public class X509CRLImpl
extends java.security.cert.X509CRL
An implmentation for X509 CRL (Certificate Revocation List).
The X.509 v2 CRL format is described below in ASN.1:
CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }
A good description and profiling is provided in the IETF PKIX WG draft, Part I: X.509 Certificate and CRL Profile, <draft-ietf-pkix-ipki-part1-06.txt>.
The ASN.1 definition of tbsCertList is:
TBSCertList ::= SEQUENCE {
version Version OPTIONAL,
-- if present, must be v2
signature AlgorithmIdentifier,
issuer Name,
thisUpdate ChoiceOfTime,
nextUpdate ChoiceOfTime OPTIONAL,
revokedCertificates SEQUENCE OF SEQUENCE {
userCertificate CertificateSerialNumber,
revocationDate ChoiceOfTime,
crlEntryExtensions Extensions OPTIONAL
-- if present, must be v2
} OPTIONAL,
crlExtensions [0] EXPLICIT Extensions OPTIONAL
-- if present, must be v2
}
X509CRL| Constructor and Description |
|---|
X509CRLImpl(byte[] crlData)
Unmarshals an X.509 CRL from its encoded form, parsing the encoded
bytes.
|
X509CRLImpl(byte[] crlData,
boolean includeEntries) |
X509CRLImpl(java.io.InputStream inStrm)
Unmarshals an X.509 CRL from an input stream.
|
X509CRLImpl(X500Name issuer,
AlgorithmId algId,
java.util.Date thisDate,
java.util.Date nextDate,
java.util.Hashtable<java.math.BigInteger,RevokedCertificate> badCerts,
CRLExtensions crlExts)
CRL constructor, revoked certs and extensions.
|
X509CRLImpl(X500Name issuer,
AlgorithmId algId,
java.util.Date thisDate,
java.util.Date nextDate,
RevokedCertificate[] badCerts,
CRLExtensions crlExts)
CRL constructor, revoked certs and extensions.
|
X509CRLImpl(X500Name issuer,
java.util.Date thisDate,
java.util.Date nextDate)
Initial CRL constructor, no revoked certs, and no extensions.
|
X509CRLImpl(X500Name issuer,
java.util.Date thisDate,
java.util.Date nextDate,
RevokedCertificate[] badCerts)
CRL constructor, revoked certs, no extensions.
|
X509CRLImpl(X500Name issuer,
java.util.Date thisDate,
java.util.Date nextDate,
RevokedCertificate[] badCerts,
CRLExtensions crlExts)
CRL constructor, revoked certs and extensions.
|
| Modifier and Type | Method and Description |
|---|---|
boolean |
areEntriesIncluded() |
void |
encodeInfo(java.io.OutputStream out)
Encodes the "to-be-signed" CRL to the OutputStream.
|
java.util.Set<java.lang.String> |
getCriticalExtensionOIDs()
Gets a Set of the extension(s) marked CRITICAL in the
CRL by OID strings.
|
java.math.BigInteger |
getCRLNumber() |
java.math.BigInteger |
getDeltaBaseCRLNumber() |
byte[] |
getEncoded()
Returns the ASN.1 DER encoded form of this CRL.
|
CRLExtensions |
getExtensions()
Returns extensions for this impl.
|
byte[] |
getExtensionValue(java.lang.String oid)
Gets the DER encoded OCTET string for the extension value
(
extnValue) identified by the passed in oid String. |
java.security.Principal |
getIssuerDN()
Gets the issuer distinguished name from this CRL.
|
java.util.Hashtable<java.math.BigInteger,RevokedCertificate> |
getListOfRevokedCertificates() |
java.util.Date |
getNextUpdate()
Gets the nextUpdate date from the CRL.
|
java.util.Set<java.lang.String> |
getNonCriticalExtensionOIDs()
Gets a Set of the extension(s) marked NON-CRITICAL in the
CRL by OID strings.
|
int |
getNumberOfRevokedCertificates() |
java.security.cert.X509CRLEntry |
getRevokedCertificate(java.math.BigInteger serialNumber)
Get the revoked certificate from the CRL by the serial
number provided.
|
java.util.Set<RevokedCertificate> |
getRevokedCertificates()
Gets all the revoked certificates from the CRL.
|
java.lang.String |
getSigAlgName()
Gets the signature algorithm name for the CRL
signature algorithm.
|
java.lang.String |
getSigAlgOID()
Gets the signature algorithm OID string from the CRL.
|
byte[] |
getSigAlgParams()
Gets the DER encoded signature algorithm parameters from this
CRL's signature algorithm.
|
byte[] |
getSignature()
Gets the raw Signature bits from the CRL.
|
byte[] |
getTBSCertList()
Gets the DER encoded CRL information, the
tbsCertList from this CRL. |
java.util.Date |
getThisUpdate()
Gets the thisUpdate date from the CRL.
|
int |
getVersion()
Gets the version number from the CRL.
|
boolean |
hasUnsupportedCriticalExtension() |
boolean |
isDeltaCRL() |
boolean |
isRevoked(java.math.BigInteger serialNumber)
Checks whether the given serial number is on this CRL.
|
boolean |
isRevoked(java.security.cert.Certificate cert) |
boolean |
setSignature(byte[] crlSignature)
Returns true if signature was set.
|
boolean |
setSignedCRL(byte[] crl)
Returns true if signedCRL was set.
|
void |
sign(java.security.PrivateKey key,
java.lang.String algorithm)
Encodes an X.509 CRL, and signs it using the key
passed.
|
void |
sign(java.security.PrivateKey key,
java.lang.String algorithm,
java.lang.String provider)
Encodes an X.509 CRL, and signs it using the key
passed.
|
java.lang.String |
toString()
Returns a printable string of this CRL.
|
void |
verify(java.security.PublicKey key)
Verifies that this CRL was signed using the
private key that corresponds to the specified public key.
|
void |
verify(java.security.PublicKey key,
java.lang.String sigProvider)
Verifies that this CRL was signed using the
private key that corresponds to the specified public key,
and that the signature verification was computed by
the given provider.
|
public X509CRLImpl(byte[] crlData)
throws java.security.cert.CRLException,
X509ExtensionException
crlData - the encoded bytes, with no trailing padding.java.security.cert.CRLException - on parsing errors.X509ExtensionException - on extension handling errors.public X509CRLImpl(byte[] crlData,
boolean includeEntries)
throws java.security.cert.CRLException,
X509ExtensionException
java.security.cert.CRLExceptionX509ExtensionExceptionpublic X509CRLImpl(java.io.InputStream inStrm)
throws java.security.cert.CRLException,
X509ExtensionException
inStrm - an input stream holding at least one CRLjava.security.cert.CRLException - on parsing errors.X509ExtensionException - on extension handling errors.public X509CRLImpl(X500Name issuer, java.util.Date thisDate, java.util.Date nextDate)
issuer - the name of the CA issuing this CRL.thisDate - the Date of this issue.nextDate - the Date of the next CRL.public X509CRLImpl(X500Name issuer, java.util.Date thisDate, java.util.Date nextDate, RevokedCertificate[] badCerts) throws java.security.cert.CRLException, X509ExtensionException
issuer - the name of the CA issuing this CRL.thisDate - the Date of this issue.nextDate - the Date of the next CRL.badCerts - the array of revoked certificates.java.security.cert.CRLException - on parsing/construction errors.X509ExtensionException - on extension handling errors.public X509CRLImpl(X500Name issuer, java.util.Date thisDate, java.util.Date nextDate, RevokedCertificate[] badCerts, CRLExtensions crlExts) throws java.security.cert.CRLException, X509ExtensionException
issuer - the name of the CA issuing this CRL.thisDate - the Date of this issue.nextDate - the Date of the next CRL.badCerts - the array of revoked certificates.crlExts - the CRL extensions.java.security.cert.CRLException - on parsing/construction errors.X509ExtensionException - on extension handling errors.public X509CRLImpl(X500Name issuer, AlgorithmId algId, java.util.Date thisDate, java.util.Date nextDate, RevokedCertificate[] badCerts, CRLExtensions crlExts) throws java.security.cert.CRLException, X509ExtensionException
issuer - the name of the CA issuing this CRL.algId - signing algorithm idthisDate - the Date of this issue.nextDate - the Date of the next CRL.badCerts - the array of revoked certificates.crlExts - the CRL extensions.java.security.cert.CRLExceptionX509ExtensionExceptionpublic X509CRLImpl(X500Name issuer, AlgorithmId algId, java.util.Date thisDate, java.util.Date nextDate, java.util.Hashtable<java.math.BigInteger,RevokedCertificate> badCerts, CRLExtensions crlExts) throws java.security.cert.CRLException, X509ExtensionException
issuer - the name of the CA issuing this CRL.algId - signing algorithm idthisDate - the Date of this issue.nextDate - the Date of the next CRL.badCerts - the hashtable of revoked certificates.crlExts - the CRL extensions.java.security.cert.CRLException - on parsing/construction errors.X509ExtensionException - on extension handling errors.public byte[] getEncoded()
throws java.security.cert.CRLException
getEncoded in class java.security.cert.X509CRLjava.security.cert.CRLException - if an encoding error occurs.public boolean setSignedCRL(byte[] crl)
crl - byte array of containing signed CRL.public boolean hasUnsupportedCriticalExtension()
public void encodeInfo(java.io.OutputStream out)
throws java.security.cert.CRLException,
X509ExtensionException
out - the OutputStream to write to.java.security.cert.CRLException - on encoding errors.X509ExtensionException - on extension encoding errors.public void verify(java.security.PublicKey key)
throws java.security.cert.CRLException,
java.security.NoSuchAlgorithmException,
java.security.InvalidKeyException,
java.security.NoSuchProviderException,
java.security.SignatureException
verify in class java.security.cert.X509CRLkey - the PublicKey used to carry out the verification.java.security.NoSuchAlgorithmException - on unsupported signature
algorithms.java.security.InvalidKeyException - on incorrect key.java.security.NoSuchProviderException - if there's no default provider.java.security.SignatureException - on signature errors.java.security.cert.CRLException - on encoding errors.public void verify(java.security.PublicKey key,
java.lang.String sigProvider)
throws java.security.cert.CRLException,
java.security.NoSuchAlgorithmException,
java.security.InvalidKeyException,
java.security.NoSuchProviderException,
java.security.SignatureException
verify in class java.security.cert.X509CRLkey - the PublicKey used to carry out the verification.sigProvider - the name of the signature provider.java.security.NoSuchAlgorithmException - on unsupported signature
algorithms.java.security.InvalidKeyException - on incorrect key.java.security.NoSuchProviderException - on incorrect provider.java.security.SignatureException - on signature errors.java.security.cert.CRLException - on encoding errors.public void sign(java.security.PrivateKey key,
java.lang.String algorithm)
throws java.security.cert.CRLException,
java.security.NoSuchAlgorithmException,
java.security.InvalidKeyException,
java.security.NoSuchProviderException,
java.security.SignatureException,
X509ExtensionException
key - the private key used for signing.algorithm - the name of the signature algorithm used.java.security.NoSuchAlgorithmException - on unsupported signature
algorithms.java.security.InvalidKeyException - on incorrect key.java.security.NoSuchProviderException - on incorrect provider.java.security.SignatureException - on signature errors.java.security.cert.CRLException - if any mandatory data was omitted.X509ExtensionException - on any extension errors.public void sign(java.security.PrivateKey key,
java.lang.String algorithm,
java.lang.String provider)
throws java.security.cert.CRLException,
java.security.NoSuchAlgorithmException,
java.security.InvalidKeyException,
java.security.NoSuchProviderException,
java.security.SignatureException,
X509ExtensionException
key - the private key used for signing.algorithm - the name of the signature algorithm used.provider - the name of the provider.java.security.NoSuchAlgorithmException - on unsupported signature
algorithms.java.security.InvalidKeyException - on incorrect key.java.security.NoSuchProviderException - on incorrect provider.java.security.SignatureException - on signature errors.java.security.cert.CRLException - if any mandatory data was omitted.X509ExtensionException - on any extension errors.public java.lang.String toString()
toString in class java.security.cert.CRLpublic boolean isRevoked(java.math.BigInteger serialNumber)
serialNumber - the number to check for.public boolean isRevoked(java.security.cert.Certificate cert)
isRevoked in class java.security.cert.CRLpublic int getVersion()
Version ::= INTEGER { v1(0), v2(1), v3(2) }
-- v3 does not apply to CRLs but appears for consistency
-- with definition of Version for certs
getVersion in class java.security.cert.X509CRLpublic java.security.Principal getIssuerDN()
issuer Name
Name ::= CHOICE { RDNSequence }
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::=
SET OF AttributeValueAssertion
AttributeValueAssertion ::= SEQUENCE {
AttributeType,
AttributeValue }
AttributeType ::= OBJECT IDENTIFIER
AttributeValue ::= ANY
The Name describes a hierarchical name composed of attributes,
such as country name, and corresponding values, such as US.
The type of the component AttributeValue is determined by the
AttributeType; in general it will be a directoryString.
A directoryString is usually one of PrintableString,
TeletexString or UniversalString.getIssuerDN in class java.security.cert.X509CRLpublic java.util.Date getThisUpdate()
getThisUpdate in class java.security.cert.X509CRLpublic java.util.Date getNextUpdate()
getNextUpdate in class java.security.cert.X509CRLpublic java.security.cert.X509CRLEntry getRevokedCertificate(java.math.BigInteger serialNumber)
getRevokedCertificate in class java.security.cert.X509CRLRevokedCertificatepublic java.util.Set<RevokedCertificate> getRevokedCertificates()
getRevokedCertificates in class java.security.cert.X509CRLRevokedCertificatepublic java.util.Hashtable<java.math.BigInteger,RevokedCertificate> getListOfRevokedCertificates()
public int getNumberOfRevokedCertificates()
public byte[] getTBSCertList()
throws java.security.cert.CRLException
tbsCertList from this CRL.
This can be used to verify the signature independently.getTBSCertList in class java.security.cert.X509CRLjava.security.cert.CRLException - on parsing errors.public byte[] getSignature()
getSignature in class java.security.cert.X509CRLpublic boolean setSignature(byte[] crlSignature)
crlSignature - byte array of containing CRL signature.public java.lang.String getSigAlgName()
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters ANY DEFINED BY algorithm OPTIONAL }
-- contains a value of the type
-- registered for use with the
-- algorithm object identifier value
getSigAlgName in class java.security.cert.X509CRLpublic java.lang.String getSigAlgOID()
getSigAlgOID in class java.security.cert.X509CRLpublic byte[] getSigAlgParams()
getSigAlgParams in class java.security.cert.X509CRLpublic java.util.Set<java.lang.String> getCriticalExtensionOIDs()
public java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()
public byte[] getExtensionValue(java.lang.String oid)
extnValue) identified by the passed in oid String.
The oid string is
represented by a set of positive whole number separated
by ".", that means,oid - the Object Identifier value for the extension.public java.math.BigInteger getCRLNumber()
public java.math.BigInteger getDeltaBaseCRLNumber()
public boolean isDeltaCRL()
public CRLExtensions getExtensions()
public boolean areEntriesIncluded()