Overview  Package   Class  Tree  Deprecated  Index  Help 
Oracle Security Developer Tools Security Engine Java API Reference
10g Release 3 (10.1.3)
B25381-01
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

oracle.security.crypto.cert
Class CRL

java.lang.Object
  extended byoracle.security.crypto.cert.CRL

All Implemented Interfaces:
oracle.security.crypto.asn1.ASN1Object, oracle.security.crypto.util.Streamable
public class CRL
extends java.lang.Object
implements oracle.security.crypto.asn1.ASN1Object

This class encapsulates a X.509 certificate revocation list (CRL) of RevokedCertificate objects.

Note: the methods and constructors that input a CRL do not automatically verify it. You need to explicitly call the verify method, after the issuer's public key has been set.

See Also:
RevokedCertificate

Constructor Summary
CRL()
          Create an empty CRL.
CRL(oracle.security.crypto.asn1.ASN1Sequence s)
          Deprecated.  
CRL(java.io.File f)
          Input a CRL from a file.
CRL(java.io.InputStream is)
          Input a CRL from a stream.
CRL(java.net.URL url)
          Input a CRL from a URL.
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey)
          Make a new CRL with an empty list of certificates and no scheduled next update.
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, java.util.Date thisUpdate, java.util.Date nextUpdate, java.util.Vector revokedCertificates)
          Make a new CRL.
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, int days)
          Make a new CRL with an empty list of certificates.
CRL(X509 issuer)
          Make a new CRL, which is expected to be issued by the given issuer.
CRL(X509 issuer, oracle.security.crypto.asn1.ASN1Sequence s)
          Deprecated.  
CRL(X509 issuer, java.io.File f)
          Input from a file a CRL issued by the given issuer.
CRL(X509 issuer, java.io.InputStream is)
          Input from a stream a CRL issued by the given issuer.
CRL(X509 issuer, java.net.URL url)
          Input from a URL a CRL issued by the given issuer.

 

Method Summary
 void addCertificate(java.math.BigInteger sn)
          Add a certificate serial number to the revoked list.
 void addCertificate(java.math.BigInteger sn, java.util.Date d)
          Add a certificate serial number to the revoked list with the given revocation date.
 void addCertificate(RevokedCertificate rc)
          Add a RevokedCertificate to the list.
 void addExtension(X509Extension ext)
          Add an extension.
 boolean equals(java.lang.Object o)
          Compare this CRL to the specified object.
 java.util.Date getDate()
          Get this CRL's date.
 byte[] getEncoded()
          Returns the encoded form of this object.
 X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID type)
          Return the extension with the specified OID, or null if it is not present.
 java.util.Vector getExtensions()
          Deprecated. use getExtensionSet() instead.
 X509ExtensionSet getExtensionSet()
          Returns the set of X509Extensions.
 X500Name getIssuer()
          Returns the issuer of this CRL.
 java.util.Date getNextDate()
          Get the date of the next update (i.e., last date of validity for this CRL).
 RevokedCertificate getRevokedCertificate(java.math.BigInteger sn)
          Returns the revocation record for the given serial number, or null if it is not on the list.
 java.util.Vector getRevokedCertificates()
          Get the vector of CRL entries.
 byte[] getSigBytes()
          Signs the certificate and returns the signature bytes.
 boolean hasUnrecognizedCriticalExtension()
          Returns true if this CRL or any of its revoked certificate entries has an unrecognized critical extension.
 void input(java.io.InputStream is)
          Input this CRL from a stream.
 boolean isRevoked(java.math.BigInteger sn)
          Checks whether this serial number is on the list.
 int length()
          Returns the length of the DER encoding of this CRL.
 void output(java.io.OutputStream os)
          Output this CRL to a stream.
 oracle.security.crypto.asn1.ASN1Sequence outputASN1()
          Deprecated.  
 java.util.Date revocationDate(java.math.BigInteger sn)
          Returns the revocation date for the given serial number, or null if it is not on the list.
 java.util.Enumeration revokedSerialNos()
          Get the serial numbers of the CRL entries.
 void setAttributes(X509Attributes attr)
          Deprecated. use setExtensions(X509ExtensionSet) for all extensions.
 void setDate(java.util.Date thisUpdate)
          Set the date of this CRL.
 void setDates(java.util.Date thisUpdate, java.util.Date nextUpdate)
          Set the dates of validity for this CRL.
 void setDates(int days)
          Set the dates of validity for this CRL.
 void setExtensions(java.util.Vector exts)
          Deprecated. use setExtensions(X509ExtensionSet) instead
 void setExtensions(X509ExtensionSet exts)
          Set the X509Extensionss.
 void setIssuer(X500Name issuer)
          Set the issuer of this CRL.
 void setIssuerCertificate(X509 issuerCert)
          Set the issuer of this CRL and the issuer's public key from a certificate.
 void setPrivateKey(oracle.security.crypto.core.PrivateKey key)
          Set issuer's signature private key.
 void setPrivateKey(oracle.security.crypto.core.PrivateKey key, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
          Set issuer's signature private key and signature algorithm.
 void setPublicKey(oracle.security.crypto.core.PublicKey key)
          Set the issuer's public key for later verification.
 void setRevokedCertificates(java.util.Vector rcs)
          Set the vector of RevokedCertificates.
 void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
           
 void sign()
          Signs this CRL.
 void sign(oracle.security.crypto.core.RandomBitsSource rbs)
          Signs this CRL.
 java.lang.String toString()
          Returns a verbose humanly readable representation of this CRL.
 boolean verify()
          Verify the CRL.
 boolean verifyDate()
          Verify that the CRL is already/still valid.
 boolean verifySignature()
          Verify the CRL signature.

 

Methods inherited from class java.lang.Object
clone, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

 

Constructor Detail

CRL

public CRL()
Create an empty CRL.

CRL

public CRL(java.io.InputStream is)
    throws java.io.IOException
Input a CRL from a stream.
Throws:
java.io.IOException - if there was an I/O error

CRL

public CRL(java.io.File f)
    throws java.io.IOException
Input a CRL from a file.
Throws:
java.io.IOException - if there was an I/O error

CRL

public CRL(java.net.URL url)
    throws java.io.IOException
Input a CRL from a URL.
Throws:
java.io.IOException - if there was an I/O error

CRL

public CRL(oracle.security.crypto.asn1.ASN1Sequence s)
    throws java.io.IOException
Deprecated.  
Parse an ASN.1 CRL.
Throws:
java.io.IOException - if there was an ASN.1 format error

CRL

public CRL(X509 issuer)
Make a new CRL, which is expected to be issued by the given issuer. This constructor is to be called by a verifier. The input method will throw an exception if the CRL it reads was not issued by the specified issuer.
Parameters:
issuer - the certificate of the expected issuer
See Also:
input(InputStream)

CRL

public CRL(X509 issuer,
           java.io.InputStream is)
    throws java.io.IOException
Input from a stream a CRL issued by the given issuer.
Throws:
java.io.IOException - if there was an I/O error, or the CRL was not issued by the specified issuer

CRL

public CRL(X509 issuer,
           java.io.File f)
    throws java.io.FileNotFoundException,
           java.io.IOException
Input from a file a CRL issued by the given issuer.
Throws:
java.io.IOException - if there was an I/O error, or the CRL was not issued by the specified issuer
java.io.FileNotFoundException

CRL

public CRL(X509 issuer,
           java.net.URL url)
    throws java.io.IOException
Input from a URL a CRL issued by the given issuer.
Throws:
java.io.IOException - if there was an I/O error, or the CRL was not issued by the specified issuer

CRL

public CRL(X509 issuer,
           oracle.security.crypto.asn1.ASN1Sequence s)
    throws java.io.IOException
Deprecated.  
Parse an ASN.1 CRL issued by the given issuer.
Throws:
java.io.IOException - if there was an I/O error, or the CRL was not issued by the specified issuer

CRL

public CRL(X500Name issuer,
           oracle.security.crypto.core.PrivateKey privKey,
           java.util.Date thisUpdate,
           java.util.Date nextUpdate,
           java.util.Vector revokedCertificates)
Make a new CRL. This constructor is to be called by a CA issuer. The CRL is not actually signed until the sign or output method is called.
Parameters:
issuer - the issuer's name
privKey - the issuer's private signing key
thisUpdate - the date of this CRL
nextUpdate - the upper limit on the date of the next CRL (or null)
revokedCertificates - the vector of RevokedCertificates
See Also:
sign(), output(OutputStream)

CRL

public CRL(X500Name issuer,
           oracle.security.crypto.core.PrivateKey privKey,
           int days)
Make a new CRL with an empty list of certificates. This constructor is to be called by a CA issuer. The CRL is not actually signed until the sign or output method is called.
Parameters:
issuer - the issuer's name
privKey - the issuer's private signing key
days - the number of days until the next update (or <=0 for no update)
See Also:
sign(), output(OutputStream)

CRL

public CRL(X500Name issuer,
           oracle.security.crypto.core.PrivateKey privKey)
Make a new CRL with an empty list of certificates and no scheduled next update. This constructor is to be called by a CA issuer.
Parameters:
issuer - the issuer's name
privKey - the issuer's private signing key

Method Detail

setIssuer

public void setIssuer(X500Name issuer)
Set the issuer of this CRL.

setIssuerCertificate

public void setIssuerCertificate(X509 issuerCert)
Set the issuer of this CRL and the issuer's public key from a certificate.

getIssuer

public X500Name getIssuer()
Returns the issuer of this CRL.

setPublicKey

public void setPublicKey(oracle.security.crypto.core.PublicKey key)
Set the issuer's public key for later verification.

setPrivateKey

public void setPrivateKey(oracle.security.crypto.core.PrivateKey key)
Set issuer's signature private key. The default signature algorithm for the given key will be used.

setPrivateKey

public void setPrivateKey(oracle.security.crypto.core.PrivateKey key,
                          oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Set issuer's signature private key and signature algorithm.

setSigAlgID

public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)

getDate

public java.util.Date getDate()
Get this CRL's date.

getNextDate

public java.util.Date getNextDate()
Get the date of the next update (i.e., last date of validity for this CRL).

getRevokedCertificates

public java.util.Vector getRevokedCertificates()
Get the vector of CRL entries.
Returns:
a Vector of RevokedCertificate, or null if none are defined.

revokedSerialNos

public java.util.Enumeration revokedSerialNos()
Get the serial numbers of the CRL entries.
Returns:
an (possibly empty) Enumeration of the BigInteger serial numbers of the revoked certificates in this CRL.

setRevokedCertificates

public void setRevokedCertificates(java.util.Vector rcs)
Set the vector of RevokedCertificates.

setDate

public void setDate(java.util.Date thisUpdate)
Set the date of this CRL. Does not set the date of the next update.

setDates

public void setDates(java.util.Date thisUpdate,
                     java.util.Date nextUpdate)
Set the dates of validity for this CRL.

setDates

public void setDates(int days)
Set the dates of validity for this CRL.
Parameters:
days - the number of days before the next update

addCertificate

public void addCertificate(java.math.BigInteger sn)
Add a certificate serial number to the revoked list. Uses the current time as the revocation date.

addCertificate

public void addCertificate(java.math.BigInteger sn,
                           java.util.Date d)
Add a certificate serial number to the revoked list with the given revocation date.

addCertificate

public void addCertificate(RevokedCertificate rc)
Add a RevokedCertificate to the list.

setAttributes

public void setAttributes(X509Attributes attr)
Deprecated. use setExtensions(X509ExtensionSet) for all extensions.
Set the X.509 attributes. The attributes object is converted to a list of extensions, which is then prepended to the current value of the extension list. If the attributes object redefines an extension already included in the current extension set, the current definition takes precedence.

getExtensions

public java.util.Vector getExtensions()
Deprecated. use getExtensionSet() instead.
Returns a vector of X509Extensions.

getExtensionSet

public X509ExtensionSet getExtensionSet()
Returns the set of X509Extensions.
Returns:
A X509ExtensionSet, or null if no extensions are defined.

getExtension

public X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID type)
Return the extension with the specified OID, or null if it is not present.

setExtensions

public void setExtensions(java.util.Vector exts)
Deprecated. use setExtensions(X509ExtensionSet) instead
Set the vector of X509Extensions.

setExtensions

public void setExtensions(X509ExtensionSet exts)
Set the X509Extensionss.

addExtension

public void addExtension(X509Extension ext)
Add an extension.

getRevokedCertificate

public RevokedCertificate getRevokedCertificate(java.math.BigInteger sn)
Returns the revocation record for the given serial number, or null if it is not on the list.

revocationDate

public java.util.Date revocationDate(java.math.BigInteger sn)
Returns the revocation date for the given serial number, or null if it is not on the list.

isRevoked

public boolean isRevoked(java.math.BigInteger sn)
Checks whether this serial number is on the list.

hasUnrecognizedCriticalExtension

public boolean hasUnrecognizedCriticalExtension()
Returns true if this CRL or any of its revoked certificate entries has an unrecognized critical extension.

verify

public boolean verify()
               throws oracle.security.crypto.core.AuthenticationException
Verify the CRL. Checks the date and signature. The issuer's public key has to be set.
Throws:
oracle.security.crypto.core.AuthenticationException

verifyDate

public boolean verifyDate()
Verify that the CRL is already/still valid.

verifySignature

public boolean verifySignature()
                        throws oracle.security.crypto.core.AuthenticationException
Verify the CRL signature. The issuer's public key has to be set.
Throws:
oracle.security.crypto.core.AuthenticationException

sign

public void sign()
          throws oracle.security.crypto.core.SignatureException
Signs this CRL. The issuer's private key has to be set. The default random number generator is used, if needed.

Note: Making any modifications to the contents of the CRL after signing invalidates the signature. The sign method must be invoked again after any modifications for a valid signature to be computed.

Throws:
oracle.security.crypto.core.SignatureException - if there is an error during signing

sign

public void sign(oracle.security.crypto.core.RandomBitsSource rbs)
          throws oracle.security.crypto.core.SignatureException
Signs this CRL. The issuer's private key has to be set.

Note: Making any modifications to the contents of the CRL after signing invalidates the signature. The sign method must be invoked again after any modifications for a valid signature to be computed.

Parameters:
rbs - the random number generator to be used for signing, if needed
Throws:
oracle.security.crypto.core.SignatureException - if there is an error during signing

getSigBytes

public byte[] getSigBytes()
                   throws oracle.security.crypto.core.SignatureException
Signs the certificate and returns the signature bytes.
Throws:
oracle.security.crypto.core.SignatureException

outputASN1

public oracle.security.crypto.asn1.ASN1Sequence outputASN1()
                                                    throws java.io.IOException
Deprecated.  
Throws:
java.io.IOException

output

public void output(java.io.OutputStream os)
            throws java.io.IOException
Output this CRL to a stream.
Specified by:
output in interface oracle.security.crypto.util.Streamable
Throws:
java.io.IOException - if there was an I/O error

input

public void input(java.io.InputStream is)
           throws java.io.IOException
Input this CRL from a stream.
Specified by:
input in interface oracle.security.crypto.util.Streamable
Throws:
java.io.IOException - if there was an I/O error, or the issuer was specified before and does not match the CRL that was read in

length

public int length()
Returns the length of the DER encoding of this CRL.

Throws a StreamableOutputException if an error occurs while generating the DER encoding.

Specified by:
length in interface oracle.security.crypto.util.Streamable

equals

public boolean equals(java.lang.Object o)
Compare this CRL to the specified object. Returns true if and only if the argument is not null and is an CRL object which has the same DER encoding as this object.

toString

public java.lang.String toString()
Returns a verbose humanly readable representation of this CRL. This method is recommended to be used only for debugging.

getEncoded

public byte[] getEncoded()
Returns the encoded form of this object.

Throws a StreamableOutputException if an error occurs while generating the encoded bytes.

Overview  Package   Class  Tree  Deprecated  Index  Help 
Oracle Security Developer Tools Security Engine Java API Reference
10g Release 3 (10.1.3)
B25381-01
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

Copyright © 2005, 2006 , Oracle. All rights reserved.