iaik.asn1.structures
Class DistributionPoint

java.lang.Object
  |
  +--iaik.asn1.structures.DistributionPoint

public class DistributionPoint

extends Object

This class implements the ASN.1 type DistributionPoint as used within a CRLDistributionPoints X.509v3 extension for identifying how CRL information is obtained.

The X.509 Certificate and CRL profile presented in RFC 2459 specifies a DistributionPoint as ASN.1 SEQUENCE structure specifying a distribution point name which may be an URI pointing to the current CRL for the associated reasons, issued by the associated cRLIssuer:

 DistributionPoint ::= SEQUENCE {
    distributionPoint       [0]     DistributionPointName OPTIONAL,
    reasons                 [1]     ReasonFlags OPTIONAL,
    cRLIssuer               [2]     GeneralNames OPTIONAL }
 

 DistributionPointName ::= CHOICE {
    fullName                [0]     GeneralNames,
    nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
 

 ReasonFlags ::= BIT STRING {
    unused                  (0),
    keyCompromise           (1),
    cACompromise            (2),
    affiliationChanged      (3),
    superseded              (4),
    cessationOfOperation    (5),
    certificateHold         (6),
    privilegeWithdrawn      (7),
    aACompromise            (8) }
 

If the distributionPoint omits reasons, the CRL shall include revocations for all reasons. If the distributionPoint omits cRLIssuer, the CRL shall be issued by the CA that issued the certificate.

More information can be found in the X.509 Certificate and CRL profile presented in RFC 2459, section 4.2.1.14 "CRLDistributionPoints".

When creating a DistributionPoint object to be used for the CRLDistributionPoints extension, you may supply the distributionPointName immediately, and subsequently perhaps use the setReasonFlags and/or setCrlIssuer methods for setting the reasons and/or cRLIssuer, e.g.: e.g.:

 GeneralName dpName = new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.test-ca.at/repository");
 DistributionPoint dp = new DistributionPoint(new GeneralNames(dpName));
 dp.setReasonFlags(DistributionPoint.keyCompromise);
 

Version:

File Revision 24

See Also:

CRLDistributionPoints, GeneralNames, GeneralName, Name

Field Summary

static int	aACompromise The aACompromise reason flag.
static int	affiliationChanged The affiliationChanged reason flag.
static int	cACompromise The cACompromise reason flag.
static int	certificateHold The certificateHold reason flag.
static int	cessationOfOperation The cessationOfOperation reason flag.
static int	keyCompromise The keyCompromise reason flag.
static int	privilegeWithdrawn The privilegeWithdrawn reason flag.
static int	superseded The superseded reason flag.
static int	unused The unused reason flag.

Constructor Summary

DistributionPoint()
Default constructor.

DistributionPoint(ASN1Object distributionPoint)
Constructs a DistributionPoint from an ASN1Object.

DistributionPoint(ASN1Type distributionPointName)
Creates a new DistributionPoint for the given distribution point name, specified as RDN or a GeneralNames.

Method Summary

GeneralNames	getCrlIssuer() Returns the CRL Issuer parameter of this distribution point.
ASN1Type	getDistributionPointName() Returns the distribution point name of this distribution point.
int	getReasonFlags() Returns the reason flags specification of this distribution point.
void	setCrlIssuer(GeneralNames crlIssuer) Sets the CRL Issuer parameter of this extension.
void	setDistributionPointName(ASN1Type distributionPointName) Sets the distribution point name parameter of this extension.
void	setReasonFlags(int reasonFlags) Sets the reason flags parameter of this extension.
ASN1Object	toASN1Object() Returns this DistributionPoint as (SEQUENCE) ASN1Object.
String	toString() Returns a string that represents the contents of this DistributionPoint.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

unused

public static final int unused

The unused reason flag.

keyCompromise

public static final int keyCompromise

The keyCompromise reason flag.

cACompromise

public static final int cACompromise

The cACompromise reason flag.

affiliationChanged

public static final int affiliationChanged

The affiliationChanged reason flag.

superseded

public static final int superseded

The superseded reason flag.

cessationOfOperation

public static final int cessationOfOperation

The cessationOfOperation reason flag.

certificateHold

public static final int certificateHold

The certificateHold reason flag.

privilegeWithdrawn

public static final int privilegeWithdrawn

The privilegeWithdrawn reason flag.

aACompromise

public static final int aACompromise

The aACompromise reason flag.

Constructor Detail

DistributionPoint

public DistributionPoint()

Default constructor. Creates an empty DistributionPoint object.

By default, reasonFlag is set to -1 indicating that no reason is selected, DistributionPointName and CrlIssuer are set to null. Use setReasonFlags, setDistributionPointName, setCrlIssuer for setting the corresponding values.

DistributionPoint

public DistributionPoint(ASN1Type distributionPointName)
                  throws IllegalArgumentException

Creates a new DistributionPoint for the given distribution point name, specified as RDN or a GeneralNames. The supplied distribution point name has to be a RDN or a GeneralNames object:

For instance:

 RDN distributionPointName = new RDN();
 distributionPointName.addAVA(ObjectID.country, "AT");
 distributionPointName.addAVA(ObjectID.locality, "Graz");
 distributionPointName.addAVA(ObjectID.organization ,"TU Graz");
 distributionPointName.addAVA(ObjectID.organizationalUnit ,"IAIK");
 distributionPointName.addAVA(ObjectID.commonName ,"http://ca.iaik.com/");
 DistributionPoint distributionPoint = new DistributionPoint(distributionPointName);
 

By default, reasonFlag is set to -1 indicating that no reason is selected.

Parameters:

distributionPointName - the name of the distribution point as RDN or GeneralNames object

Throws:

IllegalArgumentException - if the given name is not an instance of RDN or GeneralNames

See Also:

GeneralName, RDN

DistributionPoint

public DistributionPoint(ASN1Object distributionPoint)
                  throws CodingException

Constructs a DistributionPoint from an ASN1Object.

The given distribution point ASN1Object is parsed for any distribution point name, reasons specification and CRLIssuer.

Parameters:

distributionPoint - the DistributionPoint as ASN1Object

Throws:

CodingException - if the ASN1Object is not a DistributionPoint

Method Detail

toASN1Object

public ASN1Object toASN1Object()
                        throws CodingException

Returns this DistributionPoint as (SEQUENCE) ASN1Object.

Returns:

this DistributionPoint as ASN1Object

Throws:

CodingException - if there was an error while constructing the ASN1Object

setDistributionPointName

public void setDistributionPointName(ASN1Type distributionPointName)
                              throws IllegalArgumentException

Sets the distribution point name parameter of this extension.

Only instances of RDN or GeneralNames are accepted! For instance:

 RDN distributionPointName = new RDN();
 distributionPointName.addAVA(ObjectID.country, "AT");
 distributionPointName.addAVA(ObjectID.locality, "Graz");
 distributionPointName.addAVA(ObjectID.organization ,"UT Graz");
 distributionPointName.addAVA(ObjectID.organizationalUnit ,"IAIK");
 distributionPointName.addAVA(ObjectID.commonName ,"http://ca.iaik.com/");
 DistributionPoint distributionPoint = new DistributionPoint();
 distributionPoint.setDistributionPointName(distributionPointName);
 

Parameters:

distributionPointName - the name to be set

Throws:

IllegalArgumentException - if the given name is not an instance of RDN or GeneralNames

See Also:

GeneralNames, RDN

setReasonFlags

public void setReasonFlags(int reasonFlags)

Sets the reason flags parameter of this extension.

For instance:

 distributionPoint.setReasonFlags(DistributionPoint.keyCompromise);
 

A value of -1 indicates that no reason is specified.

Parameters:

reasons - the reasons value as int

setCrlIssuer

public void setCrlIssuer(GeneralNames crlIssuer)

Sets the CRL Issuer parameter of this extension.

For instance:

 GeneralNames generalNames = new GeneralNames();
 generalNames.addName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://ca.iaik.com/"));
 

Parameters:

crlIssuer - the CRL Issuer value to be set as GeneralNames

getDistributionPointName

public ASN1Type getDistributionPointName()

Returns the distribution point name of this distribution point.

Returns:

the name as GeneralNames or as RDN

See Also:

GeneralNames, RDN, setDistributionPointName(iaik.asn1.ASN1Type)

getReasonFlags

public int getReasonFlags()

Returns the reason flags specification of this distribution point.

Note the "big endian" representation of the BIT STRING representing the reason flag value of this DistributionPoint: the least significant bit indicates the reason flag with the lowest bit value, meaning that the integer value 1 specifies the "unused" flag, and the integer value 64 (binary 1000000, hexadecimal 40) specifies the "certificateHold" purpose.

Returns:

the reason flags specification as int, or -1 indicating that no reason is specified

See Also:

setReasonFlags(int)

getCrlIssuer

public GeneralNames getCrlIssuer()

Returns the CRL Issuer parameter of this distribution point.

Returns:

the CRL Issuer as GeneralNames object

See Also:

GeneralNames, setCrlIssuer(iaik.asn1.structures.GeneralNames)

toString

public String toString()

Returns a string that represents the contents of this DistributionPoint.

Overrides:

toString in class Object

Returns:

the string representation