be.cardon.asn1.x509.extensions
Class SubjectInformationAccess

java.lang.Object
  org.bouncycastle.asn1.ASN1Encodable
      be.cardon.asn1.x509.extensions.SubjectInformationAccess

All Implemented Interfaces:

org.bouncycastle.asn1.DEREncodable

public class SubjectInformationAccess
extends org.bouncycastle.asn1.ASN1Encodable

Extension SubjectInformationAccess.

Documentation from RFC 3280:

The subject information access extension indicates how to access information and services for the subject of the certificate in which the extension appears. When the subject is a CA, information and services may include certificate validation services and CA policy data. When the subject is an end entity, the information describes the type of services offered and how to access them. In this case, the contents of this extension are defined in the protocol specifications for the suported services. This extension may be included in subject or CA certificates, and it MUST be non-critical.

   id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }

   SubjectInfoAccessSyntax  ::=
           SEQUENCE SIZE (1..MAX) OF AccessDescription

   AccessDescription  ::=  SEQUENCE {
           accessMethod          OBJECT IDENTIFIER,
           accessLocation        GeneralName  }
   

Each entry in the sequence SubjectInfoAccessSyntax describes the format and location of additional information provided by the subject of the certificate in which this extension appears. The type and format of the information is specified by the accessMethod field; the accessLocation field specifies the location of the information. The retrieval mechanism may be implied by the accessMethod or specified by accessLocation.

This profile defines one access method to be used when the subject is a CA, and one access method to be used when the subject is an end entity. Additional access methods may be defined in the future in the protocol specifications for other services.

The id-ad-caRepository OID is used when the subject is a CA, and publishes its certificates and CRLs (if issued) in a repository. The accessLocation field is defined as a GeneralName, which can take several forms.

• Where the information is available via http, ftp, or ldap, accessLocation MUST be a uniformResourceIdentifier.
• Where the information is available via the directory access protocol (dap), accessLocation MUST be a directoryName.
• When the information is available via electronic mail, accessLocation MUST be an rfc822Name.
• The semantics of other name forms of of accessLocation (when accessMethod is id-ad-caRepository) are not defined by this specification.

The id-ad-timeStamping OID is used when the subject offers timestamping services using the Time Stamp Protocol defined in [PKIXTSA].

• Where the timestamping services are available via http or ftp, accessLocation MUST be a uniformResourceIdentifier.
• Where the timestamping services are available via electronic mail, accessLocation MUST be an rfc822Name.
• Where timestamping services are available using TCP/IP, the dNSName or ipAddress name forms may be used.
• The semantics of other name forms of accessLocation (when accessMethod is id-ad-timeStamping) are not defined by this specification.

Additional access descriptors may be defined in other PKIX specifications.

   id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }

   id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }

   id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
   

See Also:

AccessDescription

Field Summary

Fields inherited from class org.bouncycastle.asn1.ASN1Encodable

BER, DER

Constructor Summary

SubjectInformationAccess(org.bouncycastle.asn1.ASN1Sequence seq)
Creates a new instance from a ASN1Sequence object.

SubjectInformationAccess(java.util.Vector<AccessDescription> accessDescriptionVector)
Creates a new instance with the given accessDescription vector.

Method Summary

java.util.Vector<AccessDescription>	getAccessDescriptionVector() Returns a vector with the AccessDescription objects.
static SubjectInformationAccess	getInstance(java.lang.Object obj) Returns an instance from a ASN1Sequence, or a AuthorityInformationAccess object.
org.bouncycastle.asn1.DERObject	toASN1Object()

Methods inherited from class org.bouncycastle.asn1.ASN1Encodable

equals, getDEREncoded, getDERObject, getEncoded, getEncoded, hashCode

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SubjectInformationAccess

public SubjectInformationAccess(org.bouncycastle.asn1.ASN1Sequence seq)

Creates a new instance from a ASN1Sequence object.

SubjectInformationAccess

public SubjectInformationAccess(java.util.Vector<AccessDescription> accessDescriptionVector)

Creates a new instance with the given accessDescription vector.

Method Detail

getInstance

public static SubjectInformationAccess getInstance(java.lang.Object obj)

Returns an instance from a ASN1Sequence, or a AuthorityInformationAccess object.

getAccessDescriptionVector

public java.util.Vector<AccessDescription> getAccessDescriptionVector()

Returns a vector with the AccessDescription objects.

toASN1Object

public org.bouncycastle.asn1.DERObject toASN1Object()

Specified by:

toASN1Object in class org.bouncycastle.asn1.ASN1Encodable