|
6.0 (c) 2002 IAIK, (c) 2003 - 2022 SIC |
|
public class InhibitAnyPolicy extends V3Extension
InhibitAnyPolicy extension.
The InhibitAnyPolicy extension is a standard X509v3 extension, which
has to be marked as being critical.
Each extension is associated with a specific certificateExtension
object identifier, derived from:
certificateExtension OBJECT IDENTIFIER ::=
{joint-iso-ccitt(2) ds(5) 29}
id-ce OBJECT IDENTIFIER ::= certificateExtension
The object identifier for the InhibitAnyPolicy extension
is defined as:
id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 }
which corresponds to the OID string "2.5.29.54".
The X.509 Certificate and CRL profile presented in RFC 3280 successordraft-ietf-pkix-new-part1-06.txt specifies the InhibitPolicy to may be used in certificates issued to CAs. The inhibit any-policy indicates that the special any-policy OID, with the value {2 5 29 32 0}, is not considered an explicit match for other certificate policies. The value indicates the number of additional certificates that may appear in the path before any- policy is no longer permitted. For example, a value of one indicates that any-policy may be processed in certificates issued by the subject of this certificate, but not in additional certificates in the path:
InhibitAnyPolicy ::= SkipCerts SkipCerts ::= INTEGER (0..MAX)For adding a
InhibitAnyPolicy extension object to a X509Certificate,
use the addExtension method of the iaik.x509.X509Certificate class, e.g.:
int skipCerts = ...; InhibitAnyPolicy inhibitAnyPolicy = new InhibitAnyPolicy(skipCerts); X509Certificate cert = new X509Certificate(); ... cert.addExtension(inhibitAnyPolicy);
When intending to mark this extension as critical, use the setCritical
method of the iaik.x509.V3Extension
parent class (note that you have to mark an extension as critical before adding the
extension to a certificate), e.g.:
inhibitAnyPolicy.setCritical(true);
CertificatePolicies,
V3Extension,
X509Extensions,
X509Certificate| Modifier and Type | Field and Description |
|---|---|
static ObjectID |
oid
The object identifier of this
InhibitAnyPolicy extension. |
critical| Constructor and Description |
|---|
InhibitAnyPolicy()
Default constructor.
|
InhibitAnyPolicy(int skipCerts)
Creates an InhibitAnyPolicy for the given skipCerts value.
|
| Modifier and Type | Method and Description |
|---|---|
ObjectID |
getObjectID()
Returns the object ID of this
InhibitAnyPolicy extension |
int |
getSkipCerts()
Returns the
skipCerts value of this
InhibitAnyPolicy extension. |
int |
hashCode()
Returns a hashcode for this identity.
|
void |
init(ASN1Object obj)
Inits this
InhibitAnyPolicy implementation with an ASN1object
representing the value of this extension. |
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this
InhibitAnyPolicy
extension object. |
java.lang.String |
toString()
Returns a string that represents the contents of this
InhibitAnyPolicy extension. |
getName, isCritical, setCriticalpublic static final ObjectID oid
InhibitAnyPolicy extension.
The corresponding OID string is "2.5.29.54".public InhibitAnyPolicy()
Only used for dynamic object creation. Shall be not called by an application. skipCerts is set to 0.
public InhibitAnyPolicy(int skipCerts)
skipCerts - the skipCerts value indicating the number of additional
certificates that may appear in the path before any-policy
is no longer permittedpublic ASN1Object toASN1Object() throws X509ExtensionException
InhibitAnyPolicy
extension object.
The returned ASN1Object is an ASN.1 INTEGER specifying the skipCerts value that indicates the number of additional certificates that may appear in the path before any-policy is no longer permitted:
InhibitAnyPolicy ::= SkipCerts SkipCerts ::= INTEGER (0..MAX)The ASN1Object created by this method may be used as parameter for the
init method.toASN1Object in class V3ExtensionInhibitAnyPolicy as ASN1ObjectX509ExtensionException - if the extension could not be createdpublic void init(ASN1Object obj) throws X509ExtensionException
InhibitAnyPolicy implementation with an ASN1object
representing the value of this extension.
The given ASN1Object represents an ASN.1 INTEGER specifying the skipCerts value that indicates the number of additional certificates that may appear in the path before any-policy is no longer permitted:
InhibitAnyPolicy ::= SkipCerts SkipCerts ::= INTEGER (0..MAX)
The given ASN1Object is the one created by toASN1Object().
This method is used by the X509Extensions class when parsing the ASN.1 representation
of a certificate for properly initializing an included
InhibitAnyPolicy extension. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
init in class V3Extensionobj - the InhibitAnyPolicy as ASN1ObjectX509ExtensionException - if the extension could not parse the ASN1Objectpublic int hashCode()
hashCode in class V3Extensionpublic ObjectID getObjectID()
InhibitAnyPolicy extensiongetObjectID in class V3Extensionpublic int getSkipCerts()
skipCerts value of this
InhibitAnyPolicy extension.skipCerts value indicating the number of additional
certificates that may appear in the path before any-policy
is no longer permittedpublic java.lang.String toString()
InhibitAnyPolicy extension.toString in class java.lang.Object