RSA BSAFE ® Cert-J 2.1.1 JAVA COMPONENTS: Class AuthorityInfoAccess

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

com.rsa.certj.cert.extensions

Class AuthorityInfoAccess

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.AuthorityInfoAccess

All Implemented Interfaces:: CertExtension, Cloneable, Serializable

public class AuthorityInfoAccess
extends X509V3Extension
implements Cloneable, Serializable, CertExtension

This class builds and holds the AuthorityInfoAccess extension. It indicates how to access CA information and services for the issuer of the certificate in which the extension appears. Information and services may include online validation services and CA policy data. (The location of CRLs is not specified in this extension. That information is provided by the CRLDistributionPoints extension.) This extension may be included in subject or CA certificates, and it must be non-critical.

The ASN.1 definition is as follows:

  AuthorityInfoAccessSyntax  ::=
          SEQUENCE SIZE (1..MAX) OF AccessDescription

  AccessDescription  ::=  SEQUENCE {
          accessMethod          OBJECT IDENTIFIER,
          accessLocation        GeneralName  }

   id-pkix  OBJECT IDENTIFIER  ::=
              { iso(1) identified-organization(3) dod(6) internet(1)
                      security(5) mechanisms(5) pkix(7) }

   id-pe  OBJECT IDENTIFIER  ::=  { id-pkix 1 }

   id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }

Each entry in the sequence AuthorityInfoAccessSyntax describes the format and location of additional information about the CA that issued the certificate in which this extension appears. The type and format of the information is specified by the accessMethod field. The accessLocation field specifies the location of the information. The retrieval mechanism may be implied by accessMethod or specified by accessLocation. The PKIX Profile Specification (RFC.2459) defines one OID for accessMethod as follows:

    id-ad-caIssuers OBJECT IDENTIFIER ::= { id-pkix 48 2 }

The id-ad-caIssuers OID is used when the additional information lists CAs that have issued certificates superior to the CA that issued the certificate containing this extension. The referenced CA issuers description helps a certificate user select a certification path that terminates at a point trusted by the certificate user.

When id-ad-caIssuers appears as accessInfoType, the accessLocation field describes the referenced description server and the access protocol to obtain the referenced description. The accessLocation field is defined as a GeneralName, which can take several forms (see the GeneralName class for more information). When the information is available via HTTP, FTP, or LDAP, accessLocation must be a uniformResourceIdentifier. When the information is available through the directory access protocol (DAP), accessLocation must be a directoryName. When the information is available through electronic mail, accessLocation must be an rfc822Name.

See Also: Serialized Form

Field Summary

static byte[]
ID_AD_OCSP

Holds an OID that indicates that an OCSP responder is avaliable for the issuer of the certificate.

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

AuthorityInfoAccess()

Constructs an empty AuthorityInfoAccess object.

AuthorityInfoAccess(byte[] accessMethod, int offset, int len, GeneralName accessLocation, boolean criticality)

Constructs an AuthorityInfoAccess object and initializes it with the given values.

Method Summary

void
addAccessDescription(byte[] accessMethod, int offset, int len, GeneralName accessLocation)

Adds an AccessDescription value.

Object
clone()

Overrides the default clone method to get a deeper clone.

void
decodeValue(byte[] valueBER, int offset)

Decode the value.

int
derEncodeValue(byte[] encoding, int offset)

Place the encoding of the value into encoding, beginning at offset.

int
derEncodeValueInit()

Initialize for encoding the value.

int
getAccessDescriptionCount()

Gets the number of AccessDescription values in this object.

GeneralName
getAccessLocation(int index)

Gets the accessLocation value of the AccessDescription at the specified index.

byte[]
getAccessMethod(int index)

Gets the accessMethod OID of the AccessDescription at the specified index.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ID_AD_OCSP

public static byte[] ID_AD_OCSP

Holds an OID that indicates that an OCSP responder is avaliable for the issuer of the certificate.

 id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3)
                   dod(6) internet(1) security(5) mechanisms(5) 7 }
 id-ad OBJECT IDENTIFIER ::= {id-pkix 48}
 id-ad-ocsp OBJECT IDENTIFIER ::= {id-ad 1}

Constructor Detail

AuthorityInfoAccess

public AuthorityInfoAccess()

Constructs an empty AuthorityInfoAccess object.

AuthorityInfoAccess

public AuthorityInfoAccess(byte[] accessMethod,
                           int offset,
                           int len,
                           GeneralName accessLocation,
                           boolean criticality)
                    throws CertificateException

Constructs an AuthorityInfoAccess object and initializes it with the given values.

Throws: CertificateException - If any value is null.

Method Detail

addAccessDescription

public void addAccessDescription(byte[] accessMethod,
                                 int offset,
                                 int len,
                                 GeneralName accessLocation)
                          throws CertificateException

Adds an AccessDescription value.

Throws: CertificateException - If any value is null.

getAccessLocation

public GeneralName getAccessLocation(int index)
                              throws CertificateException

Gets the accessLocation value of the AccessDescription at the specified index.

Returns: The accessLocation value of the specified AccessDescription.
Throws: CertificateException - If index is invalid.

getAccessMethod

public byte[] getAccessMethod(int index)
                       throws CertificateException

Gets the accessMethod OID of the AccessDescription at the specified index.

Returns: The accessMethod value of the specified AccessDescription.
Throws: CertificateException - If index is invalid.

getAccessDescriptionCount

public int getAccessDescriptionCount()

Gets the number of AccessDescription values in this object.

Returns: The number of AccessDescription values in this object.

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides: decodeValue in class X509V3Extension

Throws: CertificateException - If the encoding is invalid for this extension.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides: derEncodeValueInit in class X509V3Extension

Returns: How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides: derEncodeValue in class X509V3Extension

Returns: The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides: clone in class X509V3Extension

Returns: A new AuthorityInfoAccess object, a copy of this object.
Throws: CloneNotSupportedException - If the cloning operation is not successful.