iaik.x509.stream

Interface CRLListener

All Known Implementing Classes:

RevokedCertificatesCRLListener

public interface CRLListener

A X509CRLStream object always calls the methods of a CRL listener in the same order while parsing a CRL.

It calls

• getSignature(AlgorithmID) exactly once,
• header(int, Name, Date, Date) exactly once,
• revokedCertificate(RevokedCertificate) zero or more times,
• extensions(X509Extensions) exactly once,
• signature(AlgorithmID, byte[], boolean) exactly once

an exactly in this order. Thus, the listener object gets all contents of the CRL. The CRL stream class itself does not store any of the data. It is the task of the listener object to process or store the data of the CRL.

Method Summary

Methods

Modifier and Type	Method and Description
void	extensions(X509Extensions extensions) The CRL praser calls this method exactly once.
java.security.Signature	getSignature(AlgorithmID signatureAlgorithm) The CRL stream calls this method to get an initialized Signature object which is ready for signature verification.
void	header(int version, Name issuer, java.util.Date thisUpdate, java.util.Date nextUpdate) The call to this method notifies the listener about header information in the CRL.
void	revokedCertificate(RevokedCertificate entry) The CRL stream parser calls this listener method for each CRL entry exactly once and in the order in which they appear in the CRL.
void	signature(AlgorithmID signatureAlgorithm, byte[] signatureValue, boolean verified) The CRL parser calls this method at the end of the CRL parsing process.

Method Detail

getSignature

java.security.Signature getSignature(AlgorithmID signatureAlgorithm)
                                     throws java.security.NoSuchAlgorithmException,
                                            java.security.InvalidKeyException

The CRL stream calls this method to get an initialized Signature object which is ready for signature verification. If the signature should not be verified, the listener may return null.

Parameters:

signatureAlgorithm - The signature algorithm; e.g. AlgorithmID.sha1WithRSAEncryption(1.2.840.113549.1.1.5). This is the signature algorithm as encoded in the signature field of the TBSCertList of the CRL.

Returns:

An Signatureobject which has already been initialized for signature verification with the appropriate public key. null to disable verification of the signature of the CRL.

Throws:

java.security.NoSuchAlgorithmException - If there is no implementation available for the requested algorithm.

java.security.InvalidKeyException - If the verification key does not suit for the algorithm.

header

void header(int version,
          Name issuer,
          java.util.Date thisUpdate,
          java.util.Date nextUpdate)
            throws java.security.cert.CRLException

The call to this method notifies the listener about header information in the CRL. Please note that the signature algorithm has already been reported before in the call to getSignature(AlgorithmID).

Parameters:

version - The version number; e.g. 1 for a v2 CRL. -1 if unavailable.

issuer - The issuer name of the CRL.

thisUpdate - The thisUpdate value of the CRL.

nextUpdate - The nextUpdate value of the CRL or null if not present.

Throws:

java.security.cert.CRLException - If any of the given parameters has an invalid value.

revokedCertificate

void revokedCertificate(RevokedCertificate entry)
                        throws java.security.cert.CRLException,
                               X509ExtensionException

The CRL stream parser calls this listener method for each CRL entry exactly once and in the order in which they appear in the CRL. Please note that a CRL may have no entries in which case this method will not be called at all.

Parameters:

entry - The current CRL entry. This may contain also extensions.

Throws:

java.security.cert.CRLException - If the entry is invalid.

X509ExtensionException - If the entry has invalid extensions.

extensions

void extensions(X509Extensions extensions)
                throws java.security.cert.CRLException,
                       X509ExtensionException

The CRL praser calls this method exactly once. If the parsed CRL contains CRL extensions, the CRL praser will pass all these extensions to this method. If there are no extensions present, it will pass null.

Parameters:

extensions - The extensions of the parsed CRL or null if there are no extensions.

Throws:

java.security.cert.CRLException - If there is an invalid extension.

X509ExtensionException - If an extension has an invalid format.

signature

void signature(AlgorithmID signatureAlgorithm,
             byte[] signatureValue,
             boolean verified)
               throws java.security.cert.CRLException

The CRL parser calls this method at the end of the CRL parsing process. It passes the signature algorithm, the signature value and if the signature value has already been verified by the CRL parser. The CRL parser verifies the signature value, if it has got a Signatureobject when it called getSignature(AlgorithmID).

Parameters:

signatureAlgorithm - The signature algorithm as encoded in the CertificateList of the CRL.

signatureValue - The signature value as encoded in the CRL.

verified - true if the CRL parser has already verified the signature value, false if it has not been verified. In the latter case, the listener can verify the signature value on its own.

Throws:

java.security.cert.CRLException