Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

iaik.x509.extensions
Class SubjectInfoAccess

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.extensions.InfoAccess
              |
              +--iaik.x509.extensions.SubjectInfoAccess
public class SubjectInfoAccess
extends InfoAccess

This class implements the SubjectInfoAccess Extension.

The SubjectInfoAccess extension is a non critical private internet extension.

The SubjectInfoAccess extension is associated with a specific certificateExtension object identifier, derived from: 

     id-pkix  OBJECT IDENTIFIER  ::=
             { iso(1) identified-organization(3) dod(6) internet(1)
                     security(5) mechanisms(5) pkix(7) }

     id-pe  OBJECT IDENTIFIER  ::=  { id-pkix 1 }

     id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }

which corresponds to the OID string "1.3.6.1.5.5.5.7.1.11".

The X.509 Certificate and CRL profile presented in RFC 2459 successordraft-ietf-pkix-new-part1-06.txt specifies the SubjectInfoAccess extension for identicating how to access information and services for the subject of the certificate in which the extension appears. When the subject is a CA, information and services may include certificate validation services and CA policy data. When the subject is an end entity, the information describes the type of services offered and how to access them. In this case, the contents of this extension are defined in the protocol specifications for the suported services. This extension may be included in subject or CA certificates
ASN.1 definition: 

 SubjectInfoAccessSyntax  ::=
          SEQUENCE SIZE (1..MAX) OF AccessDescription

 AccessDescription  ::=  SEQUENCE {
          accessMethod          OBJECT IDENTIFIER,
          accessLocation        GeneralName  }

Each entry in the sequence SubjectInfoAccessSyntax describes the format and location of additional information provided by the subject of the certificate in which this extension appears. The type and format of the information is specified by the accessMethod field; the accessLocation field specifies the location of the information. The retrieval mechanism may be implied by the accessMethod or specified by accessLocation.

The PKIX profile defines one access method to be used when the subject is a CA, and one access method to be used when the subject is an end entity. Additional access methods may be defined in the future in the protocol specifications for other services.

The id-ad-caRepository OID is used when the subject is a CA, and publishes its certificates and CRLs (if issued) in a repository. The accessLocation field is defined as a GeneralName, which can take several forms. Where the information is available via http, ftp, or ldap, accessLocation MUST be a uniformResourceIdentifier. Where the information is available via the directory access protocol (dap), accessLocation MUST be a directoryName. When the information is available via electronic mail, accessLocation MUST be an rfc822Name. The semantics of other name forms of of accessLocation (when accessMethod is id-ad-caRepository) are not defined by this specification.

The id-ad-timeStamping OID is used when the subject offers timestamping services using the Time Stamp Protocol. Where the timestamping services are available via http or ftp, accessLocation MUST be a uniformResourceIdentifier. Where the timestamping services are available via electronic mail, accessLocation MUST be an rfc822Name. Where timestamping services are available using TCP/IP, the dNSName and ipAddress name forms may be used.

An SubjectInfoAccess object may be created by either using the empty default constructor, or by directly supplying one access descritption which has to be of type AccessDescription, e.g.: 

 ObjectID accessMethod = ObjectID.caRepository;
 GeneralName accessLocation = ...;
 AccessDescription accessDescription = new AccessDescription(accessMethod, accessLocation);
 SubjectInfoAccess subjectInfoAccess = new SubjectInfoAccess(accessDescription);

Any further access description can be added by using the addAccessDescription method: 

 subjectInfoAccess.addAccessDescription(...);
 ...
For adding a SubjectInfoAccess extension object to a X509Certificate, use the addExtension method of the X509Certificate class: 

 X505Certificate cert = new X509Certificate();
   ...
 cert.addExtension(subjectInfoAccess);

Version:
File Revision 8
See Also:
AccessDescription, GeneralName, ObjectID, V3Extension, X509Extensions, X509Certificate, InfoAccess

Field Summary
static ObjectID oid
          The object identifier of this SubjectInfoAccess extension.
 
Fields inherited from class iaik.x509.V3Extension
critical
 
Constructor Summary
SubjectInfoAccess()
          Default constructor.
SubjectInfoAccess(AccessDescription accessDescription)
          Creates an SubjectInfoAccess object and adds a AccessDescription.
 
Method Summary
 ObjectID getObjectID()
          Returns the object ID of this SubjectInfoAccess extension
 int hashCode()
          Returns a hashcode for this identity.
 
Methods inherited from class iaik.x509.extensions.InfoAccess
addAccessDescription, getAccessDescription, getAccessDescriptions, init, removeAllAccessDescriptions, toASN1Object, toString
 
Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

oid

public static final ObjectID oid
The object identifier of this SubjectInfoAccess extension. The corresponding OID string is "1.3.6.1.5.5.7.1.11".
Constructor Detail

SubjectInfoAccess

public SubjectInfoAccess()
Default constructor. Creates an empty SubjectInfoAccess object.

For adding a access description use the addAccessDescription method. Any AccessDescription to be added has to be of type iaik.asn1.structures.AccessDescription, e.g.: 

 ObjectID accessMethod = ObjectID.caRepository;
 GeneralName accessLocation = ...;
 AccessDescription accessDescription = new AccessDescription(accessMethod, accessLocation);
 SubjectInfoAccess subjectInfoAccess = new SubjectInfoAccess();
 subjectInfoAccess.addAccessDescription(accessDescription);
 ...

See Also:
AccessDescription

SubjectInfoAccess

public SubjectInfoAccess(AccessDescription accessDescription)
                  throws IllegalArgumentException
Creates an SubjectInfoAccess object and adds a AccessDescription.

The AccessDescription to be added has to be of type iaik.asn1.structures.AccessDescription, e.g.: 

 ObjectID accessMethod = ObjectID.caRepository;
 GeneralName accessLocation = ...;
 AccessDescription accessDescription = new AccessDescription(accessMethod, accessLocation);
 SubjectInfoAccess subjectInfoAccess = new SubjectInfoAccess(accessDescription);
 ...

Parameters:
accessDescription - the AccessDescription to add
Throws:
IllegalArgumentException - if a null object is supplied
See Also:
AccessDescription
Method Detail

getObjectID

public ObjectID getObjectID()
Returns the object ID of this SubjectInfoAccess extension
Overrides:
getObjectID in class V3Extension
Returns:
the object ID

hashCode

public int hashCode()
Returns a hashcode for this identity.
Overrides:
hashCode in class V3Extension
Returns:
a hash code for this identity
Overview  Package   Class  Tree  Deprecated  Index  Help 
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK