Package org.conscrypt

Class OpenSSLX509CRL

java.lang.Object
java.security.cert.CRL
java.security.cert.X509CRL
org.conscrypt.OpenSSLX509CRL
All Implemented Interfaces:
X509Extension
public class OpenSSLX509CRL
extends X509CRL

  • Method Details

    • fromX509DerInputStream

      public static OpenSSLX509CRL fromX509DerInputStream​(InputStream is) throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
      Throws:
      org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

    • fromPkcs7DerInputStream

      public static List<OpenSSLX509CRL> fromPkcs7DerInputStream​(InputStream is) throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
      Throws:
      org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

    • fromX509PemInputStream

      public static OpenSSLX509CRL fromX509PemInputStream​(InputStream is) throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
      Throws:
      org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

    • fromPkcs7PemInputStream

      public static List<OpenSSLX509CRL> fromPkcs7PemInputStream​(InputStream is) throws org.conscrypt.OpenSSLX509CertificateFactory.ParsingException
      Throws:
      org.conscrypt.OpenSSLX509CertificateFactory.ParsingException

    • getCriticalExtensionOIDs

      public Set<String> getCriticalExtensionOIDs()
      Description copied from interface: X509Extension
      Returns the set of OIDs of the extension(s) marked as CRITICAL, that this implementation manages.
      Returns:
      the set of extension OIDs marked as CRITIAL, an empty set if none are marked as CRITICAL, or null if no extensions are present.

    • getExtensionValue

      public byte[] getExtensionValue​(String oid)
      Description copied from interface: X509Extension
      Returns the extension value as DER-encoded OCTET string for the specified OID.
      Parameters:
      oid - the object identifier to get the extension value for.
      Returns:
      the extension value as DER-encoded OCTET string, or null if no extension for the specified OID can be found.

    • getNonCriticalExtensionOIDs

      public Set<String> getNonCriticalExtensionOIDs()
      Description copied from interface: X509Extension
      Returns the set of OIDs of the extension(s) marked as NON-CRITICAL, that this implementation manages.
      Returns:
      the set of extension OIDs marked as NON-CRITIAL, an empty set if none are marked as NON-.CRITICAL, or null if no extensions are present.

    • hasUnsupportedCriticalExtension

      public boolean hasUnsupportedCriticalExtension()
      Description copied from interface: X509Extension
      Returns whether this instance has an extension marked as CRITICAL that it cannot support.
      Returns:
      true if an unsupported CRITICAL extension is present, false otherwise.

    • getEncoded

      public byte[] getEncoded() throws CRLException
      Description copied from class: X509CRL
      Returns this CRL in ASN.1 DER encoded form.
      Specified by:
      getEncoded in class X509CRL
      Returns:
      this CRL in ASN.1 DER encoded form.
      Throws:
      CRLException - if encoding fails.

    • verify

      public void verify​(PublicKey key) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
      Description copied from class: X509CRL
      Verifies this CRL by verifying that this CRL was signed with the corresponding private key to the specified public key.
      Specified by:
      verify in class X509CRL
      Parameters:
      key - the public key to verify this CRL with.
      Throws:
      CRLException - if encoding or decoding fails.
      NoSuchAlgorithmException - if a needed algorithm is not present.
      InvalidKeyException - if the specified key is invalid.
      NoSuchProviderException - if no provider can be found.
      SignatureException - if errors occur on signatures.

    • verify

      public void verify​(PublicKey key, String sigProvider) throws CRLException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException
      Description copied from class: X509CRL
      Verifies this CRL by verifying that this CRL was signed with the corresponding private key to the specified public key. The signature verification engine of the specified provider will be used.
      Specified by:
      verify in class X509CRL
      Parameters:
      key - the public key to verify this CRL with.
      sigProvider - the name of the provider for the signature algorithm.
      Throws:
      CRLException - if encoding decoding fails.
      NoSuchAlgorithmException - if a needed algorithm is not present.
      InvalidKeyException - if the specified key is invalid.
      NoSuchProviderException - if the specified provider cannot be found.
      SignatureException - if errors occur on signatures.

    • getVersion

      public int getVersion()
      Description copied from class: X509CRL
      Returns the version number of this CRL.
      Specified by:
      getVersion in class X509CRL
      Returns:
      the version number of this CRL.

    • getIssuerDN

      public Principal getIssuerDN()
      Description copied from class: X509CRL
      Do not use, use X509CRL.getIssuerX500Principal() instead. Returns the issuer as an implementation specific Principal object.
      Specified by:
      getIssuerDN in class X509CRL
      Returns:
      the issuer distinguished name.

    • getIssuerX500Principal

      public X500Principal getIssuerX500Principal()
      Description copied from class: X509CRL
      Returns the issuer distinguished name of this CRL.
      Overrides:
      getIssuerX500Principal in class X509CRL
      Returns:
      the issuer distinguished name of this CRL.

    • getThisUpdate

      public Date getThisUpdate()
      Description copied from class: X509CRL
      Returns the thisUpdate value of this CRL.
      Specified by:
      getThisUpdate in class X509CRL
      Returns:
      the thisUpdate value of this CRL.

    • getNextUpdate

      public Date getNextUpdate()
      Description copied from class: X509CRL
      Returns the nextUpdate value of this CRL.
      Specified by:
      getNextUpdate in class X509CRL
      Returns:
      the nextUpdate value of this CRL, or null if none is present.

    • getRevokedCertificate

      public X509CRLEntry getRevokedCertificate​(BigInteger serialNumber)
      Description copied from class: X509CRL
      Returns the CRL entry with the specified certificate serial number.
      Specified by:
      getRevokedCertificate in class X509CRL
      Parameters:
      serialNumber - the certificate serial number to search for a CRL entry.
      Returns:
      the entry for the specified certificate serial number, or null if not found.

    • getRevokedCertificate

      public X509CRLEntry getRevokedCertificate​(X509Certificate certificate)
      Description copied from class: X509CRL
      Returns the CRL entry for the specified certificate.
      Overrides:
      getRevokedCertificate in class X509CRL
      Parameters:
      certificate - the certificate to search a CRL entry for.
      Returns:
      the entry for the specified certificate, or null if not found.

    • getRevokedCertificates

      public Set<? extends X509CRLEntry> getRevokedCertificates()
      Description copied from class: X509CRL
      Returns the set of revoked certificates.
      Specified by:
      getRevokedCertificates in class X509CRL
      Returns:
      the set of revoked certificates, or null if no revoked certificates are in this CRL.

    • getTBSCertList

      public byte[] getTBSCertList() throws CRLException
      Description copied from class: X509CRL
      Returns the tbsCertList information of this CRL in DER encoded form.
      Specified by:
      getTBSCertList in class X509CRL
      Returns:
      the CRL information in DER encoded form.
      Throws:
      CRLException - if encoding fails.

    • getSignature

      public byte[] getSignature()
      Description copied from class: X509CRL
      Returns the signature bytes of this CRL.
      Specified by:
      getSignature in class X509CRL
      Returns:
      the signature bytes of this CRL.

    • getSigAlgName

      public String getSigAlgName()
      Description copied from class: X509CRL
      Returns the name of the signature algorithm.
      Specified by:
      getSigAlgName in class X509CRL
      Returns:
      the name of the signature algorithm.

    • getSigAlgOID

      public String getSigAlgOID()
      Description copied from class: X509CRL
      Returns the OID of the signature algorithm.
      Specified by:
      getSigAlgOID in class X509CRL
      Returns:
      the OID of the signature algorithm.

    • getSigAlgParams

      public byte[] getSigAlgParams()
      Description copied from class: X509CRL
      Returns the parameters of the signature algorithm in DER encoded form.
      Specified by:
      getSigAlgParams in class X509CRL
      Returns:
      the parameters of the signature algorithm in DER encoded form, or null if not present.

    • isRevoked

      public boolean isRevoked​(Certificate cert)
      Description copied from class: CRL
      Returns whether the specified certificate is revoked by this CRL.
      Specified by:
      isRevoked in class CRL
      Parameters:
      cert - the certificate to check.
      Returns:
      true if the certificate is revoked by this CRL, otherwise false.

    • toString

      public String toString()
      Description copied from class: CRL
      Returns the string representation of this instance.
      Specified by:
      toString in class CRL
      Returns:
      the string representation of this instance.

    • finalize

      protected void finalize() throws Throwable
      Description copied from class: Object
      Invoked when the garbage collector has detected that this instance is no longer reachable. The default implementation does nothing, but this method can be overridden to free resources.

      Note that objects that override finalize are significantly more expensive than objects that don't. Finalizers may be run a long time after the object is no longer reachable, depending on memory pressure, so it's a bad idea to rely on them for cleanup. Note also that finalizers are run on a single VM-wide finalizer thread, so doing blocking work in a finalizer is a bad idea. A finalizer is usually only necessary for a class that has a native peer and needs to call a native method to destroy that peer. Even then, it's better to provide an explicit close method (and implement Closeable), and insist that callers manually dispose of instances. This works well for something like files, but less well for something like a BigInteger where typical calling code would have to deal with lots of temporaries. Unfortunately, code that creates lots of temporaries is the worst kind of code from the point of view of the single finalizer thread.

      If you must use finalizers, consider at least providing your own ReferenceQueue and having your own thread process that queue.

      Unlike constructors, finalizers are not automatically chained. You are responsible for calling super.finalize() yourself.

      Uncaught exceptions thrown by finalizers are ignored and do not terminate the finalizer thread. See Effective Java Item 7, "Avoid finalizers" for more.

      Overrides:
      finalize in class Object
      Throws:
      Throwable