Skip navigation links

oracle.security.crypto.cert
Class CRL

java.lang.Object
oracle.security.crypto.cert.CRL

All Implemented Interfaces:

java.io.Externalizable, java.io.Serializable, oracle.security.crypto.asn1.ASN1Object, oracle.security.crypto.util.Streamable

public class CRL

extends java.lang.Object

implements oracle.security.crypto.asn1.ASN1Object, java.io.Externalizable

This class encapsulates a X.509 certificate revocation list (CRL) of RevokedCertificate objects.

Note: the methods and constructors that input a CRL do not automatically verify it. You need to explicitly call the verify method, after the issuer's public key has been set.

See Also:

RevokedCertificate, Serialized Form

Constructor Summary

CRL()
Create an empty CRL.

CRL(java.io.File f)
Input a CRL from a file.

CRL(java.io.InputStream is)
Input a CRL from a stream.

CRL(java.net.URL url)
Input a CRL from a URL.

CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey)
Make a new CRL with an empty list of certificates and no scheduled next update.

CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, java.util.Date thisUpdate, java.util.Date nextUpdate, java.util.Vector revokedCertificates)
Make a new CRL.

CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, int days)
Make a new CRL with an empty list of certificates.

CRL(X509 issuer)
Make a new CRL, which is expected to be issued by the given issuer.

CRL(X509 issuer, java.io.File f)
Input from a file a CRL issued by the given issuer.

CRL(X509 issuer, java.io.InputStream is)
Input from a stream a CRL issued by the given issuer.

CRL(X509 issuer, java.net.URL url)
Input from a URL a CRL issued by the given issuer.

Method Summary

void	addCertificate(java.math.BigInteger sn) Add a certificate serial number to the revoked list.
void	addCertificate(java.math.BigInteger sn, java.util.Date d) Add a certificate serial number to the revoked list with the given revocation date.
void	addCertificate(RevokedCertificate rc) Add a RevokedCertificate to the list.
void	addExtension(X509Extension ext) Add an extension.
boolean	equals(java.lang.Object o) Compare this CRL to the specified object.
java.util.Date	getDate() Get this CRL's date.
byte[]	getEncoded() Returns the encoded form of this object.
X509Extension	getExtension(oracle.security.crypto.asn1.ASN1ObjectID type) Return the extension with the specified OID, or null if it is not present.
X509ExtensionSet	getExtensionSet() Returns the set of X509Extensions.
X500Name	getIssuer() Returns the issuer of this CRL.
java.util.Date	getNextDate() Get the date of the next update (i.e., last date of validity for this CRL).
RevokedCertificate	getRevokedCertificate(java.math.BigInteger sn) Returns the revocation record for the given serial number, or null if it is not on the list.
java.util.Vector	getRevokedCertificates() Get the vector of CRL entries.
byte[]	getSigBytes() Signs the certificate and returns the signature bytes.
boolean	hasUnrecognizedCriticalExtension() Returns true if this CRL or any of its revoked certificate entries has an unrecognized critical extension.
void	input(java.io.InputStream is) Input this CRL from a stream.
boolean	isRevoked(java.math.BigInteger sn) Checks whether this serial number is on the list.
int	length() Returns the length of the DER encoding of this CRL.
void	output(java.io.OutputStream os) Output this CRL to a stream.
void	readExternal(java.io.ObjectInput is)
java.util.Date	revocationDate(java.math.BigInteger sn) Returns the revocation date for the given serial number, or null if it is not on the list.
java.util.Enumeration	revokedSerialNos() Get the serial numbers of the CRL entries.
void	setDate(java.util.Date thisUpdate) Set the date of this CRL.
void	setDates(java.util.Date thisUpdate, java.util.Date nextUpdate) Set the dates of validity for this CRL.
void	setDates(int days) Set the dates of validity for this CRL.
void	setExtensions(X509ExtensionSet exts) Set the X509Extensionss.
void	setIssuer(X500Name issuer) Set the issuer of this CRL.
void	setIssuerCertificate(X509 issuerCert) Set the issuer of this CRL and the issuer's public key from a certificate.
void	setPrivateKey(oracle.security.crypto.core.PrivateKey key) Set issuer's signature private key.
void	setPrivateKey(oracle.security.crypto.core.PrivateKey key, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) Set issuer's signature private key and signature algorithm.
void	setPublicKey(oracle.security.crypto.core.PublicKey key) Set the issuer's public key for later verification.
void	setRevokedCertificates(java.util.Vector rcs) Set the vector of RevokedCertificates.
void	setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
void	sign() Signs this CRL.
void	sign(oracle.security.crypto.core.RandomBitsSource rbs) Signs this CRL.
java.lang.String	toString() Returns a verbose humanly readable representation of this CRL.
boolean	verify() Verify the CRL.
boolean	verifyDate() Verify that the CRL is already/still valid.
boolean	verifySignature() Verify the CRL signature.
void	writeExternal(java.io.ObjectOutput os)

Methods inherited from class java.lang.Object

clone, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

CRL

public CRL()

Create an empty CRL.

CRL

public CRL(java.io.InputStream is)
    throws java.io.IOException

Input a CRL from a stream.

Throws:

java.io.IOException - if there was an I/O error

CRL

public CRL(java.io.File f)
    throws java.io.IOException

Input a CRL from a file.

Throws:

java.io.IOException - if there was an I/O error

CRL

public CRL(java.net.URL url)
    throws java.io.IOException

Input a CRL from a URL.

Throws:

java.io.IOException - if there was an I/O error

CRL

public CRL(X509 issuer)

Make a new CRL, which is expected to be issued by the given issuer. This constructor is to be called by a verifier. The input method will throw an exception if the CRL it reads was not issued by the specified issuer.

Parameters:

issuer - the certificate of the expected issuer

See Also:

input(InputStream)

CRL

public CRL(X509 issuer,
           java.io.InputStream is)
    throws java.io.IOException

Input from a stream a CRL issued by the given issuer.

Throws:

java.io.IOException - if there was an I/O error, or the CRL was not issued by the specified issuer

CRL

public CRL(X509 issuer,
           java.io.File f)
    throws java.io.FileNotFoundException,
           java.io.IOException

Input from a file a CRL issued by the given issuer.

Throws:

java.io.IOException - if there was an I/O error, or the CRL was not issued by the specified issuer

java.io.FileNotFoundException

CRL

public CRL(X509 issuer,
           java.net.URL url)
    throws java.io.IOException

Input from a URL a CRL issued by the given issuer.

Throws:

java.io.IOException - if there was an I/O error, or the CRL was not issued by the specified issuer

CRL

public CRL(X500Name issuer,
           oracle.security.crypto.core.PrivateKey privKey,
           java.util.Date thisUpdate,
           java.util.Date nextUpdate,
           java.util.Vector revokedCertificates)

Make a new CRL. This constructor is to be called by a CA issuer. The CRL is not actually signed until the sign or output method is called.

Parameters:

issuer - the issuer's name

privKey - the issuer's private signing key

thisUpdate - the date of this CRL

nextUpdate - the upper limit on the date of the next CRL (or null)

revokedCertificates - the vector of RevokedCertificates

See Also:

sign(), output(OutputStream)

CRL

public CRL(X500Name issuer,
           oracle.security.crypto.core.PrivateKey privKey,
           int days)

Make a new CRL with an empty list of certificates. This constructor is to be called by a CA issuer. The CRL is not actually signed until the sign or output method is called.

Parameters:

issuer - the issuer's name

privKey - the issuer's private signing key

days - the number of days until the next update (or <=0 for no update)

See Also:

sign(), output(OutputStream)

CRL

public CRL(X500Name issuer,
           oracle.security.crypto.core.PrivateKey privKey)

Make a new CRL with an empty list of certificates and no scheduled next update. This constructor is to be called by a CA issuer.

Parameters:

issuer - the issuer's name

privKey - the issuer's private signing key

Method Detail

setIssuer

public void setIssuer(X500Name issuer)

Set the issuer of this CRL.

setIssuerCertificate

public void setIssuerCertificate(X509 issuerCert)

Set the issuer of this CRL and the issuer's public key from a certificate.

getIssuer

public X500Name getIssuer()

Returns the issuer of this CRL.

setPublicKey

public void setPublicKey(oracle.security.crypto.core.PublicKey key)

Set the issuer's public key for later verification.

setPrivateKey

public void setPrivateKey(oracle.security.crypto.core.PrivateKey key)

Set issuer's signature private key. The default signature algorithm for the given key will be used.

setPrivateKey

public void setPrivateKey(oracle.security.crypto.core.PrivateKey key,
                          oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)

Set issuer's signature private key and signature algorithm.

setSigAlgID

public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)

getDate

public java.util.Date getDate()

Get this CRL's date.

getNextDate

public java.util.Date getNextDate()

Get the date of the next update (i.e., last date of validity for this CRL).

getRevokedCertificates

public java.util.Vector getRevokedCertificates()

Get the vector of CRL entries.

Returns:

a Vector of RevokedCertificate, or null if none are defined.

revokedSerialNos

public java.util.Enumeration revokedSerialNos()

Get the serial numbers of the CRL entries.

Returns:

an (possibly empty) Enumeration of the BigInteger serial numbers of the revoked certificates in this CRL.

setRevokedCertificates

public void setRevokedCertificates(java.util.Vector rcs)

Set the vector of RevokedCertificates.

setDate

public void setDate(java.util.Date thisUpdate)

Set the date of this CRL. Does not set the date of the next update.

setDates

public void setDates(java.util.Date thisUpdate,
                     java.util.Date nextUpdate)

Set the dates of validity for this CRL.

setDates

public void setDates(int days)

Set the dates of validity for this CRL.

Parameters:

days - the number of days before the next update

addCertificate

public void addCertificate(java.math.BigInteger sn)

Add a certificate serial number to the revoked list. Uses the current time as the revocation date.

addCertificate

public void addCertificate(java.math.BigInteger sn,
                           java.util.Date d)

Add a certificate serial number to the revoked list with the given revocation date.

addCertificate

public void addCertificate(RevokedCertificate rc)

Add a RevokedCertificate to the list.

getExtensionSet

public X509ExtensionSet getExtensionSet()

Returns the set of X509Extensions.

Returns:

A X509ExtensionSet, or null if no extensions are defined.

getExtension

public X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID type)

Return the extension with the specified OID, or null if it is not present.

setExtensions

public void setExtensions(X509ExtensionSet exts)

Set the X509Extensionss.

addExtension

public void addExtension(X509Extension ext)

Add an extension.

getRevokedCertificate

public RevokedCertificate getRevokedCertificate(java.math.BigInteger sn)

Returns the revocation record for the given serial number, or null if it is not on the list.

revocationDate

public java.util.Date revocationDate(java.math.BigInteger sn)

Returns the revocation date for the given serial number, or null if it is not on the list.

isRevoked

public boolean isRevoked(java.math.BigInteger sn)

Checks whether this serial number is on the list.

hasUnrecognizedCriticalExtension

public boolean hasUnrecognizedCriticalExtension()

Returns true if this CRL or any of its revoked certificate entries has an unrecognized critical extension.

verify

public boolean verify()
               throws oracle.security.crypto.core.AuthenticationException

Verify the CRL. Checks the date and signature. The issuer's public key has to be set.

Throws:

oracle.security.crypto.core.AuthenticationException

verifyDate

public boolean verifyDate()

Verify that the CRL is already/still valid.

verifySignature

public boolean verifySignature()
                        throws oracle.security.crypto.core.AuthenticationException

Verify the CRL signature. The issuer's public key has to be set.

Throws:

oracle.security.crypto.core.AuthenticationException

sign

public void sign()
          throws oracle.security.crypto.core.SignatureException

Signs this CRL. The issuer's private key has to be set. The default random number generator is used, if needed.

Note: Making any modifications to the contents of the CRL after signing invalidates the signature. The sign method must be invoked again after any modifications for a valid signature to be computed.

Throws:

oracle.security.crypto.core.SignatureException - if there is an error during signing

sign

public void sign(oracle.security.crypto.core.RandomBitsSource rbs)
          throws oracle.security.crypto.core.SignatureException

Signs this CRL. The issuer's private key has to be set.

Note: Making any modifications to the contents of the CRL after signing invalidates the signature. The sign method must be invoked again after any modifications for a valid signature to be computed.

Parameters:

rbs - the random number generator to be used for signing, if needed

Throws:

oracle.security.crypto.core.SignatureException - if there is an error during signing

getSigBytes

public byte[] getSigBytes()
                   throws oracle.security.crypto.core.SignatureException

Signs the certificate and returns the signature bytes.

Throws:

oracle.security.crypto.core.SignatureException

output

public void output(java.io.OutputStream os)
            throws java.io.IOException

Output this CRL to a stream.

Specified by:

output in interface oracle.security.crypto.util.Streamable

Throws:

java.io.IOException - if there was an I/O error

input

public void input(java.io.InputStream is)
           throws java.io.IOException

Input this CRL from a stream.

Specified by:

input in interface oracle.security.crypto.util.Streamable

Throws:

java.io.IOException - if there was an I/O error, or the issuer was specified before and does not match the CRL that was read in

length

public int length()

Returns the length of the DER encoding of this CRL.

Throws a StreamableOutputException if an error occurs while generating the DER encoding.

Specified by:

length in interface oracle.security.crypto.util.Streamable

equals

public boolean equals(java.lang.Object o)

Compare this CRL to the specified object. Returns true if and only if the argument is not null and is an CRL object which has the same DER encoding as this object.

Overrides:

equals in class java.lang.Object

toString

public java.lang.String toString()

Returns a verbose humanly readable representation of this CRL. This method is recommended to be used only for debugging.

Overrides:

toString in class java.lang.Object

getEncoded

public byte[] getEncoded()

Returns the encoded form of this object.

Throws a StreamableOutputException if an error occurs while generating the encoded bytes.

writeExternal

public void writeExternal(java.io.ObjectOutput os)
                   throws java.io.IOException

Specified by:

writeExternal in interface java.io.Externalizable

Throws:

java.io.IOException

readExternal

public void readExternal(java.io.ObjectInput is)
                  throws java.io.IOException,
                         java.lang.ClassNotFoundException

Specified by:

readExternal in interface java.io.Externalizable

Throws:

java.io.IOException

java.lang.ClassNotFoundException

Skip navigation links