ExtendedRevoked (6.2 API Documentation)

java.lang.Object
- iaik.x509.V3Extension
- - iaik.x509.ocsp.extensions.ExtendedRevoked

```
public class ExtendedRevoked
extends V3Extension
```
This class implements the OCSP ExtendedRevoked extension.
The ExtendedRevoked extension has been introduced by RFC 6960 as non critical OCSP response extension.
Each OCSP extension is associated with a specific ocsp extension object identifier, derived from RFC 6960:
```
 id-pkix  OBJECT IDENTIFIER  ::=
        { iso(1) identified-organization(3) dod(6) internet(1)
          security(5) mechanisms(5) pkix(7) }

 id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }       
        -- arc for access descriptors

 id-ad-ocsp      OBJECT IDENTIFIER ::= { id-ad 1 }
 
 id-pkix-ocsp    OBJECT IDENTIFIER ::= { id-ad-ocsp }
 
```
The object identifier for the ExtendedRevoked extension is defined as:
```
 id-pkix-ocsp-extended-revoke           OBJECT IDENTIFIER ::= { id-pkix-ocsp 9 }
 
```
which corresponds to the OID string "1.3.6.1.5.5.7.48.1.9".
The Online Certificate Status Protocol (RFC 6960) specifies the ExtendedRevoked extension for allowing an OCSP responder to return the "revoked" status not only for actually revoked certificates, but also for certificates that never have been issued by the corresponding CA (the CA does not have any record of having ever issued a certificate for the serial number asked in the request).
ASN.1 definition:
```
 ExtendedRevoked ::= NULL
 
```
When returning the "revoked" status to an request query for a never issued certificate the OCSP response must include an instance of this ExtendedRevoked extension, and must specify certificateHold as revocation reason in the single response and set the revocation time to January 1, 1970:
```
  // the reqCert; got from the request
  ReqCert reqCert = request.getReqCert();
  // no cert has been issued for serial number in request
  RevokedInfo revokedInfo = new RevokedInfo(ExtendedRevoked.REVOCATION_TIME);
  revokedInfo.setRevocationReason(ExtendedRevoked.REVOCATION_REASON);
  CertStatus certStatus = new CertStatus(revokedInfo);
  // thisUpdate is today
  Date thisUpdate = new Date();
  // create the single response:
  SingleRespone singleResponse = 
    new SingleResponse(reqCert, certStatus, thisUpdate);
  ...
  BasicOCSPResponse basicOCSPResponse = ...;
  basicOCSPResponse.setSingleResponses(new SingleResponse[] { singleResponse });
  ...
  // indicate support for extended revoked definition
  basicOCSPResponse.addExtension(new ExtendedRevoked());
  ...
  OCSPResponse ocspResponse = new OCSPResponse(basicOCSPResponse);
 
```
While the ExtendedRevoked extension is mandatory for as response that uses the "revoked" cert status for a never issued certificate, it also can be included in any other response to simply indicate support for the extended revoked definition.
Version:

File Revision 11

See Also:

OCSPRequest, BasicOCSPResponse, OCSPResponse, SingleResponse, CertStatus, RevokedInfo

Field Summary

Fields
Modifier and Type	Field and Description
`static ObjectID`	`oid` The object identifier of this ExtendedRevoked extension.
`static ReasonCode`	`REVOCATION_REASON` Revocation reason for a never issued certificate (certificateHold (6)).
`static ChoiceOfTime`	`REVOCATION_TIME` Revocation time for a never issued certificate (January 1, 1970).

Fields inherited from class iaik.x509.V3Extension
critical

Constructor Summary

Constructors
Constructor and Description

ExtendedRevoked()
Creates a ExtendedRevoked object.

Constructors
Constructor and Description
`ExtendedRevoked()` Creates a `ExtendedRevoked` object.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`ObjectID`	`getObjectID()` Returns the object ID of this `ExtendedRevoked` extension
`int`	`hashCode()` Returns a hashcode for this identity.
`void`	`init(ASN1Object obj)` Inits this `ExtendedRevoked` implementation with an ASN1object representing the value of this extension.
`ASN1Object`	`toASN1Object()` Returns an ASN1Object representing the value of this `ExtendedRevoked` extension.
`java.lang.String`	`toString()` Returns a string that represents the contents of this `ExtendedRevoked` extension.

Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

- Field Detail
  - oid
```
public static final ObjectID oid
```
    The object identifier of this ExtendedRevoked extension. The corresponding OID string is "1.3.6.1.5.5.7.48.1.9".
  - REVOCATION_TIME
```
public static final ChoiceOfTime REVOCATION_TIME
```
    Revocation time for a never issued certificate (January 1, 1970).
  - REVOCATION_REASON
```
public static final ReasonCode REVOCATION_REASON
```
    Revocation reason for a never issued certificate (certificateHold (6)).
- Constructor Detail
  - ExtendedRevoked
```
public ExtendedRevoked()
```
    Creates a ExtendedRevoked object.
- Method Detail
  - getObjectID
```
public ObjectID getObjectID()
```
    Returns the object ID of this ExtendedRevoked extension
    
    Specified by:
    
    getObjectID in class V3Extension
    
    Returns:
    
    the object ID
  - init
```
public void init(ASN1Object obj)
          throws X509ExtensionException
```
    Inits this ExtendedRevoked implementation with an ASN1object representing the value of this extension.
    This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.
    The ASN1Object supplied to this method will reflect the ASN.1 representation of the ExtendedRevoked extension value:
```
 ExtendedRevoked ::= NULL
 
```
    Specified by:
    
    init in class V3Extension
    
    Parameters:
    
    obj - the ExtendedRevoked as ASN1Object (NULL)
    
    Throws:
    
    X509ExtensionException - if the extension could not parse the ASN1Object
  - toASN1Object
```
public ASN1Object toASN1Object()
```
    Returns an ASN1Object representing the value of this ExtendedRevoked extension.
    The ASN1Object returned by this method will reflect the ASN.1 representation of the ExtendedRevoked extension value:
```
 ExtendedRevoked ::= NULL
 
```
    Specified by:
    
    toASN1Object in class V3Extension
    
    Returns:
    
    the value of this ExtendedRevoked as ASN1Object (NULL)
  - hashCode
```
public int hashCode()
```
    Returns a hashcode for this identity.
    
    Specified by:
    
    hashCode in class V3Extension
    
    Returns:
    
    a hash code for this identity
  - toString
```
public java.lang.String toString()
```
    Returns a string that represents the contents of this ExtendedRevoked extension.
    
    Overrides:
    
    toString in class java.lang.Object
    
    Returns:
    
    the string representation

Class ExtendedRevoked

Field Summary

Fields inherited from class iaik.x509.V3Extension

Constructor Summary

Method Summary

Methods inherited from class iaik.x509.V3Extension

Methods inherited from class java.lang.Object

Field Detail

oid

REVOCATION_TIME

REVOCATION_REASON

Constructor Detail

ExtendedRevoked

Method Detail

getObjectID

init

toASN1Object

hashCode

toString