|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--iaik.x509.V3Extension | +--iaik.x509.extensions.CRLDistPointsSyntax
Abstract super class for the CRLDistributionPoints
and FreshestCRL
Extensions.
The X.509 Certificate and CRL profile presented in RFC 2459 specifies the CRLDistributionPoints
extension for identifiying how CRL information is obtained. The FreshestCRL
extensions has been
introduced by RFC 2459 successordraft-ietf-pkix-new-part1-06.txt
for identifying how delta CRL information is obtained. The ASN.1 syntax is identical
to the one of the CRLDistributionPoints
extension:
cRLDistributionPoints ::= { CRLDistPointsSyntax }
CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
DistributionPoint ::= SEQUENCE { distributionPoint [0] DistributionPointName OPTIONAL, reasons [1] ReasonFlags OPTIONAL, cRLIssuer [2] GeneralNames OPTIONAL }
DistributionPointName ::= CHOICE { fullName [0] GeneralNames, nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
ReasonFlags ::= BIT STRING { unused (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6) }
If the cRLDistributionPoints/FreshestCRL extension contains a DistributionPointName of type URI, the following semantics shall be assumed: the URI is a pointer to the current CRL for the associated reasons and will be issued by the associated cRLIssuer. If the distributionPoint omits reasons, the CRL shall include revocations for all reasons. If the distributionPoint omits cRLIssuer, the CRL shall be issued by the CA that issued the certificate.
A CRLDistributionPoints
/Freshest
object may be created by either using the empty default
constructor, or by directly supplying one distribution point which has to be of
type DistributionPoint
, e.g.:
GeneralNames distName = new GeneralNames(); distName.addName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://ca.iaik.com/test.crl")); DistributionPoint distributionPoint = new DistributionPoint(distName); distributionPoint.setReasonFlags(DistributionPoint.keyCompromise); CRLDistributionPoints cRLDistributionPoints = new CRLDistributionPoints(distributionPoint);
Any further distribution point can be added by using the addDistributionPoint
method:
cRLDistributionPoints.addDistributionPoint(<a_second_distribution_point>); ...
For adding a CRLDistributionPoints
extension object to a X509Certificate, use
the addExtension
method of the iaik.x509.X509Certificate
class:
X505Certificate cert = new X509Certificate(); ... cert.addExtension(cRLDistributionPoints);
DistributionPoint
,
GeneralNames
,
Name
,
V3Extension
,
X509Extensions
,
X509Certificate
,
CRLDistributionPoints
,
FreshestCRL
Fields inherited from class iaik.x509.V3Extension |
critical |
Constructor Summary | |
CRLDistPointsSyntax()
Default constructor. |
|
CRLDistPointsSyntax(DistributionPoint dp)
Creates an CRLDistPointsSyntax object and adds a DistributionPoint.
|
Method Summary | |
void |
addDistributionPoint(DistributionPoint dp)
Adds a distribution point to this CRLDistPointsSyntax
extension.
|
Enumeration |
getDistributionPoints()
Returns an enumeration of the distribution points included into this CRLDistPointsSyntax extension. |
void |
init(ASN1Object obj)
Inits this CRLDistPointsSyntax implementation with an ASN1object
representing the value of this extension.
|
void |
removeAllDistributionPoints()
Removes all distribution points from this CRLDistPointsSyntax
extension. |
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this CRLDistPointsSyntax
extension object.
|
String |
toString()
Returns a string that represents the contents of this CRLDistPointsSyntax extension. |
Methods inherited from class iaik.x509.V3Extension |
getName, getObjectID, hashCode, isCritical, setCritical |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait |
Constructor Detail |
public CRLDistPointsSyntax()
CRLDistPointsSyntax
object.
For adding a distribution point use the addDistributionPoint
method. Any distribution point to be
added has to be of type iaik.asn1.structures.DistributionPoint
, e.g.:
GeneralNames distName = new GeneralNames(); distName.addName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://ca.iaik.com/test.crl")); DistributionPoint distributionPoint = new DistributionPoint(distName); distributionPoint.setReasonFlags(DistributionPoint.keyCompromise); CRLDistributionPoints cRLDistributionPoints = new CRLDistributionPoints(); cRLDistributionPoints.addDistributionPoint(distributionPoint);
DistributionPoint
public CRLDistPointsSyntax(DistributionPoint dp)
CRLDistPointsSyntax
object and adds a DistributionPoint.
The distribution point to be added has to be of type
iaik.asn1.structures.DistributionPoint
, e.g.:
GeneralNames distName = new GeneralNames(); distName.addName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://ca.iaik.com/test.crl")); DistributionPoint distributionPoint = new DistributionPoint(distName); distributionPoint.setReasonFlags(DistributionPoint.keyCompromise); CRLDistributionPoints cRLDistributionPoints = new CRLDistributionPoints(distributionPoint);
dp
- the distribution point to addDistributionPoint
Method Detail |
public void init(ASN1Object obj) throws X509ExtensionException
CRLDistPointsSyntax
implementation with an ASN1object
representing the value of this extension.
The given ASN1Object consits of a Sequence of distribution points included in
the CRLDistPointsSyntax
object.
The given ASN1Object is the one created by toASN1Object()
.
This method is used by the X509Extensions
class when parsing the ASN.1 representation
of a certificate for properly initializing an included
CRLDistPointsSyntax. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
init
in class V3Extension
obj
- the CRLDistPointsSyntax as ASN1ObjectX509ExtensionException
- if the extension could not be parsedpublic ASN1Object toASN1Object() throws X509ExtensionException
CRLDistPointsSyntax
extension object.
The ASN1Object is an ASN.1 Sequence including any distribution point that has been
added to this CRLDistPointsSyntax
object.
cRLDistributionPoints ::= { CRLDistPointsSyntax } CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
toASN1Object
in class V3Extension
CRLDistPointsSyntax
as ASN1Objectpublic void addDistributionPoint(DistributionPoint dp)
CRLDistPointsSyntax
extension.
The distribution point to be added has to be of type
iaik.asn1.structures.DistributionPoint
, e.g.:
RDN distributionPointName = new RDN(); distributionPointName.addAVA(ObjectID.country, "AT"); distributionPointName.addAVA(ObjectID.locality, "Graz"); distributionPointName.addAVA(ObjectID.organization ,"TU Graz"); distributionPointName.addAVA(ObjectID.organizationalUnit ,"IAIK"); distributionPointName.addAVA(ObjectID.commonName ,"http://ca.iaik.com/"); DistributionPoint distributionPoint = new DistributionPoint(distributionPointName); cRLDistributionPoints.addDistributionPoint(distributionPoint);
dp
- the distribution point to addDistributionPoint
public void removeAllDistributionPoints()
CRLDistPointsSyntax
extension.public Enumeration getDistributionPoints()
CRLDistPointsSyntax
extension.public String toString()
CRLDistPointsSyntax
extension.toString
in class Object
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |