Class AttributeCertificateHolder

java.lang.Object
org.gudy.bouncycastle.x509.AttributeCertificateHolder
All Implemented Interfaces:
Cloneable, CertSelector, Selector

public class AttributeCertificateHolder extends Object implements CertSelector, Selector
The Holder object.
          Holder ::= SEQUENCE {
                baseCertificateID   [0] IssuerSerial OPTIONAL,
                         -- the issuer and serial number of
                         -- the holder's Public Key Certificate
                entityName          [1] GeneralNames OPTIONAL,
                         -- the name of the claimant or role
                objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                         -- used to directly authenticate the holder,
                         -- for example, an executable
          }
 
  • Field Details

    • holder

      final Holder holder
  • Constructor Details

    • AttributeCertificateHolder

      AttributeCertificateHolder(ASN1Sequence seq)
    • AttributeCertificateHolder

      public AttributeCertificateHolder(X509Principal issuerName, BigInteger serialNumber)
    • AttributeCertificateHolder

      public AttributeCertificateHolder(X500Principal issuerName, BigInteger serialNumber)
    • AttributeCertificateHolder

      public AttributeCertificateHolder(X509Certificate cert) throws CertificateParsingException
      Throws:
      CertificateParsingException
    • AttributeCertificateHolder

      public AttributeCertificateHolder(X509Principal principal)
    • AttributeCertificateHolder

      public AttributeCertificateHolder(X500Principal principal)
    • AttributeCertificateHolder

      public AttributeCertificateHolder(int digestedObjectType, String digestAlgorithm, String otherObjectTypeID, byte[] objectDigest)
      Constructs a holder for v2 attribute certificates with a hash value for some type of object.

      digestedObjectType can be one of the following:

      • 0 - publicKey - A hash of the public key of the holder must be passed.
      • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
      • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.

      This cannot be used if a v1 attribute certificate is used.

      Parameters:
      digestedObjectType - The digest object type.
      digestAlgorithm - The algorithm identifier for the hash.
      otherObjectTypeID - The object type ID if digestedObjectType is otherObjectDigest.
      objectDigest - The hash value.
  • Method Details

    • getDigestedObjectType

      public int getDigestedObjectType()
      Returns the digest object type if an object digest info is used.

      • 0 - publicKey - A hash of the public key of the holder must be passed.
      • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
      • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.
      Returns:
      The digest object type or -1 if no object digest info is set.
    • getDigestAlgorithm

      public String getDigestAlgorithm()
      Returns the other object type ID if an object digest info is used.
      Returns:
      The other object type ID or null if no object digest info is set.
    • getObjectDigest

      public byte[] getObjectDigest()
      Returns the hash if an object digest info is used.
      Returns:
      The hash or null if no object digest info is set.
    • getOtherObjectTypeID

      public String getOtherObjectTypeID()
      Returns the digest algorithm ID if an object digest info is used.
      Returns:
      The digest algorithm ID or null if no object digest info is set.
    • generateGeneralNames

      private GeneralNames generateGeneralNames(X509Principal principal)
    • matchesDN

      private boolean matchesDN(X509Principal subject, GeneralNames targets)
    • getNames

      private Object[] getNames(GeneralName[] names)
    • getPrincipals

      private Principal[] getPrincipals(GeneralNames names)
    • getEntityNames

      public Principal[] getEntityNames()
      Return any principal objects inside the attribute certificate holder entity names field.
      Returns:
      an array of Principal objects (usually X500Principal), null if no entity names field is set.
    • getIssuer

      public Principal[] getIssuer()
      Return the principals associated with the issuer attached to this holder
      Returns:
      an array of principals, null if no BaseCertificateID is set.
    • getSerialNumber

      public BigInteger getSerialNumber()
      Return the serial number associated with the issuer attached to this holder.
      Returns:
      the certificate serial number, null if no BaseCertificateID is set.
    • clone

      public Object clone()
      Specified by:
      clone in interface CertSelector
      Specified by:
      clone in interface Selector
      Overrides:
      clone in class Object
    • match

      public boolean match(Certificate cert)
      Specified by:
      match in interface CertSelector
    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • match

      public boolean match(Object obj)
      Specified by:
      match in interface Selector