Class SigningPolicy


  • public class SigningPolicy
    extends java.lang.Object
    Represents a signing policy associated with a particular CA. The signing policy defines a list of distinguished names which are allowed to sign certificates for a particular Certificate Authority subject distinguished name.
    Since:
    1.0
    Version:
    ${version}
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private java.util.List<java.util.regex.Pattern> allowedDNs  
      private javax.security.auth.x500.X500Principal caSubject  
    • Constructor Summary

      Constructors 
      Constructor Description
      SigningPolicy​(javax.security.auth.x500.X500Principal caSubjectDN, java.lang.String[] allowedDNs)
      Create a signing policy for the supplied subject which allows the supplied list of DNs to sign certificates.
      SigningPolicy​(javax.security.auth.x500.X500Principal caSubjectDN, java.util.List<java.util.regex.Pattern> allowedDNs)
      Create a signing policy for the supplied subject which allows subjects whose DNs match one of the supplied patterns to sign certificates.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.util.List<java.util.regex.Pattern> getAllowedDNs()
      Return the patterns which identify the valid signing entities.
      javax.security.auth.x500.X500Principal getCASubjectDN()
      Get CA subject DN for which this signing policy is defined.
      boolean isPolicyAvailable()
      Method to determine if a signing policy is available for a given DN.
      boolean isValidSubject​(javax.security.auth.x500.X500Principal subject)
      Ascertains if the subjectDN is valid against this policy.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • caSubject

        private javax.security.auth.x500.X500Principal caSubject
      • allowedDNs

        private java.util.List<java.util.regex.Pattern> allowedDNs
    • Constructor Detail

      • SigningPolicy

        public SigningPolicy​(javax.security.auth.x500.X500Principal caSubjectDN,
                             java.lang.String[] allowedDNs)
        Create a signing policy for the supplied subject which allows the supplied list of DNs to sign certificates.
        Parameters:
        caSubjectDN - The DN for the subject to which this policy applies.
        allowedDNs - The list of DNs which can sign certs for this subject.
      • SigningPolicy

        public SigningPolicy​(javax.security.auth.x500.X500Principal caSubjectDN,
                             java.util.List<java.util.regex.Pattern> allowedDNs)
        Create a signing policy for the supplied subject which allows subjects whose DNs match one of the supplied patterns to sign certificates.
        Parameters:
        caSubjectDN - The DN for the subject to which this policy applies.
        allowedDNs - A list of patterns to which to compare signing entity DNs.
    • Method Detail

      • getCASubjectDN

        public javax.security.auth.x500.X500Principal getCASubjectDN()
        Get CA subject DN for which this signing policy is defined.
        Returns:
        returns the CA subject
      • isValidSubject

        public boolean isValidSubject​(javax.security.auth.x500.X500Principal subject)
        Ascertains if the subjectDN is valid against this policy.
        Parameters:
        subject - Subject DN to be validated
        Returns:
        true if the DN is valid under this policy and false if it is not
      • getAllowedDNs

        public java.util.List<java.util.regex.Pattern> getAllowedDNs()
        Return the patterns which identify the valid signing entities. If this signing policy has been created with a set of DNs then the patterns will simply match the DNs.
        Returns:
        The patterns matching allowed signing entities.
      • isPolicyAvailable

        public boolean isPolicyAvailable()
        Method to determine if a signing policy is available for a given DN.
        Returns:
        If the patterns vector is not null and has atleast one element, true is returned. Else the method returns false.