Package java.security.cert

Class X509CRL

java.lang.Object
java.security.cert.CRL
java.security.cert.X509CRL
All Implemented Interfaces:
X509Extension
Direct Known Subclasses:
OpenSSLX509CRL, X509CRLImpl, X509CRLObject
public abstract class X509CRL
extends CRL
implements X509Extension
Abstract base class for X.509 certificate revocation lists (CRL).

More information regarding CRL can be found in RFC 2459, "Internet X.509 Public Key Infrastructure Certificate and CRL Profile" at http://www.ietf.org/rfc/rfc2459.txt .

  • Constructor Details

    • X509CRL

      protected X509CRL()
      Creates a new X509CRL instance.

  • Method Details

    • equals

      public boolean equals​(Object other)
      Returns whether the specified object equals to this instance.
      Overrides:
      equals in class Object
      Parameters:
      other - the object to compare.
      Returns:
      true if the specified object is equal to this, otherwise false.
      See Also:
      Object.hashCode()

    • hashCode

      public int hashCode()
      Returns the hashcode of this CRL instance.
      Overrides:
      hashCode in class Object
      Returns:
      the hashcode.
      See Also:
      Object.equals(java.lang.Object)

    • getEncoded

      public abstract byte[] getEncoded() throws CRLException
      Returns this CRL in ASN.1 DER encoded form.
      Returns:
      this CRL in ASN.1 DER encoded form.
      Throws:
      CRLException - if encoding fails.

    • verify

      public abstract void verify​(PublicKey key) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
      Verifies this CRL by verifying that this CRL was signed with the corresponding private key to the specified public key.
      Parameters:
      key - the public key to verify this CRL with.
      Throws:
      CRLException - if encoding or decoding fails.
      NoSuchAlgorithmException - if a needed algorithm is not present.
      InvalidKeyException - if the specified key is invalid.
      NoSuchProviderException - if no provider can be found.
      SignatureException - if errors occur on signatures.

    • verify

      public abstract void verify​(PublicKey key, String sigProvider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
      Verifies this CRL by verifying that this CRL was signed with the corresponding private key to the specified public key. The signature verification engine of the specified provider will be used.
      Parameters:
      key - the public key to verify this CRL with.
      sigProvider - the name of the provider for the signature algorithm.
      Throws:
      CRLException - if encoding decoding fails.
      NoSuchAlgorithmException - if a needed algorithm is not present.
      InvalidKeyException - if the specified key is invalid.
      NoSuchProviderException - if the specified provider cannot be found.
      SignatureException - if errors occur on signatures.

    • getVersion

      public abstract int getVersion()
      Returns the version number of this CRL.
      Returns:
      the version number of this CRL.

    • getIssuerDN

      public abstract Principal getIssuerDN()
      Do not use, use getIssuerX500Principal() instead. Returns the issuer as an implementation specific Principal object.
      Returns:
      the issuer distinguished name.

    • getIssuerX500Principal

      public X500Principal getIssuerX500Principal()
      Returns the issuer distinguished name of this CRL.
      Returns:
      the issuer distinguished name of this CRL.

    • getThisUpdate

      public abstract Date getThisUpdate()
      Returns the thisUpdate value of this CRL.
      Returns:
      the thisUpdate value of this CRL.

    • getNextUpdate

      public abstract Date getNextUpdate()
      Returns the nextUpdate value of this CRL.
      Returns:
      the nextUpdate value of this CRL, or null if none is present.

    • getRevokedCertificate

      public abstract X509CRLEntry getRevokedCertificate​(BigInteger serialNumber)
      Returns the CRL entry with the specified certificate serial number.
      Parameters:
      serialNumber - the certificate serial number to search for a CRL entry.
      Returns:
      the entry for the specified certificate serial number, or null if not found.

    • getRevokedCertificate

      public X509CRLEntry getRevokedCertificate​(X509Certificate certificate)
      Returns the CRL entry for the specified certificate.
      Parameters:
      certificate - the certificate to search a CRL entry for.
      Returns:
      the entry for the specified certificate, or null if not found.

    • getRevokedCertificates

      public abstract Set<? extends X509CRLEntry> getRevokedCertificates()
      Returns the set of revoked certificates.
      Returns:
      the set of revoked certificates, or null if no revoked certificates are in this CRL.

    • getTBSCertList

      public abstract byte[] getTBSCertList() throws CRLException
      Returns the tbsCertList information of this CRL in DER encoded form.
      Returns:
      the CRL information in DER encoded form.
      Throws:
      CRLException - if encoding fails.

    • getSignature

      public abstract byte[] getSignature()
      Returns the signature bytes of this CRL.
      Returns:
      the signature bytes of this CRL.

    • getSigAlgName

      public abstract String getSigAlgName()
      Returns the name of the signature algorithm.
      Returns:
      the name of the signature algorithm.

    • getSigAlgOID

      public abstract String getSigAlgOID()
      Returns the OID of the signature algorithm.
      Returns:
      the OID of the signature algorithm.

    • getSigAlgParams

      public abstract byte[] getSigAlgParams()
      Returns the parameters of the signature algorithm in DER encoded form.
      Returns:
      the parameters of the signature algorithm in DER encoded form, or null if not present.