public class PolicyQualifierInfo extends Object
The ASN.1 definition is as follows:
PolicyQualifierInfo ::= SEQUENCE { policyQualifierId PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId }
A certificate policies extension, if present in an X.509 version 3 certificate, contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. In an end-entity certificate, these policy information terms indicate the policy under which the certificate has been issued and the purposes for which the certificate may be used. In a CA certificate, these policy information terms limit the set of policies for certification paths which include this certificate.
A Set
of PolicyQualifierInfo
objects are returned
by the PolicyNode.getPolicyQualifiers
method. This allows applications with specific policy requirements to
process and validate each policy qualifier. Applications that need to
process policy qualifiers should explicitly set the
policyQualifiersRejected
flag to false (by calling the
PKIXParameters.setPolicyQualifiersRejected
method) before validating
a certification path.
Note that the PKIX certification path validation algorithm specifies
that any policy qualifier in a certificate policies extension that is
marked critical must be processed and validated. Otherwise the
certification path must be rejected. If the
policyQualifiersRejected
flag is set to false, it is up to
the application to validate all policy qualifiers in this manner in order
to be PKIX compliant.
Concurrent Access
All PolicyQualifierInfo
objects must be immutable and
thread-safe. That is, multiple threads may concurrently invoke the
methods defined in this class on a single PolicyQualifierInfo
object (or more than one) with no ill effects. Requiring
PolicyQualifierInfo
objects to be immutable and thread-safe
allows them to be passed around to various pieces of code without
worrying about coordinating access.
Constructor and Description |
---|
PolicyQualifierInfo(byte[] encoded)
Creates an instance of
PolicyQualifierInfo from the
encoded bytes. |
Modifier and Type | Method and Description |
---|---|
byte[] |
getEncoded()
Returns the ASN.1 DER encoded form of this
PolicyQualifierInfo . |
byte[] |
getPolicyQualifier()
Returns the ASN.1 DER encoded form of the
qualifier
field of this PolicyQualifierInfo . |
String |
getPolicyQualifierId()
Returns the
policyQualifierId field of this
PolicyQualifierInfo . |
String |
toString()
Return a printable representation of this
PolicyQualifierInfo . |
public PolicyQualifierInfo(byte[] encoded) throws IOException
PolicyQualifierInfo
from the
encoded bytes. The encoded byte array is copied on construction.encoded
- a byte array containing the qualifier in DER encodingIOException
- thrown if the byte array does not represent a
valid and parsable policy qualifierpublic final String getPolicyQualifierId()
policyQualifierId
field of this
PolicyQualifierInfo
. The policyQualifierId
is an Object Identifier (OID) represented by a set of nonnegative
integers separated by periods.null
)public final byte[] getEncoded()
PolicyQualifierInfo
.null
).
Note that a copy is returned, so the data is cloned each time
this method is called.public final byte[] getPolicyQualifier()
qualifier
field of this PolicyQualifierInfo
.qualifier
field. Note that a copy is returned, so the data is cloned each
time this method is called. Submit a bug or feature
For further API reference and developer documentation, see Java SE Documentation. That documentation contains more detailed, developer-targeted descriptions, with conceptual overviews, definitions of terms, workarounds, and working code examples.
Copyright © 1993, 2024, Oracle and/or its affiliates. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.