Class PolicyConstraintsExtension
java.lang.Object
org.mozilla.jss.netscape.security.x509.Extension
org.mozilla.jss.netscape.security.x509.PolicyConstraintsExtension
- All Implemented Interfaces:
Serializable
,CertAttrSet
This class defines the certificate extension which specifies the
Policy constraints.
The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in a path contain an acceptable policy identifier.
The ASN.1 syntax for this is (IMPLICIT tagging is defined in the module definition):
PolicyConstraints ::= SEQUENCE { requireExplicitPolicy [0] SkipCerts OPTIONAL, inhibitPolicyMapping [1] SkipCerts OPTIONAL } SkipCerts ::= INTEGER (0..MAX)
- Version:
- 1.9
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
Identifier for this attribute, to be used with the get, set, delete methods of Certificate, x509 type.private int
static final String
static final String
Attribute names.private int
static final String
private static final long
private static final byte
private static final byte
Fields inherited from class org.mozilla.jss.netscape.security.x509.Extension
critical, extensionId, extensionValue
-
Constructor Summary
ConstructorsConstructorDescriptionPolicyConstraintsExtension
(boolean crit, int require, int inhibit) Create a PolicyConstraintsExtension object with criticality and both require explicit policy and inhibit policy mapping.PolicyConstraintsExtension
(int require, int inhibit) Create a PolicyConstraintsExtension object with both require explicit policy and inhibit policy mapping.PolicyConstraintsExtension
(Boolean critical, Object value) Create the extension from its DER encoded value and criticality. -
Method Summary
Modifier and TypeMethodDescriptionvoid
decode
(InputStream in) Decode the extension from the InputStream.void
Delete the attribute value.void
encode
(OutputStream out) Write the extension to the DerOutputStream.private void
Get the attribute value.Return an enumeration of names of attributes existing within this attribute.int
returns the inhibitPolicyMapping parameter.getName()
Return the name of this attribute.int
returns the requireExplicitMapping parameter.private void
init
(boolean crit, int require, int inhibit) void
Set the attribute value.toString()
Return the extension as user readable string.Methods inherited from class org.mozilla.jss.netscape.security.x509.Extension
clearValue, encode, getExtensionId, getExtensionValue, isCritical, setCritical, setExtensionId, setExtensionValue
-
Field Details
-
serialVersionUID
private static final long serialVersionUID- See Also:
-
IDENT
Identifier for this attribute, to be used with the get, set, delete methods of Certificate, x509 type.- See Also:
-
NAME
Attribute names.- See Also:
-
REQUIRE
- See Also:
-
INHIBIT
- See Also:
-
TAG_REQUIRE
private static final byte TAG_REQUIRE- See Also:
-
TAG_INHIBIT
private static final byte TAG_INHIBIT- See Also:
-
require
private int require -
inhibit
private int inhibit
-
-
Constructor Details
-
PolicyConstraintsExtension
Create a PolicyConstraintsExtension object with criticality and both require explicit policy and inhibit policy mapping.- Parameters:
crit
- whether this extension should be criticalrequire
- require explicit policy (-1 for optional).inhibit
- inhibit policy mapping (-1 for optional).- Throws:
IOException
-
PolicyConstraintsExtension
Create a PolicyConstraintsExtension object with both require explicit policy and inhibit policy mapping.- Parameters:
require
- require explicit policy (-1 for optional).inhibit
- inhibit policy mapping (-1 for optional).- Throws:
IOException
-
PolicyConstraintsExtension
Create the extension from its DER encoded value and criticality.- Parameters:
critical
- true if the extension is to be treated as critical.value
- Array of DER encoded bytes of the actual value.- Throws:
IOException
- on error.
-
-
Method Details
-
encodeThis
- Throws:
IOException
-
init
- Throws:
IOException
-
toString
Return the extension as user readable string.- Specified by:
toString
in interfaceCertAttrSet
- Overrides:
toString
in classExtension
- Returns:
- value of this certificate attribute in printable form.
-
decode
Decode the extension from the InputStream.- Specified by:
decode
in interfaceCertAttrSet
- Parameters:
in
- the InputStream to unmarshal the contents from.- Throws:
IOException
- on decoding or validity errors.
-
encode
Write the extension to the DerOutputStream.- Specified by:
encode
in interfaceCertAttrSet
- Parameters:
out
- the DerOutputStream to write the extension to.- Throws:
IOException
- on encoding errors.
-
set
Set the attribute value.- Specified by:
set
in interfaceCertAttrSet
- Parameters:
name
- the name of the attribute (e.g. "x509.info.key")obj
- the attribute object.- Throws:
IOException
- on other errors.
-
get
Get the attribute value.- Specified by:
get
in interfaceCertAttrSet
- Parameters:
name
- the name of the attribute to return.- Returns:
- attribute value
- Throws:
IOException
- on other errors.
-
delete
Delete the attribute value.- Specified by:
delete
in interfaceCertAttrSet
- Parameters:
name
- the name of the attribute to delete.- Throws:
IOException
- on other errors.
-
getAttributeNames
Return an enumeration of names of attributes existing within this attribute.- Specified by:
getAttributeNames
in interfaceCertAttrSet
- Returns:
- an enumeration of the attribute names.
-
getName
Return the name of this attribute.- Specified by:
getName
in interfaceCertAttrSet
- Returns:
- the name of this CertAttrSet.
-
getRequireExplicitMapping
public int getRequireExplicitMapping()returns the requireExplicitMapping parameter. -
getInhibitPolicyMapping
public int getInhibitPolicyMapping()returns the inhibitPolicyMapping parameter.
-