RevokedCertificate (6.0 API Documentation)

java.lang.Object
- java.security.cert.X509CRLEntry
- - iaik.x509.RevokedCertificate

All Implemented Interfaces:

java.lang.Cloneable, java.security.cert.X509Extension

Direct Known Subclasses:

RevokedAttributeCertificate
```
public class RevokedCertificate
extends java.security.cert.X509CRLEntry
implements java.lang.Cloneable
```
This class represents a revoked certificate.
A revoked certificate denotes a certificate that has been revoked for some reason (e.g. the name of the subject has changed, the private key can no more being treated to be only known by the subject, ...) prior to the regular ending of its validity period.
Revoked certificates are collected in certificate revocation lists (CRLs) maintained by certificate issuing certification authorities (CAs). CRLs are publicly available and have to be refreshed in certain time intervals. Each certificate included in a revocation list can be identified by its serial number. The revocation list is signed by the maintaining CA.
A profile for X.509v2 revocation lists is presented together with the X.509v3 certificate format in RFC 3280, where revoked certificates are defined as the following ASN.1 structure:
```
 revokedCertificates     SEQUENCE OF SEQUENCE  {
   userCertificate         CertificateSerialNumber,
   revocationDate          Time,
   crlEntryExtensions      Extensions OPTIONAL
                           -- if present, must be v2
 }  OPTIONAL
 
```
where:
```
 CertificateSerialNumber  ::=  INTEGER

 Time ::= CHOICE {
   utcTime        UTCTime,
   generalTime    GeneralizedTime }

 Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension

 Extension  ::=  SEQUENCE  {
   extnID      OBJECT IDENTIFIER,
   critical    BOOLEAN DEFAULT FALSE,
   extnValue   OCTET STRING  }
 
```
The serial number is used for uniquely identifying some particular certificate within a given revocation list. The revocation date specifies the date on which the revocation of the listed certificate becomes meaning. Dates through the year 2049 shall be encoded as UTCTime, and dates in 2050 or later as GeneralizedTime.
The crlEntryExtensions field may be used for including some additional information. An extension may be a defined standard entry extension (e.g. reasonCode for specifying the reason for revocation), or it may be a private entry extension providing some community-specific information. If an entry extension is marked as critical, but the CRL handling software cannot properly parse this extension, the CRL validation must fail. Non-Critical entry extensions can be ignored, if they cannot be handled (i.e. of unknown state).

The X509CRL implements a certificate revocation list for X.509 public key certificates. A revoked certificate represents a CRL entry.
For adding a CRL entry extension to a revoked certificate, use the addExtension method, e.g.:
```
 //Create a revoked certificate from a X509Certificate and set the revocation date
 //to the current date; the X509Certificate is read in from a file:
 GregorianCalendar date = (GregorianCalendar)Calendar.getInstance();
 InputStream fis = new FileInputStream("cert.der");
 X509Certificate cert = new X509Certificate(fis);
 fis.close();
 RevokedCertificate rev_cert = new RevokedCertificate(cert, date.getTime());
 //add the reason code CRL entry extension to the revoked certificate:
 ReasonCode reasonCode = new ReasonCode(ReasonCode.keyCompromise);
 rev_cert.addExtension(reasonCode);
 
```
Version:

File Revision 35

See Also:
X509CRL, X509Certificate

Constructor Summary

Constructors
Constructor and Description
`RevokedCertificate(ASN1Object obj)` Creates a revoked certificate from an ASN1Object.
`RevokedCertificate(java.math.BigInteger serialNumber, java.util.Date revocationDate)` Creates a revoked certificate from a serial number and a date.
`RevokedCertificate(X509Certificate cert, java.util.Date revocationDate)` Creates a revoked certificate from a certificate and a date.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`addExtension(V3Extension e)` Adds the given extension to this revoked certificate.
`java.lang.Object`	`clone()` Returns a clone of this RevokedCertificate.
`int`	`countExtensions()` Returns the number of extensions included into this revoked certificate.
`java.util.Set`	`getCriticalExtensionOIDs()` Returns a Set of the OID strings identifying the extension(s) that are marked CRITICAL in this revoked certificate.
`byte[]`	`getEncoded()` Returns this RevokedCertificate as DER encoded ASN.1 data structure
`V3Extension`	`getExtension(ObjectID oid)` Returns a specific extension, identyfied by its object identifier.
`byte[]`	`getExtensionValue(java.lang.String oid)` Returns a byte array representing the DER encoding of the `extnValue` OCTET STRING field of the extension identified by the given OID string.
`java.util.Set`	`getNonCriticalExtensionOIDs()` Returns a Set of the OID strings identifying the extension(s) that are marked NON-CRITICAL in this revoked certificate.
`byte[]`	`getRawExtensionValue(java.lang.String oid)` Returns a byte array representing the DER encoding of the extension value identified by the given OID string.
`java.util.Date`	`getRevocationDate()` Returns the revocation date of the revoked certificate.
`java.math.BigInteger`	`getSerialNumber()` Returns the serial number of the revoked certificate.
`boolean`	`hasExtensions()` Checks if there are extensions included into this revoked certificate.
`boolean`	`hasUnsupportedCriticalExtension()` Returns true if there are unsupported critical extensions.
`java.util.Enumeration`	`listExtensions()` Returns an enumeration of all entry extensions included into this revoked certificate.
`void`	`removeAllExtensions()` Removes all extensions from this revoked certificate.
`boolean`	`removeExtension(ObjectID oid)` Removes the extension specified by its object identifier.
`ASN1Object`	`toASN1Object()` Returns the revoked certificate as ASN1Object.
`java.lang.String`	`toString()` Returns a string that represents this revoked certificate.
`java.lang.String`	`toString(boolean detailed)` Returns a string with - if requested - detailed information about this revoked certificate.

Methods inherited from class java.security.cert.X509CRLEntry
equals, getCertificateIssuer, getRevocationReason, hashCode

Methods inherited from class java.lang.Object
finalize, getClass, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - RevokedCertificate
```
public RevokedCertificate(ASN1Object obj)
                   throws java.security.cert.CRLException
```
    Creates a revoked certificate from an ASN1Object.
    The given ASN1Object is parsed for required serial number and revocation date, and - if included - CRL entry extensions.
    This constructor may be used for parsing an already existing RevokedCertificate, supplied as ASN1Object that may have been created by calling the toASN1Object method.
    
    Parameters:
    obj - the revoked certificate as ASN1Object
    
    Throws:
    
    java.security.cert.CRLException - if the ASN1Object can not be parsed
  - RevokedCertificate
```
public RevokedCertificate(X509Certificate cert,
                  java.util.Date revocationDate)
```
    Creates a revoked certificate from a certificate and a date. The required serial number is obtained from the given certificate.
    
    Parameters:
    cert - the certificate to be revoked
    revocationDate - the date when the certificate becomes invalid
  - RevokedCertificate
```
public RevokedCertificate(java.math.BigInteger serialNumber,
                  java.util.Date revocationDate)
```
    Creates a revoked certificate from a serial number and a date.
    
    Parameters:
    serialNumber - the serial number of the certificate to revoke
    revocationDate - the date when the certificate becomes invalid
- Method Detail
  - clone
```
public java.lang.Object clone()
```
    Returns a clone of this RevokedCertificate.
    
    Overrides:
    
    clone in class java.lang.Object
    
    Returns:
    a clone of this RevokedCertificate
  - toASN1Object
```
public ASN1Object toASN1Object()
                        throws java.security.cert.CRLException
```
    Returns the revoked certificate as ASN1Object.
    
    Returns:
    the revoked certificate as (SEQUENCE) ASN1Object
    
    Throws:
    
    java.security.cert.CRLException - if the ASN1Object could not be created
  - getEncoded
```
public byte[] getEncoded()
                  throws java.security.cert.CRLException
```
    Returns this RevokedCertificate as DER encoded ASN.1 data structure
    
    Specified by:
    
    getEncoded in class java.security.cert.X509CRLEntry
    
    Returns:
    a byte array holding the DER encoded RevokedCertificate ASN.1 data structure
    
    Throws:
    
    java.security.cert.CRLException - if the RevokedCertificate cannot be encoded correctly
  - getSerialNumber
```
public java.math.BigInteger getSerialNumber()
```
    Returns the serial number of the revoked certificate.
    
    Specified by:
    
    getSerialNumber in class java.security.cert.X509CRLEntry
    
    Returns:
    the serial number of the revoked certificate
  - getRevocationDate
```
public java.util.Date getRevocationDate()
```
    Returns the revocation date of the revoked certificate.
    
    Specified by:
    
    getRevocationDate in class java.security.cert.X509CRLEntry
    
    Returns:
    the revocation date of the revoked certificate
  - getCriticalExtensionOIDs
```
public java.util.Set getCriticalExtensionOIDs()
```
    Returns a Set of the OID strings identifying the extension(s) that are marked CRITICAL in this revoked certificate.
    
    Specified by:
    
    getCriticalExtensionOIDs in interface java.security.cert.X509Extension
    
    Returns:
    a Set (or an empty Set if none are marked critical) of the extension OID strings for extensions that are marked critical. If there are no extensions present at all, then this method returns null
    See Also:
    getNonCriticalExtensionOIDs()
  - getNonCriticalExtensionOIDs
```
public java.util.Set getNonCriticalExtensionOIDs()
```
    Returns a Set of the OID strings identifying the extension(s) that are marked NON-CRITICAL in this revoked certificate.
    
    Specified by:
    
    getNonCriticalExtensionOIDs in interface java.security.cert.X509Extension
    
    Returns:
    a Set (or an empty Set if none are marked non-critical) of the extension OID strings for extensions that are marked non-critical. If there are no extensions present at all, then this method returns null.
    See Also:
    getCriticalExtensionOIDs()
  - getExtensionValue
```
public byte[] getExtensionValue(java.lang.String oid)
```
    Returns a byte array representing the DER encoding of the extnValue OCTET STRING field of the extension identified by the given OID string.
    The OID string is represented by a set of non-negative integers separated by periods, e.g. "2.5.29.15" for the KeyUsage extension.
    In ASN.1, the Extensions field is defined as a SEQUENCE of Extension:
```
 Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension

 Extension  ::=  SEQUENCE  {
   extnID      OBJECT IDENTIFIER,
   critical    BOOLEAN DEFAULT FALSE,
   extnValue   OCTET STRING  }
 
```
    where critical specifies whether an extension has to be treated as being critical or not; the default value is FALSE. An extension is identified by its object identifier, specified in the extnID field. The extnValue field is an OCTET STRING which contains the DER encoding of the specific extension's ASN.1 representation itself. Only one instance of a particular extension may be present.
    The byte value returned by this method represents the DER encoding of the extnValue (OCTET_STRING) from above, and the value of this OCTET STRING represents the DER encoding of the specific extension's ASN.1 representation itself. If you want to get the DER encoding of the specific extension's ASN.1 representation itself (not wrapped in an OCTET STRING), use method getRawExtensionValue.
    Specified by:
    
    getExtensionValue in interface java.security.cert.X509Extension
    
    Parameters:
    oid - the object identifier of the extension to be searched for
    
    Returns:
    the DER encoded extnValue OCTET STRING or null if no extension with the specified oid is present
  - getRawExtensionValue
```
public byte[] getRawExtensionValue(java.lang.String oid)
```
    Returns a byte array representing the DER encoding of the extension value identified by the given OID string.
    The OID string is represented by a set of non-negative integers separated by periods, e.g. "2.5.29.15" for the KeyUsage extension.
    In ASN.1, the Extensions field is defined as a SEQUENCE of Extension:
```
 Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension

 Extension  ::=  SEQUENCE  {
   extnID      OBJECT IDENTIFIER,
   critical    BOOLEAN DEFAULT FALSE,
   extnValue   OCTET STRING  }
 
```
    where critical specifies whether an extension has to be treated as being critical or not; the default value is FALSE. An extension is identified by its object identifier, specified in the extnID field. The extnValue field is an OCTET STRING which contains the DER encoding of the specific extension's ASN.1 representation itself. Only one instance of a particular extension may be present in a particular certificate.
    The byte value returned by this method represents the DER encoding of the specific extension's ASN.1 representation itself (i.e. the value of the extnValue OCTET STRING).
    Parameters:
    oid - the object identifier of the extension to be searched for
    
    Returns:
    the DER encoded ASN.1 representation of the extension or null if no extension with the specified oid is present
  - hasExtensions
```
public boolean hasExtensions()
```
    Checks if there are extensions included into this revoked certificate.
    
    Specified by:
    
    hasExtensions in class java.security.cert.X509CRLEntry
    
    Returns:
    true if extensions are included, false if not
  - hasUnsupportedCriticalExtension
```
public boolean hasUnsupportedCriticalExtension()
```
    Returns true if there are unsupported critical extensions.
    
    Specified by:
    
    hasUnsupportedCriticalExtension in interface java.security.cert.X509Extension
    
    Returns:
    true, if there are unsupported critical extensions
  - addExtension
```
public void addExtension(V3Extension e)
                  throws X509ExtensionException
```
    Adds the given extension to this revoked certificate.
    If an extension with the same object ID already exists, it is replaced.
    
    Usage example:
```
 ReasonCode reasonCode = new ReasonCode(ReasonCode.keyCompromise);
 revokedCertificate.addExtension(reasonCode);
 
```
    For getting some extension use method getExtension(ObjectID)
    Parameters:
    e - the extension to add to the list of extensions
    
    Throws:
    
    X509ExtensionException - if an error occurs while DER encoding the extension
    See Also:
    V3Extension
  - removeExtension
```
public boolean removeExtension(ObjectID oid)
```
    Removes the extension specified by its object identifier.
    
    Parameters:
    oid - the object ID of the extension to remove
    
    Returns:
    true if the extension successfully has been removed false otherwise
  - removeAllExtensions
```
public void removeAllExtensions()
```
    Removes all extensions from this revoked certificate.
  - listExtensions
```
public java.util.Enumeration listExtensions()
```
    Returns an enumeration of all entry extensions included into this revoked certificate.
    The returned enumeration may contain unknown extensions (instances of UnknownExtension) if there are any extensions included in this certificate, for which there exists no registered implementation, and it may contain error extensions (instances of ErrorExtension) indicating extensions which cannot be parsed properly because of some kind of error.
    
    Returns:
    an enumeration of the extensions, or null if there are no extensions present at all
  - countExtensions
```
public int countExtensions()
```
    Returns the number of extensions included into this revoked certificate.
    
    Returns:
    the number of extensions
  - getExtension
```
public V3Extension getExtension(ObjectID oid)
                         throws X509ExtensionInitException
```
    Returns a specific extension, identyfied by its object identifier.
    If the extension cannot be initialized for some reason, an X509ExtensionInitException is thrown. If the requested extension is an unknown extension, which is not supported by a registered implementation, this method creates and returns an UnknownExtension object which may be queried for obtaining as much information as possible about the unknown extension.
    
    Parameters:
    oid - the object ID of the extension
    
    Returns:
    the desired extension or null if the requested extension is not present
    
    Throws:
    
    X509ExtensionInitException - if the extension can not be initialized
    See Also:
    X509Extensions.getExtension(iaik.asn1.ObjectID)
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents this revoked certificate.
    
    Specified by:
    
    toString in class java.security.cert.X509CRLEntry
    
    Returns:
    the string representation
  - toString
```
public java.lang.String toString(boolean detailed)
```
    Returns a string with - if requested - detailed information about this revoked certificate.
    
    Parameters:
    detailed - - whether or not to give detailed information about this revoked certificate.
    
    Returns:
    the string representation

Class RevokedCertificate

Constructor Summary

Method Summary

Methods inherited from class java.security.cert.X509CRLEntry

Methods inherited from class java.lang.Object

Constructor Detail

RevokedCertificate

RevokedCertificate

RevokedCertificate

Method Detail

clone

toASN1Object

getEncoded

getSerialNumber

getRevocationDate

getCriticalExtensionOIDs

getNonCriticalExtensionOIDs

getExtensionValue

getRawExtensionValue

hasExtensions

hasUnsupportedCriticalExtension

addExtension

removeExtension

removeAllExtensions

listExtensions

countExtensions

getExtension

toString

toString