iaik.x509.attr
Interface AttCertIssuer

All Known Implementing Classes:

V1Form, V2Form

public interface AttCertIssuer

Represents an attribute certificate issuer.

The Internet Attribute Certificate Profile for Authorization (RFC 3281) specifies the AttCertIssuer for identifying the issuer of an attribute certificate (entity who signs the attribute certificate):

   AttCertIssuer ::= CHOICE {
     v1Form   GeneralNames,  -- MUST NOT be used in this
                            -- profile
    v2Form   [0] V2Form     -- v2 only
 }
 

Attribute certifcates conforming to the Internet Attribute Certificate Profile for Authorization presented in RFC 3281 are not allowed to use the V1Form choice for representing the issuer, they must use the V2Form choice:

 ACs conforming to this profile MUST use the v2Form choice, which MUST
 contain one and only one GeneralName in the issuerName, which MUST
 contain a non-empty distinguished name in the directoryName field.
 This means that all AC issuers MUST have non-empty distinguished
 names.  ACs conforming to this profile MUST omit the
 baseCertificateID and objectDigestInfo fields.

 Part of the reason for the use of the v2Form containing only an
 issuerName is that it means that the AC issuer does not have to know
 which PKC the AC verifier will use for it (the AC issuer).  Using the
 baseCertificateID field to reference the AC issuer would mean that
 the AC verifier would have to trust the PKC that the AC issuer chose
 (for itself) at AC creation time.
 

Use class Name for creating a V2Form attCertIssuer holding a directoryName to be set as the issuer of an AttributeCertificate:

 Name issuerName = ...;
 V2Form v2Form = new V2Form(issuerName);
 attributeCertificate.setIssuer(v2Form);
 

Version:

File Revision 8

See Also:

AttributeCertificate, V1Form, V2Form

Field Summary

static int	V1_FORM Attribute certificate issuer representation v1Form (1).
static int	V2_FORM Attribute certificate issuer representation v2Form (2).

Method Summary

void	decode(ASN1Object obj) Decodes an AttCertIssuer from its ASN.1 representasion.
boolean	equals(Object obj) Compares this AttCertIssuer to the specified object.
int	getVForm() Returns the version this AttCertIssuer represents -- either v1Form (1) or v2Form (2).
int	hashCode() Returns a hashcode for this AttCertIssuer.
ASN1Object	toASN1Object() Returns this AttCertIssuer as ASN1Object.
String	toString() Returns a string giving some information about this AttCertIssuer object.

Field Detail

V1_FORM

public static final int V1_FORM

Attribute certificate issuer representation v1Form (1). If this is a v1Form AttCertIssuer, it has to be represented as GeneralNames.

V2_FORM

public static final int V2_FORM

Attribute certificate issuer representation v2Form (2). If this is a v2Form AttCertIssuer, it has to be represented as V2Form.

Method Detail

getVForm

public int getVForm()

Returns the version this AttCertIssuer represents -- either v1Form (1) or v2Form (2).

equals

public boolean equals(Object obj)

Compares this AttCertIssuer to the specified object.

Overrides:

equals in class Object

Parameters:

obj - the object to compare this AttCertIssuer against.

Returns:

true, if the given object is equal to this AttCertIssuer, AttCertIssuer otherwise

hashCode

public int hashCode()

Returns a hashcode for this AttCertIssuer.

Overrides:

hashCode in class Object

Returns:

a hashcode for this AttCertIssuer

decode

public void decode(ASN1Object obj)
            throws CodingException

Decodes an AttCertIssuer from its ASN.1 representasion.

Parameters:

obj - the AttCertIssuer as ASN1Object

toASN1Object

public ASN1Object toASN1Object()

Returns this AttCertIssuer as ASN1Object.

Returns:

this AttCertIssuer as ASN1Object

toString

public String toString()

Returns a string giving some information about this AttCertIssuer object.

Overrides:

toString in class Object

Returns:

the string representation