1 /* |
1 /* |
2 * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
70 * <p> |
70 * <p> |
71 * More information can be found in |
71 * More information can be found in |
72 * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 |
72 * <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: Internet X.509 |
73 * Public Key Infrastructure Certificate and CRL Profile</a>. |
73 * Public Key Infrastructure Certificate and CRL Profile</a>. |
74 * <p> |
74 * <p> |
75 * The ASN.1 definition of <code>tbsCertList</code> is: |
75 * The ASN.1 definition of {@code tbsCertList} is: |
76 * <pre> |
76 * <pre> |
77 * TBSCertList ::= SEQUENCE { |
77 * TBSCertList ::= SEQUENCE { |
78 * version Version OPTIONAL, |
78 * version Version OPTIONAL, |
79 * -- if present, must be v2 |
79 * -- if present, must be v2 |
80 * signature AlgorithmIdentifier, |
80 * signature AlgorithmIdentifier, |
92 * } |
92 * } |
93 * </pre> |
93 * </pre> |
94 * <p> |
94 * <p> |
95 * CRLs are instantiated using a certificate factory. The following is an |
95 * CRLs are instantiated using a certificate factory. The following is an |
96 * example of how to instantiate an X.509 CRL: |
96 * example of how to instantiate an X.509 CRL: |
97 * <pre><code> |
97 * <pre>{@code |
98 * try (InputStream inStream = new FileInputStream("fileName-of-crl")) { |
98 * try (InputStream inStream = new FileInputStream("fileName-of-crl")) { |
99 * CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
99 * CertificateFactory cf = CertificateFactory.getInstance("X.509"); |
100 * X509CRL crl = (X509CRL)cf.generateCRL(inStream); |
100 * X509CRL crl = (X509CRL)cf.generateCRL(inStream); |
101 * } |
101 * } |
102 * </code></pre> |
102 * }</pre> |
103 * |
103 * |
104 * @author Hemma Prafullchandra |
104 * @author Hemma Prafullchandra |
105 * |
105 * |
106 * |
106 * |
107 * @see CRL |
107 * @see CRL |
120 super("X.509"); |
120 super("X.509"); |
121 } |
121 } |
122 |
122 |
123 /** |
123 /** |
124 * Compares this CRL for equality with the given |
124 * Compares this CRL for equality with the given |
125 * object. If the <code>other</code> object is an |
125 * object. If the {@code other} object is an |
126 * <code>instanceof</code> <code>X509CRL</code>, then |
126 * {@code instanceof} {@code X509CRL}, then |
127 * its encoded form is retrieved and compared with the |
127 * its encoded form is retrieved and compared with the |
128 * encoded form of this CRL. |
128 * encoded form of this CRL. |
129 * |
129 * |
130 * @param other the object to test for equality with this CRL. |
130 * @param other the object to test for equality with this CRL. |
131 * |
131 * |
223 * supplied by the given provider. Note that the specified Provider object |
223 * supplied by the given provider. Note that the specified Provider object |
224 * does not have to be registered in the provider list. |
224 * does not have to be registered in the provider list. |
225 * |
225 * |
226 * This method was added to version 1.8 of the Java Platform Standard |
226 * This method was added to version 1.8 of the Java Platform Standard |
227 * Edition. In order to maintain backwards compatibility with existing |
227 * Edition. In order to maintain backwards compatibility with existing |
228 * service providers, this method is not <code>abstract</code> |
228 * service providers, this method is not {@code abstract} |
229 * and it provides a default implementation. |
229 * and it provides a default implementation. |
230 * |
230 * |
231 * @param key the PublicKey used to carry out the verification. |
231 * @param key the PublicKey used to carry out the verification. |
232 * @param sigProvider the signature provider. |
232 * @param sigProvider the signature provider. |
233 * |
233 * |
243 InvalidKeyException, SignatureException { |
243 InvalidKeyException, SignatureException { |
244 X509CRLImpl.verify(this, key, sigProvider); |
244 X509CRLImpl.verify(this, key, sigProvider); |
245 } |
245 } |
246 |
246 |
247 /** |
247 /** |
248 * Gets the <code>version</code> (version number) value from the CRL. |
248 * Gets the {@code version} (version number) value from the CRL. |
249 * The ASN.1 definition for this is: |
249 * The ASN.1 definition for this is: |
250 * <pre> |
250 * <pre> |
251 * version Version OPTIONAL, |
251 * version Version OPTIONAL, |
252 * -- if present, must be v2<p> |
252 * -- if present, must be v2<p> |
253 * Version ::= INTEGER { v1(0), v2(1), v3(2) } |
253 * Version ::= INTEGER { v1(0), v2(1), v3(2) } |
259 */ |
259 */ |
260 public abstract int getVersion(); |
260 public abstract int getVersion(); |
261 |
261 |
262 /** |
262 /** |
263 * <strong>Denigrated</strong>, replaced by {@linkplain |
263 * <strong>Denigrated</strong>, replaced by {@linkplain |
264 * #getIssuerX500Principal()}. This method returns the <code>issuer</code> |
264 * #getIssuerX500Principal()}. This method returns the {@code issuer} |
265 * as an implementation specific Principal object, which should not be |
265 * as an implementation specific Principal object, which should not be |
266 * relied upon by portable code. |
266 * relied upon by portable code. |
267 * |
267 * |
268 * <p> |
268 * <p> |
269 * Gets the <code>issuer</code> (issuer distinguished name) value from |
269 * Gets the {@code issuer} (issuer distinguished name) value from |
270 * the CRL. The issuer name identifies the entity that signed (and |
270 * the CRL. The issuer name identifies the entity that signed (and |
271 * issued) the CRL. |
271 * issued) the CRL. |
272 * |
272 * |
273 * <p>The issuer name field contains an |
273 * <p>The issuer name field contains an |
274 * X.500 distinguished name (DN). |
274 * X.500 distinguished name (DN). |
285 * AttributeType, |
285 * AttributeType, |
286 * AttributeValue } |
286 * AttributeValue } |
287 * AttributeType ::= OBJECT IDENTIFIER |
287 * AttributeType ::= OBJECT IDENTIFIER |
288 * AttributeValue ::= ANY |
288 * AttributeValue ::= ANY |
289 * </pre> |
289 * </pre> |
290 * The <code>Name</code> describes a hierarchical name composed of |
290 * The {@code Name} describes a hierarchical name composed of |
291 * attributes, |
291 * attributes, |
292 * such as country name, and corresponding values, such as US. |
292 * such as country name, and corresponding values, such as US. |
293 * The type of the <code>AttributeValue</code> component is determined by |
293 * The type of the {@code AttributeValue} component is determined by |
294 * the <code>AttributeType</code>; in general it will be a |
294 * the {@code AttributeType}; in general it will be a |
295 * <code>directoryString</code>. A <code>directoryString</code> is usually |
295 * {@code directoryString}. A {@code directoryString} is usually |
296 * one of <code>PrintableString</code>, |
296 * one of {@code PrintableString}, |
297 * <code>TeletexString</code> or <code>UniversalString</code>. |
297 * {@code TeletexString} or {@code UniversalString}. |
298 * |
298 * |
299 * @return a Principal whose name is the issuer distinguished name. |
299 * @return a Principal whose name is the issuer distinguished name. |
300 */ |
300 */ |
301 public abstract Principal getIssuerDN(); |
301 public abstract Principal getIssuerDN(); |
302 |
302 |
303 /** |
303 /** |
304 * Returns the issuer (issuer distinguished name) value from the |
304 * Returns the issuer (issuer distinguished name) value from the |
305 * CRL as an <code>X500Principal</code>. |
305 * CRL as an {@code X500Principal}. |
306 * <p> |
306 * <p> |
307 * It is recommended that subclasses override this method. |
307 * It is recommended that subclasses override this method. |
308 * |
308 * |
309 * @return an <code>X500Principal</code> representing the issuer |
309 * @return an {@code X500Principal} representing the issuer |
310 * distinguished name |
310 * distinguished name |
311 * @since 1.4 |
311 * @since 1.4 |
312 */ |
312 */ |
313 public X500Principal getIssuerX500Principal() { |
313 public X500Principal getIssuerX500Principal() { |
314 if (issuerPrincipal == null) { |
314 if (issuerPrincipal == null) { |
316 } |
316 } |
317 return issuerPrincipal; |
317 return issuerPrincipal; |
318 } |
318 } |
319 |
319 |
320 /** |
320 /** |
321 * Gets the <code>thisUpdate</code> date from the CRL. |
321 * Gets the {@code thisUpdate} date from the CRL. |
322 * The ASN.1 definition for this is: |
322 * The ASN.1 definition for this is: |
323 * <pre> |
323 * <pre> |
324 * thisUpdate ChoiceOfTime |
324 * thisUpdate ChoiceOfTime |
325 * ChoiceOfTime ::= CHOICE { |
325 * ChoiceOfTime ::= CHOICE { |
326 * utcTime UTCTime, |
326 * utcTime UTCTime, |
327 * generalTime GeneralizedTime } |
327 * generalTime GeneralizedTime } |
328 * </pre> |
328 * </pre> |
329 * |
329 * |
330 * @return the <code>thisUpdate</code> date from the CRL. |
330 * @return the {@code thisUpdate} date from the CRL. |
331 */ |
331 */ |
332 public abstract Date getThisUpdate(); |
332 public abstract Date getThisUpdate(); |
333 |
333 |
334 /** |
334 /** |
335 * Gets the <code>nextUpdate</code> date from the CRL. |
335 * Gets the {@code nextUpdate} date from the CRL. |
336 * |
336 * |
337 * @return the <code>nextUpdate</code> date from the CRL, or null if |
337 * @return the {@code nextUpdate} date from the CRL, or null if |
338 * not present. |
338 * not present. |
339 */ |
339 */ |
340 public abstract Date getNextUpdate(); |
340 public abstract Date getNextUpdate(); |
341 |
341 |
342 /** |
342 /** |
386 */ |
386 */ |
387 public abstract Set<? extends X509CRLEntry> getRevokedCertificates(); |
387 public abstract Set<? extends X509CRLEntry> getRevokedCertificates(); |
388 |
388 |
389 /** |
389 /** |
390 * Gets the DER-encoded CRL information, the |
390 * Gets the DER-encoded CRL information, the |
391 * <code>tbsCertList</code> from this CRL. |
391 * {@code tbsCertList} from this CRL. |
392 * This can be used to verify the signature independently. |
392 * This can be used to verify the signature independently. |
393 * |
393 * |
394 * @return the DER-encoded CRL information. |
394 * @return the DER-encoded CRL information. |
395 * @exception CRLException if an encoding error occurs. |
395 * @exception CRLException if an encoding error occurs. |
396 */ |
396 */ |
397 public abstract byte[] getTBSCertList() throws CRLException; |
397 public abstract byte[] getTBSCertList() throws CRLException; |
398 |
398 |
399 /** |
399 /** |
400 * Gets the <code>signature</code> value (the raw signature bits) from |
400 * Gets the {@code signature} value (the raw signature bits) from |
401 * the CRL. |
401 * the CRL. |
402 * The ASN.1 definition for this is: |
402 * The ASN.1 definition for this is: |
403 * <pre> |
403 * <pre> |
404 * signature BIT STRING |
404 * signature BIT STRING |
405 * </pre> |
405 * </pre> |
420 * -- contains a value of the type |
420 * -- contains a value of the type |
421 * -- registered for use with the |
421 * -- registered for use with the |
422 * -- algorithm object identifier value |
422 * -- algorithm object identifier value |
423 * </pre> |
423 * </pre> |
424 * |
424 * |
425 * <p>The algorithm name is determined from the <code>algorithm</code> |
425 * <p>The algorithm name is determined from the {@code algorithm} |
426 * OID string. |
426 * OID string. |
427 * |
427 * |
428 * @return the signature algorithm name. |
428 * @return the signature algorithm name. |
429 */ |
429 */ |
430 public abstract String getSigAlgName(); |
430 public abstract String getSigAlgName(); |