Class SigningPolicy


  • public class SigningPolicy
    extends Object
    Represents a signing policy associated with a particular CA. The signing policy defines a list of distinguished names which are allowed to sign certificates for a particular Certificate Authority subject distinguished name.
    Since:
    1.0
    Version:
    ${version}
    • Constructor Detail

      • SigningPolicy

        public SigningPolicy​(X500Principal caSubjectDN,
                             String[] allowedDNs)
        Create a signing policy for the supplied subject which allows the supplied list of DNs to sign certificates.
        Parameters:
        caSubjectDN - The DN for the subject to which this policy applies.
        allowedDNs - The list of DNs which can sign certs for this subject.
      • SigningPolicy

        public SigningPolicy​(X500Principal caSubjectDN,
                             List<Pattern> allowedDNs)
        Create a signing policy for the supplied subject which allows subjects whose DNs match one of the supplied patterns to sign certificates.
        Parameters:
        caSubjectDN - The DN for the subject to which this policy applies.
        allowedDNs - A list of patterns to which to compare signing entity DNs.
    • Method Detail

      • getCASubjectDN

        public X500Principal getCASubjectDN()
        Get CA subject DN for which this signing policy is defined.
        Returns:
        returns the CA subject
      • isValidSubject

        public boolean isValidSubject​(X500Principal subject)
        Ascertains if the subjectDN is valid against this policy.
        Parameters:
        subject - Subject DN to be validated
        Returns:
        true if the DN is valid under this policy and false if it is not
      • getAllowedDNs

        public List<Pattern> getAllowedDNs()
        Return the patterns which identify the valid signing entities. If this signing policy has been created with a set of DNs then the patterns will simply match the DNs.
        Returns:
        The patterns matching allowed signing entities.
      • isPolicyAvailable

        public boolean isPolicyAvailable()
        Method to determine if a signing policy is available for a given DN.
        Returns:
        If the patterns vector is not null and has atleast one element, true is returned. Else the method returns false.