|
6.0 (c) 2002 IAIK, (c) 2003 - 2022 SIC |
|
public class CertificatePolicies extends V3Extension
CertificatePolicies Extension.
The CertificatePolicies extension is a standard X509v3 extension, which
may or may not be marked as being critical.
Each extension is associated with a specific certificateExtension
object identifier, derived from:
certificateExtension OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) 29}
id-ce OBJECT IDENTIFIER ::= certificateExtension
The object identifier for the CertificatePolicies extension
is defined as:
id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 }
which corresponds to the OID string "2.5.29.32".
The X.509 Certificate and CRL profile presented in RFC 3280 specifies the certificate policies extension for indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used, defined by a sequence of policy information terms, each consisting of an object identifier (OID) and optional qualifiers:
certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformationPolicyInformation ::= SEQUENCE { policyIdentifier CertPolicyId, policyQualifiers SEQUENCE SIZE (1..MAX) OF PolicyQualifierInfo OPTIONAL }
CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE { policyQualifierId PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId }
The X.509 Certificate and CRL profile specification defines two policy qualifiers types:
Qualifier ::= CHOICE {
cPSuri CPSuri, -- CPS Pointer qualifier
userNotice UserNotice -- User Notice qualifier
}
The CPS Pointer qualifier indicates a (URI) pointer to a Certification Practice Statement (CPS) published by the CA:
CPSuri ::= IA5String
The User Notice qualifier may include a noticeRef field
identifying an organization and a particular textual statement prepared by that
organization, or/and an explicitText string field of up to 200
characters including the textual statement directly into the certificate:
UserNotice ::= SEQUENCE {
noticeRef NoticeReference OPTIONAL,
explicitText DisplayText OPTIONAL}
NoticeReference ::= SEQUENCE {
organization DisplayText,
noticeNumbers SEQUENCE OF INTEGER }
DisplayText ::= CHOICE {
visibleString VisibleString (SIZE (1..200)),
bmpString BMPString (SIZE (1..200)),
utf8String UTF8String (SIZE (1..200)) }
More information can be found in RFC 3280, section 4.2.1.5 "Certificate Policies".
For adding a CertificatePolicies extension object to
a X509Certificate, use the addExtension method of the
iaik.x509.X509Certificate class.
The policy informations supplied when creating a CertificatePolicies
object have to be of type PolicyInformation, which itself represents a sequence of policy qualifier
infos of type PolicyQualifierInfo, e.g.:
int[] notice_nr = {12, 35};
ObjectID iaik_policy_id = new ObjectID("1.2.3.4.5", "iaik_policy_id");
PolicyQualifierInfo[] policy_qualifier = new PolicyQualifierInfo[1];
policy_qualifier[0] = new PolicyQualifierInfo("IAIK", notice_nr, null);
PolicyInformation[] policy_info = new PolicyInformation[1];
policy_info[0] = new PolicyInformation(iaik_policy_id, policy_qualifier);
CertificatePolicies cert_policy = new CertificatePolicies(policy_info);
X509Certificate cert = new X509Certificate();
...
cert.addExtension(cert_policy);
When intending to mark this extension as critical, use the setCritical
method of the V3Extension
parent class (note that you have to mark an extension as critical before adding the
extension to a certificate):
cert_policy.setCritical(true);
PolicyQualifierInfo,
PolicyInformation,
V3Extension,
X509Extensions,
X509Certificate| Modifier and Type | Field and Description |
|---|---|
static ObjectID |
oid
The object identifier of this CertificatePolicies extension.
|
critical| Constructor and Description |
|---|
CertificatePolicies()
Default Constructor.
|
CertificatePolicies(PolicyInformation[] certificatePolicies)
Creates a new
CertificatePolicies extension from
the given policy information terms indicating the policy under
which the certificate has been issued and the purposes for
which the certificate may be used. |
| Modifier and Type | Method and Description |
|---|---|
ObjectID |
getObjectID()
Returns the object id of this
CertificatePolicies extension. |
PolicyInformation[] |
getPolicyInformation()
Returns the certifcate policies.
|
int |
hashCode()
Returns a hashcode for this identity.
|
void |
init(ASN1Object obj)
Inits this
CertificatePolicies implementation with an ASN1object
representing the value of this extension. |
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this
CertificatePolicies
extension object. |
java.lang.String |
toString()
Returns a string that represents the contents of this
CertificatePolicies extension. |
getName, isCritical, setCriticalpublic static final ObjectID oid
public CertificatePolicies()
Creates an empty CertificatePolicies object
setting the critical value per default to false.
If you want to specify this extension as critical before adding it to a
certificate, use the setCritical method of the
V3Extension
parent class:
cert_policy.setCritical(true); cert.addExtension(cert_policy);
V3Extension.setCritical(boolean)public CertificatePolicies(PolicyInformation[] certificatePolicies)
CertificatePolicies extension from
the given policy information terms indicating the policy under
which the certificate has been issued and the purposes for
which the certificate may be used.
The critical value per default is set to false.
If you want to specify this extension as critical before adding it to a
certificate, use the setCritical method of the
V3Extension
parent class, e.g.:
int[] notice_nr = {12, 35};
ObjectID iaik_policy_id = new ObjectID("1.2.3.4.5", "iaik_policy_id");
PolicyQualifierInfo[] policy_qualifier = new PolicyQualifierInfo[1];
policy_qualifier[0] = new PolicyQualifierInfo("IAIK", notice_nr, null);
PolicyInformation[] policy_info = new PolicyInformation[1];
policy_info[0] = new PolicyInformation(iaik_policy_id, policy_qualifier);
CertificatePolicies cert_policy = new CertificatePolicies(policy_info);
cert_policy.setCritical(true);
X509Certificate cert = new X509Certificate();
...
cert.addExtension(cert_policy);
certificatePolicies - one or more certificate policy informationsV3Extension.setCritical(boolean)public ObjectID getObjectID()
CertificatePolicies extension.getObjectID in class V3Extensionpublic void init(ASN1Object obj) throws X509ExtensionException
CertificatePolicies implementation with an ASN1object
representing the value of this extension.
The given ASN1Object represents a sequence of policy informations indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used.
The given ASN1Object is the one created by toASN1Object().
This method is used by the X509Extensions class when parsing the ASN.1 representation
of a certificate for properly initializing an included
CertificatePolicies extension. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
init in class V3Extensionobj - the CertificatePolicies as ASN1ObjectX509ExtensionException - if the extension could not be parsedpublic ASN1Object toASN1Object()
CertificatePolicies
extension object.
The returned ASN1Object represents a sequence of policy informations indicating the policy under which the certificate has been issued and the purposes for which the certificate may be used.
certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
toASN1Object in class V3ExtensionCertificatePolicies as ASN1Objectpublic PolicyInformation[] getPolicyInformation()
public int hashCode()
hashCode in class V3Extensionpublic java.lang.String toString()
CertificatePolicies extension.toString in class java.lang.Object