|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.rsa.certj.cert.extensions.X509V3Extension | +--com.rsa.certj.cert.extensions.IssuingDistributionPoint
This class builds and holds the
IssuingDistributionPoint
extension. This
CRL extension field identifies the CRL distribution
point for this particular CRL, and indicates if the
CRL is limited to revocations for end-entity
certificates only, for CA certificates only, or for a
limited set of reasons only. The CRL is signed by the
CRL issuer key; CRL distribution points do not have
their own key pairs. However, for a CRL distributed
using the X.500 directory, the CRL is stored in the
entry of the CRL distribution point, which may not be
the directory entry of the CRL issuer.
issuingDistributionPoint EXTENSION ::= { SYNTAX IssuingDistPointSyntax IDENTIFIED BY id-ce-issuingDistributionPoint } IssuingDistPointSyntax ::= SEQUENCE { distributionPoint [0] DistributionPointName OPTIONAL, onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, onlySomeReasons [3] ReasonFlags OPTIONAL, indirectCRL [4] BOOLEAN DEFAULT FALSE } DistributionPointName ::= CHOICE { fullName [0] GeneralNames, nameRelativeToCRLIssuer [1] RelativeDistinguishedName } ReasonFlags ::= BIT STRING { unused (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6) } |
distributionPoint
component contains
the name of the distribution point in one or more name
forms. If this field is absent, the CRL must contain
entries for all revoked unexpired certificates issued
by the CRL issuer. If
onlyContainsUserCerts
is
true
, then the CRL only contains
revocations for end-entity certificates. If
onlyContainsCACerts
is true
,
then the CRL only contains revocations for
CA certificates. If onlySomeReasons
is
present, then the CRL only contains revocations for
the identified reason or reasons; otherwise, the CRL
contains revocations for all reasons. If
indirectCRL
is true
, then
the CRL may contain revocation notifications from CAs
other than the issuer of the CRL.
This extension is always critical.
Copyright © RSA Security Inc., 1999-2001. All rights reserved.
See Also
Field Summary |
|
static int |
AFFILIATION_CHANGED
Indicates that the subject's name, or other information in the certificate, has been modified. |
static int |
CA_COMPROMISE
Indicates that it is known or suspected that the subject's private key, or other aspects of the subject validated in the certificate, have been compromised. |
static int |
CERTIFICATE_HOLD
Indicates that the certificate is put on hold. |
static int |
CESSATION_OF_OPERATION
Indicates that the certificate is no longer needed for the purpose for which it was issued. |
static int |
KEY_COMPROMISE
Indicates that it is known or suspected that the subject's private key, or other aspects of the subject validated in the certificate, have been compromised. |
static int |
REASON_FLAGS_BITS
Indicates the number of |
static int |
REASON_FLAGS_MASK
Indicates which |
static int |
SUPERSEDED
Indicates that the certificate has been superseded. |
static int |
UNUSED
Indicates that |
Constructor Summary |
|
IssuingDistributionPoint()
Constructs an empty |
|
IssuingDistributionPoint(GeneralNames distributionPoint,
boolean userCerts,
boolean caCerts,
int reason,
boolean indirectCRL,
boolean criticality)
Creates an |
|
IssuingDistributionPoint(RDN distributionPoint,
boolean userCerts,
boolean caCerts,
int reason,
boolean indirectCRL,
boolean criticality)
Creates an |
Method Summary |
|
clone()
Overrides the default |
|
void |
decodeValue(byte[] valueBER,
int offset)
Decode the value. |
int |
derEncodeValue(byte[] encoding,
int offset)
Place the encoding of the value into encoding, beginning at offset. |
int |
derEncodeValueInit()
Initialize for encoding the value. |
boolean |
getCACerts()
Gets the |
getDistributionPointName()
Gets the |
|
boolean |
getIndirectCRL()
Gets the |
int |
getReasonFlags()
Gets the |
boolean |
getUserCerts()
Gets the |
void |
setCACerts(boolean caCerts)
Sets the |
void |
setIndirectCRL(boolean indirectCRL)
Sets the |
void |
setIssuingDistributionPointName(GeneralNames distributionPoint)
Sets the issuing distribution point name
for a |
void |
setIssuingDistributionPointName(RDN distributionPoint)
Sets the issuing distribution point name
for an |
void |
setReasonFlags(int reason)
Sets |
void |
setUserCerts(boolean userCerts)
Sets the |
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension |
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final int REASON_FLAGS_BITS
reasonFlags
bits.public static final int REASON_FLAGS_MASK
reasonFlags
bits are meaningful.public static final int UNUSED
reasonFlags
component is not used
in this extension.public static final int KEY_COMPROMISE
public static final int CA_COMPROMISE
public static final int AFFILIATION_CHANGED
public static final int SUPERSEDED
public static final int CESSATION_OF_OPERATION
public static final int CERTIFICATE_HOLD
Constructor Detail |
public IssuingDistributionPoint()
IssuingDistributionPoint
object.public IssuingDistributionPoint(RDN distributionPoint, boolean userCerts, boolean caCerts, int reason, boolean indirectCRL, boolean criticality)
IssuingDistributionPoint
object
from an RDN
distribution point and initializes it with
the given values.Parameters
distributionPoint | An | ||
userCerts | If | ||
caCerts | If | ||
reason | The revocation reasons.
It should be one of the fields previously defined in this class.
If this field is not set, pass | ||
indirectCRL | If | ||
criticality | The user-specified criticality. |
public IssuingDistributionPoint(GeneralNames distributionPoint, boolean userCerts, boolean caCerts, int reason, boolean indirectCRL, boolean criticality)
IssuingDistributionPoint
object
from a GeneralNames
distribution point and
initializes it with the given values.Parameters
distributionPoint | A | ||
userCerts | If | ||
caCerts | If | ||
reason | The revocation reasons.
It should be one of the fields previously defined in this class.
If this field is not set, pass | ||
indirectCRL | If | ||
criticality | The user-specified criticality. |
Method Detail |
public void decodeValue(byte[] valueBER, int offset) throws CertificateException
Overrides
decodeValue
in class X509V3Extension
Parameters
valueBER | The BER encoding of the extension's value. | ||
offset | The offset into valueBER where the encoding begins. |
Throws
CertificateException
- If the encoding is invalid for this
extension.public void setIssuingDistributionPointName(GeneralNames distributionPoint)
GeneralNames
distribution point.Parameters
distributionPoint | The |
public void setIssuingDistributionPointName(RDN distributionPoint)
RDN
distribution point.Parameters
distributionPoint | The |
public void setUserCerts(boolean userCerts)
onlyContainsUserCerts
flag.Parameters
userCerts | If |
public void setCACerts(boolean caCerts)
onlyContainsCACerts
flag.Parameters
caCerts | If |
public void setReasonFlags(int reason)
onlySomeReasons
that is used in the
IssuingDistPointSyntax
ASN.1 structure.
Parameters
reason | The revocation reasons that can be one or more of the static field values previously defined in this class. |
public void setIndirectCRL(boolean indirectCRL)
indirectCRL
flag.Parameters
indirectCRL | If |
public Object getDistributionPointName()
DistributionPointName
field's value.
Returns
distributionPoint
field’s value.
Since the distributionPoint
value
can be an RDN
or a
GeneralNames
object, you must use
'instanceof' to determine the object type and to
cast the object to the right object type.
distributionPoint
can also be
null
, if it has not been set.public boolean getUserCerts()
onlyContainsUserCerts
field value.
Returns
boolean
that specifies
if CRL only contains revocations for end-entity certificates.public boolean getCACerts()
onlyContainsCACerts
field value.
Returns
boolean
that specifies if CRL
only contains revocations for CA certificates.public int getReasonFlags()
onlySomeReasons
field value.
Returns
-1
, if
reasonFlags
is not set.public boolean getIndirectCRL()
indirectCRL
field value.
Returns
boolean
that specifies if the CRL may
contain revocation notifications from CAs other than the issuer
of the CRL.public int derEncodeValueInit()
Overrides
derEncodeValueInit
in class X509V3Extension
Returns
public int derEncodeValue(byte[] encoding, int offset)
Overrides
derEncodeValue
in class X509V3Extension
Parameters
encoding | The byte array into which the result will be placed. | ||
offset | The offest into encoding where the writing is to begin. |
Returns
public Object clone() throws CloneNotSupportedException
clone
method
to get a deeper clone.
Overrides
clone
in class X509V3Extension
Returns
IssuingDistributionPoints
object,
a copy of this object.
Throws
CloneNotSupportedException
- If the cloning operation
is not successful.
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |