Package org.bouncycastle.cert

Class AttributeCertificateHolder

java.lang.Object
org.bouncycastle.cert.AttributeCertificateHolder
All Implemented Interfaces:
Cloneable, Selector
public class AttributeCertificateHolder
extends Object
implements Selector
The Holder object. 
          Holder ::= SEQUENCE {
                baseCertificateID   [0] IssuerSerial OPTIONAL,
                         -- the issuer and serial number of
                         -- the holder's Public Key Certificate
                entityName          [1] GeneralNames OPTIONAL,
                         -- the name of the claimant or role
                objectDigestInfo    [2] ObjectDigestInfo OPTIONAL
                         -- used to directly authenticate the holder,
                         -- for example, an executable
          }

Note: If objectDigestInfo comparisons are to be carried out the static method setDigestCalculatorProvider must be called once to configure the class to do the necessary calculations.

  • Constructor Details

    • AttributeCertificateHolder

      public AttributeCertificateHolder​(X500Name issuerName, BigInteger serialNumber)

    • AttributeCertificateHolder

      public AttributeCertificateHolder​(X509CertificateHolder cert)

    • AttributeCertificateHolder

      public AttributeCertificateHolder​(X500Name principal)

    • AttributeCertificateHolder

      public AttributeCertificateHolder​(int digestedObjectType, ASN1ObjectIdentifier digestAlgorithm, ASN1ObjectIdentifier otherObjectTypeID, byte[] objectDigest)
      Constructs a holder for v2 attribute certificates with a hash value for some type of object.

      digestedObjectType can be one of the following:

      • 0 - publicKey - A hash of the public key of the holder must be passed.
      • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
      • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.

      This cannot be used if a v1 attribute certificate is used.

      Parameters:
      digestedObjectType - The digest object type.
      digestAlgorithm - The algorithm identifier for the hash.
      otherObjectTypeID - The object type ID if digestedObjectType is otherObjectDigest.
      objectDigest - The hash value.

  • Method Details

    • getDigestedObjectType

      public int getDigestedObjectType()
      Returns the digest object type if an object digest info is used.

      • 0 - publicKey - A hash of the public key of the holder must be passed.
      • 1 - publicKeyCert - A hash of the public key certificate of the holder must be passed.
      • 2 - otherObjectDigest - A hash of some other object type must be passed. otherObjectTypeID must not be empty.
      Returns:
      The digest object type or -1 if no object digest info is set.

    • getDigestAlgorithm

      public AlgorithmIdentifier getDigestAlgorithm()
      Returns algorithm identifier for the digest used if ObjectDigestInfo is present.
      Returns:
      digest AlgorithmIdentifier or null if ObjectDigestInfo is absent.

    • getObjectDigest

      public byte[] getObjectDigest()
      Returns the hash if an object digest info is used.
      Returns:
      The hash or null if ObjectDigestInfo is absent.

    • getOtherObjectTypeID

      public ASN1ObjectIdentifier getOtherObjectTypeID()
      Returns the digest algorithm ID if an object digest info is used.
      Returns:
      The digest algorithm ID or null if no object digest info is set.

    • getEntityNames

      public X500Name[] getEntityNames()
      Return any principal objects inside the attribute certificate holder entity names field.
      Returns:
      an array of Principal objects (usually X500Principal), null if no entity names field is set.

    • getIssuer

      public X500Name[] getIssuer()
      Return the principals associated with the issuer attached to this holder
      Returns:
      an array of principals, null if no BaseCertificateID is set.

    • getSerialNumber

      public BigInteger getSerialNumber()
      Return the serial number associated with the issuer attached to this holder.
      Returns:
      the certificate serial number, null if no BaseCertificateID is set.

    • clone

      public Object clone()
      Description copied from class: Object
      Creates and returns a copy of this Object. The default implementation returns a so-called "shallow" copy: It creates a new instance of the same class and then copies the field values (including object references) from this instance to the new instance. A "deep" copy, in contrast, would also recursively clone nested objects. A subclass that needs to implement this kind of cloning should call super.clone() to create the new instance and then create deep copies of the nested, mutable objects.
      Specified by:
      clone in interface Selector
      Overrides:
      clone in class Object
      Returns:
      a copy of this object.

    • match

      public boolean match​(Object obj)
      Specified by:
      match in interface Selector

    • equals

      public boolean equals​(Object obj)
      Description copied from class: Object
      Compares this instance with the specified object and indicates if they are equal. In order to be equal, o must represent the same object as this instance using a class-specific comparison. The general contract is that this comparison should be reflexive, symmetric, and transitive. Also, no object reference other than null is equal to null.

      The default implementation returns true only if this == o. See Writing a correct equals method if you intend implementing your own equals method.

      The general contract for the equals and Object.hashCode() methods is that if equals returns true for any two objects, then hashCode() must return the same value for these objects. This means that subclasses of Object usually override either both methods or neither of them.

      Overrides:
      equals in class Object
      Parameters:
      obj - the object to compare this instance with.
      Returns:
      true if the specified object is equal to this Object; false otherwise.
      See Also:
      Object.hashCode()

    • hashCode

      public int hashCode()
      Description copied from class: Object
      Returns an integer hash code for this object. By contract, any two objects for which Object.equals(java.lang.Object) returns true must return the same hash code value. This means that subclasses of Object usually override both methods or neither method.

      Note that hash values must not change over time unless information used in equals comparisons also changes.

      See Writing a correct hashCode method if you intend implementing your own hashCode method.

      Overrides:
      hashCode in class Object
      Returns:
      this object's hash code.
      See Also:
      Object.equals(java.lang.Object)

    • setDigestCalculatorProvider

      public static void setDigestCalculatorProvider​(DigestCalculatorProvider digCalcProvider)
      Set a digest calculator provider to be used if matches are attempted using ObjectDigestInfo,
      Parameters:
      digCalcProvider - a provider of digest calculators.