iaik.x509.extensions
Class AuthorityInfoAccess

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.extensions.InfoAccess
              |
              +--iaik.x509.extensions.AuthorityInfoAccess

public class AuthorityInfoAccess

extends InfoAccess

This class implements the AuthorityInfoAccess Extension.

The AuthorityInfoAccess extension is a non critical private internet extension.

The AuthorityInfoAccess extension is associated with a specific certificateExtension object identifier, derived from:

     id-pkix  OBJECT IDENTIFIER  ::=
             { iso(1) identified-organization(3) dod(6) internet(1)
                     security(5) mechanisms(5) pkix(7) }

     id-pe  OBJECT IDENTIFIER  ::=  { id-pkix 1 }

     id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
 

which corresponds to the OID string "1.3.6.1.5.5.5.7.1.1".

The X.509 Certificate and CRL profile presented in RFC 2459 specifies the AuthorityInfoAccess extension for identifiying how to access CA information and services for the issuer of the certificate in which the extension appears.
ASN.1 definition:

 AuthorityInfoAccessSyntax  ::=
          SEQUENCE SIZE (1..MAX) OF AccessDescription

 AccessDescription  ::=  SEQUENCE {
          accessMethod          OBJECT IDENTIFIER,
          accessLocation        GeneralName  }
 

Each entry in the sequence AuthorityInfoAccessSyntax describes the format and location of additional information about the CA who issued the certificate in which this extension appears. The type and format of the information is specified by the accessMethod field; the accessLocation field specifies the location of the information. The retrieval mechanism may be implied by the accessMethod or specified by accessLocation.

The PKIX profile already has defined one accessMethod OID, id-ad-caIssuers to be used when the additional information lists CAs that have issued certificates superior to the CA that issued the certificate containing this extension. The referenced CA Issuers description is intended to aid certificate users in the selection of a certification path that terminates at a point trusted by the certificate user.

More information can be found in RFC 2459, section 4.2.2.1 "AuthorityInfoAccess".

An AuthorityInfoAccess object may be created by either using the empty default constructor, or by directly supplying one access descritption which has to be of type AccessDescription, e.g.:

 ObjectID accessMethod = ObjectID.caIssuers;
 GeneralName accessLocation = ...;
 AccessDescription accessDescription = new AccessDescription(accessMethod, accessLocation);
 AuthorityInfoAccess authorityInfoAccess = new AuthorityInfoAccess(accessDescription);
 

Any further access description can be added by using the addAccessDescription method:

 authorityInfoAccess.addAccessDescription(...);
 ...
 

For adding a AuthorityInfoAccess extension object to a X509Certificate, use the addExtension method of the X509Certificate class:

 X505Certificate cert = new X509Certificate();
   ...
 cert.addExtension(authorityInfoAccess);
 

Version:

File Revision 15

See Also:

AccessDescription, GeneralName, ObjectID, V3Extension, X509Extensions, X509Certificate, InfoAccess

Field Summary

static ObjectID

oid The object identifier of this AuthorityInfoAccess extension.

Fields inherited from class iaik.x509.V3Extension

critical

Constructor Summary

AuthorityInfoAccess()
Default constructor.

AuthorityInfoAccess(AccessDescription accessDescription)
Creates an AuthorityInfoAccess object and adds a AccessDescription.

Method Summary

ObjectID	getObjectID() Returns the object ID of this AuthorityInfoAccess extension
int	hashCode() Returns a hashcode for this identity.

Methods inherited from class iaik.x509.extensions.InfoAccess

addAccessDescription, getAccessDescription, getAccessDescriptions, init, removeAllAccessDescriptions, toASN1Object, toString

Methods inherited from class iaik.x509.V3Extension

getName, isCritical, setCritical

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

oid

public static final ObjectID oid

The object identifier of this AuthorityInfoAccess extension. The corresponding OID string is "1.3.6.1.5.5.7.1.1".

Constructor Detail

AuthorityInfoAccess

public AuthorityInfoAccess()

Default constructor. Creates an empty AuthorityInfoAccess object.

For adding a access description use the addAccessDescription method. Any AccessDescription to be added has to be of type iaik.asn1.structures.AccessDescription, e.g.:

 ObjectID accessMethod = ObjectID.caIssuers;
 GeneralName accessLocation = ...;
 AccessDescription accessDescription = new AccessDescription(accessMethod, accessLocation);
 AuthorityInfoAccess authorityInfoAccess = new AuthorityInfoAccess();
 authorityInfoAccess.addAccessDescription(accessDescription);
 ...
 

See Also:

AccessDescription

AuthorityInfoAccess

public AuthorityInfoAccess(AccessDescription accessDescription)
                    throws IllegalArgumentException

Creates an AuthorityInfoAccess object and adds a AccessDescription.

The AccessDescription to be added has to be of type iaik.asn1.structures.AccessDescription, e.g.:

 ObjectID accessMethod = ObjectID.caIssuers;
 GeneralName accessLocation = ...;
 AccessDescription accessDescription = new AccessDescription(accessMethod, accessLocation);
 AuthorityInfoAccess authorityInfoAccess = new AuthorityInfoAccess(accessDescription);
 ...
 

Parameters:

accessDescription - the AccessDescription to add

Throws:

IllegalArgumentException - if a null object is supplied

See Also:

AccessDescription

Method Detail

getObjectID

public ObjectID getObjectID()

Returns the object ID of this AuthorityInfoAccess extension

Overrides:

getObjectID in class V3Extension

Returns:

the object ID

hashCode

public int hashCode()

Returns a hashcode for this identity.

Overrides:

hashCode in class V3Extension

Returns:

a hash code for this identity