org.glite.voms.ac

Class AttributeCertificate

java.lang.Object

org.glite.voms.ac.AttributeCertificate

All Implemented Interfaces:

org.bouncycastle.asn1.ASN1Encodable

public class AttributeCertificate
extends Object
implements org.bouncycastle.asn1.ASN1Encodable

A shadow implementation of the non-working BouncyCastle implementation of X.509 Attribute Certificates

Author:

Joni Hahkala, Olle Mulmo

Field Summary

Fields

Modifier and Type	Field and Description
protected static org.apache.log4j.Logger	logger

Constructor Summary

Constructors

Constructor and Description
AttributeCertificate(org.bouncycastle.asn1.ASN1Sequence seq)

Method Summary

Methods

Modifier and Type	Method and Description
AttributeCertificateInfo	getAcinfo()
org.bouncycastle.asn1.ASN1Sequence	getAttributes()
List	getAttributes(String oid) Returns a list of the attributes matching the provided OID.
ACCerts	getCertList()
org.bouncycastle.asn1.x509.X509Extensions	getExtensions()
FullAttributes	getFullAttributes()
List	getFullyQualifiedAttributes()
Holder	getHolder()
String	getHolderX509()
String	getHost()
String	getHostPort()
static AttributeCertificate	getInstance(InputStream in) Create an Attribute Certificate from a input stream containing DER-encoded data
X500Principal	getIssuer()
org.bouncycastle.jce.X509Principal	getIssuerX509()
List	getListOfFQAN()
Date	getNotAfter()
Date	getNotBefore()
int	getPort()
org.bouncycastle.asn1.DERInteger	getSerialNumber()
byte[]	getSignature()
org.bouncycastle.asn1.x509.AlgorithmIdentifier	getSignatureAlgorithm()
org.bouncycastle.asn1.DERBitString	getSignatureValue()
ACTargets	getTargets()
String	getVO()
boolean	isValid() Synonym for validAt(null)
org.bouncycastle.asn1.ASN1Primitive	toASN1Primitive() Produce an object suitable for an ASN1OutputStream.
boolean	validAt(Date date) Checks if the AC was valid at the provided timestamp.
boolean	verify(PublicKey key) Verifies the signature of the AC using the provided signature key
boolean	verifyCert(X509Certificate cert)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected static final org.apache.log4j.Logger logger

Constructor Detail

AttributeCertificate

public AttributeCertificate(org.bouncycastle.asn1.ASN1Sequence seq)
                     throws IOException

Throws:

IOException

Method Detail

getInstance

public static AttributeCertificate getInstance(InputStream in)
                                        throws IOException

Create an Attribute Certificate from a input stream containing DER-encoded data

Parameters:

in -

Returns:

the Attribute Certificate

Throws:

IOException

getAcinfo

public AttributeCertificateInfo getAcinfo()

getAttributes

public org.bouncycastle.asn1.ASN1Sequence getAttributes()

See Also:

AttributeCertificateInfo.getAttributes()

getSerialNumber

public org.bouncycastle.asn1.DERInteger getSerialNumber()

getVO

public String getVO()

getHostPort

public String getHostPort()

getHost

public String getHost()

getPort

public int getPort()

getFullAttributes

public FullAttributes getFullAttributes()

getCertList

public ACCerts getCertList()

getTargets

public ACTargets getTargets()

getFullyQualifiedAttributes

public List getFullyQualifiedAttributes()

Returns:

List of String of the VOMS fully qualified attributes names (FQANs):
vo[/group[/group2...]][/Role=[role]][/Capability=capability]

getListOfFQAN

public List getListOfFQAN()

Returns:

List of FQAN of the VOMS fully qualified attributes names (FQANs)

See Also:

FQAN

getAttributes

public List getAttributes(String oid)

Returns a list of the attributes matching the provided OID.

Parameters:

oid - Object Identifier, on the form "1.2.3.4"

Returns:

List of ASN.1 objects representing the OID type in question

getExtensions

public org.bouncycastle.asn1.x509.X509Extensions getExtensions()

getIssuerX509

public org.bouncycastle.jce.X509Principal getIssuerX509()

getIssuer

public X500Principal getIssuer()

getHolderX509

public String getHolderX509()

getHolder

public Holder getHolder()

getNotAfter

public Date getNotAfter()
                 throws ParseException

Throws:

ParseException

getNotBefore

public Date getNotBefore()
                  throws ParseException

Throws:

ParseException

getSignatureAlgorithm

public org.bouncycastle.asn1.x509.AlgorithmIdentifier getSignatureAlgorithm()

getSignatureValue

public org.bouncycastle.asn1.DERBitString getSignatureValue()

getSignature

public byte[] getSignature()

validAt

public boolean validAt(Date date)

Checks if the AC was valid at the provided timestamp.

Parameters:

date - if null, current time is used

Returns:

true if the AC was valid at the time in question.

isValid

public boolean isValid()

Synonym for validAt(null)

Returns:

true if currently valid

verify

public boolean verify(PublicKey key)

Verifies the signature of the AC using the provided signature key

Parameters:

key - The (RSA) public key to verify the signature with

Returns:

true if success, false otherwise

verifyCert

public boolean verifyCert(X509Certificate cert)

toASN1Primitive

public org.bouncycastle.asn1.ASN1Primitive toASN1Primitive()

Produce an object suitable for an ASN1OutputStream.

  AttributeCertificate ::= SEQUENCE {
       acinfo               AttributeCertificateInfo,
       signatureAlgorithm   AlgorithmIdentifier,
       signatureValue       BIT STRING
  }
 

Specified by:

toASN1Primitive in interface org.bouncycastle.asn1.ASN1Encodable