| java.security.cert.X509CRL
 sun.security.x509.X509CRLImpl
| X509CRLImpl | | public class X509CRLImpl extends X509CRL (Code) | |
An implmentation for X509 CRL (Certificate Revocation List).
The X.509 v2 CRL format is described below in ASN.1:
CertificateList ::= SEQUENCE {
tbsCertList TBSCertList,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING }
More information can be found in RFC 2459,
"Internet X.509 Public Key Infrastructure Certificate and CRL
Profile" at
http://www.ietf.org/rfc/rfc2459.txt .
The ASN.1 definition of tbsCertList is:
TBSCertList ::= SEQUENCE {
version Version OPTIONAL,
-- if present, must be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate ChoiceOfTime,
nextUpdate ChoiceOfTime OPTIONAL,
revokedCertificates SEQUENCE OF SEQUENCE {
userCertificate CertificateSerialNumber,
revocationDate ChoiceOfTime,
crlEntryExtensions Extensions OPTIONAL
-- if present, must be v2
} OPTIONAL,
crlExtensions [0] EXPLICIT Extensions OPTIONAL
-- if present, must be v2
}
author:
Hemma Prafullchandra
version:
1.30, 10/10/06
See Also: X509CRL |
| Constructor Summary | |
| public | X509CRLImpl(byte[] crlData)
Unmarshals an X.509 CRL from its encoded form, parsing the encoded
bytes. | | public | X509CRLImpl(DerValue val)
Unmarshals an X.509 CRL from an DER value. | | public | X509CRLImpl(InputStream inStrm)
Unmarshals an X.509 CRL from an input stream. | | public | X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate)
Initial CRL constructor, no revoked certs, and no extensions. | | public | X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, X509CRLEntry[] badCerts)
CRL constructor, revoked certs, no extensions. | | public | X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, X509CRLEntry[] badCerts, CRLExtensions crlExts)
CRL constructor, revoked certs and extensions. |
| Method Summary | |
| public void | encodeInfo(OutputStream out)
Encodes the "to-be-signed" CRL to the OutputStream. | | public KeyIdentifier | getAuthKeyId()
return the AuthorityKeyIdentifier, if any. | | public AuthorityKeyIdentifierExtension | getAuthKeyIdExtension()
return the AuthorityKeyIdentifierExtension, if any. | | public BigInteger | getCRLNumber()
return the CRL number from the CRLNumberExtension, if any. | | public CRLNumberExtension | getCRLNumberExtension()
return the CRLNumberExtension, if any. | | public Set | getCriticalExtensionOIDs()
Gets a Set of the extension(s) marked CRITICAL in the
CRL. | | public byte[] | getEncoded()
Returns the ASN.1 DER encoded form of this CRL. | | public byte[] | getEncodedInternal()
Returned the encoding as an uncloned byte array. | | public static byte[] | getEncodedInternal(X509CRL crl)
Returned the encoding of the given certificate for internal use.
Callers must guarantee that they neither modify it nor expose it
to untrusted code. | | public Object | getExtension(ObjectIdentifier oid)
| | public byte[] | getExtensionValue(String oid)
Gets the DER encoded OCTET string for the extension value
(extnValue) identified by the passed in oid String.
The oid string is
represented by a set of positive whole number separated
by ".", that means,
<positive whole number>.<positive whole number>.<...>
Parameters:
oid - the Object Identifier value for the extension. | | public IssuerAlternativeNameExtension | getIssuerAltNameExtension()
return the IssuerAlternativeNameExtension, if any. | | public Principal | getIssuerDN()
Gets the issuer distinguished name from this CRL.
The issuer name identifies the entity who has signed (and
issued the CRL). | | public X500Principal | getIssuerX500Principal()
Return the issuer as X500Principal. | | public static X500Principal | getIssuerX500Principal(X509CRL crl)
Extract the issuer X500Principal from an X509CRL. | | public Date | getNextUpdate()
Gets the nextUpdate date from the CRL. | | public Set | getNonCriticalExtensionOIDs()
Gets a Set of the extension(s) marked NON-CRITICAL in the
CRL. | | public X509CRLEntry | getRevokedCertificate(BigInteger serialNumber)
Gets the CRL entry with the given serial number from this CRL. | | public Set | getRevokedCertificates()
Gets all the revoked certificates from the CRL. | | public String | getSigAlgName()
Gets the signature algorithm name for the CRL
signature algorithm. | | public String | getSigAlgOID()
Gets the signature algorithm OID string from the CRL. | | public byte[] | getSigAlgParams()
Gets the DER encoded signature algorithm parameters from this
CRL's signature algorithm. | | public byte[] | getSignature()
Gets the raw Signature bits from the CRL. | | public byte[] | getTBSCertList()
Gets the DER encoded CRL information, the
tbsCertList from this CRL. | | public Date | getThisUpdate()
Gets the thisUpdate date from the CRL. | | public int | getVersion()
Gets the version number from this CRL.
The ASN.1 definition for this is:
Version ::= INTEGER { v1(0), v2(1), v3(2) }
-- v3 does not apply to CRLs but appears for consistency
-- with definition of Version for certs
the version number, i.e. | | public boolean | hasUnsupportedCriticalExtension()
Return true if a critical extension is found that is
not supported, otherwise return false. | | public boolean | isRevoked(Certificate cert)
Checks whether the given certificate is on this CRL.
Parameters:
cert - the certificate to check for. | | public void | sign(PrivateKey key, String algorithm)
Encodes an X.509 CRL, and signs it using the given key. | | public void | sign(PrivateKey key, String algorithm, String provider)
Encodes an X.509 CRL, and signs it using the given key. | | public String | toString()
Returns a printable string of this CRL. | | public void | verify(PublicKey key)
Verifies that this CRL was signed using the
private key that corresponds to the given public key. | | public synchronized void | verify(PublicKey key, String sigProvider)
Verifies that this CRL was signed using the
private key that corresponds to the given public key,
and that the signature verification was computed by
the given provider. |
| X509CRLImpl | | public X509CRLImpl(byte[] crlData) throws CRLException(Code) | | Unmarshals an X.509 CRL from its encoded form, parsing the encoded
bytes. This form of constructor is used by agents which
need to examine and use CRL contents. Note that the buffer
must include only one CRL, and no "garbage" may be left at
the end.
Parameters:
crlData - the encoded bytes, with no trailing padding.
exception:
CRLException - on parsing errors. |
| X509CRLImpl | | public X509CRLImpl(DerValue val) throws CRLException(Code) | | Unmarshals an X.509 CRL from an DER value.
Parameters:
val - a DER value holding at least one CRL
exception:
CRLException - on parsing errors. |
| X509CRLImpl | | public X509CRLImpl(InputStream inStrm) throws CRLException(Code) | | Unmarshals an X.509 CRL from an input stream. Only one CRL
is expected at the end of the input stream.
Parameters:
inStrm - an input stream holding at least one CRL
exception:
CRLException - on parsing errors. |
| X509CRLImpl | | public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate)(Code) | | Initial CRL constructor, no revoked certs, and no extensions.
Parameters:
issuer - the name of the CA issuing this CRL.
Parameters:
thisUpdate - the Date of this issue.
Parameters:
nextUpdate - the Date of the next CRL. |
| X509CRLImpl | | public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, X509CRLEntry[] badCerts) throws CRLException(Code) | | CRL constructor, revoked certs, no extensions.
Parameters:
issuer - the name of the CA issuing this CRL.
Parameters:
thisUpdate - the Date of this issue.
Parameters:
nextUpdate - the Date of the next CRL.
Parameters:
badCerts - the array of CRL entries.
exception:
CRLException - on parsing/construction errors. |
| X509CRLImpl | | public X509CRLImpl(X500Name issuer, Date thisDate, Date nextDate, X509CRLEntry[] badCerts, CRLExtensions crlExts) throws CRLException(Code) | | CRL constructor, revoked certs and extensions.
Parameters:
issuer - the name of the CA issuing this CRL.
Parameters:
thisUpdate - the Date of this issue.
Parameters:
nextUpdate - the Date of the next CRL.
Parameters:
badCerts - the array of CRL entries.
Parameters:
crlExts - the CRL extensions.
exception:
CRLException - on parsing/construction errors. |
| encodeInfo | | public void encodeInfo(OutputStream out) throws CRLException(Code) | | Encodes the "to-be-signed" CRL to the OutputStream.
Parameters:
out - the OutputStream to write to.
exception:
CRLException - on encoding errors. |
| getCriticalExtensionOIDs | | public Set getCriticalExtensionOIDs()(Code) | | Gets a Set of the extension(s) marked CRITICAL in the
CRL. In the returned set, each extension is represented by
its OID string.
a set of the extension oid strings in theCRL that are marked critical. |
| getEncoded | | public byte[] getEncoded() throws CRLException(Code) | | Returns the ASN.1 DER encoded form of this CRL.
exception:
CRLException - if an encoding error occurs. |
| getEncodedInternal | | public byte[] getEncodedInternal() throws CRLException(Code) | | Returned the encoding as an uncloned byte array. Callers must
guarantee that they neither modify it nor expose it to untrusted
code.
|
| getEncodedInternal | | public static byte[] getEncodedInternal(X509CRL crl) throws CRLException(Code) | | Returned the encoding of the given certificate for internal use.
Callers must guarantee that they neither modify it nor expose it
to untrusted code. Uses getEncodedInternal() if the certificate
is instance of X509CertImpl, getEncoded() otherwise.
|
| getExtensionValue | | public byte[] getExtensionValue(String oid)(Code) | | Gets the DER encoded OCTET string for the extension value
(extnValue) identified by the passed in oid String.
The oid string is
represented by a set of positive whole number separated
by ".", that means,
<positive whole number>.<positive whole number>.<...>
Parameters:
oid - the Object Identifier value for the extension. the der encoded octet string of the extension value. |
| getIssuerDN | | public Principal getIssuerDN()(Code) | | Gets the issuer distinguished name from this CRL.
The issuer name identifies the entity who has signed (and
issued the CRL). The issuer name field contains an
X.500 distinguished name (DN).
The ASN.1 definition for this is:
issuer Name
Name ::= CHOICE { RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::=
SET OF AttributeValueAssertion
AttributeValueAssertion ::= SEQUENCE {
AttributeType,
AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY
The Name describes a hierarchical name composed of attributes,
such as country name, and corresponding values, such as US.
The type of the component AttributeValue is determined by the
AttributeType; in general it will be a directoryString.
A directoryString is usually one of PrintableString,
TeletexString or UniversalString.
the issuer name. |
| getIssuerX500Principal | | public X500Principal getIssuerX500Principal()(Code) | | Return the issuer as X500Principal. Overrides method in X509CRL
to provide a slightly more efficient version.
|
| getIssuerX500Principal | | public static X500Principal getIssuerX500Principal(X509CRL crl)(Code) | | Extract the issuer X500Principal from an X509CRL. Parses the encoded
form of the CRL to preserve the principal's ASN.1 encoding.
Called by java.security.cert.X509CRL.getIssuerX500Principal().
|
| getNextUpdate | | public Date getNextUpdate()(Code) | | Gets the nextUpdate date from the CRL.
the nextUpdate date from the CRL, or null ifnot present. |
| getNonCriticalExtensionOIDs | | public Set getNonCriticalExtensionOIDs()(Code) | | Gets a Set of the extension(s) marked NON-CRITICAL in the
CRL. In the returned set, each extension is represented by
its OID string.
a set of the extension oid strings in theCRL that are NOT marked critical. |
| getRevokedCertificate | | public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)(Code) | | Gets the CRL entry with the given serial number from this CRL.
the entry with the given serial number, or null if no suchentry exists in the CRL.
See Also: X509CRLEntry |
| getRevokedCertificates | | public Set getRevokedCertificates()(Code) | | Gets all the revoked certificates from the CRL.
A Set of X509CRLEntry.
all the revoked certificates or null if there arenone.
See Also: X509CRLEntry |
| getSigAlgName | | public String getSigAlgName()(Code) | | Gets the signature algorithm name for the CRL
signature algorithm. For example, the string "SHA1withDSA".
The ASN.1 definition for this is:
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
-- contains a value of the type
-- registered for use with the
-- algorithm object identifier value
the signature algorithm name. |
| getSigAlgOID | | public String getSigAlgOID()(Code) | | Gets the signature algorithm OID string from the CRL.
An OID is represented by a set of positive whole number separated
by ".", that means,
<positive whole number>.<positive whole number>.<...>
For example, the string "1.2.840.10040.4.3" identifies the SHA-1
with DSA signature algorithm, as per RFC 2459.
the signature algorithm oid string. |
| getSigAlgParams | | public byte[] getSigAlgParams()(Code) | | Gets the DER encoded signature algorithm parameters from this
CRL's signature algorithm. In most cases, the signature
algorithm parameters are null, the parameters are usually
supplied with the Public Key.
the DER encoded signature algorithm parameters, ornull if no parameters are present. |
| getSignature | | public byte[] getSignature()(Code) | | Gets the raw Signature bits from the CRL.
the signature. |
| getTBSCertList | | public byte[] getTBSCertList() throws CRLException(Code) | | Gets the DER encoded CRL information, the
tbsCertList from this CRL.
This can be used to verify the signature independently.
the DER encoded CRL information.
exception:
CRLException - on encoding errors. |
| getThisUpdate | | public Date getThisUpdate()(Code) | | Gets the thisUpdate date from the CRL.
The ASN.1 definition for this is:
the thisUpdate date from the CRL. |
| getVersion | | public int getVersion()(Code) | | Gets the version number from this CRL.
The ASN.1 definition for this is:
Version ::= INTEGER { v1(0), v2(1), v3(2) }
-- v3 does not apply to CRLs but appears for consistency
-- with definition of Version for certs
the version number, i.e. 1 or 2. |
| hasUnsupportedCriticalExtension | | public boolean hasUnsupportedCriticalExtension()(Code) | | Return true if a critical extension is found that is
not supported, otherwise return false.
|
| isRevoked | | public boolean isRevoked(Certificate cert)(Code) | | Checks whether the given certificate is on this CRL.
Parameters:
cert - the certificate to check for. true if the given certificate is on this CRL,false otherwise. |
| toString | | public String toString()(Code) | | Returns a printable string of this CRL.
value of this CRL in a printable form. |
|
|