PECertificate (TCcert Documentation)

Overview

Package

Class

Tree

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

iaik.tc.cert
Class PECertificate

Object
  PECertificate

public class PECertificate
extends Object
extends Object

A PE certificate is an instantiation of the TCG Platform Endorsement Credential.

The value "Standard" in Field Status column in the table below means the field is an inherent component of the standard certificate syntax and is not optional.

Some fields are assigned a value even though the certificate user performs no action based on that value. In such cases, the intention is to inhibit non-TCG implementations from making inappropriate use of the certificate.

 Field Name            Description                                                 Field Status
 ----------------------------------------------------------------------------------------------
 Version               Certificate syntax version number                           Standard
 Serial Number         Positive integer value unique relative to the issuer        Standard
 Signature Algorithm   Algorithm used by the issuer to sign this certificate       Standard
 Holder                Identity of the associated TPM EK Certificate               Standard
 Issuer                Distinguished name of the platform certificate issuer       Standard
 Validity              Time interval during which the certificate is valid         Standard
 Attributes            Information about the platform of this certificate          Standard
 Certificate Policies  Policy terms under which the certificate was issued         MUST
 Alternative Names     Name forms other than directory distinguished names         MUST
 Authority Key Id      Identifies the subject public key of the certificate issuer SHOULD
 Authority Info Access Indicates how to access CA information                      MAY
 CRL Distribution      Indicates how to access CRL information                     MAY
 Subject Unique Id     Unique value when using a shared subject name               SHOULD NOT
 Issuer Unique Id      Unique value when using a shared issuer name                SHOULD NOT

For details on this certificate please refer to the public TCG specification https://www.trustedcomputinggroup.org/specs/IWG/Credential_Profiles_V1_rev981.pdf

Field Summary
`static String`	`policyUserNotice` `"TCPA Trusted Platform Endorsement"`.

Method Summary
`static SubjectAltName`	`alternativeNames(String manufacturer, String model, String version)` Creates SubjectAlternativeNames extension as specified for a PE
`static AttributeCertificate`	`create(Properties prop, X509Certificate caCert, PrivateKey caPrivateKey, X509Certificate ekCert)` Creates a Platform Endorsement (PE) certificate.
`static Attribute`	`platformSpecification(String platformClass, int major, int minor, int revision)` Creates PlatformSpecification Attribute as specified for a PE.

Methods inherited from class Object
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

policyUserNotice

public static String policyUserNotice

"TCPA Trusted Platform Endorsement".

UserNotice string for PE certificate CertificatePolicies extension.

Method Detail

create

public static AttributeCertificate create(Properties prop,
                                          X509Certificate caCert,
                                          PrivateKey caPrivateKey,
                                          X509Certificate ekCert)
                                   throws X509ExtensionException,
                                          CertificateException

Creates a Platform Endorsement (PE) certificate.

Before calling set the properties section pointer to the section to be used as input. e.g.

 prop.setSectionPointer("PE");
 PECertificate.create(prop, ....);

Parameters:: prop - custom setable properties of certificate; caCert - certificate of issuing authority; caPrivateKey - private key of issuing authority; ekCert - TPM Endorsement Key credential
Throws:: X509ExtensionException; CertificateException

platformSpecification

public static Attribute platformSpecification(String platformClass,
                                              int major,
                                              int minor,
                                              int revision)

Creates PlatformSpecification Attribute as specified for a PE.

The 'TCG Platform Specification' attribute references the platform class, version and revision level of the TCG platform-specific specification to which the platform was designed.

 tCGPlatformSpecification ATTRIBUTE ::= {
     WITH SYNTAX TCGPlatformSpecification
     ID tcg-at-tcgPlatformSpecification }

 TCGSpecificationVersion ::= SEQUENCE {
     majorVersion INTEGER,
     minorVersion INTEGER,
     revision     INTEGER }

 TCGPlatformSpecification ::= SEQUENCE {
     Version TCGSpecificationVersion,
     platformClass OCTET STRING SIZE(4) }

alternativeNames

public static SubjectAltName alternativeNames(String manufacturer,
                                              String model,
                                              String version)

Creates SubjectAlternativeNames extension as specified for a PE

Include the platform model, using the directory name-form with RDNs for the platform manufacturer, model and version numbers.

 PlatformManufacturer ATTRIBUTE ::= {
     WITH SYNTAX UTF8String
     ID tcg-at-platformManufacturer }

 PlatformModel ATTRIBUTE ::= {
     WITH SYNTAX UTF8String
     ID tcg-at-platformModel }

 PlatformVersion ATTRIBUTE ::= {
     WITH SYNTAX UTF8String
     ID tcg-at-platformVersion }

Assign "critical" the value TRUE.