Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD

iaik.x509.extensions
Class CRLDistributionPoints

java.lang.Object
  |
  +--iaik.x509.V3Extension
        |
        +--iaik.x509.extensions.CRLDistributionPoints
Direct Known Subclasses:
OldCRLDistributionPoints
public class CRLDistributionPoints
extends V3Extension

This class implements the CRLDistributionPoints Extension.

The CRLDistributionPoints extension is a non critical standard X509v3 extension.

Each extension is associated with a specific certificateExtension object identifier, derived from: 

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension

The object identifier for the CRLDistributionPoints extension is defined as:

id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= { id-ce 31 }

which corresponds to the OID string "2.5.29.31".

The X.509 Certificate and CRL profile presented in the PKIX internet draft draft-ietf-pkix-ipki-part1-07.txt specifies the CRL distribution points extension for identifiying how CRL information is obtained. ASN.1 definition: 

 cRLDistributionPoints ::= {        
    CRLDistPointsSyntax }
 

 CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
 

 DistributionPoint ::= SEQUENCE {
    distributionPoint       [0]     DistributionPointName OPTIONAL,
    reasons                 [1]     ReasonFlags OPTIONAL,
    cRLIssuer               [2]     GeneralNames OPTIONAL }
 

 DistributionPointName ::= CHOICE {
    fullName                [0]     GeneralNames,
    nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
 

 ReasonFlags ::= BIT STRING {        
    unused                  (0),
    keyCompromise           (1),  
    cACompromise            (2),
    affiliationChanged      (3), 
    superseded              (4),
    cessationOfOperation    (5),
    certificateHold         (6) }

If the cRLDistributionPoints extension contains a DistributionPointName of type URI, the following semantics shall be assumed: the URI is a pointer to the current CRL for the associated reasons and will be issued by the associated cRLIssuer. If the distributionPoint omits reasons, the CRL shall include revocations for all reasons. If the distributionPoint omits cRLIssuer, the CRL shall be issued by the CA that issued the certificate.

More information can be found in the PKIX internet draft draft-ietf-pkix-ipki-part1-07.txt, section 4.2.1.13 "CRLDistributionPoints".

A CRLDistributionPoints object may be created by either using the empty default constructor, or by directly supplying one distribution point which has to be of type DistributionPoint, e.g.: 

 RDN distributionPointName = new RDN();
 distributionPointName.addAVA(ObjectID.country, "AT");
 distributionPointName.addAVA(ObjectID.locality, "Graz");
 distributionPointName.addAVA(ObjectID.organization ,"TU Graz");
 distributionPointName.addAVA(ObjectID.organizationalUnit ,"IAIK");
 distributionPointName.addAVA(ObjectID.commonName ,"http://ca.iaik.com/");
 DistributionPoint distributionPoint = new DistributionPoint(distributionPointName);
 distributionPoint.setReasonFlags(DistributionPoint.keyCompromise);
 GeneralNames generalNames = new GeneralNames();
 generalNames.addName(new GeneralName(GeneralName.uniformResourceIdentifier, "http://ca.iaik.com/"));
 distributionPoint.setCrlIssuer(generalNames);
 CRLDistributionPoints cRLDistributionPoints = new CRLDistributionPoints(distributionPoint);

Any further distribution point can be added by using the addDistributionPoint method:

cRLDistributionPoints.addDistributionPoint(<a_second_distribution_point>); ...

For adding a CRLDistributionPoints extension object to a X509Certificate, use the addExtension method of the iaik.X509Certificate class: 

 X505Certificate cert = new X509Certificate();
   ...
 cert.addExtension(cRLDistributionPoints);

See Also:
DistributionPoint, GeneralNames, Name, V3Extension, X509Extensions, X509Certificate

Field Summary
static ObjectID oid
          The object identifier of this CRLDistributionPoints extension.
 
Fields inherited from class iaik.x509.V3Extension
critical
 
Constructor Summary
CRLDistributionPoints()
          Default constructor.
CRLDistributionPoints(DistributionPoint dp)
          Creates an CRLDistributionPoints object and adds an DistributionPoint.
 
Method Summary
 void addDistributionPoint(DistributionPoint dp)
          Adds a distribution point to this CRLDistributionPoints extension.
 java.util.Enumeration getDistributionPoints()
          Returns an enumeration of the distribution points included into this CRLDistributionPoints extension.
 ObjectID getObjectID()
          Returns the object ID of this CRLDistributionPoints extension
 int hashCode()
          Returns a hashcode for this identity.
 void init(ASN1Object obj)
          Inits this CRLDistributionPoints implementation with an ASN1object representing the value of this extension.
 void removeAllDistributionPoints()
          Removes all distribution points from this CRLDistributionPoints extension.
 ASN1Object toASN1Object()
          Returns an ASN1Object representing the value of this CRLDistributionPoints extension object.
 java.lang.String toString()
          Returns a string that represents the contents of this CRLDistributionPoints extension.
 
Methods inherited from class iaik.x509.V3Extension
getName, isCritical, setCritical
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

oid

public static final ObjectID oid
The object identifier of this CRLDistributionPoints extension. The corresponding OID string is "2.5.29.31".
Constructor Detail

CRLDistributionPoints

public CRLDistributionPoints()
Default constructor. Creates an empty CRLDistributionPoints object.

For adding a distribution point use the addDistributionPoint method. Any distribution point to be added has to be of type iaik.asn1.structures.DistributionPoint, e.g.: 

 RDN distributionPointName = new RDN();
 distributionPointName.addAVA(ObjectID.country, "AT");
 distributionPointName.addAVA(ObjectID.locality, "Graz");
 distributionPointName.addAVA(ObjectID.organization ,"TU Graz");
 distributionPointName.addAVA(ObjectID.organizationalUnit ,"IAIK");
 distributionPointName.addAVA(ObjectID.commonName ,"http://ca.iaik.com/");
 DistributionPoint distributionPoint = new DistributionPoint(distributionPointName);
 CRLDistributionPoints cRLDistributionPoints = new CRLDistributionPoints();
 cRLDistributionPoints.addDistributionPoint(distributionPoint);

See Also:
DistributionPoint

CRLDistributionPoints

public CRLDistributionPoints(DistributionPoint dp)
Creates an CRLDistributionPoints object and adds an DistributionPoint.

The distribution point to be added has to be of type iaik.asn1.structures.DistributionPoint, e.g.: 

 RDN distributionPointName = new RDN();
 distributionPointName.addAVA(ObjectID.country, "AT");
 distributionPointName.addAVA(ObjectID.locality, "Graz");
 distributionPointName.addAVA(ObjectID.organization ,"TU Graz");
 distributionPointName.addAVA(ObjectID.organizationalUnit ,"IAIK");
 distributionPointName.addAVA(ObjectID.commonName ,"http://ca.iaik.com/");
 DistributionPoint distributionPoint = new DistributionPoint(distributionPointName);
 CRLDistributionPoints cRLDistributionPoints = new CRLDistributionPoints(distributionPoint);

Parameters:
dp - the distribution point to add
See Also:
DistributionPoint
Method Detail

getObjectID

public ObjectID getObjectID()
Returns the object ID of this CRLDistributionPoints extension
Overrides:
getObjectID in class V3Extension
Returns:
the object ID

init

public void init(ASN1Object obj)
          throws X509ExtensionException
Inits this CRLDistributionPoints implementation with an ASN1object representing the value of this extension.

The given ASN1Object consits of a Sequence of distribution points included in the CRLDistributionPoints object.

The given ASN1Object is the one created by toASN1Object().

This method is used by the X509Extensions class when parsing the ASN.1 representation of a certificate for properly initializing an included CRLDistributionPoints extension. This method initializes the extension only with its value, but not with its critical specification. For that reason, this method shall not be explicitly called by an application.

Overrides:
init in class V3Extension
Parameters:
obj - the CRLDistributionPoints as ASN1Object
Throws:
X509ExtensionException - if the extension could not be parsed

toASN1Object

public ASN1Object toASN1Object()
                        throws X509ExtensionException
Returns an ASN1Object representing the value of this CRLDistributionPoints extension object.

The ASN1Object is an ASN.1 Sequence including any distribution point that has been added to this CRLDistributionPoints object. 

 cRLDistributionPoints ::= {        
    CRLDistPointsSyntax }

 CRLDistPointsSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
Overrides:
toASN1Object in class V3Extension
Returns:
the value of this CRLDistributionPoints as ASN1Object

addDistributionPoint

public void addDistributionPoint(DistributionPoint dp)
Adds a distribution point to this CRLDistributionPoints extension. The distribution point to be added has to be of type iaik.asn1.structures.DistributionPoint, e.g.: 

 RDN distributionPointName = new RDN();
 distributionPointName.addAVA(ObjectID.country, "AT");
 distributionPointName.addAVA(ObjectID.locality, "Graz");
 distributionPointName.addAVA(ObjectID.organization ,"TU Graz");
 distributionPointName.addAVA(ObjectID.organizationalUnit ,"IAIK");
 distributionPointName.addAVA(ObjectID.commonName ,"http://ca.iaik.com/");
 DistributionPoint distributionPoint = new DistributionPoint(distributionPointName);
 cRLDistributionPoints.addDistributionPoint(distributionPoint);

Parameters:
dp - the distribution point to add
See Also:
DistributionPoint

removeAllDistributionPoints

public void removeAllDistributionPoints()
Removes all distribution points from this CRLDistributionPoints extension.

getDistributionPoints

public java.util.Enumeration getDistributionPoints()
Returns an enumeration of the distribution points included into this CRLDistributionPoints extension.
Returns:
an enumeration of the distribution points

hashCode

public int hashCode()
Returns a hashcode for this identity.
Overrides:
hashCode in class V3Extension
Returns:
a hash code for this identity

toString

public java.lang.String toString()
Returns a string that represents the contents of this CRLDistributionPoints extension.
Overrides:
toString in class java.lang.Object
Returns:
the string representation
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES
SUMMARY:  INNER | FIELD | CONSTR | METHOD DETAIL:  FIELD | CONSTR | METHOD