be.cardon.asn1.x509.extensions
Class AuthorityInformationAccess

java.lang.Object
  org.bouncycastle.asn1.ASN1Encodable
      be.cardon.asn1.x509.extensions.AuthorityInformationAccess

All Implemented Interfaces:

org.bouncycastle.asn1.DEREncodable

public class AuthorityInformationAccess
extends org.bouncycastle.asn1.ASN1Encodable

Extension AuthorityInformationAccess.

Documentation from RFC 3280:

The authority information access extension indicates how to access CA information and services for the issuer of the certificate in which the extension appears. Information and services may include on-line validation services and CA policy data. (The location of CRLs is not specified in this extension; that information is provided by the cRLDistributionPoints extension.) This extension may be included in end entity or CA certificates, and it MUST be non-critical.

   id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }

   AuthorityInfoAccessSyntax  ::=
           SEQUENCE SIZE (1..MAX) OF AccessDescription

   AccessDescription  ::=  SEQUENCE {
           accessMethod          OBJECT IDENTIFIER,
           accessLocation        GeneralName  }

   id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }

   id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }

   id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
   

Each entry in the sequence AuthorityInfoAccessSyntax describes the format and location of additional information provided by the CA that issued the certificate in which this extension appears. The type and format of the information is specified by the accessMethod field; the accessLocation field specifies the location of the information. The retrieval mechanism may be implied by the accessMethod or specified by accessLocation.

This profile defines two accessMethod OIDs: id-ad-caIssuers and id-ad-ocsp.

The id-ad-caIssuers OID is used when the additional information lists CAs that have issued certificates superior to the CA that issued the certificate containing this extension. The referenced CA issuers description is intended to aid certificate users in the selection of a certification path that terminates at a point trusted by the certificate user.

When id-ad-caIssuers appears as accessMethod, the accessLocation field describes the referenced description server and the access protocol to obtain the referenced description. The accessLocation field is defined as a GeneralName, which can take several forms.

• Where the information is available via http, ftp, or ldap, accessLocation MUST be a uniformResourceIdentifier.
• Where the information is available via the Directory Access Protocol (DAP), accessLocation MUST be a directoryName. The entry for that directoryName contains CA certificates in the crossCertificatePair attribute.
• When the information is available via electronic mail, accessLocation MUST be an rfc822Name.
• The semantics of other id-ad-caIssuers accessLocation name forms are not defined.

The id-ad-ocsp OID is used when revocation information for the certificate containing this extension is available using the Online Certificate Status Protocol (OCSP) [RFC 2560].

When id-ad-ocsp appears as accessMethod, the accessLocation field is the location of the OCSP responder, using the conventions defined in [RFC 2560].

Additional access descriptors may be defined in other PKIX specifications.

See Also:

AccessDescription

Field Summary

Fields inherited from class org.bouncycastle.asn1.ASN1Encodable

BER, DER

Constructor Summary

AuthorityInformationAccess(org.bouncycastle.asn1.ASN1Sequence seq)
Creates a new instance from a ASN1Sequence object.

AuthorityInformationAccess(java.util.Vector<AccessDescription> accessDescriptionVector)
Creates a new instance with the given accessDescription vector.

Method Summary

java.util.Vector<AccessDescription>	getAccessDescriptionVector() Returns a vector with the AccessDescription objects.
static AuthorityInformationAccess	getInstance(java.lang.Object obj) Returns an instance from a ASN1Sequence, or a AuthorityInformationAccess object.
org.bouncycastle.asn1.DERObject	toASN1Object()

Methods inherited from class org.bouncycastle.asn1.ASN1Encodable

equals, getDEREncoded, getDERObject, getEncoded, getEncoded, hashCode

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorityInformationAccess

public AuthorityInformationAccess(org.bouncycastle.asn1.ASN1Sequence seq)

Creates a new instance from a ASN1Sequence object.

AuthorityInformationAccess

public AuthorityInformationAccess(java.util.Vector<AccessDescription> accessDescriptionVector)

Creates a new instance with the given accessDescription vector.

Method Detail

getInstance

public static AuthorityInformationAccess getInstance(java.lang.Object obj)

Returns an instance from a ASN1Sequence, or a AuthorityInformationAccess object.

getAccessDescriptionVector

public java.util.Vector<AccessDescription> getAccessDescriptionVector()

Returns a vector with the AccessDescription objects.

toASN1Object

public org.bouncycastle.asn1.DERObject toASN1Object()

Specified by:

toASN1Object in class org.bouncycastle.asn1.ASN1Encodable