|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
|
+--iaik.x509.V3Extension
|
+--iaik.x509.extensions.AuthorityInfoAccess
This class implements the AuthorityInfoAccess Extension.
The AuthorityInfoAccess extension is a non critical
private internet extension.
The AuthorityInfoAccess extension is associated with a specific certificateExtension
object identifier, derived from:
id-pkix OBJECT IDENTIFIER ::=
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) }
id-pe OBJECT IDENTIFIER ::= { id-pkix 1 }
id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
which corresponds to the OID string "1.3.6.1.5.5.5.7.1.1".
The X.509 Certificate and CRL profile presented in the PKIX internet draft draft-ietf-pkix-ipki-part1-07.txt specifies the AuthorityInfoAccess extension for identifiying how to access CA information and services for the issuer of the certificate in which the extension appears. ASN.1 definition:
AuthorityInfoAccessSyntax ::=
SEQUENCE SIZE (1..MAX) OF AccessDescription
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName }
Each entry in the sequence AuthorityInfoAccessSyntax describes the format and location of additional information about the CA who issued the certificate in which this extension appears. The type and format of the information is specified by the accessMethod field; the accessLocation field specifies the location of the information. The retrieval mechanism may be implied by the accessMethod or specified by accessLocation.
The PKIX profile already has defined one accessMethod OID, id-ad-caIssuers to be used when the additional information lists CAs that have issued certificates superior to the CA that issued the certificate containing this extension. The referenced CA Issuers description is intended to aid certificate users in the selection of a certification path that terminates at a point trusted by the certificate user.
More information can be found in the PKIX internet draft draft-ietf-pkix-ipki-part1-07.txt, section 4.2.2.1 "AuthorityInfoAccess".
An AuthorityInfoAccess object may be created by either using the empty default
constructor, or by directly supplying one access descritption which has to be of
type AccessDescription, e.g.:
ObjectID accessMethod = ObjectID.caIssuers; GeneralName accessLocation = ...; AccessDescription accessDescription = new AccessDescription(accessMethod, accessLocation); AuthorityInfoAccess authorityInfoAccess = new AuthorityInfoAccess(accessDescription);
Any further access description can be added by using the addAccessDescription method:
authorityInfoAccess.addAccessDescription(...); ...For adding a
AuthorityInfoAccess extension object to a X509Certificate, use
the addExtension method of the X509Certificate
class:
X505Certificate cert = new X509Certificate(); ... cert.addExtension(authorityInfoAccess);
AccessDescription,
GeneralName,
ObjectID,
V3Extension,
X509Extensions,
X509Certificate| Field Summary | |
static ObjectID |
oid
The object identifier of this AuthorityInfoAccess extension. |
| Fields inherited from class iaik.x509.V3Extension |
critical |
| Constructor Summary | |
AuthorityInfoAccess()
Default constructor. |
|
AuthorityInfoAccess(AccessDescription accessDescription)
Creates an AuthorityInfoAccess object and adds a AccessDescription. |
|
| Method Summary | |
void |
addAccessDescription(AccessDescription accessDescription)
Adds a accessDescription to this AuthorityInfoAccess
extension. |
java.util.Enumeration |
getAccessDescriptions()
Returns an enumeration of the access descriptions included into this AuthorityInfoAccess extension. |
ObjectID |
getObjectID()
Returns the object ID of this AuthorityInfoAccess extension |
int |
hashCode()
Returns a hashcode for this identity. |
void |
init(ASN1Object obj)
Inits this AuthorityInfoAccess implementation with an ASN1object
representing the value of this extension. |
void |
removeAllAccessDescriptions()
Removes all access descriptions from this AuthorityInfoAccess
extension. |
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this AuthorityInfoAccess
extension object. |
java.lang.String |
toString()
Returns a string that represents the contents of this AuthorityInfoAccess extension. |
| Methods inherited from class iaik.x509.V3Extension |
getName,
isCritical,
setCritical |
| Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
notify,
notifyAll,
wait,
wait,
wait |
| Field Detail |
public static final ObjectID oid
| Constructor Detail |
public AuthorityInfoAccess()
AuthorityInfoAccess object.
For adding a access description use the addAccessDescription method. Any AccessDescription to be
added has to be of type iaik.asn1.structures.AccessDescription, e.g.:
ObjectID accessMethod = ObjectID.caIssuers; GeneralName accessLocation = ...; AccessDescription accessDescription = new AccessDescription(accessMethod, accessLocation); AuthorityInfoAccess authorityInfoAccess = new AuthorityInfoAccess(); authorityInfoAccess.addAccessDescription(accessDescription); ...
AccessDescription
public AuthorityInfoAccess(AccessDescription accessDescription)
throws java.lang.IllegalArgumentException
AuthorityInfoAccess object and adds a AccessDescription.
The AccessDescription to be added has to be of type
iaik.asn1.structures.AccessDescription, e.g.:
ObjectID accessMethod = ObjectID.caIssuers; GeneralName accessLocation = ...; AccessDescription accessDescription = new AccessDescription(accessMethod, accessLocation); AuthorityInfoAccess authorityInfoAccess = new AuthorityInfoAccess(accessDescription); ...
accessDescription - the AccessDescription to addAccessDescription| Method Detail |
public ObjectID getObjectID()
AuthorityInfoAccess extension
public void init(ASN1Object obj)
throws X509ExtensionException
AuthorityInfoAccess implementation with an ASN1object
representing the value of this extension.
The given ASN1Object consits of a Sequence of access descriptions included in
the AuthorityInfoAccess object.
The given ASN1Object is the one created by toASN1Object().
This method is used by the X509Extensions class when parsing the ASN.1 representation
of a certificate for properly initializing an included
AuthorityInfoAccess extension. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
obj - the AuthorityInfoAccess as ASN1Object
public ASN1Object toASN1Object()
throws X509ExtensionException
AuthorityInfoAccess
extension object.
The ASN1Object is an ASN.1 Sequence including any access description that has been
added to this AuthorityInfoAccess object.
AuthorityInfoAccessSyntax ::=
SEQUENCE SIZE (1..MAX) OF AccessDescription
AccessDescription ::= SEQUENCE {
accessMethod OBJECT IDENTIFIER,
accessLocation GeneralName }
AuthorityInfoAccess as ASN1Object
public void addAccessDescription(AccessDescription accessDescription)
throws java.lang.IllegalArgumentException
AuthorityInfoAccess
extension.
The accessDescription to be added has to be of type
iaik.asn1.structures.AccessDescription, e.g.:
ObjectID accessMethod = ObjectID.caIssuers; GeneralName accessLocation = ...; AccessDescription accessDescription = new AccessDescription(accessMethod, accessLocation); AuthorityInfoAccess authorityInfoAccess = new AuthorityInfoAccess(); authorityInfoAccess.addAccessDescription(accessDescription); ...
dp - the access description to addAccessDescriptionpublic void removeAllAccessDescriptions()
AuthorityInfoAccess
extension.public java.util.Enumeration getAccessDescriptions()
AuthorityInfoAccess extension.public int hashCode()
public java.lang.String toString()
AuthorityInfoAccess extension.
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||