Unmarshals an X.509 CRL from its encoded form, parsing the encoded bytes. This form of constructor is used by agents which need to examine and use CRL contents. Note that the buffer must include only one CRL, and no "garbage" may be left at the end.
Unmarshals an X.509 CRL from an DER value.
Unmarshals an X.509 CRL from an input stream. Only one CRL is expected at the end of the input stream.
Initial CRL constructor, no revoked certs, and no extensions.
CRL constructor, revoked certs, no extensions.
CRL constructor, revoked certs and extensions.
Encodes the "to-be-signed" CRL to the OutputStream.
return the AuthorityKeyIdentifier, if any.
Gets a Set of the extension(s) marked CRITICAL in the CRL. In the returned set, each extension is represented by its OID string.
Returns the ASN.1 DER encoded form of this CRL.
Returned the encoding as an uncloned byte array. Callers must guarantee that they neither modify it nor expose it to untrusted code.
get an extension
Gets the DER encoded OCTET string for the extension value (<code>extnValue</code>) identified by the passed in oid string. The <code>oid</code> string is represented by a set of positive whole number separated by ".", that means,<br> <positive whole number>.<positive whole number>.<...>
Gets the issuer distinguished name from this CRL. The issuer name identifies the entity who has signed (and issued the CRL). The issuer name field contains an X.500 distinguished name (DN). The ASN.1 definition for this is: <pre> issuer Name
Return the issuer as X500Principal. Overrides method in X509CRL to provide a slightly more efficient version.
Gets the nextUpdate date from the CRL.
Gets a Set of the extension(s) marked NON-CRITICAL in the CRL. In the returned set, each extension is represented by its OID string.
Gets the CRL entry with the given serial number from this CRL.
Gets the CRL entry for the given certificate.
Gets all the revoked certificates from the CRL. A Set of X509CRLEntry.
Gets the signature AlgorithmId from the CRL.
Gets the signature algorithm name for the CRL signature algorithm. For example, the string "SHA1withDSA". The ASN.1 definition for this is: <pre> AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } -- contains a value of the type -- registered for use with the -- algorithm object identifier value </pre>
Gets the signature algorithm OID string from the CRL. An OID is represented by a set of positive whole number separated by ".", that means,<br> <positive whole number>.<positive whole number>.<...> For example, the string "1.2.840.10040.4.3" identifies the SHA-1 with DSA signature algorithm defined in <a href="http://www.ietf.org/rfc/rfc3279.txt">RFC 3279: Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>.
Gets the DER encoded signature algorithm parameters from this CRL's signature algorithm. In most cases, the signature algorithm parameters are null, the parameters are usually supplied with the Public Key.
Gets the raw Signature bits from the CRL.
Gets the DER encoded CRL information, the <code>tbsCertList</code> from this CRL. This can be used to verify the signature independently.
Gets the thisUpdate date from the CRL. The ASN.1 definition for this is:
Gets the version number from this CRL. The ASN.1 definition for this is: <pre> Version ::= INTEGER { v1(0), v2(1), v3(2) } -- v3 does not apply to CRLs but appears for consistency -- with definition of Version for certs </pre> @return the version number, i.e. 1 or 2.
Return true if a critical extension is found that is not supported, otherwise return false.
Checks whether the given certificate is on this CRL.
Compares this CRL for equality with the given object. If the {@code other} object is an {@code instanceof} {@code X509CRL}, then its encoded form is retrieved and compared with the encoded form of this CRL.
Encodes an X.509 CRL, and signs it using the given key.
Encodes an X.509 CRL, and signs it using the given key.
Returns a hashcode value for this CRL from its encoded form.
Returns a printable string of this CRL.
Verifies that this CRL was signed using the private key that corresponds to the given key.
Verifies that this CRL was signed using the private key that corresponds to the given key, and that the signature verification was computed by the given provider.
Verifies that this CRL was signed using the private key that corresponds to the given key, and that the signature verification was computed by the given provider. Note that the specified Provider object does not have to be registered in the provider list.
Returned the encoding of the given certificate for internal use. Callers must guarantee that they neither modify it nor expose it to untrusted code. Uses getEncodedInternal() if the certificate is instance of X509CertImpl, getEncoded() otherwise.
Extract the issuer X500Principal from an X509CRL. Parses the encoded form of the CRL to preserve the principal's ASN.1 encoding.
Utility method to convert an arbitrary instance of X509CRL to a X509CRLImpl. Does a cast if possible, otherwise reparses the encoding.
This static method is the default implementation of the verify(PublicKey key, Provider sigProvider) method in X509CRL. Called from java.security.cert.X509CRL.verify(PublicKey key, Provider sigProvider)
Returns the ASN.1 DER-encoded form of this CRL.
Verifies that this CRL was signed using the private key that corresponds to the given public key.
Verifies that this CRL was signed using the private key that corresponds to the given public key. This method uses the signature verification engine supplied by the given provider.
Verifies that this CRL was signed using the private key that corresponds to the given public key. This method uses the signature verification engine supplied by the given provider. Note that the specified Provider object does not have to be registered in the provider list.
Gets the {@code version} (version number) value from the CRL. The ASN.1 definition for this is: <pre> version Version OPTIONAL, -- if present, must be v2
<strong>Denigrated</strong>, replaced by {@linkplain #getIssuerX500Principal()}. This method returns the {@code issuer} as an implementation specific Principal object, which should not be relied upon by portable code.
Returns the issuer (issuer distinguished name) value from the CRL as an {@code X500Principal}. <p> It is recommended that subclasses override this method.
Gets the {@code thisUpdate} date from the CRL. The ASN.1 definition for this is: <pre> thisUpdate ChoiceOfTime ChoiceOfTime ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime } </pre>
Gets the {@code nextUpdate} date from the CRL.
Gets the CRL entry, if any, with the given certificate serialNumber.
Get the CRL entry, if any, for the given certificate.
Gets all the entries from this CRL. This returns a Set of X509CRLEntry objects.
Gets the DER-encoded CRL information, the {@code tbsCertList} from this CRL. This can be used to verify the signature independently.
Gets the {@code signature} value (the raw signature bits) from the CRL. The ASN.1 definition for this is: <pre> signature BIT STRING </pre>
Gets the signature algorithm name for the CRL signature algorithm. An example is the string "SHA256withRSA". The ASN.1 definition for this is: <pre> signatureAlgorithm AlgorithmIdentifier
Gets the signature algorithm OID string from the CRL. An OID is represented by a set of nonnegative whole numbers separated by periods. For example, the string "1.2.840.10040.4.3" identifies the SHA-1 with DSA signature algorithm defined in <a href="http://www.ietf.org/rfc/rfc3279.txt">RFC 3279: Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>.
Gets the DER-encoded signature algorithm parameters from this CRL's signature algorithm. In most cases, the signature algorithm parameters are null; the parameters are usually supplied with the public key. If access to individual parameter values is needed then use {@link java.security.AlgorithmParameters AlgorithmParameters} and instantiate with the name returned by {@link #getSigAlgName() getSigAlgName}.
DER encode this object and write the results to a stream.
<p> An implementation for X509 CRL (Certificate Revocation List). <p> The X.509 v2 CRL format is described below in ASN.1: <pre> CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING } </pre> More information can be found in <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>. <p> The ASN.1 definition of <code>tbsCertList</code> is: <pre> TBSCertList ::= SEQUENCE { version Version OPTIONAL, -- if present, must be v2 signature AlgorithmIdentifier, issuer Name, thisUpdate ChoiceOfTime, nextUpdate ChoiceOfTime OPTIONAL, revokedCertificates SEQUENCE OF SEQUENCE { userCertificate CertificateSerialNumber, revocationDate ChoiceOfTime, crlEntryExtensions Extensions OPTIONAL -- if present, must be v2 } OPTIONAL, crlExtensions [0] EXPLICIT Extensions OPTIONAL -- if present, must be v2 } </pre>
@author Hemma Prafullchandra @see X509CRL