Extensions (TCcert Documentation)

Overview

Package

Class

Tree

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

iaik.tc.cert.common
Class Extensions

Object
  Extensions

public class Extensions
extends Object
extends Object

Common certificate extensions for TCG certificates.

Method Summary
`static AuthorityInfoAccess`	`authorityInfoAccess(String accessLocation)` Indicates how to access CA information.
`static AuthorityKeyIdentifier`	`authorityKeyIdentifier(X509Certificate issuerCertificate)` This identifies the subject public key of the certificate issuer.
`static BasicConstraints`	`basicConstraints()` Constraints for CA certificates.
`static CertificatePolicies`	`certificatePolicies(String policyOID, String policyURL, String userNotice)` Indicates policy terms under which the certificate was issued.
`static CRLDistributionPoints`	`crlDistributionPoints(String crlURL)` Indicates how to access CRL information.

Methods inherited from class Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Method Detail

certificatePolicies

public static CertificatePolicies certificatePolicies(String policyOID,
                                                      String policyURL,
                                                      String userNotice)

Indicates policy terms under which the certificate was issued.

Assign policyIdentifier at least one object identifier.

Assign the "cPSuri" policy qualifier the value of an HTTP URL at which a plain language version of the TPM xyz entity's certificate policy may be obtained.

Assign the explicit text "userNotice" policy qualifier the value "TCPA Trusted Platform.....".

Assign 'critical' the value TRUE.

CertificatePolicies extension is a MUST in EK, PE and AIK.

authorityKeyIdentifier

public static AuthorityKeyIdentifier authorityKeyIdentifier(X509Certificate issuerCertificate)
                                                     throws X509ExtensionInitException

This identifies the subject public key of the certificate issuer.

Assign the value of "subject key identifier" from the issuers public-key certificate, if available, else omit.

Assign "critical" the value FALSE.

AuthorityKeyIdentifier extension is a SHOULD in EK, PE and AIK.

Throws:: X509ExtensionInitException

authorityInfoAccess

public static AuthorityInfoAccess authorityInfoAccess(String accessLocation)

Indicates how to access CA information.

If included, then the accessMethod OID should be set to id-ad-ocsp (RFC 3280) and the "accessLocation" value should point to the access value of the OCSP responder (HTTP URI).

The relying party can access the certificate status for this certificate by sending a properly formatted OCSPRequest to the URI.

AuthorityInfoAccess extension is a MAY in EK, PE and AIK.

crlDistributionPoints

public static CRLDistributionPoints crlDistributionPoints(String crlURL)

Indicates how to access CRL information.

CRLDistributionPoints extension is a MAY in EK, PE and AIK.

basicConstraints

public static BasicConstraints basicConstraints()

Constraints for CA certificates.

For TCG certificates:
Assign "CA" the value FALSE.
Assign "critical" the value TRUE.