Constructor for X.509 CRLs.
Returns the ASN.1 DER-encoded form of this CRL.
<strong>Denigrated</strong>, replaced by {@linkplain #getIssuerX500Principal()}. This method returns the {@code issuer} as an implementation specific Principal object, which should not be relied upon by portable code.
Returns the issuer (issuer distinguished name) value from the CRL as an {@code X500Principal}. <p> It is recommended that subclasses override this method.
Gets the {@code nextUpdate} date from the CRL.
Gets the CRL entry, if any, with the given certificate serialNumber.
Get the CRL entry, if any, for the given certificate.
Gets all the entries from this CRL. This returns a Set of X509CRLEntry objects.
Gets the signature algorithm name for the CRL signature algorithm. An example is the string "SHA256withRSA". The ASN.1 definition for this is: <pre> signatureAlgorithm AlgorithmIdentifier
Gets the signature algorithm OID string from the CRL. An OID is represented by a set of nonnegative whole numbers separated by periods. For example, the string "1.2.840.10040.4.3" identifies the SHA-1 with DSA signature algorithm defined in <a href="http://www.ietf.org/rfc/rfc3279.txt">RFC 3279: Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>.
Gets the DER-encoded signature algorithm parameters from this CRL's signature algorithm. In most cases, the signature algorithm parameters are null; the parameters are usually supplied with the public key. If access to individual parameter values is needed then use {@link java.security.AlgorithmParameters AlgorithmParameters} and instantiate with the name returned by {@link #getSigAlgName() getSigAlgName}.
Gets the {@code signature} value (the raw signature bits) from the CRL. The ASN.1 definition for this is: <pre> signature BIT STRING </pre>
Gets the DER-encoded CRL information, the {@code tbsCertList} from this CRL. This can be used to verify the signature independently.
Gets the {@code thisUpdate} date from the CRL. The ASN.1 definition for this is: <pre> thisUpdate ChoiceOfTime ChoiceOfTime ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime } </pre>
Gets the {@code version} (version number) value from the CRL. The ASN.1 definition for this is: <pre> version Version OPTIONAL, -- if present, must be v2
Verifies that this CRL was signed using the private key that corresponds to the given public key.
Verifies that this CRL was signed using the private key that corresponds to the given public key. This method uses the signature verification engine supplied by the given provider.
Verifies that this CRL was signed using the private key that corresponds to the given public key. This method uses the signature verification engine supplied by the given provider. Note that the specified Provider object does not have to be registered in the provider list.
Returns the type of this CRL.
Checks whether the given certificate is on this CRL.
Check if there is a critical extension that is not supported.
Gets a Set of the OID strings for the extension(s) marked CRITICAL in the certificate/CRL managed by the object implementing this interface.
Gets a Set of the OID strings for the extension(s) marked NON-CRITICAL in the certificate/CRL managed by the object implementing this interface.
Gets the DER-encoded OCTET string for the extension value (<em>extnValue</em>) identified by the passed-in {@code oid} string. The {@code oid} string is represented by a set of nonnegative whole numbers separated by periods.
<p> Abstract class for an X.509 Certificate Revocation List (CRL). A CRL is a time-stamped list identifying revoked certificates. It is signed by a Certificate Authority (CA) and made freely available in a public repository.
<p>Each revoked certificate is identified in a CRL by its certificate serial number. When a certificate-using system uses a certificate (e.g., for verifying a remote user's digital signature), that system not only checks the certificate signature and validity but also acquires a suitably- recent CRL and checks that the certificate serial number is not on that CRL. The meaning of "suitably-recent" may vary with local policy, but it usually means the most recently-issued CRL. A CA issues a new CRL on a regular periodic basis (e.g., hourly, daily, or weekly). Entries are added to CRLs as revocations occur, and an entry may be removed when the certificate expiration date is reached. <p> The X.509 v2 CRL format is described below in ASN.1: <pre> CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } </pre> <p> More information can be found in <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>. <p> The ASN.1 definition of {@code tbsCertList} is: <pre> TBSCertList ::= SEQUENCE { version Version OPTIONAL, -- if present, must be v2 signature AlgorithmIdentifier, issuer Name, thisUpdate ChoiceOfTime, nextUpdate ChoiceOfTime OPTIONAL, revokedCertificates SEQUENCE OF SEQUENCE { userCertificate CertificateSerialNumber, revocationDate ChoiceOfTime, crlEntryExtensions Extensions OPTIONAL -- if present, must be v2 } OPTIONAL, crlExtensions [0] EXPLICIT Extensions OPTIONAL -- if present, must be v2 } </pre> <p> CRLs are instantiated using a certificate factory. The following is an example of how to instantiate an X.509 CRL: <pre>{@code try (InputStream inStream = new FileInputStream("fileName-of-crl")) { CertificateFactory cf = CertificateFactory.getInstance("X.509"); X509CRL crl = (X509CRL)cf.generateCRL(inStream); } }</pre>
@author Hemma Prafullchandra