public class PolicyQualifierInfo extends Object
The ASN.1 definition is as follows:
PolicyQualifierInfo ::= SEQUENCE { policyQualifierId PolicyQualifierId, qualifier ANY DEFINED BY policyQualifierId }
A certificate policies extension, if present in an X.509 version 3 certificate, contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. In an end-entity certificate, these policy information terms indicate the policy under which the certificate has been issued and the purposes for which the certificate may be used. In a CA certificate, these policy information terms limit the set of policies for certification paths which include this certificate.
A Set
of PolicyQualifierInfo
objects are returned by the PolicyNode.getPolicyQualifiers
method. This allows applications with specific policy requirements to process and validate each policy qualifier. Applications that need to process policy qualifiers should explicitly set the policyQualifiersRejected
flag to false (by calling the PKIXParameters.setPolicyQualifiersRejected
method) before validating a certification path.
Note that the PKIX certification path validation algorithm specifies that any policy qualifier in a certificate policies extension that is marked critical must be processed and validated. Otherwise, the certification path must be rejected. If the policyQualifiersRejected
flag is set to false, it is up to the application to validate all policy qualifiers in this manner in order to be PKIX compliant.
Concurrent Access
All PolicyQualifierInfo
objects must be immutable and thread-safe. That is, multiple threads may concurrently invoke the methods defined in this class on a single PolicyQualifierInfo
object (or more than one) with no ill effects. Requiring PolicyQualifierInfo
objects to be immutable and thread-safe allows them to be passed around to various pieces of code without worrying about coordinating access.
Constructor | Description |
---|---|
PolicyQualifierInfo |
Creates an instance of PolicyQualifierInfo from the encoded bytes. |
Modifier and Type | Method | Description |
---|---|---|
final byte[] |
getEncoded() |
Returns the ASN.1 DER encoded form of this PolicyQualifierInfo . |
final byte[] |
getPolicyQualifier() |
Returns the ASN.1 DER encoded form of the qualifier field of this PolicyQualifierInfo . |
final String |
getPolicyQualifierId() |
Returns the policyQualifierId field of this PolicyQualifierInfo . |
String |
toString() |
Return a printable representation of this PolicyQualifierInfo . |
public PolicyQualifierInfo(byte[] encoded) throws IOException
PolicyQualifierInfo
from the encoded bytes. The encoded byte array is copied on construction.encoded
- a byte array containing the qualifier in DER encodingIOException
- thrown if the byte array does not represent a valid and parsable policy qualifierpublic final String getPolicyQualifierId()
policyQualifierId
field of this PolicyQualifierInfo
. The policyQualifierId
is an Object Identifier (OID) represented by a set of nonnegative integers separated by periods.null
)public final byte[] getEncoded()
PolicyQualifierInfo
.null
). Note that a copy is returned, so the data is cloned each time this method is called.public final byte[] getPolicyQualifier()
qualifier
field of this PolicyQualifierInfo
.qualifier
field. Note that a copy is returned, so the data is cloned each time this method is called.public String toString()
PolicyQualifierInfo
.
© 1993, 2023, Oracle and/or its affiliates. All rights reserved.
Documentation extracted from Debian's OpenJDK Development Kit package.
Licensed under the GNU General Public License, version 2, with the Classpath Exception.
Various third party code in OpenJDK is licensed under different licenses (see Debian package).
Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/security/cert/PolicyQualifierInfo.html