BasicAttConstraints (5.24 API Documentation)

java.lang.Object
- iaik.x509.V3Extension
- - iaik.x509.attr.extensions.BasicAttConstraints

```
public class BasicAttConstraints
extends V3Extension
```
This class implements the BasicAttConstraints Extension.
If this extension is included in the certificate and the authority tag is true, the holder is allowed to issue certificates containing the specified privilege. The BasicAttConstrints extension may be critical or non critical. However, it is recommended to be critical, otherwise a holder which is not authorized to be an AttributeAuthority (AA) may issue certificates containing the specified privilege.
The BasicAttConstrints extension is associated with a specific certificateExtension object identifier, derived from:
```
       basicAttConstraints EXTENSION ::=
          { SYNTAX BasicAttConstraintsSyntax
            IDENTIFIED BY { id-ce-basicAttConstraints }}
       BasicAttConstraintsSyntax ::= SEQUENCE
          {authority BOOLEAN DEFAULT FALSE,
          pathLenConstraint INTEGER (0..MAX) OPTIONAL}

 
```
which corresponds to the OID string "2.5.29.41".
If authority is false the holder is not allowed to delegete the privilege. In this case the pathLen parameter is meaningless. Otherwise, the holder may If the pathLenConstraint is not present the holder has no limitation on the length of the delegation path. If the pathLenConstraint is present and the value is 0 the holder may issue certificates only to end-entities.
More information can be found in ITU Recommendation X.509, is section 15.5.2.1 "Basic attribute constraints extension".
An BasicAttConstrints object may be created by either using the empty default constructor, or by directly supplying one access descritption which has to be of type AccessDescription, e.g.:
```
 BasicAttConstraints bac = new BasicAttConstraints();
 bac.setAutority(false);
 bac.setCritical(true);        
 
```
For adding a BasicAttConstraint extension object to a X509Certificate, use the addExtension method of the X509Certificate class:
```
 X505Certificate cert = new X509Certificate();
   ...
 cert.addExtension(basicAttConstraint);
 
```
Note: This extension should not be included in certificates containing the SOA extension.
See Also:
GeneralName, ObjectID, V3Extension, X509Extensions, X509Certificate

Field Summary

Fields
Modifier and Type Field and Description

static ObjectID oid
- Fields inherited from class iaik.x509.V3Extension
  critical

Fields
Modifier and Type	Field and Description
`static ObjectID`	`oid`

Constructor Summary

Constructors
Constructor and Description

BasicAttConstraints()
Default constructor that creates an empty BasicAttConstraint extension element.

Constructors
Constructor and Description
`BasicAttConstraints()` Default constructor that creates an empty `BasicAttConstraint` extension element.

Method Summary

Methods
Modifier and Type	Method and Description
`boolean`	`getAuthority()` Returns wether the authority flag is true or not.
`ObjectID`	`getObjectID()` Returns the object ID of this `BasicAttConstraints` extension.
`int`	`getPathLenConstraint()` Returns the value of the encoded pathlen constraint.
`int`	`hashCode()` Returns the hash code of the extension.
`void`	`init(ASN1Object arg0)` Parses a given BasicAttConstrint object from it's ASN.1 representation.
`void`	`setAutority(boolean flag)` Sets the authority flag to the specified value.
`void`	`setPathlenConstraint(int len)` Sets the maximum length of the delegation path.
`ASN1Object`	`toASN1Object()` Returns the ASN.1 representation of the extension.
`java.lang.String`	`toString()` Returns a string that represents the contents of this `BasicAttConstraint` object.

Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - oid
```
public static final ObjectID oid
```
- Constructor Detail
  - BasicAttConstraints
```
public BasicAttConstraints()
```
    Default constructor that creates an empty BasicAttConstraint extension element.
- Method Detail
  - toASN1Object
```
public ASN1Object toASN1Object()
                        throws X509ExtensionException
```
    Returns the ASN.1 representation of the extension. If a previously set pathLen is negative the parameter is omitted during encoding.
    
    Specified by:
    
    toASN1Object in class V3Extension
    
    Returns:
    the value of the extension as ASN1Object
    
    Throws:
    
    X509ExtensionException - if the extension could not be created
  - init
```
public void init(ASN1Object arg0)
          throws X509ExtensionException
```
    Parses a given BasicAttConstrint object from it's ASN.1 representation. The values can afterwards be read with getAuthority() and getPathLenConstraint().
    
    Specified by:
    
    init in class V3Extension
    
    Parameters:
    arg0 - the extension value as ASN1Object
    
    Throws:
    
    X509ExtensionException - if authority is true and the encoded pathLen is negative.
  - getAuthority
```
public boolean getAuthority()
```
    Returns wether the authority flag is true or not. If it is set to true, the holder is allowed to issue ACs with the specified attribute.
    
    Returns:
    the value of the authority flag
  - getPathLenConstraint
```
public int getPathLenConstraint()
```
    Returns the value of the encoded pathlen constraint. If authority is false the pathlenconstraint is meaningless. Otherwise it limits the length of the delegation path. The pathlength constraint is OPTIONAL, so if the method returns -1 the value is not specified in the certificate. In this case (and if authority is true) the delegation path is not limited.
    If the value is 0 the holder may issue certificates only to end-entities. Note: the pathlen constraint is only reasonle if authority is true.
    
    Returns:
    the lenght of the path for which the privilege can be delegated at maximum.
  - setPathlenConstraint
```
public void setPathlenConstraint(int len)
```
    Sets the maximum length of the delegation path. If this parameter is not set or if is set to a negative value it is omitted during encoding.
    
    Parameters:
    len -
  - setAutority
```
public void setAutority(boolean flag)
```
    Sets the authority flag to the specified value. If true the holder is allowed to delegate his privileges as far as it is allowed by the pathLenConstraint.
    
    Parameters:
    flag -
  - hashCode
```
public int hashCode()
```
    Returns the hash code of the extension.
    
    Specified by:
    
    hashCode in class V3Extension
    
    Returns:
    a hash code for this extension
  - getObjectID
```
public ObjectID getObjectID()
```
    Returns the object ID of this BasicAttConstraints extension.
    
    Specified by:
    
    getObjectID in class V3Extension
    
    Returns:
    the object ID
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents the contents of this BasicAttConstraint object.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class BasicAttConstraints

Field Summary

Fields inherited from class iaik.x509.V3Extension

Constructor Summary

Method Summary

Methods inherited from class iaik.x509.V3Extension

Methods inherited from class java.lang.Object

Field Detail

oid

Constructor Detail

BasicAttConstraints

Method Detail

toASN1Object

init

getAuthority

getPathLenConstraint

setPathlenConstraint

setAutority

hashCode

getObjectID

toString