1 /* 2 * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.security.cert; 27 28 import java.util.Iterator; 29 import java.util.Set; 30 31 /** 32 * An immutable valid policy tree node as defined by the PKIX certification 33 * path validation algorithm. 34 * 35 * <p>One of the outputs of the PKIX certification path validation 36 * algorithm is a valid policy tree, which includes the policies that 37 * were determined to be valid, how this determination was reached, 38 * and any policy qualifiers encountered. This tree is of depth 39 * <i>n</i>, where <i>n</i> is the length of the certification 40 * path that has been validated. 41 * 42 * <p>Most applications will not need to examine the valid policy tree. 43 * They can achieve their policy processing goals by setting the 44 * policy-related parameters in {@code PKIXParameters}. However, 45 * the valid policy tree is available for more sophisticated applications, 46 * especially those that process policy qualifiers. 47 * 48 * <p>{@link PKIXCertPathValidatorResult#getPolicyTree() 49 * PKIXCertPathValidatorResult.getPolicyTree} returns the root node of the 50 * valid policy tree. The tree can be traversed using the 51 * {@link #getChildren getChildren} and {@link #getParent getParent} methods. 52 * Data about a particular node can be retrieved using other methods of 53 * {@code PolicyNode}. 54 * 55 * <p><b>Concurrent Access</b> 56 * <p>All {@code PolicyNode} objects must be immutable and 57 * thread-safe. Multiple threads may concurrently invoke the methods defined 58 * in this class on a single {@code PolicyNode} object (or more than one) 59 * with no ill effects. This stipulation applies to all public fields and 60 * methods of this class and any added or overridden by subclasses. 61 * 62 * @since 1.4 63 * @author Sean Mullan 64 */ 65 public interface PolicyNode { 66 67 /** 68 * Returns the parent of this node, or {@code null} if this is the 69 * root node. 70 * 71 * @return the parent of this node, or {@code null} if this is the 72 * root node 73 */ getParent()74 PolicyNode getParent(); 75 76 /** 77 * Returns an iterator over the children of this node. Any attempts to 78 * modify the children of this node through the 79 * {@code Iterator}'s remove method must throw an 80 * {@code UnsupportedOperationException}. 81 * 82 * @return an iterator over the children of this node 83 */ getChildren()84 Iterator<? extends PolicyNode> getChildren(); 85 86 /** 87 * Returns the depth of this node in the valid policy tree. 88 * 89 * @return the depth of this node (0 for the root node, 1 for its 90 * children, and so on) 91 */ getDepth()92 int getDepth(); 93 94 /** 95 * Returns the valid policy represented by this node. 96 * 97 * @return the {@code String} OID of the valid policy 98 * represented by this node. For the root node, this method always returns 99 * the special anyPolicy OID: "2.5.29.32.0". 100 */ getValidPolicy()101 String getValidPolicy(); 102 103 /** 104 * Returns the set of policy qualifiers associated with the 105 * valid policy represented by this node. 106 * 107 * @return an immutable {@code Set} of 108 * {@code PolicyQualifierInfo}s. For the root node, this 109 * is always an empty {@code Set}. 110 */ getPolicyQualifiers()111 Set<? extends PolicyQualifierInfo> getPolicyQualifiers(); 112 113 /** 114 * Returns the set of expected policies that would satisfy this 115 * node's valid policy in the next certificate to be processed. 116 * 117 * @return an immutable {@code Set} of expected policy 118 * {@code String} OIDs. For the root node, this method 119 * always returns a {@code Set} with one element, the 120 * special anyPolicy OID: "2.5.29.32.0". 121 */ getExpectedPolicies()122 Set<String> getExpectedPolicies(); 123 124 /** 125 * Returns the criticality indicator of the certificate policy extension 126 * in the most recently processed certificate. 127 * 128 * @return {@code true} if extension marked critical, 129 * {@code false} otherwise. For the root node, {@code false} 130 * is always returned. 131 */ isCritical()132 boolean isCritical(); 133 } 134