public class CRL
extends java.lang.Object
implements oracle.security.crypto.asn1.ASN1Object, java.io.Externalizable
RevokedCertificate
objects.
Note: the methods and constructors that input a CRL do not automatically verify it. You need to explicitly call the verify
method, after the issuer's public key has been set.
RevokedCertificate
, Serialized FormConstructor and Description |
---|
CRL()
Create an empty CRL.
|
CRL(java.io.File f)
Input a CRL from a file.
|
CRL(java.io.InputStream is)
Input a CRL from a stream.
|
CRL(java.net.URL url)
Input a CRL from a URL.
|
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey)
|
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, java.util.Date thisUpdate, java.util.Date nextUpdate, java.util.List<? extends RevokedCertificate> revokedCertificates)
|
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, java.util.Date thisUpdate, java.util.Date nextUpdate, java.util.Vector<? extends RevokedCertificate> revokedCertificates)
Make a new CRL.
|
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, int days)
|
CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, int days, oracle.security.crypto.core.AlgorithmIdentifier sigAlg)
|
CRL(X509 issuer)
Deprecated.
|
CRL(X509 issuer, java.io.File f)
Deprecated.
|
CRL(X509 issuer, java.io.InputStream is)
Deprecated.
|
CRL(X509 issuer, java.net.URL url)
Deprecated.
|
Modifier and Type | Method and Description |
---|---|
void |
addCertificate(java.math.BigInteger sn)
Add a certificate serial number to the revoked list.
|
void |
addCertificate(java.math.BigInteger sn, java.util.Date d)
Add a certificate serial number to the revoked list with the given revocation date.
|
void |
addCertificate(RevokedCertificate rc)
Add a
RevokedCertificate to the list. |
void |
addExtension(X509Extension ext)
Add an extension.
|
boolean |
equals(java.lang.Object o)
Compare this CRL to the specified object.
|
java.util.Set<java.lang.String> |
getCriticalExtensionOIDs() |
java.util.Date |
getDate()
Get this CRL's date.
|
byte[] |
getEncoded()
Returns the encoded form of this object.
|
X509Extension |
getExtension(oracle.security.crypto.asn1.ASN1ObjectID type)
Return the extension with the specified OID, or null if it is not present.
|
X509ExtensionSet |
getExtensionSet()
Returns the set of
X509Extension s. |
byte[] |
getExtensionValue(java.lang.String oid) |
X500Name |
getIssuer()
Returns the issuer of this CRL.
|
java.security.Principal |
getIssuerDN() |
javax.security.auth.x500.X500Principal |
getIssuerX500Principal() |
java.util.Date |
getNextDate()
Get the date of the next update (i.e., last date of validity for this CRL).
|
java.util.Date |
getNextUpdate() |
java.util.Set<java.lang.String> |
getNonCriticalExtensionOIDs() |
RevokedCertificate |
getRevokedCertificate(java.math.BigInteger sn)
Returns the revocation record for the given serial number, or null if it is not on the list.
|
java.security.cert.X509CRLEntry |
getRevokedCertificate(java.security.cert.X509Certificate certificate) |
java.util.Vector<RevokedCertificate> |
getRevokedCertificates()
Deprecated.
|
java.util.ArrayList<RevokedCertificate> |
getRevokedCertificatesAsList()
Get the list of CRL entries.
|
java.util.Map<java.math.BigInteger,RevokedCertificate> |
getRevokedCertificatesAsMap()
Get a map of RevokedCertificates indexed by serial number
|
java.lang.String |
getSigAlgName() |
java.lang.String |
getSigAlgOID() |
byte[] |
getSigAlgParams() |
byte[] |
getSigBytes()
Signs the certificate and returns the signature bytes.
|
byte[] |
getSignature() |
byte[] |
getTBSCertList() |
java.util.Date |
getThisUpdate() |
int |
getVersion() |
int |
hashCode() |
boolean |
hasUnrecognizedCriticalExtension()
Returns
true if this CRL or any of its revoked certificate entries has an unrecognized critical extension. |
boolean |
hasUnsupportedCriticalExtension() |
void |
input(java.io.InputStream is)
Input this CRL from a stream.
|
boolean |
isRevoked(java.math.BigInteger sn)
Checks whether this serial number is on the list.
|
boolean |
isRevoked(java.security.cert.Certificate cert) |
int |
length()
Returns the length of the DER encoding of this CRL.
|
void |
output(java.io.OutputStream os)
Output this CRL to a stream.
|
void |
readExternal(java.io.ObjectInput is) |
java.util.Date |
revocationDate(java.math.BigInteger sn)
Returns the revocation date for the given serial number, or null if it is not on the list.
|
java.util.Enumeration<java.math.BigInteger> |
revokedSerialNos()
Deprecated.
Use
getRevokedCertificatesAsList() and then get Iterator |
void |
setDate(java.util.Date thisUpdate)
Set the date of this CRL.
|
void |
setDates(java.util.Date thisUpdate, java.util.Date nextUpdate)
Set the dates of validity for this CRL.
|
void |
setDates(int days)
Set the dates of validity for this CRL.
|
void |
setExtensions(X509ExtensionSet exts)
Set the
X509Extensions s. |
void |
setIssuer(X500Name issuer)
Set the issuer of this CRL.
|
void |
setIssuerCertificate(X509 issuerCert)
Deprecated.
|
void |
setIssuerCertificate(java.security.cert.X509Certificate ic)
Set the issuer of this CRL and the issuer's public key from a certificate.
|
void |
setPrivateKey(oracle.security.crypto.core.PrivateKey key)
Deprecated.
|
void |
setPrivateKey(oracle.security.crypto.core.PrivateKey key, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Deprecated.
|
void |
setPrivateKey(java.security.PrivateKey key, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
Set issuer's signature private key and signature algorithm.
|
void |
setPublicKey(oracle.security.crypto.core.PublicKey key)
Deprecated.
|
void |
setPublicKey(java.security.PublicKey key)
Set the issuer's public key for later verification.
|
void |
setRevokedCertificates(java.util.List<? extends RevokedCertificate> rcs)
Set the vector of
RevokedCertificate s. |
void |
setRevokedCertificates(java.util.Vector<? extends RevokedCertificate> rcs)
Deprecated.
|
void |
setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID) |
void |
sign()
Signs this CRL.
|
void |
sign(oracle.security.crypto.core.RandomBitsSource rbs)
Deprecated.
Use
sign() |
static CRL |
toCRL(java.security.cert.X509CRL crl)
Converts an X509CRL to CRL.
|
java.lang.String |
toString()
Returns a verbose humanly readable representation of this CRL.
|
java.security.cert.X509CRL |
toX509CRL()
Get the X509CRL.
|
boolean |
verify()
Verify the CRL.
|
void |
verify(java.security.PublicKey key) |
void |
verify(java.security.PublicKey key, java.lang.String sigProvider) |
boolean |
verifyDate()
Verify that the CRL is already/still valid.
|
boolean |
verifySignature()
Verify the CRL signature.
|
void |
writeExternal(java.io.ObjectOutput os) |
public CRL()
public CRL(java.io.InputStream is) throws java.io.IOException
java.io.IOException
- if there was an I/O errorpublic CRL(java.io.File f) throws java.io.IOException
java.io.IOException
- if there was an I/O errorpublic CRL(java.net.URL url) throws java.io.IOException
java.io.IOException
- if there was an I/O errorpublic CRL(X509 issuer)
CRL()
, setIssuerCertificate(X509Certificate)
input
method will throw an exception if the CRL it reads was not issued by the specified issuer.issuer
- the certificate of the expected issuerinput(InputStream)
public CRL(X509 issuer, java.io.InputStream is) throws java.io.IOException
CRL()
, setIssuerCertificate(X509Certificate)
, input(InputStream)
java.io.IOException
- if there was an I/O error, or the CRL was not issued by the specified issuerpublic CRL(X509 issuer, java.io.File f) throws java.io.FileNotFoundException, java.io.IOException
CRL()
, setIssuerCertificate(X509Certificate)
, input(InputStream)
java.io.IOException
- if there was an I/O error, or the CRL was not issued by the specified issuerjava.io.FileNotFoundException
public CRL(X509 issuer, java.net.URL url) throws java.io.IOException
CRL()
, setIssuerCertificate(X509Certificate)
, input(InputStream)
java.io.IOException
- if there was an I/O error, or the CRL was not issued by the specified issuerpublic CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, java.util.Date thisUpdate, java.util.Date nextUpdate, java.util.Vector<? extends RevokedCertificate> revokedCertificates)
sign
or output
method is called.issuer
- the issuer's nameprivKey
- the issuer's private signing keythisUpdate
- the date of this CRLnextUpdate
- the upper limit on the date of the next CRL (or null)revokedCertificates
- the list of RevokedCertificate
ssign()
, Use {@link #CRL()}, {@link #setIssuer(X500Name)}, {@link #setDates(Date, Date)}, {@link #setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)}, {@link #setRevokedCertificates(List)}
public CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, java.util.Date thisUpdate, java.util.Date nextUpdate, java.util.List<? extends RevokedCertificate> revokedCertificates)
CRL()
, setIssuer(X500Name)
, setDates(Date, Date)
, setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
, setRevokedCertificates(List)
sign
or output
method is called.issuer
- the issuer's nameprivKey
- the issuer's private signing keythisUpdate
- the date of this CRLnextUpdate
- the upper limit on the date of the next CRL (or null)revokedCertificates
- the list of RevokedCertificate
ssign()
, output(OutputStream)
public CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, int days)
CRL()
, setIssuer(X500Name)
, setDates(int)
, setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
sign
or output
method is called.issuer
- the issuer's nameprivKey
- the issuer's private signing keydays
- the number of days until the next update (or <=0 for no update)sign()
, output(OutputStream)
public CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey, int days, oracle.security.crypto.core.AlgorithmIdentifier sigAlg)
CRL()
, setIssuer(X500Name)
, setDates(int)
, setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
issuer
- the issuer's nameprivKey
- the issuer's private signing keydays
- the number of days until the next update (or <=0 for no update)sigAlg
- signature algorithm to usesign()
, output(OutputStream)
public CRL(X500Name issuer, oracle.security.crypto.core.PrivateKey privKey)
CRL()
, setIssuer(X500Name)
, setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
issuer
- the issuer's nameprivKey
- the issuer's private signing keypublic static CRL toCRL(java.security.cert.X509CRL crl)
If the X509CRL was wrapper object obtained by toX509CRL()
then this method simply returns the underlying CRL object.
cert
-public void setIssuer(X500Name issuer)
public void setIssuerCertificate(X509 issuerCert)
setIssuerCertificate(X509Certificate)
public void setIssuerCertificate(java.security.cert.X509Certificate ic)
public X500Name getIssuer()
public void setPublicKey(oracle.security.crypto.core.PublicKey key)
setPublicKey(java.security.PublicKey)
public void setPublicKey(java.security.PublicKey key)
public void setPrivateKey(oracle.security.crypto.core.PrivateKey key)
setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
public void setPrivateKey(oracle.security.crypto.core.PrivateKey key, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
setPrivateKey(java.security.PrivateKey, AlgorithmIdentifier)
public void setPrivateKey(java.security.PrivateKey key, oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
key
-sigAlgID
-public void setSigAlgID(oracle.security.crypto.core.AlgorithmIdentifier sigAlgID)
public java.util.Date getDate()
public java.util.Date getNextDate()
@Deprecated public java.util.Vector<RevokedCertificate> getRevokedCertificates()
Vector
of RevokedCertificate
, or null
if none are defined.public java.util.ArrayList<RevokedCertificate> getRevokedCertificatesAsList()
ArrayList
of RevokedCertificate
, or null
if none are defined.public java.util.Map<java.math.BigInteger,RevokedCertificate> getRevokedCertificatesAsMap()
public java.util.Enumeration<java.math.BigInteger> revokedSerialNos()
getRevokedCertificatesAsList()
and then get IteratorEnumeration
of the BigInteger
serial numbers of the revoked certificates in this CRL.public void setRevokedCertificates(java.util.Vector<? extends RevokedCertificate> rcs)
setRevokedCertificates(List)
RevokedCertificate
s.public void setRevokedCertificates(java.util.List<? extends RevokedCertificate> rcs)
RevokedCertificate
s.public void setDate(java.util.Date thisUpdate)
public void setDates(java.util.Date thisUpdate, java.util.Date nextUpdate)
public void setDates(int days)
days
- the number of days before the next updatepublic void addCertificate(java.math.BigInteger sn)
public void addCertificate(java.math.BigInteger sn, java.util.Date d)
public void addCertificate(RevokedCertificate rc)
RevokedCertificate
to the list.public X509ExtensionSet getExtensionSet()
X509Extension
s.X509ExtensionSet
, or null if no extensions are defined.public X509Extension getExtension(oracle.security.crypto.asn1.ASN1ObjectID type)
public void setExtensions(X509ExtensionSet exts)
X509Extensions
s.public void addExtension(X509Extension ext)
public RevokedCertificate getRevokedCertificate(java.math.BigInteger sn)
public java.util.Date revocationDate(java.math.BigInteger sn)
public boolean isRevoked(java.math.BigInteger sn)
public boolean hasUnrecognizedCriticalExtension()
true
if this CRL or any of its revoked certificate entries has an unrecognized critical extension.public boolean verify() throws oracle.security.crypto.core.AuthenticationException
oracle.security.crypto.core.AuthenticationException
public boolean verifyDate()
public boolean verifySignature() throws oracle.security.crypto.core.AuthenticationException
oracle.security.crypto.core.AuthenticationException
public void sign() throws oracle.security.crypto.core.SignatureException
Note: Making any modifications to the contents of the CRL after signing invalidates the signature. The sign
method must be invoked again after any modifications for a valid signature to be computed.
oracle.security.crypto.core.SignatureException
- if there is an error during signingpublic void sign(oracle.security.crypto.core.RandomBitsSource rbs) throws oracle.security.crypto.core.SignatureException
sign()
Note: Making any modifications to the contents of the CRL after signing invalidates the signature. The sign
method must be invoked again after any modifications for a valid signature to be computed.
rbs
- the random number generator to be used for signing, if neededoracle.security.crypto.core.SignatureException
- if there is an error during signingpublic byte[] getSigBytes() throws oracle.security.crypto.core.SignatureException
oracle.security.crypto.core.SignatureException
public void output(java.io.OutputStream os) throws java.io.IOException
output
in interface oracle.security.crypto.util.Streamable
java.io.IOException
- if there was an I/O errorpublic void input(java.io.InputStream is) throws java.io.IOException
input
in interface oracle.security.crypto.util.Streamable
java.io.IOException
- if there was an I/O error, or the issuer was specified before and does not match the CRL that was read inpublic int length()
Throws a StreamableOutputException
if an error occurs while generating the DER encoding.
length
in interface oracle.security.crypto.util.Streamable
public boolean equals(java.lang.Object o)
null
and is an CRL
object which has the same DER encoding as this object.equals
in class java.lang.Object
public java.lang.String toString()
toString
in class java.lang.Object
public byte[] getEncoded()
Throws a StreamableOutputException
if an error occurs while generating the encoded bytes.
public java.security.Principal getIssuerDN()
java.security.cert.X509CRL#getIssuerDN()}
public javax.security.auth.x500.X500Principal getIssuerX500Principal()
java.security.cert.X509CRL#getIssuerX500Principal()}
public java.util.Date getNextUpdate()
java.security.cert.X509CRL#getNextUpdate()}
public java.security.cert.X509CRLEntry getRevokedCertificate(java.security.cert.X509Certificate certificate)
certificate
-java.security.cert.X509CRL#getRevokedCertificate(X509Certificate)}
public java.lang.String getSigAlgName()
java.security.cert.X509CRL#getSigAlgName()}
public java.lang.String getSigAlgOID()
java.security.cert.X509CRL#getSigAlgOID()}
public byte[] getSigAlgParams()
java.security.cert.X509CRL#getSigAlgParams()}
public byte[] getSignature()
java.security.cert.X509CRL#getSignature()}
public byte[] getTBSCertList() throws java.security.cert.CRLException
java.security.cert.CRLException
java.security.cert.X509CRL#getTBSCertList()}
public java.util.Date getThisUpdate()
java.security.cert.X509CRL#getThisUpdate()}
public int getVersion()
java.security.cert.X509CRL#getVersion()}
public int hashCode()
hashCode
in class java.lang.Object
public void verify(java.security.PublicKey key, java.lang.String sigProvider) throws java.security.cert.CRLException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
key
-sigProvider
-java.security.cert.CRLException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.SignatureException
java.security.cert.X509CRL#verify(java.security.PublicKey, String)}
public void verify(java.security.PublicKey key) throws java.security.cert.CRLException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.NoSuchProviderException, java.security.SignatureException
key
-java.security.cert.CRLException
java.security.NoSuchAlgorithmException
java.security.InvalidKeyException
java.security.NoSuchProviderException
java.security.SignatureException
java.security.cert.X509CRL#verify(java.security.PublicKey)}
public boolean isRevoked(java.security.cert.Certificate cert)
cert
-java.security.cert.X509CRL#isRevoked(Certificate)}
public java.util.Set<java.lang.String> getCriticalExtensionOIDs()
java.security.cert.X509CRL#getCriticalExtensionOIDs()}
public byte[] getExtensionValue(java.lang.String oid)
oid
-java.security.cert.X509CRL#getExtensionValue(String)}
public java.util.Set<java.lang.String> getNonCriticalExtensionOIDs()
java.security.cert.X509CRL#getNonCriticalExtensionOIDs()}
public boolean hasUnsupportedCriticalExtension()
java.security.cert.X509CRL#hasUnsupportedCriticalExtension()}
public void writeExternal(java.io.ObjectOutput os) throws java.io.IOException
writeExternal
in interface java.io.Externalizable
java.io.IOException
public void readExternal(java.io.ObjectInput is) throws java.io.IOException, java.lang.ClassNotFoundException
readExternal
in interface java.io.Externalizable
java.io.IOException
java.lang.ClassNotFoundException
public java.security.cert.X509CRL toX509CRL()
If you want to convert to an X509CRL of the different implementation do not use this method, Instead use CertificateFactory.generateCRL