Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

iaik.x509.extensions
Class CRLDistributionPoints

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.extensions.CRLDistPointsSyntax
              |
              +--iaik.x509.extensions.CRLDistributionPoints
public class CRLDistributionPoints
extends CRLDistPointsSyntax

This class implements the CRLDistributionPoints Extension.

The CRLDistributionPoints extension is a non critical standard X509v3 extension.

Each extension is associated with a specific certificateExtension object identifier, derived from: 

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension

The object identifier for the CRLDistributionPoints extension is defined as:

id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 }

which corresponds to the OID string "2.5.29.31".

The X.509 Certificate and CRL profile presented in RFC 2459 specifies the CRL distribution points extension for identifiying how CRL information is obtained.

ASN.1 definition: 

 cRLDistributionPoints ::= {
    CRLDistPointsSyntax }
 

 CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
 

 DistributionPoint ::= SEQUENCE {
    distributionPoint       [0]     DistributionPointName OPTIONAL,
    reasons                 [1]     ReasonFlags OPTIONAL,
    cRLIssuer               [2]     GeneralNames OPTIONAL }
 

 DistributionPointName ::= CHOICE {
    fullName                [0]     GeneralNames,
    nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
 

 ReasonFlags ::= BIT STRING {
    unused                  (0),
    keyCompromise           (1),
    cACompromise            (2),
    affiliationChanged      (3),
    superseded              (4),
    cessationOfOperation    (5),
    certificateHold         (6) }

If the cRLDistributionPoints extension contains a DistributionPointName of type URI, the following semantics shall be assumed: the URI is a pointer to the current CRL for the associated reasons and will be issued by the associated cRLIssuer. If the distributionPoint omits reasons, the CRL shall include revocations for all reasons. If the distributionPoint omits cRLIssuer, the CRL shall be issued by the CA that issued the certificate.

More information can be found in RFC 2459, section 4.2.1.14 "CRLDistributionPoints".

A CRLDistributionPoints object may be created by either using the empty default constructor, or by directly supplying one distribution point which has to be of type DistributionPoint, e.g.: 

 GeneralNames distName = new GeneralNames();
 distName.addName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://ca.iaik.com/test.crl"));
 DistributionPoint distributionPoint = new DistributionPoint(distName);
 distributionPoint.setReasonFlags(DistributionPoint.keyCompromise);
 CRLDistributionPoints cRLDistributionPoints = new CRLDistributionPoints(distributionPoint);

Any further distribution point can be added by using the addDistributionPoint method:

cRLDistributionPoints.addDistributionPoint(<a_second_distribution_point>); ...

For adding a CRLDistributionPoints extension object to a X509Certificate, use the addExtension method of the iaik.x509.X509Certificate class: 

 X505Certificate cert = new X509Certificate();
   ...
 cert.addExtension(cRLDistributionPoints);

Version:
File Revision 25
See Also:
DistributionPoint, GeneralNames, Name, V3Extension, X509Extensions, X509Certificate, CRLDistPointsSyntax

Field Summary
static ObjectID oid
          The object identifier of this CRLDistributionPoints extension.
 
Fields inherited from class iaik.x509.V3Extension
critical
 
Constructor Summary
CRLDistributionPoints()
          Default constructor.
CRLDistributionPoints(DistributionPoint dp)
          Creates an CRLDistributionPoints object and adds an DistributionPoint.
 
Method Summary
 ObjectID getObjectID()
          Returns the object ID of this CRLDistributionPoints extension
 int hashCode()
          Returns a hashcode for this identity.
 
Methods inherited from class iaik.x509.extensions.CRLDistPointsSyntax
addDistributionPoint, getDistributionPoints, init, removeAllDistributionPoints, toASN1Object, toString
 
Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

oid

public static final ObjectID oid
The object identifier of this CRLDistributionPoints extension. The corresponding OID string is "2.5.29.31".
Constructor Detail

CRLDistributionPoints

public CRLDistributionPoints()
Default constructor. Creates an empty CRLDistributionPoints object.

For adding a distribution point use the addDistributionPoint method. Any distribution point to be added has to be of type iaik.asn1.structures.DistributionPoint, e.g.: 

 GeneralNames distName = new GeneralNames();
 distName.addName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://ca.iaik.com/test.crl"));
 DistributionPoint distributionPoint = new DistributionPoint(distName);
 distributionPoint.setReasonFlags(DistributionPoint.keyCompromise);
 CRLDistributionPoints cRLDistributionPoints = new CRLDistributionPoints();
 cRLDistributionPoints.addDistributionPoint(distributionPoint);

See Also:
DistributionPoint

CRLDistributionPoints

public CRLDistributionPoints(DistributionPoint dp)
Creates an CRLDistributionPoints object and adds an DistributionPoint.

The distribution point to be added has to be of type iaik.asn1.structures.DistributionPoint, e.g.: 

 RDN distributionPointName = new RDN();
 distributionPointName.addAVA(ObjectID.country, "AT");
 distributionPointName.addAVA(ObjectID.locality, "Graz");
 distributionPointName.addAVA(ObjectID.organization ,"TU Graz");
 distributionPointName.addAVA(ObjectID.organizationalUnit ,"IAIK");
 distributionPointName.addAVA(ObjectID.commonName ,"http://ca.iaik.com/");
 DistributionPoint distributionPoint = new DistributionPoint(distributionPointName);
 CRLDistributionPoints cRLDistributionPoints = new CRLDistributionPoints(distributionPoint);

Parameters:
dp - the distribution point to add
See Also:
DistributionPoint
Method Detail

getObjectID

public ObjectID getObjectID()
Returns the object ID of this CRLDistributionPoints extension
Overrides:
getObjectID in class V3Extension
Returns:
the object ID

hashCode

public int hashCode()
Returns a hashcode for this identity.
Overrides:
hashCode in class V3Extension
Returns:
a hash code for this identity
Overview  Package   Class  Tree  Deprecated  Index  Help 
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD
IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK