|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Object Extensions
public class Extensions
Common certificate extensions for TCG certificates.
Method Summary | |
---|---|
static AuthorityInfoAccess |
authorityInfoAccess(String accessLocation)
Indicates how to access CA information. |
static AuthorityKeyIdentifier |
authorityKeyIdentifier(X509Certificate issuerCertificate)
This identifies the subject public key of the certificate issuer. |
static BasicConstraints |
basicConstraints()
Constraints for CA certificates. |
static CertificatePolicies |
certificatePolicies(String policyOID,
String policyURL,
String userNotice)
Indicates policy terms under which the certificate was issued. |
static CRLDistributionPoints |
crlDistributionPoints(String crlURL)
Indicates how to access CRL information. |
Methods inherited from class Object |
---|
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public static CertificatePolicies certificatePolicies(String policyOID, String policyURL, String userNotice)
Assign policyIdentifier at least one object identifier.
Assign the "cPSuri" policy qualifier the value of an HTTP URL at which a plain language version of the TPM xyz entity's certificate policy may be obtained.
Assign the explicit text "userNotice" policy qualifier the value "TCPA Trusted Platform.....".
Assign 'critical' the value TRUE.
CertificatePolicies extension is a MUST in EK, PE and AIK.
public static AuthorityKeyIdentifier authorityKeyIdentifier(X509Certificate issuerCertificate) throws X509ExtensionInitException
Assign the value of "subject key identifier" from the issuers public-key certificate, if available, else omit.
Assign "critical" the value FALSE.
AuthorityKeyIdentifier extension is a SHOULD in EK, PE and AIK.
X509ExtensionInitException
public static AuthorityInfoAccess authorityInfoAccess(String accessLocation)
If included, then the accessMethod OID should be set to id-ad-ocsp (RFC 3280) and the "accessLocation" value should point to the access value of the OCSP responder (HTTP URI).
The relying party can access the certificate status for this certificate by sending a properly formatted OCSPRequest to the URI.
AuthorityInfoAccess extension is a MAY in EK, PE and AIK.
public static CRLDistributionPoints crlDistributionPoints(String crlURL)
CRLDistributionPoints extension is a MAY in EK, PE and AIK.
public static BasicConstraints basicConstraints()
For TCG certificates:
Assign "CA" the value FALSE.
Assign "critical" the value TRUE.
|
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |