iaik.x509.attr.attributes

Class AccessIdentity

java.lang.Object

iaik.asn1.structures.AttributeValue

iaik.x509.attr.attributes.SvceAuthInfo

iaik.x509.attr.attributes.AccessIdentity

All Implemented Interfaces:

ASN1Type

public class AccessIdentity
extends SvceAuthInfo

The AccessIdentity attribute.

The X.509 Attribute Certificate profile (RFC 5755) specifies the AccessIdentity attribute to be included as attribute in an AttributeCertificate for identifying the holder of the attribute certificate to a server/service. This attribute contains identification information maybe used for authorization of the AC holder directly in the AC verifier's system (this is a different usage than that of the same-structured ServiceAuthenticationInformation attribute whose identification information maybe forwarded by the AC verifier to some application within the target system).

Each attribute is associated with a specific attribute type object identifier. The OID for the AccessIdentity attribute is defined as follows:

 id-pkix  OBJECT IDENTIFIER  ::=
          { iso(1) identified-organization(3) dod(6) internet(1)
                  security(5) mechanisms(5) pkix(7) }
                  
 id-aca   OBJECT IDENTIFIER ::= { id-pkix 10 }
 
 id-aca-accessIdentity   OBJECT IDENTIFIER ::= { id-aca 2 }
 

which corresponds to the OID string "1.3.6.1.5.5.7.10.2".

The ASN.1 structure of the AccessIdentity attribute is defined by the the SvceAuthInfo syntax (see RFC 5755):

 SvceAuthInfo ::=    SEQUENCE {
      service   GeneralName,
      ident     GeneralName,
      authInfo  OCTET STRING OPTIONAL
 }
 

The service field specifies the service to which the AC holder shall be identified. The ident field identifies the AC holder. The authInfo field MUST not be present within the AccessIdentity attribute.

When creating a AccessIdentity attribute the service and ident names have to specified as GeneralName objects, e.g.:

 GeneralName service = new GeneralName(GeneralName.uniformResourceIdentifier, "test.iaik.at");
 GeneralName ident = new GeneralName(GeneralName.rfc822Name, "John.Doe@iaik.tugraz.at");
 AccessIdentity accessIdentity = new AccessIdentity(service, ident);
 

Finally use method addAttribute of class AttributeCertificate to add the AccessIdentity object as attribute to an AttributeCertificate:

 // create attribute certificate
 AttributeCertificate ac = new AttributeCertificate();
 ...
 // set holder, issuer, validity,...
 ...
 // add AccessIdentity attribute
 ac.addAttribute(new Attribute(accessIdentity));
 ...
 // sign and encode certificate
 ac.sign(...);
 byte[] encodedAc = ac.getEncoded(); 
 

On the receiving side use method getAttribute of class AttributeCertificate to get an AccessIdentity attribute -- if included -- from an Attribute Certificate:

 // the AttributeCertificate:
 AttributeCertificate ac = new AttributeCertificate(encodedAc);
 ...
 // verify signature, check validity,...
 ...
 // query for AccessIdentity attribute:
 Attribute accessIdentityAttribute = ac.getAttribute(AccessIdentity.oid);
 if (accessIdentityAttribute != null) {
   // we know that we have one single AccessIdentity attribute only
   AccessIdentity accessIdentity = (AccessIdentity)accessIdentityAttribute.getAttributeValue();
   // get service and ident names
   GeneralName service = accessIdentity.getService();
   GeneralName ident = accessIdentity.getIdent();
 }  
 

See Also:

SvceAuthInfo, AttributeCertificate, Attribute, GeneralName

Field Summary

Fields

Modifier and Type	Field and Description
static ObjectID	oid The attributeType object identifier of the AccessIdentity attribute.

Constructor Summary

Constructors

Constructor and Description
AccessIdentity() Empty default constructor.
AccessIdentity(ASN1Object obj) Creates an AccessIdentity from its ASN.1 representation.
AccessIdentity(GeneralName service, GeneralName ident) Creates an AccessIdentity from given service and ident name.

Method Summary

Methods

Modifier and Type	Method and Description
ObjectID	getAttributeType() Returns the OID (1.3.6.1.5.5.7.10.2) identifying the AccessIdentity attribute type.

Methods inherited from class iaik.x509.attr.attributes.SvceAuthInfo

decode, getIdent, getService, toASN1Object, toString

Methods inherited from class iaik.asn1.structures.AttributeValue

getName, multipleAllowed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

oid

public static final ObjectID oid

The attributeType object identifier of the AccessIdentity attribute. The corresponding OID string is "1.3.6.1.5.5.7.10.2".

Constructor Detail

AccessIdentity

public AccessIdentity()

Empty default constructor. Required for dynamic object creation. An application shall not use this constructor. It shall use the AccessIdentity(GeneralName, GeneralName) constructor to create an AccessIdentiy form service and ident values.

AccessIdentity

public AccessIdentity(GeneralName service,
              GeneralName ident)

Creates an AccessIdentity from given service and ident name.

Parameters:

service - the name of the service to which the AC holder shall be identified

ident - the name to be used for identitying the AC holder to the service

Throws:

java.lang.NullPointerException - if null is specified as service or ident

AccessIdentity

public AccessIdentity(ASN1Object obj)
               throws CodingException

Creates an AccessIdentity from its ASN.1 representation. This constructor parses the service and ident fields from the given ASN.1 object; the authInfo field MUST not be included. (see RFC 5755):

 AccessIdentity ::= SEQUENCE {
      service   GeneralName,
      ident     GeneralName,
      authInfo  OCTET STRING OPTIONAL
 }
 

Parameters:

obj - the AccessIdentity as ASN1Object

Throws:

CodingException - if the ASN.1 object cannot be parsed or is invalid structured

Method Detail

getAttributeType

public ObjectID getAttributeType()

Returns the OID (1.3.6.1.5.5.7.10.2) identifying the AccessIdentity attribute type.

Specified by:

getAttributeType in class AttributeValue

Returns:

the OID identifying the AccessIdentity attribute type.