PolicyNode
Stay organized with collections
Save and categorize content based on your preferences.
An immutable valid policy tree node as defined by the PKIX certification
path validation algorithm.
One of the outputs of the PKIX certification path validation
algorithm is a valid policy tree, which includes the policies that
were determined to be valid, how this determination was reached,
and any policy qualifiers encountered. This tree is of depth
n, where n is the length of the certification
path that has been validated.
Most applications will not need to examine the valid policy tree.
They can achieve their policy processing goals by setting the
policy-related parameters in PKIXParameters
. However,
the valid policy tree is available for more sophisticated applications,
especially those that process policy qualifiers.
PKIXCertPathValidatorResult.getPolicyTree
returns the root node of the
valid policy tree. The tree can be traversed using the
getChildren
and getParent
methods.
Data about a particular node can be retrieved using other methods of
PolicyNode
.
Concurrent Access
All PolicyNode
objects must be immutable and
thread-safe. Multiple threads may concurrently invoke the methods defined
in this class on a single PolicyNode
object (or more than one)
with no ill effects. This stipulation applies to all public fields and
methods of this class and any added or overridden by subclasses.
Public Method Summary
abstract
Iterator<? extends PolicyNode>
|
getChildren()
Returns an iterator over the children of this node.
|
abstract
int
|
getDepth()
Returns the depth of this node in the valid policy tree.
|
abstract
Set<String>
|
getExpectedPolicies()
Returns the set of expected policies that would satisfy this
node's valid policy in the next certificate to be processed.
|
abstract
PolicyNode
|
getParent()
Returns the parent of this node, or null if this is the
root node.
|
abstract
Set<? extends PolicyQualifierInfo>
|
getPolicyQualifiers()
Returns the set of policy qualifiers associated with the
valid policy represented by this node.
|
abstract
String
|
|
abstract
boolean
|
isCritical()
Returns the criticality indicator of the certificate policy extension
in the most recently processed certificate.
|
Public Methods
public
abstract
Iterator<? extends PolicyNode>
getChildren
()
Returns an iterator over the children of this node. Any attempts to
modify the children of this node through the
Iterator
's remove method must throw an
UnsupportedOperationException
.
Returns
- an iterator over the children of this node
public
abstract
int
getDepth
()
Returns the depth of this node in the valid policy tree.
Returns
- the depth of this node (0 for the root node, 1 for its
children, and so on)
public
abstract
Set<String>
getExpectedPolicies
()
Returns the set of expected policies that would satisfy this
node's valid policy in the next certificate to be processed.
Returns
- an immutable
Set
of expected policy
String
OIDs. For the root node, this method
always returns a Set
with one element, the
special anyPolicy OID: "2.5.29.32.0".
public
abstract
PolicyNode
getParent
()
Returns the parent of this node, or null
if this is the
root node.
Returns
- the parent of this node, or
null
if this is the
root node
public
abstract
Set<? extends PolicyQualifierInfo>
getPolicyQualifiers
()
Returns the set of policy qualifiers associated with the
valid policy represented by this node.
Returns
- an immutable
Set
of
PolicyQualifierInfo
s. For the root node, this
is always an empty Set
.
public
abstract
String
getValidPolicy
()
Returns the valid policy represented by this node.
Returns
- the
String
OID of the valid policy
represented by this node. For the root node, this method always returns
the special anyPolicy OID: "2.5.29.32.0".
public
abstract
boolean
isCritical
()
Returns the criticality indicator of the certificate policy extension
in the most recently processed certificate.
Returns
true
if extension marked critical,
false
otherwise. For the root node, false
is always returned.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-07-10 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-07-10 UTC."],[[["\u003cp\u003e\u003ccode\u003ePolicyNode\u003c/code\u003e represents an immutable node in a valid policy tree generated during PKIX certification path validation.\u003c/p\u003e\n"],["\u003cp\u003eThis tree structure, accessible via \u003ccode\u003ePKIXCertPathValidatorResult.getPolicyTree()\u003c/code\u003e, reveals the valid policies and their qualifiers for a certified path.\u003c/p\u003e\n"],["\u003cp\u003eWhile most applications rely on \u003ccode\u003ePKIXParameters\u003c/code\u003e for policy handling, \u003ccode\u003ePolicyNode\u003c/code\u003e offers advanced access for sophisticated applications needing policy details.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003ePolicyNode\u003c/code\u003e objects are thread-safe and immutable, allowing concurrent access from multiple threads without adverse effects.\u003c/p\u003e\n"],["\u003cp\u003eUsing methods like \u003ccode\u003egetChildren()\u003c/code\u003e, \u003ccode\u003egetParent()\u003c/code\u003e, and others, developers can traverse the tree and retrieve data about each node's policy, qualifiers, and relationships within the tree.\u003c/p\u003e\n"]]],[],null,["# PolicyNode\n\npublic interface **PolicyNode** \nAn immutable valid policy tree node as defined by the PKIX certification\npath validation algorithm.\n\nOne of the outputs of the PKIX certification path validation\nalgorithm is a valid policy tree, which includes the policies that\nwere determined to be valid, how this determination was reached,\nand any policy qualifiers encountered. This tree is of depth\n*n* , where *n* is the length of the certification\npath that has been validated.\n\nMost applications will not need to examine the valid policy tree.\nThey can achieve their policy processing goals by setting the\npolicy-related parameters in `PKIXParameters`. However,\nthe valid policy tree is available for more sophisticated applications,\nespecially those that process policy qualifiers.\n\n[PKIXCertPathValidatorResult.getPolicyTree](../../../../reference/java/security/cert/PKIXCertPathValidatorResult.html#getPolicyTree()) returns the root node of the\nvalid policy tree. The tree can be traversed using the\n[getChildren](../../../../reference/java/security/cert/PolicyNode.html#getChildren()) and [getParent](../../../../reference/java/security/cert/PolicyNode.html#getParent()) methods.\nData about a particular node can be retrieved using other methods of\n`PolicyNode`.\n\n**Concurrent Access**\n\nAll `PolicyNode` objects must be immutable and\nthread-safe. Multiple threads may concurrently invoke the methods defined\nin this class on a single `PolicyNode` object (or more than one)\nwith no ill effects. This stipulation applies to all public fields and\nmethods of this class and any added or overridden by subclasses. \n\n### Public Method Summary\n\n|----------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| abstract [Iterator](../../../../reference/java/util/Iterator.html)\\\u003c? extends [PolicyNode](../../../../reference/java/security/cert/PolicyNode.html)\\\u003e | [getChildren](../../../../reference/java/security/cert/PolicyNode.html#getChildren())() Returns an iterator over the children of this node. |\n| abstract int | [getDepth](../../../../reference/java/security/cert/PolicyNode.html#getDepth())() Returns the depth of this node in the valid policy tree. |\n| abstract [Set](../../../../reference/java/util/Set.html)\\\u003c[String](../../../../reference/java/lang/String.html)\\\u003e | [getExpectedPolicies](../../../../reference/java/security/cert/PolicyNode.html#getExpectedPolicies())() Returns the set of expected policies that would satisfy this node's valid policy in the next certificate to be processed. |\n| abstract [PolicyNode](../../../../reference/java/security/cert/PolicyNode.html) | [getParent](../../../../reference/java/security/cert/PolicyNode.html#getParent())() Returns the parent of this node, or `null` if this is the root node. |\n| abstract [Set](../../../../reference/java/util/Set.html)\\\u003c? extends [PolicyQualifierInfo](../../../../reference/java/security/cert/PolicyQualifierInfo.html)\\\u003e | [getPolicyQualifiers](../../../../reference/java/security/cert/PolicyNode.html#getPolicyQualifiers())() Returns the set of policy qualifiers associated with the valid policy represented by this node. |\n| abstract [String](../../../../reference/java/lang/String.html) | [getValidPolicy](../../../../reference/java/security/cert/PolicyNode.html#getValidPolicy())() Returns the valid policy represented by this node. |\n| abstract boolean | [isCritical](../../../../reference/java/security/cert/PolicyNode.html#isCritical())() Returns the criticality indicator of the certificate policy extension in the most recently processed certificate. |\n\nPublic Methods\n--------------\n\n#### public abstract [Iterator](../../../../reference/java/util/Iterator.html)\\\u003c? extends [PolicyNode](../../../../reference/java/security/cert/PolicyNode.html)\\\u003e\n**getChildren**\n()\n\nReturns an iterator over the children of this node. Any attempts to\nmodify the children of this node through the\n`Iterator`'s remove method must throw an\n`UnsupportedOperationException`. \n\n##### Returns\n\n- an iterator over the children of this node \n\n#### public abstract int\n**getDepth**\n()\n\nReturns the depth of this node in the valid policy tree. \n\n##### Returns\n\n- the depth of this node (0 for the root node, 1 for its children, and so on) \n\n#### public abstract [Set](../../../../reference/java/util/Set.html)\\\u003c[String](../../../../reference/java/lang/String.html)\\\u003e\n**getExpectedPolicies**\n()\n\nReturns the set of expected policies that would satisfy this\nnode's valid policy in the next certificate to be processed. \n\n##### Returns\n\n- an immutable `Set` of expected policy `String` OIDs. For the root node, this method always returns a `Set` with one element, the special anyPolicy OID: \"2.5.29.32.0\". \n\n#### public abstract [PolicyNode](../../../../reference/java/security/cert/PolicyNode.html)\n**getParent**\n()\n\nReturns the parent of this node, or `null` if this is the\nroot node. \n\n##### Returns\n\n- the parent of this node, or `null` if this is the root node \n\n#### public abstract [Set](../../../../reference/java/util/Set.html)\\\u003c? extends [PolicyQualifierInfo](../../../../reference/java/security/cert/PolicyQualifierInfo.html)\\\u003e\n**getPolicyQualifiers**\n()\n\nReturns the set of policy qualifiers associated with the\nvalid policy represented by this node. \n\n##### Returns\n\n- an immutable `Set` of `PolicyQualifierInfo`s. For the root node, this is always an empty `Set`. \n\n#### public abstract [String](../../../../reference/java/lang/String.html)\n**getValidPolicy**\n()\n\nReturns the valid policy represented by this node. \n\n##### Returns\n\n- the `String` OID of the valid policy represented by this node. For the root node, this method always returns the special anyPolicy OID: \"2.5.29.32.0\". \n\n#### public abstract boolean\n**isCritical**\n()\n\nReturns the criticality indicator of the certificate policy extension\nin the most recently processed certificate. \n\n##### Returns\n\n- `true` if extension marked critical, `false` otherwise. For the root node, `false` is always returned."]]