|
Oracle Security Developer Tools Security Engine Java API Reference 10g (10.1.4.0.1) B28175-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.crypto.cert.CRL
This class encapsulates a X.509 certificate revocation list (CRL) of RevokedCertificate
objects.
Note: the methods and constructors that input a CRL do not automatically verify it. You need to explicitly call the verify
method, after the issuer's public key has been set.
RevokedCertificate
Constructor Summary | |
CRL() Create an empty CRL. |
|
CRL(oracle.security.crypto.asn1.ASN1Sequence s) Deprecated. |
|
CRL(java.io.File f) Input a CRL from a file. |
|
CRL(java.io.InputStream is) Input a CRL from a stream. |
|
CRL(java.net.URL url) Input a CRL from a URL. |
|
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey) Make a new CRL with an empty list of certificates and no scheduled next update. |
|
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, java.util.Date thisUpdate, java.util.Date nextUpdate, java.util.Vector revokedCertificates) Make a new CRL. |
|
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, int days) Make a new CRL with an empty list of certificates. |
|
CRL(X509 issuer) Make a new CRL, which is expected to be issued by the given issuer. |
|
CRL(X509 issuer, oracle.security.crypto.asn1.ASN1Sequence s) Deprecated. |
|
CRL(X509 issuer, java.io.File f) Input from a file a CRL issued by the given issuer. |
|
CRL(X509 issuer, java.io.InputStream is) Input from a stream a CRL issued by the given issuer. |
|
CRL(X509 issuer, java.net.URL url) Input from a URL a CRL issued by the given issuer. |
Method Summary | |
void |
addCertificate(java.math.BigInteger sn) Add a certificate serial number to the revoked list. |
void |
addCertificate(java.math.BigInteger sn, java.util.Date d) Add a certificate serial number to the revoked list with the given revocation date. |
void |
addCertificate(RevokedCertificate rc) Add a RevokedCertificate to the list. |
void |
addExtension(X509Extension ext) Add an extension. |
boolean |
equals(java.lang.Object o) Compare this CRL to the specified object. |
java.util.Date |
getDate() Get this CRL's date. |
byte[] |
getEncoded() Returns the encoded form of this object. |
X509Extension |
getExtension(oracle.security.crypto.asn1.ASN1ObjectID type) Return the extension with the specified OID, or null if it is not present. |
java.util.Vector |
getExtensions() Deprecated. use getExtensionSet() instead. |
X509ExtensionSet |
getExtensionSet() Returns the set of X509Extension s. |
X500Name |
getIssuer() Returns the issuer of this CRL. |
java.util.Date |
getNextDate() Get the date of the next update (i.e., last date of validity for this CRL). |
RevokedCertificate |
getRevokedCertificate(java.math.BigInteger sn) Returns the revocation record for the given serial number, or null if it is not on the list. |
java.util.Vector |
getRevokedCertificates() Get the vector of CRL entries. |
byte[] |
getSigBytes() Signs the certificate and returns the signature bytes. |
boolean |
hasUnrecognizedCriticalExtension() Returns true if this CRL or any of its revoked certificate entries has an unrecognized critical extension. |
void |
input(java.io.InputStream is) Input this CRL from a stream. |
boolean |
isRevoked(java.math.BigInteger sn) Checks whether this serial number is on the list. |
int |
length() Returns the length of the DER encoding of this CRL. |
void |
output(java.io.OutputStream os) Output this CRL to a stream. |
oracle.security.crypto.asn1.ASN1Sequence |
outputASN1() Deprecated. |
java.util.Date |
revocationDate(java.math.BigInteger sn) Returns the revocation date for the given serial number, or null if it is not on the list. |
java.util.Enumeration |
revokedSerialNos() Get the serial numbers of the CRL entries. |
void |
setAttributes(X509Attributes attr) Deprecated. use setExtensions(X509ExtensionSet) for all extensions. |
void |
setDate(java.util.Date thisUpdate) Set the date of this CRL. |
void |
setDates(java.util.Date thisUpdate, java.util.Date nextUpdate) Set the dates of validity for this CRL. |
void |
setDates(int days) Set the dates of validity for this CRL. |
void |
setExtensions(java.util.Vector exts) Deprecated. use setExtensions(X509ExtensionSet) instead |
void |
setExtensions(X509ExtensionSet exts) Set the X509Extensions s. |
void |
setIssuer(X500Name issuer) Set the issuer of this CRL. |
void |
setIssuerCertificate(X509 issuerCert) Set the issuer of this CRL and the issuer's public key from a certificate. |
void |
setPrivateKey(oracle.security.crypto.core.PrivateKey key) Set issuer's signature private key. |
void |
setPrivateKey(oracle.security.crypto.core.PrivateKey key, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) Set issuer's signature private key and signature algorithm. |
void |
setPublicKey(oracle.security.crypto.core.PublicKey key) Set the issuer's public key for later verification. |
void |
setRevokedCertificates(java.util.Vector rcs) Set the vector of RevokedCertificate s. |
void |
setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) |
void |
sign() Signs this CRL. |
void |
sign(oracle.security.crypto.core.RandomBitsSource rbs) Signs this CRL. |
java.lang.String |
toString() Returns a verbose humanly readable representation of this CRL. |
boolean |
verify() Verify the CRL. |
boolean |
verifyDate() Verify that the CRL is already/still valid. |
boolean |
verifySignature() Verify the CRL signature. |
Methods inherited from class java.lang.Object |
clone, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
public CRL()
public CRL(java.io.InputStream is) throws java.io.IOException
java.io.IOException
- if there was an I/O errorpublic CRL(java.io.File f) throws java.io.IOException
java.io.IOException
- if there was an I/O errorpublic CRL(java.net.URL url) throws java.io.IOException
java.io.IOException
- if there was an I/O errorpublic CRL(oracle.security.crypto.asn1.ASN1Sequence s) throws java.io.IOException
java.io.IOException
- if there was an ASN.1 format errorpublic CRL(X509 issuer)
input
method will throw an exception if the CRL it reads was not issued by the specified issuer.issuer
- the certificate of the expected issuerinput(InputStream)
public CRL(X509 issuer, java.io.InputStream is) throws java.io.IOException
java.io.IOException
- if there was an I/O error, or the CRL was not issued by the specified issuerpublic CRL(X509 issuer, java.io.File f) throws java.io.FileNotFoundException, java.io.IOException
java.io.IOException
- if there was an I/O error, or the CRL was not issued by the specified issuerjava.io.FileNotFoundException
public CRL(X509 issuer, java.net.URL url) throws java.io.IOException
java.io.IOException
- if there was an I/O error, or the CRL was not issued by the specified issuerpublic CRL(X509 issuer, oracle.security.crypto.asn1.ASN1Sequence s) throws java.io.IOException
java.io.IOException
- if there was an I/O error, or the CRL was not issued by the specified issuerpublic CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, java.util.Date thisUpdate, java.util.Date nextUpdate, java.util.Vector revokedCertificates)
sign
or output
method is called.issuer
- the issuer's nameprivKey
- the issuer's private signing keythisUpdate
- the date of this CRLnextUpdate
- the upper limit on the date of the next CRL (or null)revokedCertificates
- the vector of RevokedCertificate
ssign()
, output(OutputStream)
public CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, int days)
sign
or output
method is called.issuer
- the issuer's nameprivKey
- the issuer's private signing keydays
- the number of days until the next update (or <=0 for no update)sign()
, output(OutputStream)
public CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey)
issuer
- the issuer's nameprivKey
- the issuer's private signing keyMethod Detail |
public void setIssuer(X500Name issuer)
public void setIssuerCertificate(X509 issuerCert)
public X500Name getIssuer()
public void setPublicKey(oracle.security.crypto.core.PublicKey key)
public void setPrivateKey(oracle.security.crypto.core.PrivateKey key)
public void setPrivateKey(oracle.security.crypto.core.PrivateKey key, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
public java.util.Date getDate()
public java.util.Date getNextDate()
public java.util.Vector getRevokedCertificates()
Vector
of RevokedCertificate
, or null
if none are defined.public java.util.Enumeration revokedSerialNos()
Enumeration
of the BigInteger
serial numbers of the revoked certificates in this CRL.public void setRevokedCertificates(java.util.Vector rcs)
RevokedCertificate
s.public void setDate(java.util.Date thisUpdate)
public void setDates(java.util.Date thisUpdate, java.util.Date nextUpdate)
public void setDates(int days)
days
- the number of days before the next updatepublic void addCertificate(java.math.BigInteger sn)
public void addCertificate(java.math.BigInteger sn, java.util.Date d)
public void addCertificate(RevokedCertificate rc)
RevokedCertificate
to the list.public void setAttributes(X509Attributes attr)
setExtensions(X509ExtensionSet)
for all extensions.public java.util.Vector getExtensions()
getExtensionSet()
instead.X509Extension
s.public X509ExtensionSet getExtensionSet()
X509Extension
s.X509ExtensionSet
, or null if no extensions are defined.public X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID type)
public void setExtensions(java.util.Vector exts)
setExtensions(X509ExtensionSet)
insteadX509Extension
s.public void setExtensions(X509ExtensionSet exts)
X509Extensions
s.public void addExtension(X509Extension ext)
public RevokedCertificate getRevokedCertificate(java.math.BigInteger sn)
public java.util.Date revocationDate(java.math.BigInteger sn)
public boolean isRevoked(java.math.BigInteger sn)
public boolean hasUnrecognizedCriticalExtension()
true
if this CRL or any of its revoked certificate entries has an unrecognized critical extension.public boolean verify() throws oracle.security.crypto.core.AuthenticationException
oracle.security.crypto.core.AuthenticationException
public boolean verifyDate()
public boolean verifySignature() throws oracle.security.crypto.core.AuthenticationException
oracle.security.crypto.core.AuthenticationException
public void sign() throws oracle.security.crypto.core.SignatureException
Note: Making any modifications to the contents of the CRL after signing invalidates the signature. The sign
method must be invoked again after any modifications for a valid signature to be computed.
oracle.security.crypto.core.SignatureException
- if there is an error during signingpublic void sign(oracle.security.crypto.core.RandomBitsSource rbs) throws oracle.security.crypto.core.SignatureException
Note: Making any modifications to the contents of the CRL after signing invalidates the signature. The sign
method must be invoked again after any modifications for a valid signature to be computed.
rbs
- the random number generator to be used for signing, if neededoracle.security.crypto.core.SignatureException
- if there is an error during signingpublic byte[] getSigBytes() throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
public oracle.security.crypto.asn1.ASN1Sequence outputASN1() throws java.io.IOException
java.io.IOException
public void output(java.io.OutputStream os) throws java.io.IOException
output
in interface oracle.security.crypto.util.Streamable
java.io.IOException
- if there was an I/O errorpublic void input(java.io.InputStream is) throws java.io.IOException
input
in interface oracle.security.crypto.util.Streamable
java.io.IOException
- if there was an I/O error, or the issuer was specified before and does not match the CRL that was read inpublic int length()
Throws a StreamableOutputException
if an error occurs while generating the DER encoding.
length
in interface oracle.security.crypto.util.Streamable
public boolean equals(java.lang.Object o)
null
and is an CRL
object which has the same DER encoding as this object.public java.lang.String toString()
public byte[] getEncoded()
Throws a StreamableOutputException
if an error occurs while generating the encoded bytes.
|
Oracle Security Developer Tools Security Engine Java API Reference 10g (10.1.4.0.1) B28175-01 |
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |