com.rsa.certj.cert.extensions

Class ReasonCode

java.lang.Object
  |
  +--com.rsa.certj.cert.extensions.X509V3Extension
        |
        +--com.rsa.certj.cert.extensions.ReasonCode

All Implemented Interfaces:

Cloneable, CRLEntryExtension, OCSPSingleExtension, Serializable

public class ReasonCode

extends X509V3Extension

implements Cloneable, Serializable, CRLEntryExtension, OCSPSingleExtension

This class holds, encodes, and decodes the ReasonCode extension. This CRL entry extension field identifies a reason for the certificate revocation. The reason code may be used by applications to decide, based on local policy, how to react to posted revocations.

The ASN.1 definition is as follows:

 reasonCode EXTENSION ::= {
	SYNTAX	CRLReason
	IDENTIFIED BY id-ce-reasonCode }

 CRLReason ::= ENUMERATED {
	unspecified 	    	(0),
	keyCompromise 	    	(1), 
	cACompromise            (2), 
	affiliationChanged     	(3), 
	superseded              (4),
	cessationOfOperation 	(5),
	certificateHold        	(6),
	removeFromCRL 	     	(8) }
  

The following reason code values indicate why a certificate was revoked:

keyCompromise is used in revoking an end-entity certificate; it indicates that it is known or suspected that the subject's private key, or other aspects of the subject validated in the certificate, have been compromised.

cACompromise is used in revoking a CA-certificate; it indicates that it is known or suspected that the subject's private key, or other aspects of the subject validated in the certificate, have been compromised.

affiliationChanged indicates that the subject's name or other information in the certificate has been modified, but there is no cause to suspect that the private key has been compromised.

superseded indicates that the certificate has been superseded, but there is no cause to suspect that the private key has been compromised.

cessationOfOperation indicates that the certificate is no longer needed for the purpose for which it was issued, but there is no cause to suspect that the private key has been compromised.

certificateHold places a certificate on hold.

removeFromCRL is for use with delta-CRLs only and indicates that an existing CRL entry should now be removed owing to certificate expiration or hold release.

This extension is always non-critical.

Copyright © RSA Security Inc., 1999-2001. All rights reserved.

See Also

Serialized Form

Field Summary

static int	REASON_CODE_AFFILIATION_CHANGED The flag to indicate that reason code is affiliationChanged.
static int	REASON_CODE_CA_COMPROMISE The flag to indicate that reason code is caCompromise.
static int	REASON_CODE_CERTIFICATE_HOLD The flag to indicate that reason code is certificateHold.
static int	REASON_CODE_CESSATION_OF_OPERATION The flag to indicate that reason code is cessationOfOperation.
static int	REASON_CODE_KEY_COMPROMISE The flag to indicate that reason code is keyCompromise.
static int	REASON_CODE_REMOVED_FROM_CRL The flag to indicate that reason code is removedFromCrl.
static int	REASON_CODE_SUPERSEDED The flag to indicate that reason code is superseded.
static int	REASON_CODE_UNSPECIFIED The flag to indicate that reason code is unspecified.

Fields inherited from class com.rsa.certj.cert.extensions.X509V3Extension

ARCHIVE_CUTOFF, ARCHIVE_CUTOFF_OID, AUTHORITY_INFO_ACCESS, AUTHORITY_INFO_OID, AUTHORITY_KEY_ID, BASIC_CONSTRAINTS, BIO_INFO, BIO_INFO_OID, CERT_POLICIES, CERTIFICATE_ISSUER, CRL_DISTRIBUTION_POINTS, CRL_NUMBER, CRL_REFERENCE, CRL_REFERENCE_OID, DELTA_CRL_INDICATOR, EXTENDED_KEY_USAGE, HOLD_INSTRUCTION_CODE, INHIBIT_ANY_POLICY, INVALIDITY_DATE, ISSUER_ALT_NAME, ISSUING_DISTRIBUTION_POINT, KEY_USAGE, NAME_CONSTRAINTS, NETSCAPE_BASE_URL, NETSCAPE_BASE_URL_OID, NETSCAPE_CA_POLICY_URL, NETSCAPE_CA_POLICY_URL_OID, NETSCAPE_CA_REVOCATION_URL, NETSCAPE_CA_REVOCATION_URL_OID, NETSCAPE_CERT_RENEWAL_URL, NETSCAPE_CERT_RENEWAL_URL_OID, NETSCAPE_CERT_TYPE, NETSCAPE_CERT_TYPE_OID, NETSCAPE_COMMENT, NETSCAPE_COMMENT_OID, NETSCAPE_REVOCATION_URL, NETSCAPE_REVOCATION_URL_OID, NETSCAPE_SSL_SERVER_NAME, NETSCAPE_SSL_SERVER_NAME_OID, NON_STANDARD_EXTENSION, OCSP_ACCEPTABLE_RESPONSES, OCSP_ACCEPTABLE_RESPONSES_OID, OCSP_NOCHECK, OCSP_NOCHECK_OID, OCSP_NONCE, OCSP_NONCE_OID, OCSP_SERVICE_LOCATOR, OCSP_SERVICE_LOCATOR_OID, POLICY_CONSTRAINTS, POLICY_MAPPINGS, PRIVATE_KEY_USAGE_PERIOD, QC_STATEMENTS, QC_STATEMENTS_OID, REASON_CODE, SUBJECT_ALT_NAME, SUBJECT_DIRECTORY_ATTRIBUTES, SUBJECT_KEY_ID, VERISIGN_CZAG, VERISIGN_CZAG_OID, VERISIGN_FIDELITY_ID, VERISIGN_FIDELITY_ID_OID, VERISIGN_JURISDICTION_HASH, VERISIGN_JURISDICTION_HASH_OID, VERISIGN_NETSCAPE_INBOX_V1, VERISIGN_NETSCAPE_INBOX_V1_OID, VERISIGN_NETSCAPE_INBOX_V2, VERISIGN_NETSCAPE_INBOX_V2_OID, VERISIGN_NON_VERIFIED, VERISIGN_NON_VERIFIED_OID, VERISIGN_SERIAL_NUMBER, VERISIGN_SERIAL_NUMBER_OID, VERISIGN_TOKEN_TYPE, VERISIGN_TOKEN_TYPE_OID

Constructor Summary

ReasonCode()

Constructs an empty ReasonCode object.

ReasonCode(int reasonCode, boolean criticality)

Constructs a ReasonCode object and initializes it with the given values.

Method Summary

Object	clone() Overrides the default clone method to get a deeper clone.
void	decodeValue(byte[] valueBER, int offset) Decode the value.
int	derEncodeValue(byte[] encoding, int offset) Place the encoding of the value into encoding, beginning at offset.
int	derEncodeValueInit() Initialize for encoding the value.
int	getReasonCode() Gets the value of this object, the reason code.
void	setReasonCode(int code) Sets the value of this object, the reason code.
boolean	verifyReasonCode(int codeToVerify) Verifies that the flags in this extension are set to a specified reason code.

Methods inherited from class com.rsa.certj.cert.extensions.X509V3Extension

extend, getCriticality, getDEREncoding, getDERLen, getExtensionType, getExtensionTypeString, getInstance, getNextBEROffset, isExtensionType, setCriticality, setEncoding, setSpecialOID, setStandardOID

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

REASON_CODE_UNSPECIFIED

public static final int REASON_CODE_UNSPECIFIED

The flag to indicate that reason code is unspecified.

REASON_CODE_KEY_COMPROMISE

public static final int REASON_CODE_KEY_COMPROMISE

The flag to indicate that reason code is keyCompromise.

REASON_CODE_CA_COMPROMISE

public static final int REASON_CODE_CA_COMPROMISE

The flag to indicate that reason code is caCompromise.

REASON_CODE_AFFILIATION_CHANGED

public static final int REASON_CODE_AFFILIATION_CHANGED

The flag to indicate that reason code is affiliationChanged.

REASON_CODE_SUPERSEDED

public static final int REASON_CODE_SUPERSEDED

The flag to indicate that reason code is superseded.

REASON_CODE_CESSATION_OF_OPERATION

public static final int REASON_CODE_CESSATION_OF_OPERATION

The flag to indicate that reason code is cessationOfOperation.

REASON_CODE_CERTIFICATE_HOLD

public static final int REASON_CODE_CERTIFICATE_HOLD

The flag to indicate that reason code is certificateHold.

REASON_CODE_REMOVED_FROM_CRL

public static final int REASON_CODE_REMOVED_FROM_CRL

The flag to indicate that reason code is removedFromCrl.

Constructor Detail

ReasonCode

public ReasonCode()

Constructs an empty ReasonCode object.

ReasonCode

public ReasonCode(int reasonCode,
                  boolean criticality)
           throws CertificateException

Constructs a ReasonCode object and initializes it with the given values.

The value of ReasonCode must be one of the flags defined in this class.

Parameters

	reasonCode		An int representing the reason code. The values are as follows: unspecified 0 keyCompromise 1 cACompromise 2 affiliationChanged 3 superseded 4 cessationOfOperation 5 certificateHold 6 removeFromCRL 8
	criticality		The user-specified criticality.

Throws

CertificateException - If the value is not a valid reason code.

Method Detail

decodeValue

public void decodeValue(byte[] valueBER,
                        int offset)
                 throws CertificateException

Decode the value. The input is the BER encoding that was wrapped in the OCTET STRING.

Overrides

decodeValue in class X509V3Extension

Parameters

	valueBER		The BER encoding of the extension's value.
	offset		The offset into valueBER where the encoding begins.

Throws

CertificateException - If the encoding is invalid for this extension.

setReasonCode

public void setReasonCode(int code)

Sets the value of this object, the reason code.

Parameters

code

The reason code value. The values are as follows: unspecified 0 keyCompromise 1 cACompromise 2 affiliationChanged 3 superseded 4 cessationOfOperation 5 certificateHold 6 removeFromCRL 8

getReasonCode

public int getReasonCode()

Gets the value of this object, the reason code. If this object does not have a value, this method returns zero.

Returns

The reason code.

verifyReasonCode

public boolean verifyReasonCode(int codeToVerify)

Verifies that the flags in this extension are set to a specified reason code.

Parameters

codeToVerify

An int representing the reason code to verify. The values are as follows: unspecified 0 keyCompromise 1 cACompromise 2 affiliationChanged 3 superseded 4 cessationOfOperation 5 certificateHold 6 removeFromCRL 8

Returns

A boolean that indicates whether the flags in this extension are set to the reason code contained in codeToVerify.

derEncodeValueInit

public int derEncodeValueInit()

Initialize for encoding the value.

Overrides

derEncodeValueInit in class X509V3Extension

Returns

How many bytes the encoding will be.

derEncodeValue

public int derEncodeValue(byte[] encoding,
                          int offset)

Place the encoding of the value into encoding, beginning at offset. This is the actual contents that are wrapped in the OCTET STRING (not the surrounding OCTET STRING tag and length).

Overrides

derEncodeValue in class X509V3Extension

Parameters

	encoding		The byte array into which the result will be placed.
	offset		The offest into encoding where the writing is to begin.

Returns

The number of bytes actually placed into encoding.

clone

public Object clone()
             throws CloneNotSupportedException

Overrides the default clone method to get a deeper clone.

Overrides

clone in class X509V3Extension

Returns

A new ReasonCode object, a copy of this object.

Throws

CloneNotSupportedException - If the cloning operation is not successful.