|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--iaik.x509.V3Extension | +--iaik.x509.extensions.CertificateIssuer
This class implements the CertificateIssuer
extension.
The CertificateIssuer
extension is a critical
standard X509v2 CRL entry extension.
Each extension is associated with a specific certificateExtension
object identifier, derived from:
certificateExtension OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} id-ce OBJECT IDENTIFIER ::= certificateExtension
The object identifier for the CRLNumber
extension
is defined as:
id-ce-cRLReason OBJECT IDENTIFIER ::= { id-ce 29 }
which corresponds to the OID string "2.5.29.29".
The X.509 Certificate and CRL profile presented in RFC 2459 specifies the CertifcateIssuer extension for identifying the certificate issuer associated with an entry in an indirect CRL, i.e. a CRL that has the indirectCRL indicator set in its issuing distribution point extension. If this extension is not present on the first entry in an indirect CRL, the certificate issuer defaults to the CRL issuer. On subsequent entries in an indirect CRL, if this extension is not present, the certificate issuer for the entry is the same as that for the preceding entry.
ASN.1 definition:
CertificateIssuer ::= GeneralNames
Since in the IAIK-JCE environment revoked certificates are implementations of
the iaik.x509.RevokedCertificate
class, a InvalidityData
CRL entry extension may be added to a
revoked certificate by using the addExtension
method of the iaik.x509.RevokedCertificate
class.
Any revoked certificate itself is added to a certificate revocation list by
using a proper addCertificate
method of the iaik.x509.X509CRL
class, e.g.:
//Create a revoked certificate from a X509Certificate and set the revocation date //to the current date; the X509Certificate is read in from a file: GregorianCalendar revocationDate = (GregorianCalendar)Calendar.getInstance(); InputStream fis = new FileInputStream("cert.der"); X509Certificate cert = new X509Certificate(fis); fis.close(); RevokedCertificate rev_cert = new RevokedCertificate(cert, revocationDate.getTime()); //add the the certificate issuer: GeneralNames issuer = ...; CertificateIssuer certificateIssuer = new CertificateIssuer(issuer); rev_cert.addExtension(certificateIssuer); //add the revoked certificate to the crl X509CRL crl = new X509CRL(); ... crl.addCertificate(rev_cert);
X509CRL
,
X509Certificate
,
RevokedCertificate
Field Summary | |
static ObjectID |
oid
The object identifier of this CertificateIssuer extension. |
Fields inherited from class iaik.x509.V3Extension |
critical |
Constructor Summary | |
CertificateIssuer()
Default constructor. |
|
CertificateIssuer(GeneralNames issuer)
Creates a new CertificateIssuer from the given issuer name.
|
Method Summary | |
GeneralNames |
getIssuer()
Returns the certificate issuer. |
ObjectID |
getObjectID()
Returns the object ID of this CertificateIssuer extension |
int |
hashCode()
Returns a hashcode for this identity. |
void |
init(ASN1Object obj)
Inits this CertificateIssuer implementation with an ASN1object
representing the value of this extension.
|
void |
setIssuer(GeneralNames issuer)
Sets the issuer of this CertificateIssuer object.
|
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this CertificateIssuer
extension object.
|
String |
toString()
Returns a string that represents the contents of the CertificateIssuer
extension. |
Methods inherited from class iaik.x509.V3Extension |
getName, isCritical, setCritical |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
public static final ObjectID oid
Constructor Detail |
public CertificateIssuer()
Creates an empty CertificateIssuer
object.
Use setIssuer
for specifying the
certificate issuer as {iaik.asn1.structures.GeneralNames
iaik.asn1.structures.GeneralNames} object, e.g.:
GeneralNames issuer = new GeneralNames(); CertificateIssuer certIssuer = new CertificateIssuer(); certIssuer.setIssuer(issuer);
public CertificateIssuer(GeneralNames issuer)
CertificateIssuer
from the given issuer name.
For instance:
GeneralNames issuer = ...; CertificateIssuer certificateIssuer = new CertificateIssuer(issuer);
issuer
- the certificate issuer to be setMethod Detail |
public ObjectID getObjectID()
CertificateIssuer
extensiongetObjectID
in class V3Extension
public void init(ASN1Object obj) throws X509ExtensionException
CertificateIssuer
implementation with an ASN1object
representing the value of this extension.
The given ASN1Object represents a GeneralNames giving the certificate issuer.
The given ASN1Object is the one created by toASN1Object()
.
This method is used by the X509Extensions
class when parsing the ASN.1 representation
of a CRL for properly initializing an included
CertificateIssuer extension. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
init
in class V3Extension
obj
- the CertificateIssuer as ASN1ObjectX509ExtensionException
- if the extension cannot be initpublic ASN1Object toASN1Object() throws X509ExtensionException
CertificateIssuer
extension object.
The returned ASN1Object is an ASN.1 GeneralNames representing the certificate issuer:
certificateIssuer ::= GeneralNames
toASN1Object
in class V3Extension
CertificateIssuer
as ASN1ObjectX509ExtensionException
- if an error occurs when parsing the supplied
ASN.1 objectpublic void setIssuer(GeneralNames issuer)
CertificateIssuer
object.
For instance:
CertificateIssuer certificateIssuer = new CertificateIssuer(); GeneralNames issuer = ...; certificateIssuer.setIssuer(issuer);
issuer
- the certificate issuer to be setpublic GeneralNames getIssuer()
public int hashCode()
hashCode
in class V3Extension
public String toString()
CertificateIssuer
extension.toString
in class Object
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |