Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

codec.x509
Class X509Crl

java.lang.Object
  |
  +--java.security.cert.CRL
        |
        +--java.security.cert.X509CRL
              |
              +--codec.x509.X509Crl
All Implemented Interfaces:
ASN1Type, X509Extension
public class X509Crl
extends X509CRL
implements ASN1Type

Certificate Revocation List (CRL) according to rfc2459. It implements the following ASN1 data structure: 

 CertificateList  ::=  SEQUENCE  {
 tbsCertList			TBSCertList,
 signatureAlgorithm	AlgorithmIdentifier,
 signature			BIT STRING
 }
 TBSCertList  ::=  SEQUENCE  {
 	version				Version OPTIONAL,
 						-- if present, must be v2
 signature			AlgorithmIdentifier,
 issuer				Name,
 thisUpdate			Time,
 nextUpdate			Time OPTIONAL,
 revokedCertificates	SEQUENCE OF CRLEntry OPTIONAL,
  crlExtensions 		[0]  EXPLICIT Extensions OPTIONAL
 						-- if present, must be v2
 }
Creation date: (18.08.99 15:23:09)

Author:
Markus Tak

Constructor Summary
X509Crl()
          constructor that builds the ASN.1 structure
X509Crl(InputStream is)
          Constructor on an input stream that delivers the DER-encoded certificate revocation list.
X509Crl(int i)
          constructor that builds the ASN.1 structure
X509Crl(Name issuer, Calendar now)
          Constructor upon Java objects.
X509Crl(Name issuer, Calendar now, boolean _nextUpdate)
           
 
Method Summary
 void addEntry(CRLEntry e)
          Adds a CRL entry.
 void addExtension(X509Extension ex)
          Adds a global extension to the CRL structure.
 void checkConstraints()
          for interface codec.asn1.ASN1Type
 boolean containsCertificate(BigInteger s)
          returns true if the given certificate serial number is revoked in this CRL
 void decode(Decoder dec)
          for interface codec.asn1.ASN1Type
 void encode(Encoder enc)
          for interface codec.asn1.ASN1Type
 Constraint getConstraint()
          for interface codec.asn1.ASN1Type
 Set getCriticalExtensionOIDs()
          implementing abstract method in java.security.cert.X509CRL
 byte[] getEncoded()
          implementing abstract method in java.security.cert.X509CRL
 Collection getExtensions()
          returns a collection of all global extensions inside this crl
 byte[] getExtensionValue(String ex)
          implementing abstract method in java.security.cert.X509CRL
 Principal getIssuerDN()
          implementing abstract method in java.security.cert.X509CRL
 Date getNextUpdate()
          implementing abstract method in java.security.cert.X509CRL
 Set getNonCriticalExtensionOIDs()
          implementing abstract method in java.security.cert.X509CRL
 X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
          implementing abstract method in java.security.cert.X509CRL
 Set getRevokedCertificates()
          implementing abstract method in java.security.cert.X509CRL
 String getSigAlgName()
          implementing abstract method in java.security.cert.X509CRL
 String getSigAlgOID()
          implementing abstract method in java.security.cert.X509CRL
 byte[] getSigAlgParams()
          implementing abstract method in java.security.cert.X509CRL
 byte[] getSignature()
          implementing abstract method in java.security.cert.X509CRL
 int getTag()
          for interface codec.asn1.ASN1Type
 int getTagClass()
          for interface codec.asn1.ASN1Type
 byte[] getTBSCertList()
          gets the binary to-be-signed which is the input for the java Signature object for verifying For signing use getTBSCertList(AlgorithmIdentifier)
 byte[] getTBSCertList(AlgorithmIdentifier sigalg)
          gets the binary to-be-signed which is the input for the java Signature object for signing For verifying use getTBSCertList()
 Date getThisUpdate()
          returns the issuing date of this crl update
 Object getValue()
           
 int getVersion()
          returns the X.509 version (1,2) of this crl
 boolean hasUnsupportedCriticalExtension()
          implementing abstract method in java.security.cert.X509CRL
 boolean isExplicit()
          for interface codec.asn1.ASN1Type
 boolean isOptional()
          for interface codec.asn1.ASN1Type
 boolean isRevoked(Certificate crt)
          returns true if the given certificate is revoked in this crl
 boolean isType(int eins, int zwei)
          for interface codec.asn1.ASN1Type
 void setConstraint(Constraint c)
          for interface codec.asn1.ASN1Type
 void setExplicit(boolean ex)
          for interface codec.asn1.ASN1Type
 void setIssuerDN(Principal iss)
          sets this issuer
 void setNextUpdate(Calendar time)
          sets the date of the next update
 void setNextUpdate(Date time)
          sets the date of the next update Note that the TimeZone will be set to GMT since Date objects do not support time zones.
 void setOptional(boolean opt)
          for interface codec.asn1.ASN1Type
 void setSignature(byte[] sig)
          sets the signature on this object
 void setSignatureAlgorithm(AlgorithmIdentifier sigalg)
          sets the signature algorithm for the signature private key
 void setThisUpdate(Calendar time)
          sets the date of this update
 void setThisUpdate(Date time)
          sets the date of this update Note that the TimeZone will be set to GMT since Date objects do not support time zones.
 String toString()
          Returns a human-readable string representation of this certificate revocation list
 String toString(String offset)
          Returns a human-readable string representation of this certificate revocation list
 void verify(PublicKey key)
          With this method, the certificate can be verified in an easy, but less secure way.
 void verify(PublicKey key, String sigProvider)
          with this method, the certificate can be verified in an easy, but less secure way.
 
Methods inherited from class java.security.cert.X509CRL
equals, hashCode
 
Methods inherited from class java.security.cert.CRL
getType
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Constructor Detail

X509Crl

public X509Crl()
constructor that builds the ASN.1 structure

X509Crl

public X509Crl(Name issuer,
               Calendar now)
Constructor upon Java objects. Takes an Name object (this crl's issuer) and a Calendar object (date of this update)
Parameters:
issuer - the issuer as a Name object
now - time of the revocation

X509Crl

public X509Crl(int i)
constructor that builds the ASN.1 structure

X509Crl

public X509Crl(Name issuer,
               Calendar now,
               boolean _nextUpdate)

X509Crl

public X509Crl(InputStream is)
        throws ASN1Exception,
               IOException
Constructor on an input stream that delivers the DER-encoded certificate revocation list.
Method Detail

setConstraint

public void setConstraint(Constraint c)
for interface codec.asn1.ASN1Type
Specified by:
setConstraint in interface ASN1Type
Following copied from interface: codec.asn1.ASN1Type
Parameters:
o - The constraint to set.

getConstraint

public Constraint getConstraint()
for interface codec.asn1.ASN1Type
Specified by:
getConstraint in interface ASN1Type
Following copied from interface: codec.asn1.ASN1Type
Returns:
The Constraint or null.

addEntry

public void addEntry(CRLEntry e)
Adds a CRL entry. Note that this method marks the revokedCertificates field as _NOT_ optional so that it will be encoded.
Parameters:
e - a CRLEntry object that represents a revocation entry in this crl

addExtension

public void addExtension(X509Extension ex)
Adds a global extension to the CRL structure. This method assumes that the version number of this instance is already v2(1), which is the case by default. This should be kept in mind when changing, modifying, or subclassing this implementation.
Parameters:
ex - the X509 Extension to be added to the CRL (globally)

checkConstraints

public void checkConstraints()
                      throws ConstraintException
for interface codec.asn1.ASN1Type
Specified by:
checkConstraints in interface ASN1Type
Following copied from interface: codec.asn1.ASN1Type
See Also:
Constraint, ConstraintCollection

containsCertificate

public boolean containsCertificate(BigInteger s)
returns true if the given certificate serial number is revoked in this CRL

decode

public void decode(Decoder dec)
            throws ASN1Exception,
                   IOException
for interface codec.asn1.ASN1Type
Specified by:
decode in interface ASN1Type

encode

public void encode(Encoder enc)
            throws ASN1Exception,
                   IOException
for interface codec.asn1.ASN1Type
Specified by:
encode in interface ASN1Type

getCriticalExtensionOIDs

public Set getCriticalExtensionOIDs()
implementing abstract method in java.security.cert.X509CRL
Overrides:
getCriticalExtensionOIDs in class X509CRL

getEncoded

public byte[] getEncoded()
                  throws CRLException
implementing abstract method in java.security.cert.X509CRL
Overrides:
getEncoded in class X509CRL

getExtensions

public Collection getExtensions()
returns a collection of all global extensions inside this crl

getExtensionValue

public byte[] getExtensionValue(String ex)
implementing abstract method in java.security.cert.X509CRL
Overrides:
getExtensionValue in class X509CRL

getIssuerDN

public Principal getIssuerDN()
implementing abstract method in java.security.cert.X509CRL
Overrides:
getIssuerDN in class X509CRL

getNextUpdate

public Date getNextUpdate()
implementing abstract method in java.security.cert.X509CRL
Overrides:
getNextUpdate in class X509CRL

getNonCriticalExtensionOIDs

public Set getNonCriticalExtensionOIDs()
implementing abstract method in java.security.cert.X509CRL
Overrides:
getNonCriticalExtensionOIDs in class X509CRL

getRevokedCertificate

public X509CRLEntry getRevokedCertificate(BigInteger serialNumber)
implementing abstract method in java.security.cert.X509CRL
Overrides:
getRevokedCertificate in class X509CRL

getRevokedCertificates

public Set getRevokedCertificates()
implementing abstract method in java.security.cert.X509CRL
Overrides:
getRevokedCertificates in class X509CRL

getSigAlgName

public String getSigAlgName()
implementing abstract method in java.security.cert.X509CRL
Overrides:
getSigAlgName in class X509CRL

getSigAlgOID

public String getSigAlgOID()
implementing abstract method in java.security.cert.X509CRL
Overrides:
getSigAlgOID in class X509CRL

getSigAlgParams

public byte[] getSigAlgParams()
implementing abstract method in java.security.cert.X509CRL
Overrides:
getSigAlgParams in class X509CRL

getSignature

public byte[] getSignature()
implementing abstract method in java.security.cert.X509CRL
Overrides:
getSignature in class X509CRL

getTag

public int getTag()
for interface codec.asn1.ASN1Type
Specified by:
getTag in interface ASN1Type

getTagClass

public int getTagClass()
for interface codec.asn1.ASN1Type
Specified by:
getTagClass in interface ASN1Type

getTBSCertList

public byte[] getTBSCertList()
                      throws CRLException
gets the binary to-be-signed which is the input for the java Signature object for verifying

For signing use getTBSCertList(AlgorithmIdentifier)

Overrides:
getTBSCertList in class X509CRL

getTBSCertList

public byte[] getTBSCertList(AlgorithmIdentifier sigalg)
                      throws CRLException
gets the binary to-be-signed which is the input for the java Signature object for signing

For verifying use getTBSCertList()

getThisUpdate

public Date getThisUpdate()
returns the issuing date of this crl update
Overrides:
getThisUpdate in class X509CRL

getValue

public Object getValue()
Specified by:
getValue in interface ASN1Type

getVersion

public int getVersion()
returns the X.509 version (1,2) of this crl
Overrides:
getVersion in class X509CRL

hasUnsupportedCriticalExtension

public boolean hasUnsupportedCriticalExtension()
implementing abstract method in java.security.cert.X509CRL
Overrides:
hasUnsupportedCriticalExtension in class X509CRL
Returns:
Always returns false

isExplicit

public boolean isExplicit()
for interface codec.asn1.ASN1Type
Specified by:
isExplicit in interface ASN1Type

isOptional

public boolean isOptional()
for interface codec.asn1.ASN1Type
Specified by:
isOptional in interface ASN1Type

isRevoked

public boolean isRevoked(Certificate crt)
returns true if the given certificate is revoked in this crl
Overrides:
isRevoked in class CRL

isType

public boolean isType(int eins,
                      int zwei)
for interface codec.asn1.ASN1Type
Specified by:
isType in interface ASN1Type
Following copied from interface: codec.asn1.ASN1Type
Parameters:
tag - The tag to match.
tagclass - The tag class to match.
Returns:
true if this type matches the given tag and tag class.

setExplicit

public void setExplicit(boolean ex)
for interface codec.asn1.ASN1Type
Specified by:
setExplicit in interface ASN1Type

setIssuerDN

public void setIssuerDN(Principal iss)
sets this issuer

setNextUpdate

public void setNextUpdate(Calendar time)
sets the date of the next update

setNextUpdate

public void setNextUpdate(Date time)
sets the date of the next update Note that the TimeZone will be set to GMT since Date objects do not support time zones.

setOptional

public void setOptional(boolean opt)
for interface codec.asn1.ASN1Type
Specified by:
setOptional in interface ASN1Type

setSignature

public void setSignature(byte[] sig)
sets the signature on this object

setSignatureAlgorithm

public void setSignatureAlgorithm(AlgorithmIdentifier sigalg)
sets the signature algorithm for the signature private key

setThisUpdate

public void setThisUpdate(Calendar time)
sets the date of this update

setThisUpdate

public void setThisUpdate(Date time)
sets the date of this update Note that the TimeZone will be set to GMT since Date objects do not support time zones.

toString

public String toString()
Returns a human-readable string representation of this certificate revocation list
Overrides:
toString in class CRL

toString

public String toString(String offset)
Returns a human-readable string representation of this certificate revocation list

verify

public void verify(PublicKey key)
            throws CRLException,
                   NoSuchAlgorithmException,
                   InvalidKeyException,
                   NoSuchProviderException,
                   SignatureException
With this method, the certificate can be verified in an easy, but less secure way. If highest security is to be obtained, {link #getTBSCertList() getTBSCertList()} and {link #getSignature() getSignature()} should be used along with an external verification routine.
Overrides:
verify in class X509CRL
Parameters:
key - the issuer's public key to verify the TBS certlist
Throws:
NoSuchAlgorithmException - If there is no appropriate provider
InvalidKeyException - If there is a problem with the public key
SignatureException - If the Signature was bad.

verify

public void verify(PublicKey key,
                   String sigProvider)
            throws CRLException,
                   NoSuchAlgorithmException,
                   InvalidKeyException,
                   NoSuchProviderException,
                   SignatureException
with this method, the certificate can be verified in an easy, but less secure way. If highest security is to be obtained, {link #getTBSCertList() getTBSCertList()} and {link #getSignature() getSignature()} should be used along with an external verification routine.
Overrides:
verify in class X509CRL
Parameters:
key - the issuer's public key to verify the TBS certlist
sigProvider - a preferred JCA provider to be used for verification
Throws:
NoSuchAlgorithmException - If there is no appropriate provider
NoSuchProviderException - If the given provider could not be found
InvalidKeyException - If there is a problem with the public key
SignatureException - If the Signature was bad.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
Copyright © Fraunhofer Gesellschaft. All Rights Reserved.