IssuingDistributionPoint (6.0 API Documentation)

java.lang.Object
- iaik.x509.V3Extension
- - iaik.x509.extensions.IssuingDistributionPoint

public class IssuingDistributionPoint
extends V3Extension

This class implements the IssuingDistributionPoint extension.

The IssuingDistributionPoint extension is a critical standard X509v2 CRL extension which may or may not be supported by implementations conforming to RFC3280.

Each extension is associated with a specific certificateExtension object identifier, derived from:

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension

The object identifier for the IssuingDistributionPoint extension is defined as:

id-ce-IssuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }

which corresponds to the OID string "2.5.29.28".

The X.509 Certificate and CRL profile presented in RFC 3280 specifies the IssuingDistributionPoint extension for identifying the CRL distribution point for a particular CRL. It indicates whether the CRL is an indirect CRL, whether it covers revocation for end entity certificates only, CA certificates only, or for a limitied set of reason codes.

ASN.1 definition:

 issuingDistributionPoint ::= SEQUENCE {
      distributionPoint          [0] DistributionPointName OPTIONAL,
      onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
      onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
      onlySomeReasons            [3] ReasonFlags OPTIONAL,
      indirectCRL                [4] BOOLEAN DEFAULT FALSE,
      onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }

For adding a IssuingDistributionPoint extension object to a X509v2 certificate revocation list, use the addExtension method of the iaik.x509.X509CRL class, e.g.:

 IssuingDistributionPoint issuingDistributionPoint = new IssuingDistributionPoint();
 GeneralName dpName = new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.test-ca.at/repository");
 issuingDistributionPoint.setDistributionPointName(dpName);
 issuingDistributionPoint.setOnlyContainsUserCerts(true);
 issuingDistributionPoint.setReasonFlags(DistributionPoint.keyCompromise);
 X505CRL crl = new X509CRL();
   ...
 crl.addExtension(issuingDistributionPoint);

Version:: File Revision 15
See Also:: V3Extension, X509Extensions, X509CRL

Field Summary

Fields
Modifier and Type Field and Description

static ObjectID oid
The object identifier of this IssuingDistributionPoint extension.
- Fields inherited from class iaik.x509.V3Extension
  critical

Fields
Modifier and Type	Field and Description
`static ObjectID`	`oid` The object identifier of this IssuingDistributionPoint extension.

Constructor Summary

Constructors
Constructor and Description

IssuingDistributionPoint()
Default constructor.

Constructors
Constructor and Description
`IssuingDistributionPoint()` Default constructor.

Method Summary

Methods
Modifier and Type	Method and Description
`ASN1Type`	`getDistributionPointName()` Returns the distribution point name of this issuing distribution point.
`boolean`	`getIndirectCRL()` Returns whether the crl is an indirect crl.
`ObjectID`	`getObjectID()` Returns the object ID of this `IssuingDistributionPoint` extension.
`boolean`	`getOnlyContainsAttributeCerts()` Returns whether the CRL only contains attribute certs.
`boolean`	`getOnlyContainsCaCerts()` Returns whether the CRL only contains ca certs.
`boolean`	`getOnlyContainsUserCerts()` Returns whether the CRL only contains user certs.
`int`	`getReasonFlags()` Returns the reason flags specification of this distribution point.
`int`	`hashCode()` Returns a hashcode for this identity.
`void`	`init(ASN1Object obj)` Inits this `IssuingDistributionPoint` implementation with an ASN1object representing the value of this extension.
`void`	`setDistributionPointName(ASN1Type distributionPointName)` Sets the distribution point name parameter of this extension.
`void`	`setIndirectCRL(boolean indirectCRL)` Decides whether the crl is an indirect crl.
`void`	`setOnlyContainsAttributeCerts(boolean onlyContainsAttributeCerts)` Decides whether the CRL only contains attribute cert entries.
`void`	`setOnlyContainsCaCerts(boolean onlyContainsCaCerts)` Decides whether the CRL only contains ca certs.
`void`	`setOnlyContainsUserCerts(boolean onlyContainsUserCerts)` Decides whether the CRL only contains user certs.
`void`	`setReasonFlags(int reasonFlags)` Sets the reason flags (onlySomeReasons) parameter of this extension.
`ASN1Object`	`toASN1Object()` Returns an ASN1Object representing the value of this `IssuingDistributionPoint` extension object.
`java.lang.String`	`toString()` Returns a string that represents the contents of this `IssuingDistributionPoint` extension.

Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - oid
```
public static final ObjectID oid
```
    The object identifier of this IssuingDistributionPoint extension. The corresponding OID string is "2.5.29.28".
- Constructor Detail
  - IssuingDistributionPoint
```
public IssuingDistributionPoint()
```
    Default constructor. Creates an empty IssuingDistributionPoint object. Use the any of the setValue methods for supplying proper values to this IssuingDistributionPoint.
- Method Detail
  - getObjectID
```
public ObjectID getObjectID()
```
    Returns the object ID of this IssuingDistributionPoint extension.
    
    Specified by:
    
    getObjectID in class V3Extension
    
    Returns:
    the object ID
  - init
```
public void init(ASN1Object obj)
          throws X509ExtensionException
```
    Inits this IssuingDistributionPoint implementation with an ASN1object representing the value of this extension.
    The given ASN1Object is the one created by toASN1Object().
    This method is used by the X509Extensions class when parsing the ASN.1 representation of a CRL for properly initializing an included IssuingDistributionPoint extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.
    
    Specified by:
    
    init in class V3Extension
    
    Parameters:
    obj - the IssuingDistributionPoint as ASN1Object
    
    Throws:
    
    X509ExtensionException - if an error occurs when parsing the ASN.1 object
  - toASN1Object
```
public ASN1Object toASN1Object()
                        throws X509ExtensionException
```
    Returns an ASN1Object representing the value of this IssuingDistributionPoint extension object.
    
    Specified by:
    
    toASN1Object in class V3Extension
    
    Returns:
    the value of this IssuingDistributionPoint as ASN1Object
    
    Throws:
    
    X509ExtensionException - if an error occurs when creating the ASN.1 object
  - hashCode
```
public int hashCode()
```
    Returns a hashcode for this identity.
    
    Specified by:
    
    hashCode in class V3Extension
    
    Returns:
    a hash code for this identity
  - setDistributionPointName
```
public void setDistributionPointName(ASN1Type distributionPointName)
                              throws java.lang.IllegalArgumentException
```
    Sets the distribution point name parameter of this extension.
    Only instances of RDN or GeneralNames are accepted! For instance:
```
 RDN distributionPointName = new RDN();
 distributionPointName.addAVA(ObjectID.country, "AT");
 distributionPointName.addAVA(ObjectID.locality, "Graz");
 distributionPointName.addAVA(ObjectID.organization ,"UT Graz");
 distributionPointName.addAVA(ObjectID.organizationalUnit ,"IAIK");
 distributionPointName.addAVA(ObjectID.commonName ,"http://ca.iaik.com/");
 IssuingDistributionPoint issuingDistributionPoint = new IssuingDistributionPoint();
 issuingDistributionPoint.setDistributionPointName(distributionPointName);
 
```
    Parameters:
    distributionPointName - the name to be set
    
    Throws:
    
    java.lang.IllegalArgumentException - if the given name is not an instance of RDN or GeneralNames
    See Also:
    GeneralNames, RDN
  - setOnlyContainsUserCerts
```
public void setOnlyContainsUserCerts(boolean onlyContainsUserCerts)
```
    Decides whether the CRL only contains user certs.
    
    Parameters:
    onlyContainsUserCerts - whether the crl only contains user certs
  - setOnlyContainsCaCerts
```
public void setOnlyContainsCaCerts(boolean onlyContainsCaCerts)
```
    Decides whether the CRL only contains ca certs.
    
    Parameters:
    onlyContainsCaCerts - whether the crl only contains ca certs
  - setReasonFlags
```
public void setReasonFlags(int reasonFlags)
```
    Sets the reason flags (onlySomeReasons) parameter of this extension.
    Use the static parameters defined in iaik.asn1.structures.DistributionPoint for setting the reason flags.
    For instance:
    issuingDistributionPoint.setReasonFlags(DistributionPoint.keyCompromise);
    
    Parameters:
    reasonFlags - the reasons value as int
  - setIndirectCRL
```
public void setIndirectCRL(boolean indirectCRL)
```
    Decides whether the crl is an indirect crl.
    
    Parameters:
    indirectCRL - whether the crl is an indirect crl
  - setOnlyContainsAttributeCerts
```
public void setOnlyContainsAttributeCerts(boolean onlyContainsAttributeCerts)
```
    Decides whether the CRL only contains attribute cert entries.
    
    Parameters:
    onlyContainsAttributeCerts - whether the crl only contains attribute certs
  - getDistributionPointName
```
public ASN1Type getDistributionPointName()
```
    Returns the distribution point name of this issuing distribution point.
    
    Returns:
    the name as GeneralNames or as RDN
    See Also:
    GeneralNames, RDN
  - getOnlyContainsUserCerts
```
public boolean getOnlyContainsUserCerts()
```
    Returns whether the CRL only contains user certs.
    
    Returns:
    whether the crl only contains user certs
  - getOnlyContainsCaCerts
```
public boolean getOnlyContainsCaCerts()
```
    Returns whether the CRL only contains ca certs.
    
    Returns:
    whether the crl only contains ca certs
  - getReasonFlags
```
public int getReasonFlags()
```
    Returns the reason flags specification of this distribution point.
    Note the "big endian" representation of the BIT STRING representing the reason flag value of this DistributionPoint: the least significant bit indicates the reason flag with the lowest bit value, meaning that the integer value 1 specifies the "unused" flag, and the integer value 64 (binary 1000000, hexadecimal 40) specifies the "certificateHold" purpose.
    
    Returns:
    the reason flags specification as int
  - getIndirectCRL
```
public boolean getIndirectCRL()
```
    Returns whether the crl is an indirect crl.
    
    Returns:
    whether the crl is an indirect crl
  - getOnlyContainsAttributeCerts
```
public boolean getOnlyContainsAttributeCerts()
```
    Returns whether the CRL only contains attribute certs.
    
    Returns:
    whether the crl only contains attribute certs
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents the contents of this IssuingDistributionPoint extension.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    the string representation

Class IssuingDistributionPoint

Field Summary

Fields inherited from class iaik.x509.V3Extension

Constructor Summary

Method Summary

Methods inherited from class iaik.x509.V3Extension

Methods inherited from class java.lang.Object

Field Detail

oid

Constructor Detail

IssuingDistributionPoint

Method Detail

getObjectID

init

toASN1Object

hashCode

setDistributionPointName

setOnlyContainsUserCerts

setOnlyContainsCaCerts

setReasonFlags

setIndirectCRL

setOnlyContainsAttributeCerts

getDistributionPointName

getOnlyContainsUserCerts

getOnlyContainsCaCerts

getReasonFlags

getIndirectCRL

getOnlyContainsAttributeCerts

toString