|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension | +--com.rsa.certj.cert.extensions.AuthorityInfoAccess
This class builds and holds the AuthorityInfoAccess
extension. It indicates how to access CA information and
services for the issuer of the certificate in which the
extension appears. Information and services may include online
validation services and CA policy data. (The location of CRLs
is not specified in this extension. That information is
provided by the CRLDistributionPoints
extension.)
This extension may be included in subject or CA certificates,
and it must be non-critical.
AuthorityInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription AccessDescription ::= SEQUENCE { accessMethod OBJECT IDENTIFIER, accessLocation GeneralName } id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) } id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } |
AuthorityInfoAccessSyntax
describes the format and location of additional information
about the CA that issued the certificate in which this
extension appears. The type and format of the information is
specified by the accessMethod
field. The
accessLocation
field specifies the location of the
information. The retrieval mechanism may be implied by accessMethod
or specified by accessLocation
.
The PKIX Profile Specification (RFC.2459
) defines one OID for
accessMethod
as follows:
id-ad-caIssuers OBJECT IDENTIFIER ::= { id-pkix 48 2 } |
id-ad-caIssuers
OID is used when the additional information lists CAs that have issued certificates superior to the CA that issued the certificate containing this extension.
The referenced CA issuers description helps a
certificate user select a certification path that
terminates at a point trusted by the certificate user.
When id-ad-caIssuers
appears as
accessInfoType
, the accessLocation
field
describes the referenced description server and the access
protocol to obtain the referenced description. The
accessLocation
field is defined as a
GeneralName
, which can take several forms
(see the GeneralName
class for more information).
When the information is available via HTTP, FTP, or LDAP,
accessLocation
must be a
uniformResourceIdentifier
. When the information is
available through the directory access protocol (DAP),
accessLocation
must be a directoryName
.
When the information is available through electronic mail,
accessLocation
must be an rfc822Name
.
Copyright © RSA Security Inc., 1999-2001. All rights reserved.
See Also
Field Summary |
|
static byte[] |
ID_AD_OCSP
Holds an OID that indicates that an OCSP responder is avaliable for the issuer of the certificate. |
Constructor Summary |
|
AuthorityInfoAccess()
Constructs an empty |
|
AuthorityInfoAccess(byte[] accessMethod,
int offset,
int len,
GeneralName accessLocation,
boolean criticality)
Constructs an |
Method Summary |
|
void |
addAccessDescription(byte[] accessMethod,
int offset,
int len,
GeneralName accessLocation)
Adds an |
clone()
Overrides the default |
|
void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
int |
derEncodeValueInit()
Initialize for encoding the value. |
int |
getAccessDescriptionCount()
Gets the number of |
getAccessLocation(int index)
Gets the |
|
byte[] |
getAccessMethod(int index)
Gets the |
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension |
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static byte[] ID_AD_OCSP
id-pkix OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) 7 } id-ad OBJECT IDENTIFIER ::= {id-pkix 48} id-ad-ocsp OBJECT IDENTIFIER ::= {id-ad 1}
Constructor Detail |
public AuthorityInfoAccess()
AuthorityInfoAccess
object.public AuthorityInfoAccess(byte[] accessMethod, int offset, int len, GeneralName accessLocation, boolean criticality) throws CertificateException
AuthorityInfoAccess
object and
initializes it with the given values.Parameters
accessMethod | The type and format of additional information about the CA that issued the certificate in which this extension appears. | ||
offset | The offset into the accessMethod array. | ||
len | The length of the the accessMethod array. | ||
accessLocation | The alternative names structure. | ||
criticality | The user-specified criticality. |
Throws
CertificateException
- If any value is null
.Method Detail |
public void addAccessDescription(byte[] accessMethod, int offset, int len, GeneralName accessLocation) throws CertificateException
AccessDescription
value.Parameters
accessMethod | The type and format of additional information about the CA that issued the certificate in which this extension appears. | ||
offset | The offset into the | ||
len | The length of the | ||
accessLocation | The location of the information. |
Throws
CertificateException
- If any
value is null
.public GeneralName getAccessLocation(int index) throws CertificateException
accessLocation
value of
the AccessDescription
at the specified index.Parameters
index | The Index to the
specified |
Returns
accessLocation
value of the
specified AccessDescription
.
Throws
CertificateException
- If
index is invalid.public byte[] getAccessMethod(int index) throws CertificateException
accessMethod
OID of
the AccessDescription
at the specified index.Parameters
index | The index to the
specified |
Returns
accessMethod
value of the specified
AccessDescription
.
Throws
CertificateException
- If
index is invalid.public int getAccessDescriptionCount()
AccessDescription
values in this object.
Returns
AccessDescription
values
in this object.public void decodeValue(byte[] valueBER, int offset) throws CertificateException
Overrides
decodeValue
in class X509V3Extension
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding actually begins. |
Throws
CertificateException
- If the encoding is invalid for this
extension.public int derEncodeValueInit()
Overrides
derEncodeValueInit
in class X509V3Extension
Returns
public int derEncodeValue(byte[] encoding, int offset)
Overrides
derEncodeValue
in class X509V3Extension
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public Object clone() throws CloneNotSupportedException
clone
method to get a deeper clone.
Overrides
clone
in class X509V3Extension
Returns
AuthorityInfoAccess
object, a
copy of this object.
Throws
CloneNotSupportedException
- If the
cloning operation is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |