iaik.x509.attr.attributes

Class ServiceAuthenticationInfo

java.lang.Object

iaik.asn1.structures.AttributeValue

iaik.x509.attr.attributes.SvceAuthInfo

iaik.x509.attr.attributes.ServiceAuthenticationInfo

All Implemented Interfaces:

ASN1Type

public class ServiceAuthenticationInfo
extends SvceAuthInfo

The ServiceAuthenticationInformation attribute.

The X.509 Attribute Certificate profile (RFC 5755) specifies the ServiceAuthenticationInformation attribute to be included as attribute in an AttributeCertificate for identifying the holder of the attribute certificate to a server/service. This attribute contains identification information that the AC verifier may forward to some application within the target system. It then is the responsibility of that application to use this information for identifying and authenticating the AC holder (this is a different usage than that of the same-structured AccessIdentity attribute whose identification information is used for authorization directly in the AC verifier's system).
If sensitive authentication information (e.g. a password) is included, the ServiceAuthenticationInformation attribute may be encrypted.

Each attribute is associated with a specific attribute type object identifier. The OID for the ServiceAuthenticationInformation attribute is defined as follows:

 id-pkix  OBJECT IDENTIFIER  ::=
          { iso(1) identified-organization(3) dod(6) internet(1)
                  security(5) mechanisms(5) pkix(7) }
                  
 id-aca   OBJECT IDENTIFIER ::= { id-pkix 10 }
 
 id-aca-authenticationInfo   OBJECT IDENTIFIER ::= { id-aca 1 }
 

which corresponds to the OID string "1.3.6.1.5.5.7.10.1".

The ASN.1 structure of the ServiceAuthenticationInformation attribute is defined by the the SvceAuthInfo syntax (see RFC 5755):

 SvceAuthInfo ::=    SEQUENCE {
      service   GeneralName,
      ident     GeneralName,
      authInfo  OCTET STRING OPTIONAL
 }
 

The service field specifies the service to which the AC holder shall be identified. The ident field identifies the AC holder. If the authInfo field, if present, may contain some server specific authentication information.

When creating a ServiceAuthenticationInformation attribute the service and ident names have to specified as GeneralName objects, e.g.:

 GeneralName service = new GeneralName(GeneralName.uniformResourceIdentifier, "test.iaik.at");
 GeneralName ident = new GeneralName(GeneralName.rfc822Name, "John.Doe@iaik.tugraz.at");
 ServiceAuthenticationInfo serviceAuthInf = new ServiceAuthenticationInfo(service, ident);
 

If server specific authentication information (e.g. a password) is required, it may be specified by calling method setAuthInfo:

 byte[] authInfo = ...;
 serviceAuthInf.setAuthInfo(authInfo);
 

Finally use method addAttribute of class AttributeCertificate to add the ServiceAuthenticationInformation object as attribute to an AttributeCertificate:

 // create attribute certificate
 AttributeCertificate ac = new AttributeCertificate();
 ...
 // set holder, issuer, validity,...
 ...
 // add ServiceAuthenticationInformation attribute
 ac.addAttribute(new Attribute(serviceAuthInf));
 ...
 // sign and encode certificate
 ac.sign(...);
 byte[] encodedAc = ac.getEncoded(); 
 

On the receiving side use method getAttribute of class AttributeCertificate to get a ServiceAuthenticationInformation attribute -- if included -- from an Attribute Certificate:

 // the AttributeCertificate:
 AttributeCertificate ac = new AttributeCertificate(encodedAc);
 ...
 // verify signature, check validity,...
 ...
 // query for ServiceAuthenticationInformation attribute:
 Attribute serviceAuthInfAttribute = ac.getAttribute(ServiceAuthenticationInfo.oid);
 if (serviceAuthInfAttribute != null) {
   // we know that we have one single ServiceAuthenticationInformation attribute only
   ServiceAuthenticationInfo serviceAuthInf = (ServiceAuthenticationInfo)serviceAuthInfAttribute.getAttributeValue();
   // get service and ident names
   GeneralName service = serviceAuthInf.getService();
   GeneralName ident = serviceAuthInf.getIdent();
   // get authInfo, if included
   byte[] authInfo = serviceAuthInf.getAuthInfo();
   if (authInfo != null) {
     ...
   }
 }  
 

See Also:

SvceAuthInfo, AttributeCertificate, Attribute, GeneralName, OCTET_STRING

Field Summary

Fields

Modifier and Type	Field and Description
static ObjectID	oid The attributeType object identifier of the ServiceAuthenticationInformation attribute.

Constructor Summary

Constructors

Constructor and Description
ServiceAuthenticationInfo() Empty default constructor.
ServiceAuthenticationInfo(ASN1Object obj) Creates a ServiceAuthenticationInfo from its ASN.1 representation.
ServiceAuthenticationInfo(GeneralName service, GeneralName ident) Creates a ServiceAuthenticationInfo from given service and ident name.

Method Summary

Methods

Modifier and Type	Method and Description
ObjectID	getAttributeType() Returns the OID (1.3.6.1.5.5.7.10.1) identifying the ServiceAuthenticationInfo attribute type.
byte[]	getAuthInfo() Gets the authInfo field for specifying service specific authentication information like a password.
void	setAuthInfo(byte[] authInfo) Sets the authInfo field for specifying service specific authentication information like a password.

Methods inherited from class iaik.x509.attr.attributes.SvceAuthInfo

decode, getIdent, getService, toASN1Object, toString

Methods inherited from class iaik.asn1.structures.AttributeValue

getName, multipleAllowed

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

oid

public static final ObjectID oid

The attributeType object identifier of the ServiceAuthenticationInformation attribute. The corresponding OID string is "1.3.6.1.5.5.7.10.1".

Constructor Detail

ServiceAuthenticationInfo

public ServiceAuthenticationInfo()

Empty default constructor. Required for dynamic object creation. An application shall not use this constructor. It shall use the ServiceAuthenticationInfo(GeneralName, GeneralName) constructor to create a ServiceAuthenticationInfo form service and ident values.

ServiceAuthenticationInfo

public ServiceAuthenticationInfo(GeneralName service,
                         GeneralName ident)

Creates a ServiceAuthenticationInfo from given service and ident name.

Parameters:

service - the name of the service to which the AC holder shall be identified

ident - the name to be used for identitying the AC holder to the service

Throws:

java.lang.NullPointerException - if null is specified as service or ident

ServiceAuthenticationInfo

public ServiceAuthenticationInfo(ASN1Object obj)
                          throws CodingException

Creates a ServiceAuthenticationInfo from its ASN.1 representation. This constructor parses the service, ident and authInfo (if present) fields from the given ASN.1 object (see RFC 5755):

 ServiceAuthenticationInfo ::= SEQUENCE {
      service   GeneralName,
      ident     GeneralName,
      authInfo  OCTET STRING OPTIONAL
 }
 

Parameters:

obj - the ServiceAuthenticationInfo as ASN1Object

Throws:

CodingException - if the ASN.1 object cannot be parsed or is invalid structured

Method Detail

setAuthInfo

public void setAuthInfo(byte[] authInfo)

Sets the authInfo field for specifying service specific authentication information like a password.

Parameters:

authInfo - the authentication information (e.g. encoded password)

getAuthInfo

public byte[] getAuthInfo()

Gets the authInfo field for specifying service specific authentication information like a password.

Returns:

the authInfo, or null if no authInfo has been set

getAttributeType

public ObjectID getAttributeType()

Returns the OID (1.3.6.1.5.5.7.10.1) identifying the ServiceAuthenticationInfo attribute type.

Specified by:

getAttributeType in class AttributeValue

Returns:

the OID identifying the ServiceAuthenticationInfo attribute type.