iaik.x509.extensions
Class ReasonCode

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.extensions.ReasonCode

public class ReasonCode
extends V3Extension

This class implements the ReasonCode extension. The ReasonCode extension is a non critical standard X509v2 CRL entry extension.

Each extension is associated with a specific certificateExtension object identifier, derived from:

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension
 

The object identifier for the CRLNumber extension is defined as:

id-ce-cRLReason OBJECT IDENTIFIER ::= { id-ce 21 }

which corresponds to the OID string "2.5.29.21".

The X.509 Certificate and CRL profile presented in RFC 2459 specifies the reason code crl entry extension for identifying the reason for a certificate revocation. CAs are strongly encouraged to include reason codes in CRL entries; however, the reason code CRL entry extension should be absent instead of using the unspecified reasonCode value.

ASN.1 definition:

 reasonCode ::= { CRLReason }
 
CRLReason ::= ENUMERATED { unspecified (0), keyCompromise (1), cACompromise (2), affiliationChanged (3), superseded (4), cessationOfOperation (5), certificateHold (6), removeFromCRL (8), privilegeWithdrawn (9), aACompromise (10)}

Since in the IAIK-JCE environment revoked certificates are implementations of the iaik.x509.RevokedCertificate class, a reasonCode CRL entry extension may be added to a revoked certificate by using the addExtension method of the iaik.x509.RevokedCertificate class. Any revoked certificate itself is added to a certificate revocation list by using a proper addCertificate method of the iaik.x509.X509CRL class, e.g.:

 //Create a revoked certificate from a X509Certificate and set the revocation date
 //to the current date; the X509Certificate is read in from a file:
 GregorianCalendar date = (GregorianCalendar)Calendar.getInstance();
 InputStream fis = new FileInputStream("cert.der");
 X509Certificate cert = new X509Certificate(fis);
 fis.close();
 RevokedCertificate rev_cert = new RevokedCertificate(cert, date.getTime());
 //add the reason code CRL entry extension to the revoked certificate:
 ReasonCode reasonCode = new ReasonCode(ReasonCode.keyCompromise);
 rev_cert.addExtension(reasonCode);
 //add the revoked certificate to the crl
 X509CRL crl = new X509CRL();
  ...
 crl.addCertificate(rev_cert);
 

Version:
File Revision 22
See Also:
X509CRL, X509Certificate, RevokedCertificate

Field Summary
static int aACompromise
          Certificate revocation reason aACompromise.
static int affiliationChanged
          Certificate revocation reason affiliationChanged.
static int cACompromise
          Certificate revocation reason cACompromise.
static int certificateHold
          Certificate revocation reason certificateHold.
static int cessationOfOperation
          Certificate revocation reason cessationOfOperation.
static int keyCompromise
          Certificate revocation reason keyCompromise.
static ObjectID oid
          The object identifier of this ReasonCode extension.
static int privilegeWithdrawn
          Certificate revocation reason privilegeWithdrawn.
static int removeFromCRL
          Certificate revocation reason removeFromCRL.
static int superseded
          Certificate revocation reason superseded.
static int unspecified
          Certificate revocation reason unspecified.
 
Fields inherited from class iaik.x509.V3Extension
critical
 
Constructor Summary
ReasonCode()
          Default constructor.
ReasonCode(int reasonCode)
          Creates a new ReasonCode from a int specifying the reason for certificate revocation.
 
Method Summary
 ObjectID getObjectID()
          Returns the object ID of this ReasonCode extension
 int getReasonCode()
          Returns the reason code specifying the reason for certificate revocation.
 String getReasonCodeName()
          Returns the name of the reason code as String.
 int hashCode()
          Returns a hashcode for this identity.
 void init(ASN1Object obj)
          Inits this ReasonCode implementation with an ASN1object representing the value of this extension.
 void setReasonCode(int reasonCode)
          Sets the reason code for this ReasonCode object.
 ASN1Object toASN1Object()
          Returns an ASN1Object representing the value of this ReasonCode extension object.
 String toString()
          Returns a string that represents the contents of the ReasonCode extension.
 
Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

unspecified

public static final int unspecified
Certificate revocation reason unspecified.

keyCompromise

public static final int keyCompromise
Certificate revocation reason keyCompromise.

cACompromise

public static final int cACompromise
Certificate revocation reason cACompromise.

affiliationChanged

public static final int affiliationChanged
Certificate revocation reason affiliationChanged.

superseded

public static final int superseded
Certificate revocation reason superseded.

cessationOfOperation

public static final int cessationOfOperation
Certificate revocation reason cessationOfOperation.

certificateHold

public static final int certificateHold
Certificate revocation reason certificateHold.

removeFromCRL

public static final int removeFromCRL
Certificate revocation reason removeFromCRL.

privilegeWithdrawn

public static final int privilegeWithdrawn
Certificate revocation reason privilegeWithdrawn.

aACompromise

public static final int aACompromise
Certificate revocation reason aACompromise.

oid

public static final ObjectID oid
The object identifier of this ReasonCode extension. The corresponding OID string is "2.5.29.21".
Constructor Detail

ReasonCode

public ReasonCode()
Default constructor.

Creates an empty ReasonCode object.

Use setReasonCode for specifying some particular reason for certificate revocation, e.g.:

 ReasonCode reasonCode = new ReasonCode();
 reasonCode.setReasonCode(ReasonCode.keyCompromise);
 


ReasonCode

public ReasonCode(int reasonCode)
Creates a new ReasonCode from a int specifying the reason for certificate revocation.

For instance:

 ReasonCode reasonCode = new ReasonCode(ReasonCode.keyCompromise);
 

Parameters:
reasonCode - the reason code specifying the reason for certificate revocation
Method Detail

getObjectID

public ObjectID getObjectID()
Returns the object ID of this ReasonCode extension
Overrides:
getObjectID in class V3Extension
Returns:
the object ID

init

public void init(ASN1Object obj)
Inits this ReasonCode implementation with an ASN1object representing the value of this extension.

The given ASN1Object represents an Integer which specifies the reason for certifcate revocation.

The given ASN1Object is the one created by toASN1Object().

This method is used by the X509Extensions class when parsing the ASN.1 representation of a CRL for properly initializing an included ReasonCode extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.

Overrides:
init in class V3Extension
Parameters:
obj - the ReasonCode as ASN1Object

toASN1Object

public ASN1Object toASN1Object()
Returns an ASN1Object representing the value of this ReasonCode extension object.

The returned ASN1Object is an ASN.1 Enumerated representing an Integer which specifies the reason for certifcate revocation:

 reasonCode ::= { CRLReason }

 CRLReason ::= ENUMERATED {
    unspecified             (0),
    keyCompromise           (1),
    cACompromise            (2),
    affiliationChanged      (3),
    superseded              (4),
    cessationOfOperation    (5),
    certificateHold         (6),
    removeFromCRL           (8),
    privilegeWithdrawn      (9),
    aACompromise           (10)}
 

Overrides:
toASN1Object in class V3Extension
Returns:
the value of this ReasonCode as ASN1Object

setReasonCode

public void setReasonCode(int reasonCode)
Sets the reason code for this ReasonCode object.

For instance:

 ReasonCode reasonCode = new ReasonCode();
 reasonCode.setReasonCode(ReasonCode.keyCompromise);
 

Parameters:
reasonCode - the reason code specifying the reason for certifcate revocation

getReasonCode

public int getReasonCode()
Returns the reason code specifying the reason for certificate revocation.

The following integer value - reason code mapping is used:

Returns:
the reason code as int

getReasonCodeName

public String getReasonCodeName()
Returns the name of the reason code as String.
Returns:
the name of the reason code, e.g. "KeyCompromise"

hashCode

public int hashCode()
Returns a hashcode for this identity.
Overrides:
hashCode in class V3Extension
Returns:
a hash code for this identity

toString

public String toString()
Returns a string that represents the contents of the ReasonCode extension.
Overrides:
toString in class Object
Returns:
the string representation

This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note).

IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK