|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--iaik.x509.V3Extension | +--iaik.x509.extensions.ReasonCode
This class implements the ReasonCode
extension.
The ReasonCode
extension is a non critical
standard X509v2 CRL entry extension.
Each extension is associated with a specific certificateExtension
object identifier, derived from:
certificateExtension OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} id-ce OBJECT IDENTIFIER ::= certificateExtension
The object identifier for the CRLNumber
extension
is defined as:
id-ce-cRLReason OBJECT IDENTIFIER ::= { id-ce 21 }
which corresponds to the OID string "2.5.29.21".
The X.509 Certificate and CRL profile presented in RFC 2459 specifies the reason code crl entry extension for identifying the reason for a certificate revocation. CAs are strongly encouraged to include reason codes in CRL entries; however, the reason code CRL entry extension should be absent instead of using the unspecified reasonCode value.
ASN.1 definition:
reasonCode ::= { CRLReason }
CRLReason ::= ENUMERATED { unspecified (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), removeFromCRL (8), privilegeWithdrawn (9), aACompromise (10)}
Since in the IAIK-JCE environment revoked certificates are implementations of the
iaik.x509.RevokedCertificate
class, a reasonCode
CRL entry extension may be added to a revoked certificate
by using the addExtension
method of the iaik.x509.RevokedCertificate
class.
Any revoked certificate itself is added to a certificate revocation list by using a proper
addCertificate
method of the iaik.x509.X509CRL
class, e.g.:
//Create a revoked certificate from a X509Certificate and set the revocation date //to the current date; the X509Certificate is read in from a file: GregorianCalendar date = (GregorianCalendar)Calendar.getInstance(); InputStream fis = new FileInputStream("cert.der"); X509Certificate cert = new X509Certificate(fis); fis.close(); RevokedCertificate rev_cert = new RevokedCertificate(cert, date.getTime()); //add the reason code CRL entry extension to the revoked certificate: ReasonCode reasonCode = new ReasonCode(ReasonCode.keyCompromise); rev_cert.addExtension(reasonCode); //add the revoked certificate to the crl X509CRL crl = new X509CRL(); ... crl.addCertificate(rev_cert);
X509CRL
,
X509Certificate
,
RevokedCertificate
Field Summary | |
static int |
aACompromise
Certificate revocation reason aACompromise . |
static int |
affiliationChanged
Certificate revocation reason affiliationChanged . |
static int |
cACompromise
Certificate revocation reason cACompromise . |
static int |
certificateHold
Certificate revocation reason certificateHold . |
static int |
cessationOfOperation
Certificate revocation reason cessationOfOperation . |
static int |
keyCompromise
Certificate revocation reason keyCompromise . |
static ObjectID |
oid
The object identifier of this ReasonCode extension. |
static int |
privilegeWithdrawn
Certificate revocation reason privilegeWithdrawn . |
static int |
removeFromCRL
Certificate revocation reason removeFromCRL . |
static int |
superseded
Certificate revocation reason superseded . |
static int |
unspecified
Certificate revocation reason unspecified . |
Fields inherited from class iaik.x509.V3Extension |
critical |
Constructor Summary | |
ReasonCode()
Default constructor. |
|
ReasonCode(int reasonCode)
Creates a new ReasonCode from a int specifying the
reason for certificate revocation.
|
Method Summary | |
ObjectID |
getObjectID()
Returns the object ID of this ReasonCode extension |
int |
getReasonCode()
Returns the reason code specifying the reason for certificate revocation. |
String |
getReasonCodeName()
Returns the name of the reason code as String. |
int |
hashCode()
Returns a hashcode for this identity. |
void |
init(ASN1Object obj)
Inits this ReasonCode implementation with an ASN1object
representing the value of this extension.
|
void |
setReasonCode(int reasonCode)
Sets the reason code for this ReasonCode object.
|
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this ReasonCode
extension object.
|
String |
toString()
Returns a string that represents the contents of the ReasonCode
extension. |
Methods inherited from class iaik.x509.V3Extension |
getName, isCritical, setCritical |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
public static final int unspecified
unspecified
.public static final int keyCompromise
keyCompromise
.public static final int cACompromise
cACompromise
.public static final int affiliationChanged
affiliationChanged
.public static final int superseded
superseded
.public static final int cessationOfOperation
cessationOfOperation
.public static final int certificateHold
certificateHold
.public static final int removeFromCRL
removeFromCRL
.public static final int privilegeWithdrawn
privilegeWithdrawn
.public static final int aACompromise
aACompromise
.public static final ObjectID oid
Constructor Detail |
public ReasonCode()
Creates an empty ReasonCode
object.
Use setReasonCode
for specifying some
particular reason for certificate revocation, e.g.:
ReasonCode reasonCode = new ReasonCode(); reasonCode.setReasonCode(ReasonCode.keyCompromise);
public ReasonCode(int reasonCode)
ReasonCode
from a int
specifying the
reason for certificate revocation.
For instance:
ReasonCode reasonCode = new ReasonCode(ReasonCode.keyCompromise);
reasonCode
- the reason code specifying the reason for certificate revocationMethod Detail |
public ObjectID getObjectID()
ReasonCode
extensiongetObjectID
in class V3Extension
public void init(ASN1Object obj)
ReasonCode
implementation with an ASN1object
representing the value of this extension.
The given ASN1Object represents an Integer which specifies the reason for certifcate revocation.
The given ASN1Object is the one created by toASN1Object()
.
This method is used by the X509Extensions
class when parsing the ASN.1 representation
of a CRL for properly initializing an included
ReasonCode extension. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
init
in class V3Extension
obj
- the ReasonCode as ASN1Objectpublic ASN1Object toASN1Object()
ReasonCode
extension object.
The returned ASN1Object is an ASN.1 Enumerated representing an Integer which specifies the reason for certifcate revocation:
reasonCode ::= { CRLReason } CRLReason ::= ENUMERATED { unspecified (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), removeFromCRL (8), privilegeWithdrawn (9), aACompromise (10)}
toASN1Object
in class V3Extension
ReasonCode
as ASN1Objectpublic void setReasonCode(int reasonCode)
ReasonCode
object.
For instance:
ReasonCode reasonCode = new ReasonCode(); reasonCode.setReasonCode(ReasonCode.keyCompromise);
reasonCode
- the reason code specifying the reason for certifcate
revocationpublic int getReasonCode()
The following integer value - reason code mapping is used:
int
public String getReasonCodeName()
public int hashCode()
hashCode
in class V3Extension
public String toString()
ReasonCode
extension.toString
in class Object
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |