org.bouncycastle.asn1.ASN1Encodable
be.cardon.asn1.x509.extensions.PolicyConstraints
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
public class PolicyConstraints
Extension PolicyConstraints.
Documentation from FRC 3280:
The policy constraints extension can be used in certificates issued to CAs. The policy constraints extension constrains path validation in two ways. It can be used to prohibit policy mapping or require that each certificate in a path contain an acceptable policy identifier.
If the inhibitPolicyMapping field is present, the value indicates the number of additional certificates that may appear in the path before policy mapping is no longer permitted. For example, a value of one indicates that policy mapping may be processed in certificates issued by the subject of this certificate, but not in additional certificates in the path.
If the requireExplicitPolicy field is present, the value of requireExplicitPolicy indicates the number of additional certificates that may appear in the path before an explicit policy is required for the entire path. When an explicit policy is required, it is necessary for all certificates in the path to contain an acceptable policy identifier in the certificate policies extension. An acceptable policy identifier is the identifier of a policy required by the user of the certification path or the identifier of a policy which has been declared equivalent through policy mapping.
Conforming CAs MUST NOT issue certificates where policy constraints is a empty sequence. That is, at least one of the inhibitPolicyMapping field or the requireExplicitPolicy field MUST be present. The behavior of clients that encounter a empty policy constraints field is not addressed in this profile.
This extension MAY be critical or non-critical.
ASN.1 definitions:
id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 }
PolicyConstraints ::= SEQUENCE {
requireExplicitPolicy [0] SkipCerts OPTIONAL,
inhibitPolicyMapping [1] SkipCerts OPTIONAL }
SkipCerts ::= INTEGER (0..MAX)
| Field Summary |
|---|
| Fields inherited from class org.bouncycastle.asn1.ASN1Encodable |
|---|
BER, DER |
| Constructor Summary | |
|---|---|
PolicyConstraints(org.bouncycastle.asn1.ASN1Sequence seq)
Creates an new instance from ASN1Sequence object. |
|
PolicyConstraints(int requireExplicitPolicy,
int inhibitPolicyMapping)
Creates a new instance with the given requireExplicitPolicy and
inhibitPolicyMapping. |
|
| Method Summary | |
|---|---|
int |
getInhibitPolicyMapping()
Returns the inhibitPolicyMapping or null is absent. |
static PolicyConstraints |
getInstance(java.lang.Object obj)
Returns an instance from ASN1Sequence, or
PolicyConstraints object. |
int |
getRequireExplicitPolicy()
Returns the requireExplicitPolicy or null is absent. |
org.bouncycastle.asn1.DERObject |
toASN1Object()
|
| Methods inherited from class org.bouncycastle.asn1.ASN1Encodable |
|---|
equals, getDEREncoded, getDERObject, getEncoded, getEncoded, hashCode |
| Methods inherited from class java.lang.Object |
|---|
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait |
| Constructor Detail |
|---|
public PolicyConstraints(org.bouncycastle.asn1.ASN1Sequence seq)
ASN1Sequence object.
public PolicyConstraints(int requireExplicitPolicy,
int inhibitPolicyMapping)
requireExplicitPolicy and
inhibitPolicyMapping.
| Method Detail |
|---|
public static PolicyConstraints getInstance(java.lang.Object obj)
ASN1Sequence, or
PolicyConstraints object.
public int getRequireExplicitPolicy()
requireExplicitPolicy or null is absent.
public int getInhibitPolicyMapping()
inhibitPolicyMapping or null is absent.
public org.bouncycastle.asn1.DERObject toASN1Object()
toASN1Object in class org.bouncycastle.asn1.ASN1Encodable
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||