Package org.bouncycastle.cert

Class AttributeCertificateHolder

  • All Implemented Interfaces:
    java.lang.Cloneable, org.bouncycastle.util.Selector
    public class AttributeCertificateHolder
extends java.lang.Object
implements org.bouncycastle.util.Selector
    The Holder object. 
              Holder ::= SEQUENCE {
                baseCertificateID   [0] IssuerSerial OPTIONAL,
                         -- the issuer and serial number of
                         -- the holder's Public Key Certificate
                entityName          [1] GeneralNames OPTIONAL,
                         -- the name of the claimant or role
                objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                         -- used to directly authenticate the holder,
                         -- for example, an executable
          }

    Note: If objectDigestInfo comparisons are to be carried out the static method setDigestCalculatorProvider must be called once to configure the class to do the necessary calculations.

    • Constructor Summary

      Constructors 
      Constructor Description
      AttributeCertificateHolder​(int digestedObjectType, org.bouncycastle.asn1.ASN1ObjectIdentifier digestAlgorithm, org.bouncycastle.asn1.ASN1ObjectIdentifier otherObjectTypeID, byte[] objectDigest)
      Constructs a holder for v2 attribute certificates with a hash value for some type of object.
      AttributeCertificateHolder​(org.bouncycastle.asn1.x500.X500Name principal)
      Create a holder using the entityName option based on the passed in principal.
      AttributeCertificateHolder​(org.bouncycastle.asn1.x500.X500Name issuerName, java.math.BigInteger serialNumber)
      Create a holder using the baseCertificateID element.
      AttributeCertificateHolder​(X509CertificateHolder cert)
      Create a holder using the baseCertificateID option based on the passed in associated certificate,

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.Object clone()  
      boolean equals​(java.lang.Object obj)  
      org.bouncycastle.asn1.x509.AlgorithmIdentifier getDigestAlgorithm()
      Returns algorithm identifier for the digest used if ObjectDigestInfo is present.
      int getDigestedObjectType()
      Returns the digest object type if an object digest info is used.
      org.bouncycastle.asn1.x500.X500Name[] getEntityNames()
      Return any principal objects inside the attribute certificate holder entity names field.
      org.bouncycastle.asn1.x500.X500Name[] getIssuer()
      Return the principals associated with the issuer attached to this holder
      byte[] getObjectDigest()
      Returns the hash if an object digest info is used.
      org.bouncycastle.asn1.ASN1ObjectIdentifier getOtherObjectTypeID()
      Returns the digest algorithm ID if an object digest info is used.
      java.math.BigInteger getSerialNumber()
      Return the serial number associated with the issuer attached to this holder.
      int hashCode()  
      boolean match​(java.lang.Object obj)  
      static void setDigestCalculatorProvider​(DigestCalculatorProvider digCalcProvider)
      Set a digest calculator provider to be used if matches are attempted using ObjectDigestInfo,

      • Methods inherited from class java.lang.Object

        finalize, getClass, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • AttributeCertificateHolder

        public AttributeCertificateHolder​(org.bouncycastle.asn1.x500.X500Name issuerName,
                                  java.math.BigInteger serialNumber)
        Create a holder using the baseCertificateID element.
        Parameters:
        issuerName - name of associated certificate's issuer.
        serialNumber - serial number of associated certificate.

      • AttributeCertificateHolder

        public AttributeCertificateHolder​(X509CertificateHolder cert)
        Create a holder using the baseCertificateID option based on the passed in associated certificate,
        Parameters:
        cert - the certificate to be associated with this holder.

      • AttributeCertificateHolder

        public AttributeCertificateHolder​(org.bouncycastle.asn1.x500.X500Name principal)
        Create a holder using the entityName option based on the passed in principal.
        Parameters:
        principal - the entityName to be associated with the attribute certificate.

      • AttributeCertificateHolder

        public AttributeCertificateHolder​(int digestedObjectType,
                                  org.bouncycastle.asn1.ASN1ObjectIdentifier digestAlgorithm,
                                  org.bouncycastle.asn1.ASN1ObjectIdentifier otherObjectTypeID,
                                  byte[] objectDigest)
        Constructs a holder for v2 attribute certificates with a hash value for some type of object.

        digestedObjectType can be one of the following:

        • 0 - publicKey - A hash of the public key of the holder must be passed.
        • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
        • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.

        This cannot be used if a v1 attribute certificate is used.

        Parameters:
        digestedObjectType - The digest object type.
        digestAlgorithm - The algorithm identifier for the hash.
        otherObjectTypeID - The object type ID if digestedObjectType is otherObjectDigest.
        objectDigest - The hash value.

    • Method Detail

      • getDigestedObjectType

        public int getDigestedObjectType()
        Returns the digest object type if an object digest info is used.

        • 0 - publicKey - A hash of the public key of the holder must be passed.
        • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
        • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.
        Returns:
        The digest object type or -1 if no object digest info is set.

      • getDigestAlgorithm

        public org.bouncycastle.asn1.x509.AlgorithmIdentifier getDigestAlgorithm()
        Returns algorithm identifier for the digest used if ObjectDigestInfo is present.
        Returns:
        digest AlgorithmIdentifier or null if ObjectDigestInfo is absent.

      • getObjectDigest

        public byte[] getObjectDigest()
        Returns the hash if an object digest info is used.
        Returns:
        The hash or null if ObjectDigestInfo is absent.

      • getOtherObjectTypeID

        public org.bouncycastle.asn1.ASN1ObjectIdentifier getOtherObjectTypeID()
        Returns the digest algorithm ID if an object digest info is used.
        Returns:
        The digest algorithm ID or null if no object digest info is set.

      • getEntityNames

        public org.bouncycastle.asn1.x500.X500Name[] getEntityNames()
        Return any principal objects inside the attribute certificate holder entity names field.
        Returns:
        an array of Principal objects (usually X500Principal), null if no entity names field is set.

      • getIssuer

        public org.bouncycastle.asn1.x500.X500Name[] getIssuer()
        Return the principals associated with the issuer attached to this holder
        Returns:
        an array of principals, null if no BaseCertificateID is set.

      • getSerialNumber

        public java.math.BigInteger getSerialNumber()
        Return the serial number associated with the issuer attached to this holder.
        Returns:
        the certificate serial number, null if no BaseCertificateID is set.

      • clone

        public java.lang.Object clone()
        Specified by:
        clone in interface org.bouncycastle.util.Selector
        Overrides:
        clone in class java.lang.Object

      • match

        public boolean match​(java.lang.Object obj)
        Specified by:
        match in interface org.bouncycastle.util.Selector

      • equals

        public boolean equals​(java.lang.Object obj)
        Overrides:
        equals in class java.lang.Object

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class java.lang.Object

      • setDigestCalculatorProvider

        public static void setDigestCalculatorProvider​(DigestCalculatorProvider digCalcProvider)
        Set a digest calculator provider to be used if matches are attempted using ObjectDigestInfo,
        Parameters:
        digCalcProvider - a provider of digest calculators.