Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.rsa.certj.cert.extensions

Class ArchiveCutoff

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.ArchiveCutoff
All Implemented Interfaces:
Cloneable, OCSPSingleExtension, Serializable
public class ArchiveCutoff
extends X509V3Extension
implements Cloneable, Serializable, OCSPSingleExtension

This class implements a standard extension, Archive Cutoff, used in an OCSP response message as defined in rfc 2560.

An OCSP responder may choose to retain revocation information beyond a certificate's expiration. The date obtained by subtracting this retention interval value from the producedAt time in a response is defined as the certificate's "archive cutoff" date.

OCSP-enabled applications use an OCSP archive cutoff date to contribute to a proof that a digital signature was (or was not) reliable on the date it was produced even if the certificate needed to validate the signature has expired.

OCSP servers that provide support for such historical reference SHOULD include an archive cutoff date extension in responses. If included, this value SHALL be provided as an OCSP singleExtensions extension identified by id-pkix-ocsp-archive-cutoff and of syntax GeneralizedTime. 

 id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }

 ArchiveCutoff ::= GeneralizedTime
For example, if a server is operated with a 7-year retention interval policy and status was produced at time t1 then the value for ArchiveCutoff in the response would be (t1 - 7 years).

Copyright © RSA Security Inc., 2001. All rights reserved.

See Also

Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension
ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID
 

Constructor Summary
ArchiveCutoff()

Constructs an empty ArchiveCutoff object.
ArchiveCutoff(Date archiveCutoffDate)

Constructs a ArchiveCutoff object for specified contents.
 

Method Summary

 Object

 clone()

Overrrides the default clone method to get a deeper clone.

 void

 decodeValue(byte[] valueBER, int offset)

Decode the value.

 int

 derEncodeValue(byte[] encoding, int offset)

Place the encoding of the value into encoding, beginning at offset.

 int

 derEncodeValueInit()

Initialize for encoding the value.

 Date

 getArchiveCutoffDate()

Returns the archive cutoff date of this object.

 void

 setArchiveCutoffDate(Date archiveCutoffDate)

Sets the archiveCutoffDate value of this object.
 
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ArchiveCutoff

public ArchiveCutoff()
Constructs an empty ArchiveCutoff object.

ArchiveCutoff

public ArchiveCutoff(Date archiveCutoffDate)
Constructs a ArchiveCutoff object for specified contents.

Parameters

         archiveCutoffDate  

A Date object holding the value of the archive cutoff date.

Method Detail

derEncodeValueInit

public int derEncodeValueInit()
Initialize for encoding the value.

Overrides

derEncodeValueInit in class X509V3Extension

Returns

How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)
Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides

derEncodeValue in class X509V3Extension

Parameters

         encoding  

The byte array into which the result will be placed.

         offset  

The offest into encoding where the writing is to begin.

Returns

The number of bytes actually placed into encoding.

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException
Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides

decodeValue in class X509V3Extension

Parameters

         valueBER  

The BER encoding of the extension's value.

         offset  

The offset into valueBER where the encoding begins.

Throws

CertificateException - If the encoding is invalid for this extension.

getArchiveCutoffDate

public Date getArchiveCutoffDate()
Returns the archive cutoff date of this object.

Returns

A Date object holding the archive cutoff date of this object. If this component is missing, it returns null.

setArchiveCutoffDate

public void setArchiveCutoffDate(Date archiveCutoffDate)
Sets the archiveCutoffDate value of this object. If this object already has an archiveCutoffDate value, this method will replace it with the given value.

Parameters

         archiveCutoffDate  

The archive cutoff time.

clone

public Object clone()
             throws CloneNotSupportedException
Overrrides the default clone method to get a deeper clone.

Overrides

clone in class X509V3Extension

Returns

An ArchiveCutoff object, a copy of this object.

Throws

CloneNotSupportedException - If there is some difficulty in creating the copy.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
RSA BSAFE ® Cert-J 2.1.1 001-047007-211-001-000