Bouncy Castle AuthorityInfoAccess Extension

Question

I'm trying to develop a X.509 Attribute Certificate generator with Bouncy Castle and I need to add an AuthorityInfoAccess extension. However, I can't find a non-deprecated way to do that!

The most-recent Bouncy Castle API Documentation doesn't show any clear way to build this extension and there is no example on their repository about that.

The answers I found about it refer to a X509Extensions.AuthorityInfoAccess, but it's deprecated!

Is there any trick about that?

score 0 · Accepted Answer · answered Jan 27 '19 at 09:03

0

The OIDs in X509Extensions were deprecated in favor of X509Extension but that was also deprecated in favor of org.bouncycastle.asn1.x509.Extension.authorityInfoAccess

You don't say if you already have the content; if not, that uses org.bouncycastle.asn1.x509.AuthorityInformationAccess (note Information not just Info) which in turn uses similar AccessDescription and GeneralName

answered Jan 27 '19 at 09:03

dave_thompson_085

34,712
6
50
70

Yep, I had the content, but not the correct identifier. I'm using the `addExtension` method. Thank you! – Ricardo Brunetto Jan 27 '19 at 21:36

score 0 · Answer 2 · answered Jan 28 '19 at 11:37

Usually, when deprecating a method/class/... the author indicates the new code to be used.

In this case, the message for X509Extensions.AuthorityInfoAccess says:

ASN1ObjectIdentifier
org.bouncycastle.asn1.x509.X509Extensions.AuthorityInfoAccess
Deprecated. use X509Extension value.
Authority Info Access

So, the message gives the hint that you should use X509Extension instead, as Dave Thomson already mentioned in his answer (well, he also mentioned a second deprecration also for X509Extension, but this is another story)

X509Extension is now deprecated as well, user org.bouncycastle.asn1.x509.Extension instead. — David, Feb 14 '20 at 15:45

Bouncy Castle AuthorityInfoAccess Extension

2 Answers2