com.entrust.toolkit.x509.policies

Class EntrustCertTypeSettings

java.lang.Object

com.entrust.toolkit.x509.policies.EntrustCertTypeSettings

public class EntrustCertTypeSettings
extends java.lang.Object

This class contains certificate-type policy information. All the data in the following ASN.1 structure is represented.

 EntrustCertTypeInfo ::= SEQUENCE {
     certtype        EntrustCertInfoId,
     certdefns       SEQUENCE SIZE (1..MAX) OF EntrustCertDefnInfo,
     policycertdn    DistinguishedName     OPTIONAL,
     policycert      [1] ANY               OPTIONAL -- the policy cert in some encoding
 }
 

Since no known certificate-type policy settings have yet been defined (as of Entrust Security Manager 7.0), access is only provided to the components from the structure above. For future releases, access will also be provided to each known certificate-type policy setting contained within the policy certificate.

This implementation of Entrust certificate-type policy information requires that the 'policycert' component be an ASN.1 encoded Entrust Attribute Certificate. It also requires that both the 'name' and 'id' of every EntrustCertInfoId structure exist.

Since:

7.0

Constructor Summary

Constructors

Constructor and Description
EntrustCertTypeSettings(EntrustCertTypeInfo entrustCertTypeInfo) Creates an EntrustCertTypeSettings object from an EntrustCertTypeInfo structure.
EntrustCertTypeSettings(User user, java.math.BigInteger certTypeId, boolean requireFresh) Creates an EntrustCertTypeSettings object by retrieving the necessary information from the user's main policy certificate, and the user's policy certificate sources (Cache or Directory).
EntrustCertTypeSettings(User user, java.lang.String certTypeName, boolean requireFresh) Creates an EntrustCertTypeSettings object by retrieving the necessary information from the user's main policy certificate, and the user's policy certificate sources (Cache or Directory).

Method Summary

Methods

Modifier and Type	Method and Description
int	countCertdefns() Returns the number of certificate-definition policies.
Attribute	getAttribute(ObjectID oid) Returns the requested policy setting from the policy certificate.
EntrustCertDefnSettings	getCertdefn(java.math.BigInteger id) Returns the certificate-definition policy that corresponds to the provided certificate-definition id.
EntrustCertDefnSettings	getCertdefn(EntrustCertInfoId certdefn) Returns the certificate-definition policy that corresponds to the provided certificate-definition identifier.
EntrustCertDefnSettings	getCertdefn(java.lang.String name) Returns the certificate-definition policy that corresponds to the provided certificate-definition name.
java.util.Iterator	getCertdefns() Returns an Iterator over all the the certificate-definition policy information.
EntrustCertInfoId	getCerttype() Returns the certificate-type identifier, which is the 'certdefn' component that was extracted from the EntrustCertTypeInfo structure.
Name	getPolicycertdn() Returns the certificate-type policy certificate DN, which is the 'policycertdn' component that was extracted from the EntrustCertTypeInfo structure.
boolean	isFresh() Returns an indicator of whether or not all the policy certificates this object contains are fresh (were retrieved from the directory or extracted from an EntrustCertTypeSettings structure received via PKIX-CMP).
java.lang.String	toString() Creates a text representation of the certificate-type information, including the values of each of the known policy settings (any policy setting that has an accessor API).
void	updateUserPolicyCertCache(User user) Adds the certificate definition policy certificates to the user's policy certificate cache.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

EntrustCertTypeSettings

public EntrustCertTypeSettings(User user,
                       java.math.BigInteger certTypeId,
                       boolean requireFresh)
                        throws java.security.cert.CertificateException

Creates an EntrustCertTypeSettings object by retrieving the necessary information from the user's main policy certificate, and the user's policy certificate sources (Cache or Directory).

First the 'entrustCertTypePolicy' attribute is retrieved from the user's main policy certificate. This attribute contains a list of all certificate type information supported by the Entrust Security Manager as EntrustCertTypeInfo structures. However, these structures do not contain any policy certificates.

From this list, the user's certificate type information is extracted using the certificate type identifier provided. Finally, each of the user's certificate definition policy certificate is retrieved from the user's policy certificate source, and loaded into the structure.

Parameters:

user - the user whose certificate type settings are being created

certTypeId - the user's certificate type identifier

requireFresh - indicates that fresh policy certificate are required; all policy certificate will be retrieved from the Directory

Throws:

java.security.cert.CertificateException - thrown if an error occurs while retrieving the user's certificate type information

EntrustCertTypeSettings

public EntrustCertTypeSettings(User user,
                       java.lang.String certTypeName,
                       boolean requireFresh)
                        throws java.security.cert.CertificateException

Creates an EntrustCertTypeSettings object by retrieving the necessary information from the user's main policy certificate, and the user's policy certificate sources (Cache or Directory).

First the 'entrustCertTypePolicy' attribute is retrieved from the user's main policy certificate. This attribute contains a list of all certificate type information supported by the Entrust Security Manager as EntrustCertTypeInfo structures. However, these structures do not contain any policy certificates.

From this list, the user's certificate type information is extracted using the certificate type identifier provided. Finally, each of the user's certificate definition policy certificate is retrieved from the user's policy certificate source, and loaded into the structure.

Parameters:

user - the user whose certificate type settings are being created

certTypeName - the user's certificate type name

requireFresh - indicates that fresh policy certificate are required; all policy certificate will be retrieved from the Directory

Throws:

java.security.cert.CertificateException - thrown if an error occurs while retrieving the user's certificate type information

Since:

8.0 Patch

EntrustCertTypeSettings

public EntrustCertTypeSettings(EntrustCertTypeInfo entrustCertTypeInfo)
                        throws CodingException

Creates an EntrustCertTypeSettings object from an EntrustCertTypeInfo structure.

The 'certdefn' and 'policycertdn' components are simply extracted and stored internally. The 'certdefns' component is extracted and each EntrustCertDefnInfo sturcture is converted to and represented as an EntrustCertDefnSettings object and stored internally. The 'policycert' component is extracted, ASN1 decoded into an Entrust Attribute Certificate object, and stored internally. This implementation of Entrust certificate-type policy information requires that the 'policycert' component be an ASN1 encoded Entrust Attribute Certificate. It also requires that both the 'name' and 'id' of ever EntrustCertInfoId structure exist.

Note:

This does not validate the policy certificates and instead assumes that the EntrustCertTypeInfo structure was received by some trusted means (PKIX-CMP). If this is not the case, all policy certificates must be validated before the policies can be trusted.

Parameters:

entrustCertTypeInfo - the EntrustCertTypeInfo structure that contains the certificate-type policy information

Throws:

CodingException - thrown if an error occurs while decoding the policy certificates or any of the policy settings they contains

Method Detail

getCerttype

public EntrustCertInfoId getCerttype()

Returns the certificate-type identifier, which is the 'certdefn' component that was extracted from the EntrustCertTypeInfo structure.

The certificate-type identifier provides a unique identifier for the certificate-type information.

Returns:

the certificate-type identifier

getCertdefn

public EntrustCertDefnSettings getCertdefn(EntrustCertInfoId certdefn)

Returns the certificate-definition policy that corresponds to the provided certificate-definition identifier.

If the certificate-type information does not contain a certificate-definition policy that corresponds to the certificate-definition identifier provided, null is returned.

Returns:

the certificate-definition policy

getCertdefn

public EntrustCertDefnSettings getCertdefn(java.lang.String name)

Returns the certificate-definition policy that corresponds to the provided certificate-definition name.

If the certificate-type information does not contain a certificate-definition policy that corresponds to the certificate-definition id provided, null is returned.

Parameters:

name - the certificate-definition name

Returns:

the certificate-definition policy

getCertdefn

public EntrustCertDefnSettings getCertdefn(java.math.BigInteger id)

Returns the certificate-definition policy that corresponds to the provided certificate-definition id.

If the certificate-type information does not contain a certificate-definition policy that corresponds to the certificate-definition id provided, null is returned.

Parameters:

id - the certificate-definition id

Returns:

the certificate-definition policy

getCertdefns

public java.util.Iterator getCertdefns()

Returns an Iterator over all the the certificate-definition policy information.

The iterator does not allow modifications and will return only EntrustCertDefnSettings objects.

Returns:

the certificate-definition policies

countCertdefns

public int countCertdefns()

Returns the number of certificate-definition policies.

Returns:

the number of certificate-definition policies

getPolicycertdn

public Name getPolicycertdn()

Returns the certificate-type policy certificate DN, which is the 'policycertdn' component that was extracted from the EntrustCertTypeInfo structure. If the certificate-type policy certificate DN was not set in the EntrustCertTypeInfo structure, null is returned.

The certificate-type policy certificate DN provides the Distinguished Name (DN) of the associated certificate-type policy certificate.

Returns:

the certificate-type policy certificate DN

getAttribute

public Attribute getAttribute(ObjectID oid)

Returns the requested policy setting from the policy certificate. If the policy certificate does not contain the requested setting, null is returned.

Returns:

the policy setting

isFresh

public boolean isFresh()

Returns an indicator of whether or not all the policy certificates this object contains are fresh (were retrieved from the directory or extracted from an EntrustCertTypeSettings structure received via PKIX-CMP).

Returns:

true if the policy settings are fresh; false otherwise

updateUserPolicyCertCache

public void updateUserPolicyCertCache(User user)

Adds the certificate definition policy certificates to the user's policy certificate cache.

If the user does not yet have a policy certificate cache, a new one is automatically created.

Parameters:

user - the user whose policy certificate cache is to be updated

toString

public java.lang.String toString()

Creates a text representation of the certificate-type information, including the values of each of the known policy settings (any policy setting that has an accessor API).

Overrides:

toString in class java.lang.Object

Returns:

a text representation of the certificate-type information