Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.rsa.certj.cert.extensions

Class NetscapeCARevocationURL

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.NetscapeCARevocationURL
All Implemented Interfaces:
CertExtension, Cloneable, Serializable
public class NetscapeCARevocationURL
extends X509V3Extension
implements Cloneable, Serializable, CertExtension

This class builds and holds a a relative or absolute URL. This URL can be used to check the revocation status of any certificates that are signed by the CA, to which this certificate belongs. This extension is only valid in CA certificates. The value is an IA5String. The revocation check will be performed as an HTTP GET method, using a URL that is the concatenation of ca-revocation-url and certificate-serial-number, where the certificate-serial-number is encoded as a string of ASCII hexadecimal digits.

For example, if the netscape-base-url is https://www.certs-r-us.com/, the netscape-ca-revocation-url is cgi-bin/check-rev.cgi?, and the certificate serial number is 173420, the resulting URL would be https://www.certs-r-us.com/cgi-bin/check-rev.cgi?02a56c.

The server should return a document with a content type of application/x-netscape- revocation. The document should contain a single ASCII digit; 1 if the certificate is not currently valid or 0 if it is currently valid.

The ASN.1 definition is as follows: 

 netscape OBJECT IDENTIFIER ::= { 2 16 840 1 113730 } 
 netscape-cert-extension OBJECT IDENTIFIER :: = { netscape 1 } 
 netscape-ca-revocation-url OBJECT IDENTIFIER ::= { netscape-cert-extension 4 }

When the URL includes the certificate serial number, the serial number will be encoded as a string that consists of an even number of hexadecimal digits. If the number of significant digits is odd, then the string will have a single, leading zero to ensure that an even number of digits is generated.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

See Also

Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension
ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID
 

Constructor Summary
NetscapeCARevocationURL()

Constructs an empty NetscapeCAREvocationURL object.
NetscapeCARevocationURL(String revocationURL, boolean criticality)

Constructs a NetscapeCARevocationURL object and initializes it with the given values and the specified criticality.
 

Method Summary

 Object

 clone()

Overrides the default clone method to get a deeper clone.

 void

 decodeValue(byte[] valueBER, int offset)

Decode the value.

 int

 derEncodeValue(byte[] encoding, int offset)

Place the encoding of the value into encoding, beginning at offset.

 int

 derEncodeValueInit()

Initialize for encoding the value.

 String

 getCARevocationURL()

Gets the CA Revocation URL string.

 void

 setCARevocationURL(String revocationURL)

Sets the CA Revocation URL string.
 
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

NetscapeCARevocationURL

public NetscapeCARevocationURL()
Constructs an empty NetscapeCAREvocationURL object.

NetscapeCARevocationURL

public NetscapeCARevocationURL(String revocationURL,
                               boolean criticality)
Constructs a NetscapeCARevocationURL object and initializes it with the given values and the specified criticality.

Parameters

         revocationURL  

The Netscape CA Revocation URL value.

         criticality  

The user-specified criticality.

Method Detail

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException
Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides

decodeValue in class X509V3Extension

Parameters

         valueBER  

The BER encoding of the extension's value.

         offset  

The offset into valueBER where the encoding begins.

Throws

CertificateException - If the encoding is invalid for this extension.

setCARevocationURL

public void setCARevocationURL(String revocationURL)
Sets the CA Revocation URL string.

Parameters

         revocationURL  

A relative or absolute URL that can be used to check the revocation status of a certificate that has been signed by the CA to which this certificate belongs.

getCARevocationURL

public String getCARevocationURL()
Gets the CA Revocation URL string.

Returns

The relative or absolute URL that can be used to check the revocation status of a certificate that has been signed by the CA to which this certificate belongs.

derEncodeValueInit

public int derEncodeValueInit()
Initialize for encoding the value.

Overrides

derEncodeValueInit in class X509V3Extension

Returns

How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)
Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides

derEncodeValue in class X509V3Extension

Parameters

         encoding  

The byte array into which the result will be placed.

         offset  

The offest into encoding where the writing is to begin.

Returns

The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException
Overrides the default clone method to get a deeper clone.

Overrides

clone in class X509V3Extension

Returns

A new NetscapeCARevocationURL object, a copy of this object.

Throws

CloneNotSupportedException - If the cloning operation is not successful.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
RSA BSAFE ® Cert-J 2.1.1 001-047007-211-001-000