a certificate, use the setCritical method of the V3Extension parent class, e.g.:

 int[] notice_nr = {12, 35};
 ObjectID iaik_policy_id = new ObjectID("1.2.3.4.5", "iaik_policy_id");
 PolicyQualifierInfo[] policy_qualifier = new PolicyQualifierInfo[1];
 policy_qualifier[0] = new PolicyQualifierInfo("IAIK", notice_nr, null);
 PolicyInformation[] policy_info = new PolicyInformation[1];
 policy_info[0] = new PolicyInformation(iaik_policy_id, policy_qualifier);
 CertificatePolicies cert_policy = new CertificatePolicies(policy_info);
 cert_policy.setCritical(true);
 X509Certificate cert = new X509Certificate();
  ...
 cert.addExtension(cert_policy);
 

Parameters:
certificatePolicies - one or more certificate policy informations
See Also:
V3Extension.setCritical(boolean)
Method Detail

getObjectID

public ObjectID getObjectID()
Returns the object id of this CertificatePolicies extension.
Overrides:
getObjectID in class V3Extension
Returns:
the object id

init

public void init(ASN1Object obj)
          throws X509ExtensionException
Inits this CertificatePolicies implementation with an ASN1object representing the value of this extension.

The given ASN1Object represents a sequence of policy informations indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used.

The given ASN1Object is the one created by toASN1Object().

This method is used by the X509Extensions class when parsing the ASN.1 representation of a certificate for properly initializing an included CertificatePolicies extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.

Overrides:
init in class V3Extension
Parameters:
obj - the CertificatePolicies as ASN1Object
Throws:
X509ExtensionException - if the extension could not be parsed

toASN1Object

public ASN1Object toASN1Object()
Returns an ASN1Object representing the value of this CertificatePolicies extension object.

The returned ASN1Object represents a sequence of policy informations indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used.

 certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
 

Overrides:
toASN1Object in class V3Extension
Returns:
the value of this CertificatePolicies as ASN1Object

getPolicyInformation

public PolicyInformation[] getPolicyInformation()
Returns the certifcate policies.
Returns:
the certifcate policies

hashCode

public int hashCode()
Returns a hashcode for this identity.
Overrides:
hashCode in class V3Extension
Returns:
a hash code for this identity

toString

public String toString()
Returns a string that represents the contents of this CertificatePolicies extension.
Overrides:
toString in class Object
Returns:
the string representation

This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).

IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK