|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension | +--com.rsa.certj.cert.extensions.CRLDistributionPoints
This class holds the CRL distribution points extension. Use CRL distribution points extension only as a certificate extension, in both CA certificates and end-entity certificates. This field identifies the CRL distribution point or points to which a certificate user should refer to ascertain if the certificate has been revoked. A certificate user can obtain a CRL from an applicable distribution point or it can obtain a current complete CRL from the CA directory entry.
The ASN.1 definition is as follows:cRLDistributionPoints EXTENSION ::= { SYNTAX CRLDistPointsSyntax IDENTIFIED BY id-ce-cRLDistributionPoints } CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint DistributionPoint ::= SEQUENCE { distributionPoint [0] DistributionPointName OPTIONAL, reasons [1] ReasonFlags OPTIONAL, crlIssuer [2] GeneralNames OPTIONAL } DistributionPointName ::= CHOICE { fullName [0] GeneralNames, nameRelativeToCRLIssuer [1] RelativeDistinguishedName } ReasonFlags ::= BIT STRING { unused (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6) } |
distributionPoint
component identifies the
location from which the CRL can be obtained. If this
component is absent, the distribution point name defaults
to the CRL issuer name.
The reasons
component indicates the revocation
reasons covered by this CRL. If the reasons
component is absent, the corresponding CRL distribution
point distributes a CRL which will contain an entry for
this certificate (if revoked)
regardless of revocation reason. Otherwise, the
reasons
value indicates which revocation reasons
are covered by the corresponding CRL distribution point.
The crlIssuer
component identifies the authority
that issues and signs the CRL. If this component is absent,
the CRL issuer name defaults to the certificate issuer name.
The CRL distribution point extension can, at the option of
the certificate issuer, be either critical or non-critical.
RSA Security recommendeds that you flag it non-critical.
Copyright © RSA Security Inc., 1999-2001. All rights reserved.
See Also
Field Summary |
|
static int |
AFFILIATION_CHANGED
Indicates that the subject's name or other information in the certificate has been modified but there is no cause to suspect that the private key has been compromised. |
static int |
CA_COMPROMISE
Indicates that it is known or suspected that the subject's private key, or other aspects of the subject validated in the certificate, have been compromised. |
static int |
CERTIFICATE_HOLD
Indicates that the certificate is on hold. |
static int |
CESSATION_OF_OPERATION
Indicates that the certificate is no longer needed for the purpose for which it was issued but there is no cause to suspect that the private key has been compromised. |
static int |
KEY_COMPROMISE
Indicates that it is known or suspected that the subject's private key, or other aspects of the subject validated in the certificate, have been compromised. |
static int |
REASON_FLAGS_BITS
Indicates the number of reasonFlags bits are there. |
static int |
REASON_FLAGS_MASK
Indicates which |
static int |
SUPERSEDED
Indicates that the certificate has been superseded but there is no cause to suspect that the private key has been compromised. |
static int |
UNUSED
Indicates that |
Constructor Summary |
|
CRLDistributionPoints()
Constructs an empty |
|
CRLDistributionPoints(GeneralNames distributionPoint,
int reason,
GeneralNames crlIssuer,
boolean criticality)
Constructs a |
|
CRLDistributionPoints(RDN distributionPoint,
int reason,
GeneralNames crlIssuer,
boolean criticality)
Constructs a |
Method Summary |
|
void |
addDistributionPoints(GeneralNames distributionPoint,
int reason,
GeneralNames crlIssuer)
Adds a CRL distribution point. |
void |
addDistributionPoints(RDN distributionPoint,
int reason,
GeneralNames crlIssuer)
Adds a CRL distribution point. |
clone()
Overrrides the default |
|
void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
int |
derEncodeValueInit()
Initialize for encoding the value. |
getCRLIssuer(int index)
Gets the value of |
|
int |
getDistributionPointCount()
Gets the number of distribution points in this object. |
getDistributionPointName(int index)
Gets the |
|
int |
getReasonFlags(int index)
Gets the value of reason flags at the specified index. |
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension |
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int REASON_FLAGS_BITS
public static final int REASON_FLAGS_MASK
reasonFlag
bits to check.public static final int UNUSED
reasonFlags
component is not used
in this extension.public static final int KEY_COMPROMISE
public static final int CA_COMPROMISE
public static final int AFFILIATION_CHANGED
public static final int SUPERSEDED
public static final int CESSATION_OF_OPERATION
public static final int CERTIFICATE_HOLD
Constructor Detail |
public CRLDistributionPoints()
CRLDistributionPoints
object.public CRLDistributionPoints(RDN distributionPoint, int reason, GeneralNames crlIssuer, boolean criticality)
CRLDistributionPoints
object and
initializes it with the given values and the specified
criticality.
Use this constructor if the distributionPoint is
an RDN.Parameters
distributionPoint | The | ||
reason | The revocation reasons, one of the fields previously
defined in this class.
If reason is not set, pass | ||
crlIssuer | The authority that issues
and signs the CRL.
If crlIssuer is not set, pass | ||
criticality | A |
public CRLDistributionPoints(GeneralNames distributionPoint, int reason, GeneralNames crlIssuer, boolean criticality)
CRLDistributionPoints
object and
initializes it with the given values and the specified
criticality.
Use this constructor if the distributionPoint is a
GeneralNames
object.Parameters
distributionPoint | The | ||
reason | The revocation reasons, one of the fields previously
defined in this class.
If reason is not set, pass | ||
crlIssuer | The authority that issues
and signs the CRL.
If crlIssuer is not set, pass | ||
criticality | A |
Method Detail |
public void decodeValue(byte[] valueBER, int offset) throws CertificateException
Overrides
decodeValue
in class X509V3Extension
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding actually begins. |
Throws
CertificateException
- If the encoding is invalid for this
extension.public void addDistributionPoints(RDN distributionPoint, int reason, GeneralNames crlIssuer)
Parameters
distributionPoint | The | ||
reason | The revocation reasons, one of the fields previously
defined in this class.
If reason is not set, pass | ||
crlIssuer | The authority that issues
and signs the CRL.
If crlIssuer is not set, pass |
public void addDistributionPoints(GeneralNames distributionPoint, int reason, GeneralNames crlIssuer)
distributionPoint
is
a GeneralNames
object.Parameters
distributionPoint | The | ||
reason | The revocation reasons, one of the fields previously
defined in this class.
If reason is not set, pass | ||
crlIssuer | The authority that issues
and signs the CRL.
If crlIssuer is not set, pass |
public Object getDistributionPointName(int index) throws NameException
DistributionPointName
value at
the specified index.Parameters
Index | An |
Throws
NameException
- If specified index is invalid.public int getReasonFlags(int index) throws NameException
Parameters
An |
|
Returns
Throws
NameException
- If the
specified index
is invalid.public GeneralNames getCRLIssuer(int index) throws NameException
CrlIssuer
at
the specified index.Parameters
index | The index of the |
Returns
Throws
NameException
- If specified index is invalid.public int getDistributionPointCount()
Returns
public int derEncodeValueInit()
Overrides
derEncodeValueInit
in class X509V3Extension
Returns
public int derEncodeValue(byte[] encoding, int offset)
Overrides
derEncodeValue
in class X509V3Extension
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public Object clone() throws CloneNotSupportedException
clone
method
to get a deeper clone.
Overrides
clone
in class X509V3Extension
Returns
CRLDistributionPoints
object,
a copy of this object.
Throws
CloneNotSupportedException
- If the
cloning operation is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |