Class AttributeCertificateHolder

  • All Implemented Interfaces:
    Cloneable, org.bouncycastle.util.Selector

    public class AttributeCertificateHolder
    extends Object
    implements org.bouncycastle.util.Selector
    The Holder object.
              Holder ::= SEQUENCE {
                    baseCertificateID   [0] IssuerSerial OPTIONAL,
                             -- the issuer and serial number of
                             -- the holder's Public Key Certificate
                    entityName          [1] GeneralNames OPTIONAL,
                             -- the name of the claimant or role
                    objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                             -- used to directly authenticate the holder,
                             -- for example, an executable
              }
     

    Note: If objectDigestInfo comparisons are to be carried out the static method setDigestCalculatorProvider must be called once to configure the class to do the necessary calculations.

    • Constructor Detail

      • AttributeCertificateHolder

        public AttributeCertificateHolder​(org.bouncycastle.asn1.x500.X500Name issuerName,
                                          BigInteger serialNumber)
        Create a holder using the baseCertificateID element.
        Parameters:
        issuerName - name of associated certificate's issuer.
        serialNumber - serial number of associated certificate.
      • AttributeCertificateHolder

        public AttributeCertificateHolder​(X509CertificateHolder cert)
        Create a holder using the baseCertificateID option based on the passed in associated certificate,
        Parameters:
        cert - the certificate to be associated with this holder.
      • AttributeCertificateHolder

        public AttributeCertificateHolder​(org.bouncycastle.asn1.x500.X500Name principal)
        Create a holder using the entityName option based on the passed in principal.
        Parameters:
        principal - the entityName to be associated with the attribute certificate.
      • AttributeCertificateHolder

        public AttributeCertificateHolder​(int digestedObjectType,
                                          org.bouncycastle.asn1.ASN1ObjectIdentifier digestAlgorithm,
                                          org.bouncycastle.asn1.ASN1ObjectIdentifier otherObjectTypeID,
                                          byte[] objectDigest)
        Constructs a holder for v2 attribute certificates with a hash value for some type of object.

        digestedObjectType can be one of the following:

        • 0 - publicKey - A hash of the public key of the holder must be passed.
        • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
        • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.

        This cannot be used if a v1 attribute certificate is used.

        Parameters:
        digestedObjectType - The digest object type.
        digestAlgorithm - The algorithm identifier for the hash.
        otherObjectTypeID - The object type ID if digestedObjectType is otherObjectDigest.
        objectDigest - The hash value.
    • Method Detail

      • getDigestedObjectType

        public int getDigestedObjectType()
        Returns the digest object type if an object digest info is used.

        • 0 - publicKey - A hash of the public key of the holder must be passed.
        • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
        • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.
        Returns:
        The digest object type or -1 if no object digest info is set.
      • getDigestAlgorithm

        public org.bouncycastle.asn1.x509.AlgorithmIdentifier getDigestAlgorithm()
        Returns algorithm identifier for the digest used if ObjectDigestInfo is present.
        Returns:
        digest AlgorithmIdentifier or null if ObjectDigestInfo is absent.
      • getObjectDigest

        public byte[] getObjectDigest()
        Returns the hash if an object digest info is used.
        Returns:
        The hash or null if ObjectDigestInfo is absent.
      • getOtherObjectTypeID

        public org.bouncycastle.asn1.ASN1ObjectIdentifier getOtherObjectTypeID()
        Returns the digest algorithm ID if an object digest info is used.
        Returns:
        The digest algorithm ID or null if no object digest info is set.
      • getEntityNames

        public org.bouncycastle.asn1.x500.X500Name[] getEntityNames()
        Return any principal objects inside the attribute certificate holder entity names field.
        Returns:
        an array of Principal objects (usually X500Principal), null if no entity names field is set.
      • getIssuer

        public org.bouncycastle.asn1.x500.X500Name[] getIssuer()
        Return the principals associated with the issuer attached to this holder
        Returns:
        an array of principals, null if no BaseCertificateID is set.
      • getSerialNumber

        public BigInteger getSerialNumber()
        Return the serial number associated with the issuer attached to this holder.
        Returns:
        the certificate serial number, null if no BaseCertificateID is set.
      • clone

        public Object clone()
        Specified by:
        clone in interface org.bouncycastle.util.Selector
        Overrides:
        clone in class Object
      • match

        public boolean match​(Object obj)
        Specified by:
        match in interface org.bouncycastle.util.Selector
      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class Object
      • setDigestCalculatorProvider

        public static void setDigestCalculatorProvider​(DigestCalculatorProvider digCalcProvider)
        Set a digest calculator provider to be used if matches are attempted using ObjectDigestInfo,
        Parameters:
        digCalcProvider - a provider of digest calculators.