IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1 API Documentation: Class IssuingDistributionPoint

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

iaik.x509.extensions
Class IssuingDistributionPoint

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.extensions.IssuingDistributionPoint

public class IssuingDistributionPoint
extends V3Extension

This class implements the IssuingDistributionPoint extension.

The IssuingDistributionPoint extension is a critical standard X509v2 CRL extension which may or may not be supported by implementations conforming to RFC2459.

Each extension is associated with a specific certificateExtension object identifier, derived from:

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension

The object identifier for the IssuingDistributionPoint extension is defined as:

id-ce-IssuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }

which corresponds to the OID string "2.5.29.28".

The X.509 Certificate and CRL profile presented in RFC 2459 specifies the IssuingDistributionPoint extension for identifying the CRL distribution point for a particular CRL, and it indicates whether the CRL covers revocation for end entity certificates only, CA certificates only, or a limitied set of reason codes.

ASN.1 definition:

 issuingDistributionPoint ::= SEQUENCE {
      distributionPoint          [0] DistributionPointName OPTIONAL,
      onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
      onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
      onlySomeReasons            [3] ReasonFlags OPTIONAL,
      indirectCRL                [4] BOOLEAN DEFAULT FALSE,
      onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }

For adding a IssuingDistributionPoint extension object to a X509v2 certificate revocation list, use the addExtension method of the iaik.x509.X509CRL class, e.g.:

 IssuingDistributionPoint issuingDistributionPoint = new IssuingDistributionPoint();
 GeneralName dpName = new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.test-ca.at/repository");
 issuingDistributionPoint.setDistributionPointName(dpName);
 issuingDistributionPoint.setOnlyContainsUserCerts(true);
 issuingDistributionPoint.setReasonFlags(DistributionPoint.keyCompromise);
 X505CRL crl = new X509CRL();
   ...
 crl.addExtension(issuingDistributionPoint);

Version:: File Revision 13
See Also:: V3Extension, X509Extensions, X509CRL

Field Summary

static ObjectID oid
          The object identifier of this IssuingDistributionPoint extension.

Fields inherited from class iaik.x509.V3Extension

critical

Constructor Summary

IssuingDistributionPoint()
          Default constructor.

Method Summary

ASN1Type getDistributionPointName()
          Returns the distribution point name of this issuing distribution point.

boolean getIndirectCRL()
          Returns whether the crl is an indirect crl.

ObjectID getObjectID()
          Returns the object ID of this IssuingDistributionPoint extension.

boolean getOnlyContainsAttributeCerts()
          Returns whether the CRL only contains attribute certs.

boolean getOnlyContainsCaCerts()
          Returns whether the CRL only contains ca certs.

boolean getOnlyContainsUserCerts()
          Returns whether the CRL only contains user certs.

int getReasonFlags()
          Returns the reason flags specification of this distribution point.

int hashCode()
          Returns a hashcode for this identity.

void init(ASN1Object obj)
          Inits this IssuingDistributionPoint implementation with an ASN1object representing the value of this extension.

void setDistributionPointName(ASN1Type distributionPointName)
          Sets the distribution point name parameter of this extension.

void setIndirectCRL(boolean indirectCRL)
          Decides whether the crl is an indirect crl.

void setOnlyContainsAttributeCerts(boolean onlyContainsAttributeCerts)
          Decides whether the CRL only contains attribute cert entries.

void setOnlyContainsCaCerts(boolean onlyContainsCaCerts)
          Decides whether the CRL only contains ca certs.

void setOnlyContainsUserCerts(boolean onlyContainsUserCerts)
          Decides whether the CRL only contains user certs.

void setReasonFlags(int reasonFlags)
          Sets the reason flags (onlySomeReasons) parameter of this extension.

ASN1Object toASN1Object()
          Returns an ASN1Object representing the value of this IssuingDistributionPoint extension object.

String toString()
          Returns a string that represents the contents of this IssuingDistributionPoint extension.

Methods inherited from class iaik.x509.V3Extension

getName, isCritical, setCritical

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

oid

public static final ObjectID oid

The object identifier of this IssuingDistributionPoint extension. The corresponding OID string is "2.5.29.28".

Constructor Detail

IssuingDistributionPoint

public IssuingDistributionPoint()

Default constructor. Creates an empty IssuingDistributionPoint object. Use the any of the setValue methods for supplying proper values to this IssuingDistributionPoint.

Method Detail

getObjectID

public ObjectID getObjectID()

Returns the object ID of this IssuingDistributionPoint extension.

Overrides:: getObjectID in class V3Extension

Returns:: the object ID

init

public void init(ASN1Object obj)
          throws X509ExtensionException

Inits this IssuingDistributionPoint implementation with an ASN1object representing the value of this extension.

The given ASN1Object is the one created by toASN1Object().

This method is used by the X509Extensions class when parsing the ASN.1 representation of a CRL for properly initializing an included IssuingDistributionPoint extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.

Overrides:: init in class V3Extension

Parameters:: obj - the IssuingDistributionPoint as ASN1Object
Throws:: X509ExtensionException - if an error occurs when parsing the ASN.1 object

toASN1Object

public ASN1Object toASN1Object()
                        throws X509ExtensionException

Returns an ASN1Object representing the value of this IssuingDistributionPoint extension object.

Overrides:: toASN1Object in class V3Extension

Returns:: the value of this IssuingDistributionPoint as ASN1Object
Throws:: X509ExtensionException - if an error occurs when creating the ASN.1 object

hashCode

public int hashCode()

Returns a hashcode for this identity.

Overrides:: hashCode in class V3Extension

Returns:: a hash code for this identity

setDistributionPointName

public void setDistributionPointName(ASN1Type distributionPointName)
                              throws IllegalArgumentException

Sets the distribution point name parameter of this extension.

Only instances of RDN or GeneralNames are accepted! For instance:

 RDN distributionPointName = new RDN();
 distributionPointName.addAVA(ObjectID.country, "AT");
 distributionPointName.addAVA(ObjectID.locality, "Graz");
 distributionPointName.addAVA(ObjectID.organization ,"UT Graz");
 distributionPointName.addAVA(ObjectID.organizationalUnit ,"IAIK");
 distributionPointName.addAVA(ObjectID.commonName ,"http://ca.iaik.com/");
 IssuingDistributionPoint issuingDistributionPoint = new IssuingDistributionPoint();
 issuingDistributionPoint.setDistributionPointName(distributionPointName);

Parameters:: distributionPointName - the name to be set
Throws:: IllegalArgumentException - if the given name is not an instance of RDN or GeneralNames
See Also:: GeneralNames, RDN

setOnlyContainsUserCerts

public void setOnlyContainsUserCerts(boolean onlyContainsUserCerts)

Decides whether the CRL only contains user certs.

Parameters:: onlyContainsUserCerts - whether the crl only contains user certs

setOnlyContainsCaCerts

public void setOnlyContainsCaCerts(boolean onlyContainsCaCerts)

Decides whether the CRL only contains ca certs.

Parameters:: onlyContainsCaCerts - whether the crl only contains ca certs

setReasonFlags

public void setReasonFlags(int reasonFlags)

Sets the reason flags (onlySomeReasons) parameter of this extension.

Use the static parameters defined in iaik.asn1.structures.DistributionPoint for setting the reason flags.

For instance:

issuingDistributionPoint.setReasonFlags(DistributionPoint.keyCompromise);

Parameters:: reasonFlags - the reasons value as int

setIndirectCRL

public void setIndirectCRL(boolean indirectCRL)

Decides whether the crl is an indirect crl.

Parameters:: indirectCRL - whether the crl is an indirect crl

setOnlyContainsAttributeCerts

public void setOnlyContainsAttributeCerts(boolean onlyContainsAttributeCerts)

Decides whether the CRL only contains attribute cert entries.

Parameters:: onlyContainsAttributeCerts - whether the crl only contains attribute certs

getDistributionPointName

public ASN1Type getDistributionPointName()

Returns the distribution point name of this issuing distribution point.

Returns:: the name as GeneralNames or as RDN
See Also:: GeneralNames, RDN

getOnlyContainsUserCerts

public boolean getOnlyContainsUserCerts()

Returns whether the CRL only contains user certs.

Returns:: whether the crl only contains user certs

getOnlyContainsCaCerts

public boolean getOnlyContainsCaCerts()

Returns whether the CRL only contains ca certs.

Returns:: whether the crl only contains ca certs

getReasonFlags

public int getReasonFlags()

Returns the reason flags specification of this distribution point.

Note the "big endian" representation of the BIT STRING representing the reason flag value of this DistributionPoint: the least significant bit indicates the reason flag with the lowest bit value, meaning that the integer value 1 specifies the "unused" flag, and the integer value 64 (binary 1000000, hexadecimal 40) specifies the "certificateHold" purpose.

Returns:: the reason flags specification as int

getIndirectCRL

public boolean getIndirectCRL()

Returns whether the crl is an indirect crl.

Returns:: whether the crl is an indirect crl

getOnlyContainsAttributeCerts

public boolean getOnlyContainsAttributeCerts()

Returns whether the CRL only contains attribute certs.

Returns:: whether the crl only contains attribute certs

toString

public String toString()

Returns a string that represents the contents of this IssuingDistributionPoint extension.

Overrides:: toString in class Object

Returns:: the string representation