|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--java.security.cert.Certificate | +--java.security.cert.X509Certificate | +--iaik.x509.X509Certificate | +--iaik.x509.qualified.QualifiedCertificate
This class represents a QualifiedCertificate according to PKIX Qualified Certificate Profile.
The PKIX Qualified Certificate Profile, based on RFC 2459, defines a certificate format for identifying a person with high level of assurance in public non-repudiation servises. The term Qualifed Certifiacte is used to describe a certificate with a certain qualified status within applicable governing law. A CA issuing a qualified certificate has to include information in the certificate indicating that the certificate is a qualified one. The Qualified Certificate Profile describes two complementary ways for including this inforamtion:
CertificatePolicies
extension containing a qualified PolicyInformation
term may be by looking
at the policy identifier associated with the PolicyInformation object. In similar
way each QCStatement
included in a QCStatements
extension is identified by its own statement ID which may indicate
a qualified statement.
This class includes a static part allowing applications to register object identifiers indicating qualified PolicyInformations and qualified QCStatement terms by using the following two methods, respectively:
For asking whether a given object id indicates a qualified policy information an application may call methodisQualifiedPolicyID
, for asking whether a given object id indicates a
qualified QC statement, method isQualifiedQCStatementID
may be used.
isQualifedCertificate(X509Certificate cert)
may be used for asking whether
a given X509Certificate
object is a
qualifed one or not.
The non static part of this class extends X509Certificate
for providing a few methods allowing to set QCStatements
, BiometricInfo
and
CertificatePolicies
extensions
immediately, and asking for any included qualified PolicyInformation
and any included qualified
QCStatement
terms.
Inner classes inherited from class java.security.cert.Certificate |
Certificate.CertificateRep |
Constructor Summary | |
QualifiedCertificate()
Creates a new QualifiedCertificate object. |
|
QualifiedCertificate(byte[] array)
Creates a QualifiedCertificate from the given byte array. |
|
QualifiedCertificate(InputStream is)
Creates a QualifiedCertificate from an input stream. |
Method Summary | |
void |
addExtension(V3Extension e)
Adds the given extension. |
static void |
clearRegisteredQualifiedPolicyIDs()
Clears all registered qualified policy ids. |
static void |
clearRegisteredQualifiedQCStatementIDs()
Clears all registered qualified statement ids. |
static PolicyInformation[] |
containsQualifiedPolicyInformations(CertificatePolicies certPolicies)
Checks if the given CertificatePolicies extensions contains any PolicyInformations with an OID indicating a qualified certificate. |
static QCStatement[] |
containsQualifiedQCStatements(QCStatements qcStatements)
Checks if the given QCStatements extension contains any QCStatement terms with an OID indicating a qualified certificate. |
BiometricInfo |
getBiometricInfo()
Returns the BiometricInfo extension included in this certificate, if present. |
CertificatePolicies |
getCertificatePolicies()
Returns the CertificatePolicies extension included in this certificate, if present. |
QCStatements |
getQCStatements()
Returns the QCStatements extension included in this certificate, if present. |
PolicyInformation[] |
getQualifiedPolicyInformations()
Gets any included qualified PolicyInformation terms. |
QCStatement[] |
getQualifiedQCStatements()
Gets any included qualified QCStatement terms. |
static ObjectID[] |
getRegisteredQualifiedPolicyIDs()
Gets the registered qualified policy IDs. |
static ObjectID[] |
getRegisteredQualifiedQCStatementIDs()
Gets the registered qualified certificate statement IDs. |
static QualifiedCertificate |
isQualifedCertificate(X509Certificate cert)
Checks if the given certificate is a qualified one. |
static boolean |
isQualifiedPolicyID(ObjectID oid)
Asks if the given oid indicates a qualified certificate policy. |
static boolean |
isQualifiedQCStatementID(ObjectID oid)
Asks if the given oid indicates a qualified certificate statement. |
static boolean |
registerQualifiedPolicyID(ObjectID oid)
Adds the given OID to the pool of registered qualified policy IDs. |
static void |
registerQualifiedPolicyIDs(ObjectID[] oids)
Registers qualified policy IDs. |
static boolean |
registerQualifiedQCStatementID(ObjectID oid)
Adds the given OID to the pool of registered qualified statement IDs. |
static void |
registerQualifiedQCStatementIDs(ObjectID[] oids)
Registers qualified certificate statement IDs. |
void |
removeAllExtensions()
Removes all extensions from this certificate. |
boolean |
removeExtension(ObjectID oid)
Removes the extension specified by its object identifier. |
static boolean |
removeRegisteredQualifiedPolicyID(ObjectID oid)
Removes the given oid from the pool of registered qualified policy ids. |
static boolean |
removeRegisteredQualifiedQCStatementID(ObjectID oid)
Removes the given oid from the pool of registered qualified statement ids. |
void |
setBiometricInfo(BiometricInfo biometricInfo)
Sets the BiometricInfo extension. |
void |
setCertificatePolicies(CertificatePolicies certPolicies)
Sets the CertificatePolicies extension. |
void |
setQCStatements(QCStatements qcStatements)
Sets the QCStatements extension. |
Methods inherited from class java.security.cert.Certificate |
equals, getType, hashCode, writeReplace |
Methods inherited from class java.lang.Object |
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
public QualifiedCertificate()
This method may be used by an application representing a CA intending
to issue qualified certificates. Since this class is extended from X509Certificate
any method introduced there
may be used for setting the several certificate fields, signing and
encoding the certificate.
When using this constructor for creating a new qualified certificate and
subsequently signing and encoding it, never a check is performed if the
certificate contains any information (QCStatement or PolicyInformation)
indicating that the certificate is a qualified certificate. This allows
to create and encode new certificates without having to register any
qualified policy
or
statement
IDs.
It is the responsibility of the application to include proper PolicyInformation
or QCStatement term(s) for accounting the certificate for serving as
qualified certificate.
X509Certificate.X509Certificate()
public QualifiedCertificate(InputStream is) throws IOException, CertificateException, QualifiedCertificateException
The supplied certificate may be in DER or PEM format. Reading in an
encoded certificate with this constructor only may be successful if
the certificate contains any information (PolicyInformation or QCStatement)
indicating the purpose of being a qualified certificate. In this way this
constructor checks if the given certificate includes the CertificatePolicies
or QCStatements
extension.
If the CertificatePolicies extension is present any included PolicyInformation
term is
checked if having a registered
policy id. If the QCStatements extension is present any included QCStatement
term is checked if
having a registered
statement id. If neither any qualified PolicyInformation nor any qualified
QCStatement terms are included, this constructor fails in creating a
QualifiedCertificate object by throwing a QualifiedCertificateException.
However, if this constructor succeeds in creating a QualifiedCertificate
object you later may use methods getQualifiedPolicyInformations
and getQualifiedQCStatements
for asking for the qualified PolicyInformation
and/or QCStatement terms included in the certificate.
Notice. An application may prefer to use a QualifiedCertificateFactory
for decoding qualified certificates obtaining a X509Certificate
object for any certificate that is not a qualified one.
is
- InputStream from which to create the certificateIOException
- if the certificate cannot be readCertificateException
- if the certificate cannot be parsedQualifiedCertificateException
- if the certificate cannot be created
because it is no qualified certificate (i.e. having no qualified
(registered) PolicyInformation or QCStatement terms)public QualifiedCertificate(byte[] array) throws CertificateException, QualifiedCertificateException
The supplied certificate may be in DER or PEM format. Reading in an
encoded certificate with this constructor only may be successful if
the certificate contains any information (PolicyInformation or QCStatement)
indicating the purpose of being a qualified certificate. In this way this
constructor checks if the given certificate includes the CertificatePolicies
or QCStatements
extension.
If the CertificatePolicies extension is present any included PolicyInformation
term is
checked if having a registered
policy id. If the QCStatements extension is present any included QCStatement
term is checked if
having a registered
statement id. If neither any qualified PolicyInformation nor any qualified
QCStatement terms are included, this constructor fails in creating a
QualifiedCertificate object by throwing a QualifiedCertificateException.
However, if this constructor succeeds in creating a QualifiedCertificate
object you later may use methods getQualifiedPolicyInformations
and getQualifiedQCStatements
for asking for the qualified PolicyInformation
and/or QCStatement terms included in the certificate.
Notice. An application may prefer to use a QualifiedCertificateFactory
for decoding qualified certificates obtaining a X509Certificate
object for any certificate that is not a qualified one.
array
- the DER (PEM) encoded byte array from which to create the certificateCertificateException
- if the certificate cannot be parsedQualifiedCertificateException
- if the certificate cannot be created
because it is no qualified certificate (i.e. having no qualified
(registered) PolicyInformation or QCStatement terms)Method Detail |
public static void registerQualifiedPolicyIDs(ObjectID[] oids)
According to the PKIX Qualified Certificate Policy profile a qualified certificate may be recognized by either having a proper QCStatement included or having been issued according to a specific policy included in the CertificatePolicies extension and identified by a corresponding object identifier. This method allows to register object identifiers indicating qualified certificate policy informations.
oids
- the qualified policy IDs to be setpublic static boolean registerQualifiedPolicyID(ObjectID oid)
According to the PKIX Qualified Certificate Policy profile a qualified certificate may be recognized by either having a proper QCStatement included or having been issued according to a specific policy included in the CertificatePolicies extension and identified by a corresponding object identifier. This method allows to register an object identifier indicating a qualified certificate policy information.
oid
- the qualified policy ID to be registeredtrue
if the given oid has been successfully added,
false
if it already has been registered and therefore
cannot be added twicepublic static ObjectID[] getRegisteredQualifiedPolicyIDs()
According to the PKIX Qualified Certificate Policy profile a qualified
certificate may be recognized by either having a proper QCStatement
included or having been issued according to a specific policy included
in the CertificatePolicies extension and identified by a corresponding
object identifier. This method returns all policy IDs that have been
registered when calling registerQualifiedPolicyIDs
.
public static boolean removeRegisteredQualifiedPolicyID(ObjectID oid)
the
- oid to be removedtrue
if the oid has been registered and now removed,
false
otherwisepublic static void clearRegisteredQualifiedPolicyIDs()
public static boolean isQualifiedPolicyID(ObjectID oid)
true
if the given oid has been registered as
qualified policy id, false
otherwisepublic static PolicyInformation[] containsQualifiedPolicyInformations(CertificatePolicies certPolicies)
null
if there are
no qualified PolicyInformations includedpublic static void registerQualifiedQCStatementIDs(ObjectID[] oids)
According to the PKIX Qualified Certificate Policy profile a qualified certificate may be recognized by either having a proper QCStatement included or having been issued according to a specific policy included in the CertificatePolicies extension and identified by a corresponding object identifier. This method allows to register object identifiers indicating qualified certificate statements.
oids
- the qualified certificate statement IDs to be setpublic static boolean registerQualifiedQCStatementID(ObjectID oid)
According to the PKIX Qualified Certificate Policy profile a qualified certificate may be recognized by either having a proper QCStatement included or having been issued according to a specific policy included in the CertificatePolicies extension and identified by a corresponding object identifier. This method allows to register an object identifier indicating a qualified certificate statement.
oid
- the qualified certificate statement ID to be registeredtrue
if the given oid has been successfully added,
false
if it already has been registered and therefore
cannot be added twicepublic static ObjectID[] getRegisteredQualifiedQCStatementIDs()
According to the PKIX Qualified Certificate Policy profile a qualified
certificate may be recognized by either having a proper QCStatement
included or having been issued according to a specific policy included
in the CertificatePolicies extension and identified by a corresponding
object identifier. This method returns all statement IDs that have been
registered when calling registerQualifiedQCStatementIDs
.
public static boolean removeRegisteredQualifiedQCStatementID(ObjectID oid)
the
- oid to be removedtrue
if the oid has been registered and now removed,
false
otherwisepublic static void clearRegisteredQualifiedQCStatementIDs()
public static boolean isQualifiedQCStatementID(ObjectID oid)
true
if the given oid has been registered as
qualified certificate statement ID, false
otherwisepublic static QCStatement[] containsQualifiedQCStatements(QCStatements qcStatements)
null
if there are
no qualified QCStatement terms includedpublic static QualifiedCertificate isQualifedCertificate(X509Certificate cert) throws QualifiedCertificateException
According to the PKIX Qualified Certificate Policy profile a qualified certificate may be recognized by either having a proper QCStatement included or having been issued according to a specific policy included in the CertificatePolicies extension and identified by a corresponding object identifier.
This method performs the following steps to see if the given certificate is a qualified one:
X509Certificate
object into a QualifiedCertificate object. An application
may use methods getQualifiedPolicyInformations()
and method getQualifiedQCStatements
for obtaining the qualified PolicyInformation and/or
QCStatement terms included in the QualifiedCertificate object returned by
this method, e.g.:
// the X.509 certificate to be asked if being a qualified one: X509Certificate cert = ...; try { QualifiedCertificate qualifiedCert = QualifiedCertificate.isQualifiedCertificate(cert); // get only the qualified PolicyInformation terms: PolicyInformation[] qualifiedPolicyInformations = qualifiedCert.getQualifiedPolicyInformations(); if (qualifiedPolicyInformations == null) { System.out.println("No PolicyInformations indicating a qualified cert!"); } else { System.out.println("Qualified PolicyInformations:"); for (int i = 0; i < qualifiedPolicyInformations; i++) { System.out.println(qualifiedPolicyInformations[i].toString()); } } // get only the qualified QCStatement terms: QCStatement[] qualifiedQCStatements = qualifiedCert.getQualifiedQCStatements(); if (qualifiedQCStatements == null) { System.out.println("No QCStatements indicating a qualified cert!"); } else { System.out.println("Qualified QCStatements:"); for (int i = 0; i < qualifiedQCStatements; i++) { System.out.println(qualifiedQCStatements[i].toString()); } } } catch (QualifiedCertificateException ex) { System.out.println("No qualified certificate!"); }
QualifiedCertificateException
- if the given X.509 certificate cannot
be converted since it no qualified certificatepublic void setBiometricInfo(BiometricInfo biometricInfo) throws X509ExtensionException
This method only provides an alternative way to addExtension
for immediately adding a BiometricInfo
extension.
biometricInfo
- the BiometricInfo extension to be setX509ExtensionException
- if an error occurs when adding the extensionpublic void setQCStatements(QCStatements qcStatements) throws X509ExtensionException
This method only provides an alternative way to addExtension
for immediately adding a QCStatements
extension.
qcStatements
- the QCStatements extension to be setX509ExtensionException
- if an error occurs when adding the extensionpublic void setCertificatePolicies(CertificatePolicies certPolicies) throws X509ExtensionException
This method only provides an alternative way to addExtension
for immediately adding a CertificatePolicies
extension.
certPolicies
- the CertificatePolicies extension to be setX509ExtensionException
- if an error occurs when adding the extensionpublic void addExtension(V3Extension e) throws X509ExtensionException
addExtension
in class X509Certificate
e
- the extension to be addedX509ExtensionException
- if an error occurs when adding the extensionpublic BiometricInfo getBiometricInfo() throws X509ExtensionInitException
This method only provides an alternative way to getExtension
for immediately getting an included BiometricInfo
extension.
null
if this certificate does not contain the
BiometricInfo extensionX509ExtensionInitException
- if the extension can not be initializedpublic QCStatements getQCStatements() throws X509ExtensionInitException
This method only provides an alternative way to getExtension
for immediately getting an included QCStatements
extension.
null
if this certificate does not contain the
QCStatements extensionX509ExtensionInitException
- if the extension can not be initializedpublic CertificatePolicies getCertificatePolicies() throws X509ExtensionInitException
This method only provides an alternative way to getExtension
for immediately getting an included CertificatePolicies
extension.
null
if this certificate does not contain the
CertificatePolicies extensionX509ExtensionInitException
- if the extension can not be initializedpublic boolean removeExtension(ObjectID oid)
removeExtension
in class X509Certificate
objectID
- the object ID of the extension to removetrue
if the extension has been successfully removed,
false
otherwisepublic void removeAllExtensions()
removeAllExtensions
in class X509Certificate
public QCStatement[] getQualifiedQCStatements()
This method returns all QCStatement terms having a qualified registered
statement id.
Note that the array of QCStatement terms returned by this method must not
contain all the QCStatement terms included in the QCStatements extension
of this certificate. There may be other QCStatement terms having no
qualified statement id.
null
if this certificate does not contain a QCStatements extension or
the QCStatements extension does not contain qualified statementspublic PolicyInformation[] getQualifiedPolicyInformations()
This method returns all PolicyInformation terms having a qualified registerQualifiedPolicyIDs
policy id.
Note that the array of PolicyInformation terms returned by this method must not
contain all the PolicyInformation terms included in the CertificatePolicies
extension of this certificate. There may be other PolicyInformation terms
having no qualified policy id.
null
if this certificate does not contain a CertificatePolicies extension or
the CertificatePolicies extension does not contain qualified PolicyInformations
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |