Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

com.rsa.certj.cert.extensions

Class NetscapeRevocationURL

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.NetscapeRevocationURL
All Implemented Interfaces:
CertExtension, Cloneable, Serializable
public class NetscapeRevocationURL
extends X509V3Extension
implements Cloneable, Serializable, CertExtension

This class builds and holds the NetscapeRevocationURL extension. It is a relative or absolute URL that can be used to check the revocation status of a certificate. The value is an IA5String. The revocation check is performed as an HTTP GET method, using a URL that is the concatenation of revocation-url and certificate-serial-number, where the certificate-serial-number is encoded as a string of ASCII hexadecimal digits. For example, if the netscape-base-url is <https://www.certs-r-us.com/, the netscape-revocation-url is cgi-bin/check-rev.cgi?, and the certificate serial number is 173420, the resulting URL would be https://www.certs-r-us.com/cgi-bin/check-rev.cgi?02a56c.

The server should return a document with a content type of application/x-netscape- revocation. The document should contain a single ASCII digit; 1 if the certificate is not currently valid or 0 if it is currently valid.

The ASN.1 definition is as follows: 

 netscape OBJECT IDENTIFIER ::= { 2 16 840 1 113730 } 
 netscape-cert-extension OBJECT IDENTIFIER :: = { netscape 1 } 
 netscape-revocation-url OBJECT IDENTIFIER ::= { netscape-cert-extension 3 }

When the URL includes the certificate serial number, the serial number will be encoded as a string that consists of an even number of hexadecimal digits. If the number of significant digits is odd, then the string will have a single, leading zero to ensure that an even number of digits is generated.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

See Also

Serialized Form

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension
ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID
 

Constructor Summary
NetscapeRevocationURL()

Constructs an empty NetscapeRevocationURL object.
NetscapeRevocationURL(String revocationURL, boolean criticality)

Constructs a NetscapeRevocationURL object and initializes it with the given values and the specified criticality.
 

Method Summary

 Object

 clone()

Overrides the default clone method to get a deeper clone.

 void

 decodeValue(byte[] valueBER, int offset)

Decode the value.

 int

 derEncodeValue(byte[] encoding, int offset)

Place the encoding of the value into encoding, beginning at offset.

 int

 derEncodeValueInit()

Initialize for encoding the value.

 String

 getRevocationURL()

Gets the Netscape revocation URL string.

 void

 setRevocationURL(String revocationURL)

Sets the Netscape revocation URL string.
 
Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension
extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

NetscapeRevocationURL

public NetscapeRevocationURL()
Constructs an empty NetscapeRevocationURL object.

NetscapeRevocationURL

public NetscapeRevocationURL(String revocationURL,
                             boolean criticality)
Constructs a NetscapeRevocationURL object and initializes it with the given values and the specified criticality.

Parameters

         revocationURL  

The Netscape revocation URL value.

         criticality  

The user-specified criticality.

Method Detail

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException
Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides

decodeValue in class X509V3Extension

Parameters

         valueBER  

The BER encoding of the extension's value.

         offset  

The offset into valueBER where the encoding begins.

Throws

CertificateException - If the encoding is invalid for this extension.

setRevocationURL

public void setRevocationURL(String revocationURL)
Sets the Netscape revocation URL string.

Parameters

         revocationURL  

A relative or absolute URL to use for checking the revocation status of a certificate.

getRevocationURL

public String getRevocationURL()
Gets the Netscape revocation URL string.

Returns

A relative or absolute URL that can be used to check the revocation status of a certificate.

derEncodeValueInit

public int derEncodeValueInit()
Initialize for encoding the value.

Overrides

derEncodeValueInit in class X509V3Extension

Returns

How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)
Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides

derEncodeValue in class X509V3Extension

Parameters

         encoding  

The byte array into which the result will be placed.

         offset  

The offest into encoding where the writing is to begin.

Returns

The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException
Overrides the default clone method to get a deeper clone.

Overrides

clone in class X509V3Extension

Returns

A new NetscapeRevocationURL object, a copy of this object.

Throws

CloneNotSupportedException - If the cloning operation is not successful.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
RSA BSAFE ® Cert-J 2.1.1 001-047007-211-001-000