|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
|
+--iaik.x509.V3Extension
|
+--iaik.x509.ocsp.extensions.ArchiveCutoff
This class implements the OCSP ArchiveCutoff extension.
As with all OCSP extensions, support of the ArchiveCutoff extension
is optional for client and servers. The critical flag should not be set.
Each OCSP extension is associated with a specific ocsp extension
object identifier, derived from RFC 2560:
id-pkix OBJECT IDENTIFIER ::=
{ iso(1) identified-organization(3) dod(6) internet(1)
security(5) mechanisms(5) pkix(7) }
id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
-- arc for access descriptors
id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
The object identifier for the ArchiveCutoff extension
is defined as:
id-pkix-ocsp-id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
which corresponds to the OID string "1.3.6.1.5.5.7.48.1.6".
The
Online Certificate Status Protocol (RFC 2560) specifies the
ArchiveCutoff extension for allowing a responder to choose to retain
revocation information beyond a certificate's expiration. The date
obtained by subtracting this retention interval value from the producedAt
time in a response is defined as the certificate's "archive cutoff" date.
OCSP-enabled applications would use an OCSP archive cutoff date to
contribute to a proof that a digital signature was (or was not)
reliable on the date it was produced even if the certificate needed
to validate the signature has long since expired.
OCSP servers that provide support for such historical reference
SHOULD include an archive cutoff date extension in responses. If
included, this value SHALL be provided as an OCSP singleExtensions
extension in the corresponding SingleResponse. If, for instance, a server is operated with a 7-year
retention interval policy and status was produced at time t1 then
the value for ArchiveCutoff in the response would be (t1 - 7 years).
ASN.1 definition:
ArchiveCutoff ::= GeneralizedTime
For adding a ArchiveCutoff extension object to a SingleResponse, use the addExtension method, e.g.:
Date cutoffTime = ...; ArchiveCutoff archiveCutoff = new ArchiveCutoff(cutoffTime); singleResponse.addExtension(ArchiveCutoff);
SingleResponse,
V3Extension,
X509Extensions| Field Summary | |
static ObjectID |
oid
The object identifier of this ArchiveCutoff extension. |
| Fields inherited from class iaik.x509.V3Extension |
critical |
| Constructor Summary | |
ArchiveCutoff()
Default constructor. |
|
ArchiveCutoff(Date cutoffTime)
Creates an ArchiveCutoff object from the given
cuttoffTime. |
|
| Method Summary | |
Date |
getCutoffTime()
Gets the archive cutoff time. |
ObjectID |
getObjectID()
Returns the object ID of this ArchiveCutoff extension |
int |
hashCode()
Returns a hashcode for this identity. |
void |
init(ASN1Object obj)
Inits this ArchiveCutoff implementation with an ASN1Object
representing the value of this extension.
|
void |
setCutoffTime(Date cutoffTime)
Sets the cutoff time. |
ASN1Object |
toASN1Object()
Returns an ASN1Object representing the value of this ArchiveCutoff extension.
|
String |
toString()
Returns a string that represents the contents of this ArchiveCutoff extension. |
| Methods inherited from class iaik.x509.V3Extension |
getName, isCritical, setCritical |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait |
| Field Detail |
public static final ObjectID oid
| Constructor Detail |
public ArchiveCutoff()
ArchiveCutoff object.
Use methods setCutoffTime
for setting the cutoff time of this ArchiveCutoff extension.public ArchiveCutoff(Date cutoffTime)
ArchiveCutoff object from the given
cuttoffTime.cutoffTime - the date of the beginning of the retention interval| Method Detail |
public void setCutoffTime(Date cutoffTime)
cutoffTime - the date of the beginning of the retention intervalpublic Date getCutoffTime()
public ObjectID getObjectID()
ArchiveCutoff extensiongetObjectID in class V3Extension
public void init(ASN1Object obj)
throws X509ExtensionException
ArchiveCutoff implementation with an ASN1Object
representing the value of this extension.
The given ASN1Object is the one created by toASN1Object().
This method is used by the X509Extensions class when parsing the ASN.1 representation
of a OCSP object for properly initializing an included
ArchiveCutoff extension. This method initializes the
extension only with its value, but not with its critical
specification. For that reason, this method shall not be
explicitly called by an application.
The ASN1Object supplied to this method will reflect the ASN.1 representation of the ArchiveCutoff extension value:
ArchiveCutoff ::= GeneralizedTime
init in class V3Extensionobj - the ArchiveCutoff as ASN1Object (GeneralizedTime)X509ExtensionException - if the extension cannot be initialized
from its ASN1 representationpublic ASN1Object toASN1Object()
ArchiveCutoff extension.
The ASN1Object returned by this method will reflect the ASN.1 representation of the ArchiveCutoff extension value:
ArchiveCutoff ::= GeneralizedTime
toASN1Object in class V3ExtensionArchiveCutoff as ASN1Object (GenerailzedTime)public int hashCode()
hashCode in class V3Extensionpublic String toString()
ArchiveCutoff extension.toString in class Object
|
This Javadoc may contain text parts from Internet Standard specifications (RFC 2459, 3280, 3039, 2560, 1521, 821, 822, 2253, 1319, 1321, ,2630, 2631, 2268, 3058, 2984, 2104, 2144, 2040, 2311, 2279, see copyright note) and RSA Data Security Public-Key Cryptography Standards (PKCS#1,3,5,7,8,9,10,12, see copyright note). | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
IAIK-JCE 3.1 with IAIK-JCE CC Core 3.1, (c) 1997-2004 IAIK