Package org.bouncycastle.cert

Class AttributeCertificateHolder

java.lang.Object
org.bouncycastle.cert.AttributeCertificateHolder
All Implemented Interfaces:
Cloneable, Selector
public class AttributeCertificateHolder extends Object implements Selector
The Holder object. 
          Holder ::= SEQUENCE {
                baseCertificateID   [0] IssuerSerial OPTIONAL,
                         -- the issuer and serial number of
                         -- the holder's Public Key Certificate
                entityName          [1] GeneralNames OPTIONAL,
                         -- the name of the claimant or role
                objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                         -- used to directly authenticate the holder,
                         -- for example, an executable
          }

Note: If objectDigestInfo comparisons are to be carried out the static method setDigestCalculatorProvider must be called once to configure the class to do the necessary calculations.

  • Constructor Details

    • AttributeCertificateHolder

      public AttributeCertificateHolder(X500Name issuerName, BigInteger serialNumber)
      Create a holder using the baseCertificateID element.
      Parameters:
      issuerName - name of associated certificate's issuer.
      serialNumber - serial number of associated certificate.

    • AttributeCertificateHolder

      public AttributeCertificateHolder(X509CertificateHolder cert)
      Create a holder using the baseCertificateID option based on the passed in associated certificate,
      Parameters:
      cert - the certificate to be associated with this holder.

    • AttributeCertificateHolder

      public AttributeCertificateHolder(X500Name principal)
      Create a holder using the entityName option based on the passed in principal.
      Parameters:
      principal - the entityName to be associated with the attribute certificate.

    • AttributeCertificateHolder

      public AttributeCertificateHolder(int digestedObjectType, ASN1ObjectIdentifier digestAlgorithm, ASN1ObjectIdentifier otherObjectTypeID, byte[] objectDigest)
      Constructs a holder for v2 attribute certificates with a hash value for some type of object.

      digestedObjectType can be one of the following:

      • 0 - publicKey - A hash of the public key of the holder must be passed.
      • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
      • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.

      This cannot be used if a v1 attribute certificate is used.

      Parameters:
      digestedObjectType - The digest object type.
      digestAlgorithm - The algorithm identifier for the hash.
      otherObjectTypeID - The object type ID if digestedObjectType is otherObjectDigest.
      objectDigest - The hash value.

  • Method Details

    • getDigestedObjectType

      public int getDigestedObjectType()
      Returns the digest object type if an object digest info is used.

      • 0 - publicKey - A hash of the public key of the holder must be passed.
      • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
      • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.
      Returns:
      The digest object type or -1 if no object digest info is set.

    • getDigestAlgorithm

      public AlgorithmIdentifier getDigestAlgorithm()
      Returns algorithm identifier for the digest used if ObjectDigestInfo is present.
      Returns:
      digest AlgorithmIdentifier or null if ObjectDigestInfo is absent.

    • getObjectDigest

      public byte[] getObjectDigest()
      Returns the hash if an object digest info is used.
      Returns:
      The hash or null if ObjectDigestInfo is absent.

    • getOtherObjectTypeID

      public ASN1ObjectIdentifier getOtherObjectTypeID()
      Returns the digest algorithm ID if an object digest info is used.
      Returns:
      The digest algorithm ID or null if no object digest info is set.

    • getEntityNames

      public X500Name[] getEntityNames()
      Return any principal objects inside the attribute certificate holder entity names field.
      Returns:
      an array of Principal objects (usually X500Principal), null if no entity names field is set.

    • getIssuer

      public X500Name[] getIssuer()
      Return the principals associated with the issuer attached to this holder
      Returns:
      an array of principals, null if no BaseCertificateID is set.

    • getSerialNumber

      public BigInteger getSerialNumber()
      Return the serial number associated with the issuer attached to this holder.
      Returns:
      the certificate serial number, null if no BaseCertificateID is set.

    • clone

      public Object clone()
      Specified by:
      clone in interface Selector
      Overrides:
      clone in class Object

    • match

      public boolean match(Object obj)
      Description copied from interface: Selector
      Match the passed in object, returning true if it would be selected by this selector, false otherwise.
      Specified by:
      match in interface Selector
      Parameters:
      obj - the object to be matched.
      Returns:
      true if the object is a match for this selector, false otherwise.

    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • setDigestCalculatorProvider

      public static void setDigestCalculatorProvider(DigestCalculatorProvider digCalcProvider)
      Set a digest calculator provider to be used if matches are attempted using ObjectDigestInfo,
      Parameters:
      digCalcProvider - a provider of digest calculators.