com.adobe.livecycle.signatures.client.types
Class CertificateSeedValueOptionSpec

java.lang.Object
  extended by com.adobe.livecycle.signatures.client.types.CertificateSeedValueOptionSpec
All Implemented Interfaces:
java.io.Serializable

public class CertificateSeedValueOptionSpec
extends java.lang.Object
implements java.io.Serializable

Represents a certificate seed value dictionary. A certificate seed value dictionary provides constraining information that is used at the time the signature is applied. Before working with this class, it is recommended that you become familiar with a certificate seed value dictionary. For information, see the PDF Reference Guide.

See Also:
Serialized Form

Constructor Summary
CertificateSeedValueOptionSpec()
          A standard constructor that creates a CertificateSeedValueOptionSpec object.
 
Method Summary
 int getFlags()
          Gets the flags associated with this certificate seed value.
 byte[][] getIssuers()
          Gets the issuers associated with this certificate seed value.
 java.lang.String[] getKeyUsage()
          Returns key-usage extension that must be present in the signing certificate.
 java.lang.String[] getOids()
          Gets the certificate policies associated with this certificate seed value.
 java.util.HashMap[] getSubjectDN()
          Gets an array of dictionaries, where each dictionary contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing.
 byte[][] getSubjects()
          Gets the subjects associated with this certificate seed value dictionary.
 java.lang.String getUrl()
          Gets the URL that can be used to enroll for a new credential if a matching credential is not found.
 java.lang.String getUrlType()
          Returns a name indicating the usage of the URL entry.
 void setFlags(int flags)
          Sets the flags associated with this certificate seed value.
 void setIssuers(byte[][] issuers)
          Sets the issuers associated with this certificate seed value.
 void setKeyUsage(java.lang.String[] keyUsage)
          Sets the key-usage extension that must be present in the signing certificate.
 void setOids(java.lang.String[] oids)
          Sets the certificate policies associated with this certificate seed value.
 void setSubjectDN(java.util.HashMap[] subjectDN)
          Sets an array of dictionaries, where each dictionary contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing.
 void setSubjects(byte[][] subjects)
          Sets the subjects associated with this certificate seed value dictionary.
 void setUrl(java.lang.String url)
          Sets the URL that can be used to enroll for a new credential if a matching credential is not found.
 void setUrlType(java.lang.String urlType)
          Sets a name indicating the usage of the URL entry.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

CertificateSeedValueOptionSpec

public CertificateSeedValueOptionSpec()
A standard constructor that creates a CertificateSeedValueOptionSpec object.

Method Detail

getFlags

public int getFlags()
Gets the flags associated with this certificate seed value.

Returns:
A set of bit flags specifying the interpretation of specific entries in this dictionary. A value of 1 for the flag means that a signer is required to use only the specified values for the entry. A value of 0 means that other values are permissible. Bit positions are 1 (Subject); 2 (Issuer); 3 (OID); 4 (SubjectDN); 5 (Reserved); 6 (KeyUsage); 7 (URL). Default value: 0.

setFlags

public void setFlags(int flags)
Sets the flags associated with this certificate seed value.

Parameters:
flags - A set of bit flags specifying the interpretation of specific entries in this dictionary. A value of 1 for the flag means that a signer is required to use only the specified values for the entry. A value of 0 means that other values are permissible. Bit positions are 1 (Subject); 2 (Issuer); 3 (OID). Default value: 0.

getIssuers

public byte[][] getIssuers()
Gets the issuers associated with this certificate seed value.

Returns:
An array of bytes containing byte-encoded X.509v3 certificates of acceptable issuers. If the signer's certificate chains up to any of the specified issuers (either directly or indirectly), the certificate is considered acceptable for signing.

setIssuers

public void setIssuers(byte[][] issuers)
Sets the issuers associated with this certificate seed value.

Parameters:
issuers - An array of bytes containing byte-encoded X.509v3 certificates of acceptable issuers. If the signer's certificate chains up to any of the specified issuers (either directly or indirectly), the certificate is considered acceptable for signing.

getOids

public java.lang.String[] getOids()
Gets the certificate policies associated with this certificate seed value.

Returns:
An array of strings that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate. An example of such a string is (2.16.840.1.113733.1.7.1.1). This field is only applicable if the value of Issuer is not empty. The certificate policies extension is described in RFC 3280.

setOids

public void setOids(java.lang.String[] oids)
Sets the certificate policies associated with this certificate seed value.

Parameters:
oids - An array of strings that contain Object Identifiers (OIDs) of the certificate policies that must be present in the signing certificate. An example of such a string is (2.16.840.1.113733.1.7.1.1). This field is only applicable if the value of Issuer is not empty. The certificate policies extension is described in RFC 3280.

getSubjects

public byte[][] getSubjects()
Gets the subjects associated with this certificate seed value dictionary.

Returns:
An array of bytes containing byte encoding of X.509v3 certificates that are acceptable for signing. X.509v3 certificates are described in RFC 3280, Internet X.509 Public Key Infrastructure, Certificate and Certificate Revocation List (CRL) Profile.

setSubjects

public void setSubjects(byte[][] subjects)
Sets the subjects associated with this certificate seed value dictionary.

Parameters:
subjects - An array of bytes containing byte-encoded X.509v3 certificates that are acceptable for signing. X.509v3 certificates are described in RFC 3280, Internet X.509 Public Key Infrastructure, Certificate and Certificate Revocation List (CRL) Profile.

getUrl

public java.lang.String getUrl()
Gets the URL that can be used to enroll for a new credential if a matching credential is not found.

Returns:
A URL that can be used to enroll for a new credential.

setUrl

public void setUrl(java.lang.String url)
Sets the URL that can be used to enroll for a new credential if a matching credential is not found.

Parameters:
url - A URL that can be used to enroll for a new credential.

getKeyUsage

public java.lang.String[] getKeyUsage()
Returns key-usage extension that must be present in the signing certificate.

Returns:
An array of ASCII strings, where each string specifies an acceptable key-usage extension that must be present in the signing certificate. Multiple strings specify a range of acceptable key-usage extensions. The key-usage extension is described in RFC 3280 (see the Bibliography).

Each character in a string represents a key-usage type, where the order of the characters indicates the key-usage extension it represents. The first through ninth characters in the array, from left to right, represent the required value for the following key-usage extensions:

  • 1 digitalSignature
  • 2 non-Repudiation
  • 3 keyEncipherment
  • 4 dataEncipherment
  • 5 keyAgreement
  • 6 keyCertSign
  • 7 cRLSign
  • 8 encipherOnly
  • 9 decipherOnly
  • Any additional characters are ignored. Any missing characters or characters that are not one of the following values, should be set to 'X'. The following character values are supported:

  • 0 Corresponding key-usage must not be set.
  • 1 Corresponding key-usage must be set.
  • X State of the corresponding key-usage does not matter.
  • For example, the string values '1' and '1XXXXXXXX' represent settings where the key-usage type digitalSignature must be set and the state of all other key-usage types do not matter.

    The value of the corresponding flag in the Ff entry indicates whether this is a required constraint.


    setKeyUsage

    public void setKeyUsage(java.lang.String[] keyUsage)
    Sets the key-usage extension that must be present in the signing certificate.

    Parameters:
    keyUsage - An array of ASCII strings, where each string specifies an acceptable key-usage extension that must be present in the signing certificate. Multiple strings specify a range of acceptable key-usage extensions. The key-usage extension is described in RFC 3280 (see the Bibliography).

    Each character in a string represents a key-usage type, where the order of the characters indicates the key-usage extension it represents. The first through ninth characters in the array, from left to right, represent the required value for the following key-usage extensions:

  • 1 digitalSignature
  • 2 non-Repudiation
  • 3 keyEncipherment
  • 4 dataEncipherment
  • 5 keyAgreement
  • 6 keyCertSign
  • 7 cRLSign
  • 8 encipherOnly
  • 9 decipherOnly
  • Any additional characters are ignored. Any missing characters or characters that are not one of the following values, should be set to 'X'. The following character values are supported:

  • 0 Corresponding key-usage must not be set.
  • 1 Corresponding key-usage must be set.
  • X State of the corresponding key-usage does not matter.
  • For example, the string values '1' and '1XXXXXXXX' represent settings where the key-usage type digitalSignature must be set and the state of all other key-usage types do not matter.

    The value of the corresponding flag in the Ff entry indicates whether this is a required constraint.


    getSubjectDN

    public java.util.HashMap[] getSubjectDN()
    Gets an array of dictionaries, where each dictionary contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing.

    Returns:

    An array of dictionaries, where each dictionary contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing. The certificate must at a minimum contain all the attributes specified in the dictionary.

    That is, the certificate can contain additional attributes. The Subject Distinguished Name is described in RFC 3280. The key can be any legal attribute identifier. Attribute names are typically of the form 'cn', 'o', 'email', '2.5.4.43' and always contain characters in the set a-z, A-Z, 0-9 and '.'.

    Values are text strings. An example dictionary is [/cn (John Smith) /1.5.4.43 (JS)].

    The value of the corresponding flag in the Ff entry indicates whether this entry is a required constraint.


    setSubjectDN

    public void setSubjectDN(java.util.HashMap[] subjectDN)
    Sets an array of dictionaries, where each dictionary contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing.

    Parameters:
    subjectDN -

    An array of dictionaries, where each dictionary contains key value pairs, that specify the Subject Distinguished Name (DN) that must be present within the certificate for it to be acceptable for signing. The certificate must at a minimum contain all the attributes specified in the dictionary.

    That is, the certificate can contain additional attributes. The Subject Distinguished Name is described in RFC 3280. The key can be any legal attribute identifier. Attribute names are typically of the form 'cn', 'o', 'email', '2.5.4.43' and always contain characters in the set a-z, A-Z, 0-9 and '.'.

    Values are text strings. An example dictionary is [/cn (John Smith) /1.5.4.43 (JS)].

    The value of the corresponding flag in the Ff entry indicates whether this entry is a required constraint.


    getUrlType

    public java.lang.String getUrlType()
    Returns a name indicating the usage of the URL entry.

    Returns:

    A name indicating the usage of the URL entry. There are standard uses and there can be implementation specific uses for this URL. The following value specifies a valid standard usage:

    Browser The URL references content that should be displayed in a web browser to allow enrolling for a new credential if a matching credential is not found. The Ff attribute's URL bit is ignored for this usage.

    The following value specifies a valid implementation specific usage, defined for use by Adobe Systems:

    ASSP The URL references a signature web service that can be used for server based signing. If the Ff attribute's URL bit indicates that this is a required constraint, this implies that the credential used when signing must come from this server.

    Third parties can extend the use of this attribute with their own attribute values, which must conform to the guidelines described in Appendix E of the PDF Reference 1.7.

    The default value is Browser.


    setUrlType

    public void setUrlType(java.lang.String urlType)
    Sets a name indicating the usage of the URL entry.

    Parameters:
    urlType -

    A name indicating the usage of the URL entry. There are standard uses and there can be implementation specific uses for this URL. The following value specifies a valid standard usage:

    Browser The URL references content that should be displayed in a web browser to allow enrolling for a new credential if a matching credential is not found. The Ff attribute's URL bit is ignored for this usage.

    The following value specifies a valid implementation specific usage, defined for use by Adobe Systems:

    ASSP The URL references a signature web service that can be used for server based signing. If the Ff attribute's URL bit indicates that this is a required constraint, this implies that the credential used when signing must come from this server.

    Third parties can extend the use of this attribute with their own attribute values, which must conform to the guidelines described in Appendix E of the PDF Reference 1.7.

    The default value is Browser.



    [an error occurred while processing this directive] [an error occurred while processing this directive]