See: Description
| Class | Description |
|---|---|
| AcceptablePolicySet |
The acceptablePolicySet field identifies the initial set of certificate policies,
any of which are acceptable under the signature policy.
|
| AlgAndLength |
AlgAndLength ::= SEQUENCE {
algID
ObjectIdentifier ,
minKeyLength INTEGER
OPTIONAL,
-- Minimum key length in bits other SignPolExtensions OPTIONAL
}
|
| AlgorithmConstraints |
AlgorithmConstraints ::= SEQUENCE OF AlgAndLength
Collection< AlgAndLength >
AlgAndLength |
| AlgorithmConstraintSet |
The algorithmConstrains fields, if present, identifies the signing algorithms
(hash, public key cryptography, combined hash and public key cryptography)
that may be used for specific purposes and any minimum length.
|
| AlgorithmIdentifier |
Parse an
ASN1Primitive to get ObjectIdentifier. |
| AttributeConstraints |
AttributeConstraints ::= SEQUENCE {
attributeTypeConstarints [0] AttributeTypeConstraints OPTIONAL,
attributeValueConstarints [1] AttributeValueConstraints OPTIONAL
}
|
| AttributeTrustCondition |
If the attributeTrustCondition field is not present then any
certified attributes may not be considered to be valid under
this validation policy.
|
| CertificateTrustPoint |
parse an org.bouncycastle.asn1.ASN1Primitive to get
trustpoint Certificate, -- self-signed certificate @see X509Certificate
PathLenConstraint OPTIONAL,
AcceptablePolicySet OPTIONAL, -- If not present "any policy"
NameConstraints OPTIONAL,
PolicyConstraints OPTIONAL |
| CertificateTrustTrees |
The certificateTrustTrees identifies a set of self signed certificates
for the trust points used to start (or end) certificate path processing
and the initial conditions for certificate path validation as defined RFC 2459 [6] clause 6.
|
| CertPolicyId |
CertPolicyId ::= OBJECT IDENTIFIER
|
| CertRevReq |
The RevocRequirements field specifies minimum requirements for revocation information,
obtained through CRLs and/or OCSP responses,
to be used in checking the revocation status of certificates.
|
| CMSAttrs |
CMSAttrs ::= SEQUENCE OF OBJECT IDENTIFIER ObjectIdentifier
mandatedSignedAttr CMSAttrs, -- Mandated CMS signed attributes
mandatedUnsignedAttr CMSAttrs, -- Mandated CMS unsigned attributed
|
| CommitmentRule |
The CommitmentRule for given commitment types are defined in terms
of trust conditions for certificates, timestamps and attributes,
along with any constraints on attributes that may be included in
the electronic signature.
|
| CommitmentRules |
The CommitmentRules consists of the validation rules which
apply to given commitment types:
CommitmentRules ::= SEQUENCE OF CommitmentRule
|
| CommitmentType |
A specific commitment type identifier shall not appear in more than one commitment rule.
|
| CommitmentTypeIdentifier |
A specific commitment type identifier shall not appear in more
than one commitment rule.
|
| CommonRules |
The CommonRules define rules that are common to all commitment types.
|
| DeltaTime |
DeltaTime ::= SEQUENCE {
deltaSeconds INTEGER,
deltaMinutes INTEGER,
deltaHours INTEGER,
deltaDays INTEGER
}
|
| FieldOfApplication |
The fieldofApplication is a description of the expected application of this policy.
|
| MandatedUnsignedAttr |
The mandatedUnsignedAttr field shall include the object identifier for all those unsigned attributes
required by the present document as well as additional attributes required this policy.
|
| NameConstraints |
The nameConstraints field indicates a name space within which all subject names
in subsequent certificates in a certification path shall be located.
|
| ObjectIdentifier |
FIXME should it be betther with a factory method parse?
|
| OctetString |
To get UTF8 String value of DEROctetString.
|
| PathLenConstraint |
The pathLenConstraint field gives the maximum number of CA certificates
that may be in a certification path following the trustpoint.
|
| PolicyConstraints |
The policyConstraints extension constrains path processing in two ways.
|
| PolicyIssuerName |
The policyIssuerName field identifies the policy issuer in one or more of the general name forms.
|
| RevReq | |
| SelectedCommitmentTypes |
If the SelectedCommitmentTypes indicates "empty" then this rule applied when a commitment type
is not present(i.e. the type of commitment is indicated in the semantics of the message).
|
| SignaturePolicy |
In this structure the policy information is preceded by
an identifier for the hashing algorithm used to protect
the signature policy and followed by the hash value which
shall be re-calculated and checked whenever the policy is
passed between the issuer and signer/verifier.
|
| SignatureValidationPolicy |
The signature validation policy defines for the signer
which data elements shall be present in the electronic
signature he provides and for the verifier which data
elements shall be present under that signature policy
for an electronic signature to be potentially valid.
|
| SignerAndVerifierRules |
The SignerAndVerifierRules consists of signer rule and
verification rules as defined below:
SignerAndVerifierRules ::= SEQUENCE {
signerRules
SignerRules,
verifierRules VerifierRules
}
|
| SignerRules |
The signer rules identify:
if the eContent is empty and the signature is calculated using
a hash of signed data external to CMS structure;
the CMS signed attributes that shall be provided by the signer
under this policy;
the CMS unsigned attribute that shall be provided by the signer
under this policy;
whether the certificate identifiers from the full certification
path up to the trust point shall be provided by the signer in the
SigningCertificate attribute;
whether a signer's certificate, or all certificates in the
certification path to the trust point shall be provided by the signer
in the certificates field of SignedData.
|
| SigningCertTrustCondition |
The SigningCertTrustCondition field identifies trust conditions
for certificate path processing used to validate the signing
certificate.
|
| SigningPeriod |
The signingPeriod identifies the date and time before
which the signature policy should not be used for creating signatures,
and an optional date after which it should not be used for creating
signatures.
|
| SignPolExtensions |
ETSI TR 102 272 V1.1.1 (2003-12)
Additional signature policy rules may be added to:
the overall signature policy structure, as defined in clause 6.1;
the signature validation policy structure, as defined in clause 6.2;
the common rules, as defined in clause 6.3;
the commitment rules, as defined in clause 6.4;
the signer rules, as defined in clause 6.5.1;
the verifier rules, as defined in clause 6.5.2;
the revocation requirements in clause 6.6.2;
the algorithm constraints in clause 6.10.
|
| SignPolExtn |
SignPolExtn ::= SEQUENCE {
extnID OBJECT IDENTIFIER
ObjectIdentifier,
extnValue OCTET STRING OctetString
}
The extnID field shall contain the object identifier for the extension. |
| SignPolicyHash |
OID for SignPolicyHash defined on policy.
|
| SignPolicyId |
OID for SignPolicyId defined on policy.
|
| SignPolicyInfo |
ETSI TR 102 272 V1.1.1 (2003-12)
SignPolicyInfo ::= SEQUENCE {
signPolicyIdentifier
SignPolicyId,
dateOfIssue GeneralizedTime,
policyIssuerName PolicyIssuerName,
fieldOfApplication FieldOfApplication,
signatureValidationPolicy SignatureValidationPolicy,
signPolExtensions SignPolExtensions OPTIONAL
}
|
| SkipCerts |
SkipCerts ::= INTEGER (0..MAX)
|
| TimestampTrustCondition |
The TimeStampTrustCondition field identifies trust conditions for
certificate path processing used to authenticate the timstamping
authority and constraints on the name of the timestamping authority.
|
| VerifierRules |
The verifier rules identify: the CMS unsigned attributes that
shall be present under this policy and shall be added by the
verifier if not added by the signer.
|
| Enum | Description |
|---|---|
| AlgorithmConstraintSet.TAG | |
| CertInfoReq |
The mandatedCertificateInfo field identifies whether a signer's certificate,
or all certificates in the certification path to the trust point shall be provided by
the signer in the certificates field of SignedData.
|
| CertRefReq |
The mandatedCertificateRef identifies whether just the signer's certificate,
or all the full certificate path shall be provided by the signer
CertRefReq ::= ENUMERATED {
signerOnly (1), -- Only reference to signer cert mandated
fullPath (2) -- References for full cert path up to a trust point required
}
|
| EnuRevReq |
EnuRevReq ::= ENUMERATED {
clrCheck (0), --Checks shall be made against current CRLs (or authority revocation lists)
ocspCheck (1), -- The revocation status shall be checked
using the Online Certificate Status Protocol (RFC 2450)
bothCheck (2), -- Both CRL and OCSP checks shall be carried out
eitherCheck (3), -- At least one of CRL or OCSP checks shall be carried out
noCheck (4), -- no check is mandated
other (5) -- Other mechanism as defined by signature policy extension }
|
| HowCertAttribute |
The howCertAttribute field specifies whether attributes uncertified attributes "claimed" by the signer,
or certified in an attribute certificate or either using the signer attributes attribute defined in TS 101 733.
|
Copyright © 2021 SERPRO - Serviço Federal de Processamento de Dados. All rights reserved.