PolicyConstraints (6.0 API Documentation)

java.lang.Object
- iaik.x509.V3Extension
- - iaik.x509.extensions.PolicyConstraints

```
public class PolicyConstraints
extends V3Extension
```
This class implements the PolicyConstraints extension.
The PolicyConstraints extension is a standard X509v3 extension, which may or may not be marked as being critical.
Each extension is associated with a specific certificateExtension object identifier, derived from:
```
 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension
 
```
The object identifier for the PolicyConstraints extension is defined as:
id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
which corresponds to the OID string "2.5.29.36".
The X.509 Certificate and CRL profile presented in RFC 3280 specifies the policy contraints extension for constraining path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in a path contains an acceptable policy identifier. The policy constraints extension can be used in certificates issued to CAs:
```
 PolicyConstraints ::= SEQUENCE {
    requireExplicitPolicy           [0] SkipCerts OPTIONAL,
    inhibitPolicyMapping            [1] SkipCerts OPTIONAL }
 

 SkipCerts ::= INTEGER (0..MAX)
 
```
If the inhibitPolicyMapping field is present, the value indicates the number of additional certificates that may appear in the path before policy mapping is no longer permitted. For example, a value of one indicates that policy mapping may be processed in certificates issued by the subject of this certificate, but not in additional certificates in the path.
If the requireExplicitPolicy field is present, subsequent certificates must include an acceptable policy identifier. The value of requireExplicitPolicy indicates the number of additional certificates that may appear in the path before an explicit policy is required. An acceptable policy identifier is the identifier of a policy required by the user of the certification path or the identifier of a policy which has been declared equivalent through policy mapping.
More information can be found in RFC 3280, section 4.2.1.12 "Policy Constraints".
For adding a PolicyConstraints extension object to a X509Certificate, use the addExtension method of the iaik.x509.X509Certificate class, e.g.:
```
 PolicyConstraints policyConstraints = new PolicyConstraints();
 policyConstraints.setRequireExplicitPolicy(3);
 policyConstraints.setInhibitExplicitPolicy(7);
 X509Certificate cert = new X509Certificate();
  ...
 cert.addExtension(policyConstraints);
 
```
When intending to mark this extension as critical, use the setCritical method of the iaik.x509.V3Extension parent class (note that you have to mark an extension as critical before adding the extension to a certificate), e.g.:
```
 policyConstraints.setCritical(true);
 
```
Version:

File Revision 23

See Also:
PolicyMappings, V3Extension, X509Extensions, X509Certificate

Field Summary

Fields
Modifier and Type Field and Description

static ObjectID oid
The object identifier of this PolicyConstraints extension.
- Fields inherited from class iaik.x509.V3Extension
  critical

Fields
Modifier and Type	Field and Description
`static ObjectID`	`oid` The object identifier of this `PolicyConstraints` extension.

Constructor Summary

Constructors
Constructor and Description

PolicyConstraints()
Default constructor.

Constructors
Constructor and Description
`PolicyConstraints()` Default constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`int`	`getInhibitExplicitPolicy()` Deprecated. see getInhibitPolicyMapping()
`int`	`getInhibitPolicyMapping()` Returns the `inhibitPolicyMapping` value of this `PolicyConstraints` extension specifying the number of additional certificates that may appear in the path before policy mapping is no longer permitted.
`ObjectID`	`getObjectID()` Returns the object ID of this `PolicyConstraints` extension
`int`	`getRequireExplicitPolicy()` Returns the `requireExplicitPolicy` value of this `PolicyConstraints` extension specifying the number of additional certificates that may appear in the path before an explicit policy is required.
`int`	`hashCode()` Returns a hashcode for this identity.
`void`	`init(ASN1Object obj)` Inits this `PolicyConstraints` implementation with an ASN1object representing the value of this extension.
`void`	`setInhibitExplicitPolicy(int inhibitPolicyMapping)` Deprecated. see setInhibitPolicyMapping()
`void`	`setInhibitPolicyMapping(int inhibitPolicyMapping)` Sets the `inhibitPolicyMapping` value of this `PolicyConstraints` extension for specifying the number of additional certificates that may appear in the path before policy mapping is no longer permitted.
`void`	`setRequireExplicitPolicy(int requireExplicitPolicy)` Sets the `requireExplicitPolicy` value of this `PolicyConstraints` extension for specifying the number of additional certificates that may appear in the path before an explicit policy is required.
`ASN1Object`	`toASN1Object()` Returns an ASN1Object representing the value of this `PolicyConstraints` extension object.
`java.lang.String`	`toString()` Returns a string that represents the contents of this `PolicyConstraints` extension.

Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - oid
```
public static final ObjectID oid
```
    The object identifier of this PolicyConstraints extension. The corresponding OID string is "2.5.29.36".
- Constructor Detail
  - PolicyConstraints
```
public PolicyConstraints()
```
    Default constructor.
    Creates an empty PolicyConstraints object. InhibitExplicitPolicy and RequireExplicitPolicy are initialized with -1 indicating that the corresponding values are not set. Use setInhibitExplicitPolicy and/or setRequireExplicitPolicy for prohibiting policy mapping and/or requiring acceptable policy identifiers for subsequent certificates.
    If you want to specify this extension as critical before adding it to a certificate, use the setCritical method of the iaik.x509.V3Extension parent class, e.g:
```
 PolicyConstraints policyConstraints = new PolicyConstraints();
 policyConstraints.setRequireExplicitPolicy(3);
 policyConstraints.setInhibitExplicitPolicy(7);
 policyConstraints.setCritical(true);
 X509Certificate cert = new X509Certificate();
  ...
 cert.addExtension(policyConstraints);
 
```
    See Also:
    V3Extension.setCritical(boolean)
- Method Detail
  - toASN1Object
```
public ASN1Object toASN1Object()
```
    Returns an ASN1Object representing the value of this PolicyConstraints extension object.
    The returned ASN1Object is an ASN.1 Sequence specifying any inhibitPolicyMapping and/or requireExplicitPolicy values for prohibiting policy mapping and/or requiring acceptable policy identifiers for subsequent certificates.
```
 PolicyConstraints ::= SEQUENCE {
    requireExplicitPolicy           [0] SkipCerts OPTIONAL,
    inhibitPolicyMapping            [1] SkipCerts OPTIONAL }
 
```
    The ASN1Object created by this method may be used as parameter for the init method.
    Specified by:
    
    toASN1Object in class V3Extension
    
    Returns:
    the value of this PolicyConstraints as ASN1Object
  - init
```
public void init(ASN1Object obj)
          throws X509ExtensionException
```
    Inits this PolicyConstraints implementation with an ASN1object representing the value of this extension.
    The given ASN1Object represents a sequence of inhibitPolicyMapping and/or requireExplicitPolicy values for prohibiting policy mapping and/or requiring acceptable policy identifiers for subsequent certificates.
    The given ASN1Object is the one created by toASN1Object().
    This method is used by the X509Extensions class when parsing the ASN.1 representation of a certificate for properly initializing an included PolicyConstraints extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.
    
    Specified by:
    
    init in class V3Extension
    
    Parameters:
    obj - the PolicyConstraints as ASN1Object
    
    Throws:
    
    X509ExtensionException - if the extension could not be parsed
  - hashCode
```
public int hashCode()
```
    Returns a hashcode for this identity.
    
    Specified by:
    
    hashCode in class V3Extension
    
    Returns:
    a hash code for this identity
  - getObjectID
```
public ObjectID getObjectID()
```
    Returns the object ID of this PolicyConstraints extension
    
    Specified by:
    
    getObjectID in class V3Extension
    
    Returns:
    the object ID
  - setRequireExplicitPolicy
```
public void setRequireExplicitPolicy(int requireExplicitPolicy)
```
    Sets the requireExplicitPolicy value of this PolicyConstraints extension for specifying the number of additional certificates that may appear in the path before an explicit policy is required.
    
    Parameters:
    requireExplicitPolicy - the number of additional certificates that may appear in the path before an explicit policy is required
    See Also:
    getRequireExplicitPolicy()
  - setInhibitPolicyMapping
```
public void setInhibitPolicyMapping(int inhibitPolicyMapping)
```
    Sets the inhibitPolicyMapping value of this PolicyConstraints extension for specifying the number of additional certificates that may appear in the path before policy mapping is no longer permitted.
    
    Parameters:
    inhibitPolicyMapping - the number of additional certificates that may appear in the path before policy mapping is no longer permitted.
    See Also:
    getInhibitPolicyMapping()
  - setInhibitExplicitPolicy
```
public void setInhibitExplicitPolicy(int inhibitPolicyMapping)
```
    Deprecated. see setInhibitPolicyMapping()
  - getRequireExplicitPolicy
```
public int getRequireExplicitPolicy()
```
    Returns the requireExplicitPolicy value of this PolicyConstraints extension specifying the number of additional certificates that may appear in the path before an explicit policy is required.
    
    Returns:
    the requireExplicitPolicy value specifying the number of additional certificates that may appear in the path before an explicit policy is required, or -1 if the requireExplicitPolicy value has yet not been set
    See Also:
    setRequireExplicitPolicy(int)
  - getInhibitPolicyMapping
```
public int getInhibitPolicyMapping()
```
    Returns the inhibitPolicyMapping value of this PolicyConstraints extension specifying the number of additional certificates that may appear in the path before policy mapping is no longer permitted.
    
    Returns:
    the inhibitPolicyMapping value specifying the number of additional certificates that may appear in the path before policy mapping is no longer permitted, or -1 if the inhibitPolicyMapping value has yet not been set
    See Also:
    setInhibitPolicyMapping(int)
  - getInhibitExplicitPolicy
```
public int getInhibitExplicitPolicy()
```
    Deprecated. see getInhibitPolicyMapping()
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents the contents of this PolicyConstraints extension.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class PolicyConstraints

Field Summary

Fields inherited from class iaik.x509.V3Extension

Constructor Summary

Method Summary

Methods inherited from class iaik.x509.V3Extension

Methods inherited from class java.lang.Object

Field Detail

oid

Constructor Detail

PolicyConstraints

Method Detail

toASN1Object

init

hashCode

getObjectID

setRequireExplicitPolicy

setInhibitPolicyMapping

setInhibitExplicitPolicy

getRequireExplicitPolicy

getInhibitPolicyMapping

getInhibitExplicitPolicy

toString