com.entrust.toolkit.x509.testlets

Class CertificatePoliciesCertTestlet

java.lang.Object

com.entrust.toolkit.x509.testlets.CertificatePoliciesCertTestlet

All Implemented Interfaces:

CertTestlet, ExtensionTestlet

public class CertificatePoliciesCertTestlet
extends java.lang.Object
implements CertTestlet

This class implements a CertTestlet to test the CertificatePolicies extension of a certificate. Given the tightly-coupled nature of the certificate extensions related to policy, it is also responsible for processing PolicyMapping, PolicyConstraints, and InhibitAnyPolicy extensions.

There should be no need for toolkit users to use this class directly.

Constructor Summary

Constructors

Constructor and Description
CertificatePoliciesCertTestlet(ClientSettings clientSettings) Creates a CertificatePoliciesCertTestlet object that contains a reference to the client settings object from which policy governing the processing/validation of CertificatePolicies extensions is extracted.
CertificatePoliciesCertTestlet(ObjectID[] acceptablePolicyOids, BIT_STRING businessControlFlags) Create a CertificatePoliciesCertTestlet object.
CertificatePoliciesCertTestlet(ObjectID[] validPolicyOids, boolean alwaysInhibitPolicyMapping) Deprecated. As of 6.1 SP2. Use the constructor CertificatePoliciesCertTestlet(ObjectID[], BIT_STRING)

Method Summary

Methods

Modifier and Type	Method and Description
void	init(X509Certificate[] certChain, TestletDataSet dataSet) Initialize the testlet with the given chain.
void	notify(V3Extension extension, TestletDataSet dataSet) Notify the testlet of the extension that is about to be validated.
void	reset(TestletDataSet dataSet) Part of the ExtensionTestlet interface, has no effect.
void	validate(X509Certificate cert, TestletDataSet dataSet) Validate that the given certificate does not invalidate the certificate chain.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CertificatePoliciesCertTestlet

public CertificatePoliciesCertTestlet(ObjectID[] validPolicyOids,
                              boolean alwaysInhibitPolicyMapping)

Deprecated. As of 6.1 SP2. Use the constructor CertificatePoliciesCertTestlet(ObjectID[], BIT_STRING)

CertificatePoliciesCertTestlet

public CertificatePoliciesCertTestlet(ObjectID[] acceptablePolicyOids,
                              BIT_STRING businessControlFlags)

Create a CertificatePoliciesCertTestlet object.

Parameters:

acceptablePolicyOids - an array of acceptable policy OIDs. If acceptable policies are not important, pass the array ObjectID[] {ObjectID.anyPolicy}.

businessControlFlags - flags that control the initial inhibit any policy, inhibit policy mapping, and require explicit policy values. This value should be obtained from a ClientSettings object.

See Also:

ClientSettings

CertificatePoliciesCertTestlet

public CertificatePoliciesCertTestlet(ClientSettings clientSettings)

Creates a CertificatePoliciesCertTestlet object that contains a reference to the client settings object from which policy governing the processing/validation of CertificatePolicies extensions is extracted.

When this constructor is used, policy governing the processing/validation of CertificatePolicies extensions (acceptable policy OIDs, inhibit any policy flag, inhibit policy mapping flag, require explicit policy flag) is extracted from the client settings every time the testlet is initialized. This allows the testlet to pickup changes to the client settings policy that effect the operation of this testlet.

Parameters:

clientSettings - the client settings

Method Detail

init

public void init(X509Certificate[] certChain,
        TestletDataSet dataSet)

Initialize the testlet with the given chain.

Specified by:

init in interface CertTestlet

Parameters:

certChain - the certificate chain to be validated.

dataSet - the TestletDataSet to use for the chain validation.

notify

public void notify(V3Extension extension,
          TestletDataSet dataSet)

Notify the testlet of the extension that is about to be validated.

Specified by:

notify in interface ExtensionTestlet

Parameters:

extension - The extension to be validated. This will be an instance of CertificatePolicies.

dataSet - the TestletDataSet to use for the chain validation.

See Also:

CertificatePolicies

validate

public void validate(X509Certificate cert,
            TestletDataSet dataSet)
              throws ExtensionException

Validate that the given certificate does not invalidate the certificate chain. Causes the valid policy tree, inhibit any policy, explicit policy required, and inhibit policy mapping values to be updated appropriately. It updates policy mappings, and for the last certificate in the chain it calculates the final acceptable policy tree.

Note: this method must be called for every certificate in the chain being validated, regardless of whether or not it contains the CertificatePolicies extension.

Specified by:

validate in interface CertTestlet

Parameters:

cert - The current certificate being processed.

dataSet - the TestletDataSet to use for the chain validation.

Throws:

ExtensionException - if there is a problem processing the certificate, or if the given certificate causes the path to be invalid.

reset

public void reset(TestletDataSet dataSet)

Part of the ExtensionTestlet interface, has no effect.

Specified by:

reset in interface ExtensionTestlet

Parameters:

dataSet - the TestletDataSet to use for the chain validation.