public class PolicyConstraintsExtension extends Extension implements CertAttrSet
The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in a path contain an acceptable policy identifier.
The ASN.1 syntax for this is (IMPLICIT tagging is defined in the module definition):
PolicyConstraints ::= SEQUENCE { requireExplicitPolicy [0] SkipCerts OPTIONAL, inhibitPolicyMapping [1] SkipCerts OPTIONAL } SkipCerts ::= INTEGER (0..MAX)
Extension
,
CertAttrSet
,
Serialized FormModifier and Type | Field and Description |
---|---|
static java.lang.String |
IDENT
Identifier for this attribute, to be used with the
get, set, delete methods of Certificate, x509 type.
|
static java.lang.String |
INHIBIT |
static java.lang.String |
NAME
Attribute names.
|
static java.lang.String |
REQUIRE |
critical, extensionId, extensionValue
Constructor and Description |
---|
PolicyConstraintsExtension(boolean crit,
int require,
int inhibit)
Create a PolicyConstraintsExtension object with criticality and
both require explicit policy and inhibit policy mapping.
|
PolicyConstraintsExtension(java.lang.Boolean critical,
java.lang.Object value)
Create the extension from its DER encoded value and criticality.
|
PolicyConstraintsExtension(int require,
int inhibit)
Create a PolicyConstraintsExtension object with both
require explicit policy and inhibit policy mapping.
|
Modifier and Type | Method and Description |
---|---|
void |
decode(java.io.InputStream in)
Decode the extension from the InputStream.
|
void |
delete(java.lang.String name)
Delete the attribute value.
|
void |
encode(java.io.OutputStream out)
Write the extension to the DerOutputStream.
|
java.lang.Object |
get(java.lang.String name)
Get the attribute value.
|
java.util.Enumeration<java.lang.String> |
getAttributeNames()
Return an enumeration of names of attributes existing within this
attribute.
|
int |
getInhibitPolicyMapping()
returns the inhibitPolicyMapping parameter.
|
java.lang.String |
getName()
Return the name of this attribute.
|
int |
getRequireExplicitMapping()
returns the requireExplicitMapping parameter.
|
void |
set(java.lang.String name,
java.lang.Object obj)
Set the attribute value.
|
java.lang.String |
toString()
Return the extension as user readable string.
|
clearValue, encode, getExtensionId, getExtensionValue, isCritical, setCritical, setExtensionId, setExtensionValue
public static final java.lang.String IDENT
public static final java.lang.String NAME
public static final java.lang.String REQUIRE
public static final java.lang.String INHIBIT
public PolicyConstraintsExtension(boolean crit, int require, int inhibit) throws java.io.IOException
crit
- whether this extension should be criticalrequire
- require explicit policy (-1 for optional).inhibit
- inhibit policy mapping (-1 for optional).java.io.IOException
public PolicyConstraintsExtension(int require, int inhibit) throws java.io.IOException
require
- require explicit policy (-1 for optional).inhibit
- inhibit policy mapping (-1 for optional).java.io.IOException
public PolicyConstraintsExtension(java.lang.Boolean critical, java.lang.Object value) throws java.io.IOException
critical
- true if the extension is to be treated as critical.value
- Array of DER encoded bytes of the actual value.java.io.IOException
- on error.public java.lang.String toString()
toString
in interface CertAttrSet
toString
in class Extension
public void decode(java.io.InputStream in) throws java.io.IOException
decode
in interface CertAttrSet
in
- the InputStream to unmarshal the contents from.java.io.IOException
- on decoding or validity errors.public void encode(java.io.OutputStream out) throws java.io.IOException
encode
in interface CertAttrSet
out
- the DerOutputStream to write the extension to.java.io.IOException
- on encoding errors.public void set(java.lang.String name, java.lang.Object obj) throws java.io.IOException
set
in interface CertAttrSet
name
- the name of the attribute (e.g. "x509.info.key")obj
- the attribute object.java.io.IOException
- on other errors.public java.lang.Object get(java.lang.String name) throws java.io.IOException
get
in interface CertAttrSet
name
- the name of the attribute to return.java.io.IOException
- on other errors.public void delete(java.lang.String name) throws java.io.IOException
delete
in interface CertAttrSet
name
- the name of the attribute to delete.java.io.IOException
- on other errors.public java.util.Enumeration<java.lang.String> getAttributeNames()
getAttributeNames
in interface CertAttrSet
public java.lang.String getName()
getName
in interface CertAttrSet
public int getRequireExplicitMapping()
public int getInhibitPolicyMapping()