iaik.x509.attr

Class IssuerSerial

java.lang.Object

iaik.x509.attr.IssuerSerial

public class IssuerSerial
extends java.lang.Object

This class implements the AC type IssuerSerial.

The Internet Attribute Certificate Profile for Authorization (RFC 5755) specifies the IssuerSerial type as an option for identifying the holder or issuer of an attribute certificate by issuer name, issuer-specific certificate serial number and optional issuerUniqueID:

 IssuerSerial ::= SEQUENCE {        
   issuer       GeneralNames,
   serialNumber CertificateSerialNumber
   issuerUID    UniqueIdentifier OPTIONAL }
 

When used for identifying the Holder of an attribute certificate, the issuer GeneralNames has to be created from the issuerDN of the base certificate and the serial number has to be the same:

 Holder ::= SEQUENCE {
    baseCertificateID   [0] IssuerSerial OPTIONAL,
                        -- the issuer and serial number of
                        -- the holder's Public Key Certificate
    entityName          [1] GeneralNames OPTIONAL,
                        -- the name of the claimant or role
    objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                        -- used to directly authenticate the holder,
                        -- for example, an executable
 

When creating a IssuerSerial object you may specify issuer GeneralNames, certificate serial number, or you immediately may supply the base certificate and let the constructor calculate the GeneralNames issuer from the certificate's IssuerDN:

 X509Certificate baseCert = ...;
 IssuerSerial issuerSerial = new IssuerSerial(baseCert);
 

According to RFC 5755 the IssuerAndSerial option shall not be used for representing the issuer of an attribute certificate:

 AttCertIssuer ::= CHOICE {
    v1Form   GeneralNames,  -- MUST NOT be used in this
                            -- profile
    v2Form   [0] V2Form     -- v2 only
 }
 
 
 V2Form ::= SEQUENCE {
   issuerName            GeneralNames  OPTIONAL,
   baseCertificateID     [0] IssuerSerial  OPTIONAL,
   objectDigestInfo      [1] ObjectDigestInfo  OPTIONAL
           -- issuerName MUST be present in this profile
           -- baseCertificateID and objectDigestInfo MUST NOT
           -- be present in this profile
 }
 

Version:

File Revision 11

Constructor Summary

Constructors

Constructor and Description
IssuerSerial(ASN1Object obj) Creates a new IssuerSerial from an ASN1Object.
IssuerSerial(GeneralNames issuer, java.math.BigInteger serialNumber) Creates an IssuerSerial from issuer GeneralNames and issuer-specific serial number.
IssuerSerial(Name issuer, java.math.BigInteger serialNumber) Creates a new IssuerSerial from an issuer distinguished name and issuer-specific serial number.
IssuerSerial(X509Certificate baseCertificate) Creates an IssuerSerial from the given base certificate.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	equals(java.lang.Object obj) Compares this IssuerSerial to the specified object.
GeneralNames	getIssuer() Returns the issuer GeneralNames.
boolean[]	getIssuerUID() Returns the issuer unique identifier, or null if no IssuerUniqueID is set.
java.math.BigInteger	getSerialNumber() Returns the issuer-specific serial number.
int	hashCode() Returns a hashcode for this IssuerSerial.
boolean	identifiesCert(X509Certificate baseCertificate) Checks if this IssuerSerial identifies the given base certificate.
void	setIssuerUID(boolean[] id) Sets the issuer unique ID.
ASN1Object	toASN1Object() Returns this IssuerSerial as ASN1Object.
java.lang.String	toString() Returns a string giving some information about this IssuerSerial object.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

IssuerSerial

public IssuerSerial(GeneralNames issuer,
            java.math.BigInteger serialNumber)

Creates an IssuerSerial from issuer GeneralNames and issuer-specific serial number.

Parameters:

issuer - the issuer GeneralNames

serialNumber - the issuer-specific serial number

IssuerSerial

public IssuerSerial(Name issuer,
            java.math.BigInteger serialNumber)

Creates a new IssuerSerial from an issuer distinguished name and issuer-specific serial number.

This constructor may be used for creating an IssuerSerial object for identifying an X.509 certificate where the issuer is given as Distinguished Name structure. The wrapping into a GeneralNames object is done inside this constructor. Assuming a cert given as iaik.x509.X509Certificate instance an IssuerSerial may be created like:

 // the x.509 cert
 X509Certificate cert = ...;
 // get the IssuerDN
 Name issuerDN = (Name)cert.getIssuerDN();
 // now create the IssuerSerial
 IssuerSerial issuerSerial = 
        new IssuerSerial(issuerDN, cert.getSerialNumber());
 

Parameters:

issuer - the issuer distinguished name

serialNumber - the issuer-specific serial number

IssuerSerial

public IssuerSerial(X509Certificate baseCertificate)

Creates an IssuerSerial from the given base certificate.

Parameters:

baseCertificate - the base certificate

IssuerSerial

public IssuerSerial(ASN1Object obj)
             throws CodingException

Creates a new IssuerSerial from an ASN1Object.

The ASN1Object supplied to this constructor represents an already existing IssuerSerial object that may have been created by calling toASN1Object.

Parameters:

obj - the IssuerSerial as ASN1Object

Throws:

CodingException - if the ASN1Object could not be parsed

Method Detail

toASN1Object

public ASN1Object toASN1Object()

Returns this IssuerSerial as ASN1Object.

The ASN1Object returned by this method may be used as parameter value when creating an IssuerSerial object using the IssuerSerial(ASN1Object obj) constructor.

Returns:

this IssuerSerial as ASN1Object

getIssuer

public GeneralNames getIssuer()

Returns the issuer GeneralNames.

Returns:

the issuer GeneralNames

getSerialNumber

public java.math.BigInteger getSerialNumber()

Returns the issuer-specific serial number.

Returns:

the issuer-specific serial number, as BigInteger

getIssuerUID

public boolean[] getIssuerUID()

Returns the issuer unique identifier, or null if no IssuerUniqueID is set.

Returns:

the IssuerUID as array of booleans, or null if no issuer unique identifier is set

setIssuerUID

public void setIssuerUID(boolean[] id)

Sets the issuer unique ID.

Parameters:

id - the unique identifier of the issuer as array of boolean values

equals

public boolean equals(java.lang.Object obj)

Compares this IssuerSerial to the specified object.

Overrides:

equals in class java.lang.Object

Parameters:

obj - the object to compare this IssuerSerial against.

Returns:

true, if the given object is equal to this IssuerSerial, false otherwise

identifiesCert

public boolean identifiesCert(X509Certificate baseCertificate)

Checks if this IssuerSerial identifies the given base certificate.

Returns:

true if issuerDN and serialNumber of the given base certificate match to issuer and serial number of this IssuerSerial, false if not if the cert contains the issuer unique identifier field, its value is compared to the one of this IssuerSerial

hashCode

public int hashCode()

Returns a hashcode for this IssuerSerial.

Overrides:

hashCode in class java.lang.Object

Returns:

a hashcode for this IssuerSerial

toString

public java.lang.String toString()

Returns a string giving some information about this IssuerSerial object.

Overrides:

toString in class java.lang.Object

Returns:

the string representation