public class RevocationRefs extends Object implements UnsignedAttribute
The Complete Revocation Refs attribute is an unsigned attribute. Only a single instance of this attribute must occur with an electronic signature. It references the full set of the CRL or OCSP responses that have been used in the validation of the signer and CA certificates used in ES with Complete validation data.
The following object identifier identifies the CompleteRevocationRefs attribute:
id-aa-ets-revocationRefs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) id-aa(2) 22}
The complete revocation refs attribute value has the ASN.1 syntax CompleteRevocationRefs.
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
The complete-revocation-references attribute value has the ASN.1 syntax CompleteRevocationRefs:
CompleteRevocationRefs ::= SEQUENCE OF CrlOcspRef
CrlOcspRef ::= SEQUENCE { crlids [0] CRLListID OPTIONAL, ocspids [1] OcspListID OPTIONAL, otherRev [2] OtherRevRefs OPTIONAL }
CompleteRevocationRefs shall contain one CrlOcspRef for the signing-certificate, followed by one for each OtherCertID in the CompleteCertificateRefs attribute. The second and subsequent CrlOcspRef fields shall be in the same order as the OtherCertID to which they relate. At least one of CRLListID or OcspListID or OtherRevRefs should be present for all but the "trusted" CA of the certificate path.
CRLListID ::= SEQUENCE { crls SEQUENCE OF CrlValidatedID }
CrlValidatedID ::= SEQUENCE { crlHash OtherHash, crlIdentifier CrlIdentifier OPTIONAL }
CrlIdentifier ::= SEQUENCE { crlissuer Name, crlIssuedTime UTCTime, crlNumber INTEGER OPTIONAL }
OcspListID ::= SEQUENCE { ocspResponses SEQUENCE OF OcspResponsesID }
OcspResponsesID ::= SEQUENCE { ocspIdentifier OcspIdentifier, ocspRepHash OtherHash OPTIONAL }
OcspIdentifier ::= SEQUENCE { ocspResponderID ResponderID, -- As in OCSP response data producedAt GeneralizedTime -- As in OCSP response data }
| Constructor and Description |
|---|
RevocationRefs() |
| Modifier and Type | Method and Description |
|---|---|
String |
getOID()
OID value of the attribute.
|
org.bouncycastle.asn1.cms.Attribute |
getValue()
Represents the value of the attribute itself.
|
void |
initialize(PrivateKey privateKey,
Certificate[] certificates,
byte[] content,
SignaturePolicy signaturePolicy,
byte[] hash)
Performs the initial parameterization for attribute retrieval
|
public void initialize(PrivateKey privateKey, Certificate[] certificates, byte[] content, SignaturePolicy signaturePolicy, byte[] hash)
SignedOrUnsignedAttributeinitialize in interface SignedOrUnsignedAttributeprivateKey - private keycertificates - certificate chaincontent - set null if signing only hashsignaturePolicy - signature policyhash - set null if signing contentpublic String getOID()
SignedOrUnsignedAttributegetOID in interface SignedOrUnsignedAttributepublic org.bouncycastle.asn1.cms.Attribute getValue()
throws SignerException
SignedOrUnsignedAttributegetValue in interface SignedOrUnsignedAttributeSignerExceptionCopyright © 2021 SERPRO - Serviço Federal de Processamento de Dados. All rights reserved.