iaik.x509.extensions

Class FreshestCRL

java.lang.Object

iaik.x509.V3Extension

iaik.x509.extensions.CRLDistPointsSyntax

iaik.x509.extensions.FreshestCRL

public class FreshestCRL
extends CRLDistPointsSyntax

This class implements the FreshestCRL Extension.

The FreshestCRL extension is a non critical standard X509v3 extension.

Each extension is associated with a specific certificateExtension object identifier, derived from:

 certificateExtension  OBJECT IDENTIFIER ::=
                            {joint-iso-ccitt(2) ds(5) 29}
 id-ce                 OBJECT IDENTIFIER ::=  certificateExtension
 

The object identifier for the FreshestCRL extension is defined as:

id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 }

which corresponds to the OID string "2.5.29.46".

The X.509 Certificate and CRL profile presented in RFC 3280 successordraft-ietf-pkix-new-part1-06.txt specifies the FreshestCRL for identifying how delta CRL information is obtained. The ASN.1 syntax is identical to the one of the CRLDistributionPoints extension:

 CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint

 DistributionPoint ::= SEQUENCE {
      distributionPoint       [0]     DistributionPointName OPTIONAL,
      reasons                 [1]     ReasonFlags OPTIONAL,
       cRLIssuer               [2]     GeneralNames OPTIONAL }

 DistributionPointName ::= CHOICE {
      fullName                [0]     GeneralNames,
      nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }

 ReasonFlags ::= BIT STRING {
      unused                  (0),
      keyCompromise           (1),
      cACompromise            (2),
      affiliationChanged      (3),
      superseded              (4),
      cessationOfOperation    (5),
      certificateHold         (6) }
 

If the FreshestCRL extension contains a DistributionPointName of type URI, the following semantics shall be assumed: the URI is a pointer to the delta CRL for the associated reasons and will be issued by the associated cRLIssuer. If the distributionPoint omits reasons, the CRL shall include revocations for all reasons. If the distributionPoint omits cRLIssuer, the CRL shall be issued by the CA that issued the certificate.

A FreshestCRL object may be created by either using the empty default constructor, or by directly supplying one distribution point which has to be of type DistributionPoint, e.g.:

 GeneralName dpName = new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.test-ca.at/repository/delta.crl");
 DistributionPoint dp = new DistributionPoint(new GeneralNames(dpName));
 FreshestCRL freshestCRL = new FreshestCRL(distributionPoint);
 

Any further distribution point can be added by using the addDistributionPoint method:

freshestCRL.addDistributionPoint(<a_second_distribution_point>); ...

For adding a FreshestCRL extension object to a X509Certificate, use the addExtension method of the iaik.x509.X509Certificate class:

 X505Certificate cert = new X509Certificate();
   ...
 cert.addExtension(FreshestCRL);
 

Since:

Entrust 7.0

See Also:

DistributionPoint, GeneralNames, Name, V3Extension, X509Extensions, X509Certificate, CRLDistributionPoints, CRLDistPointsSyntax

Field Summary

Fields

Modifier and Type	Field and Description
static ObjectID	oid The object identifier of this FreshestCRL extension.

Fields inherited from class iaik.x509.V3Extension

critical

Constructor Summary

Constructors

Constructor and Description
FreshestCRL() Default constructor.
FreshestCRL(DistributionPoint dp) Creates an FreshestCRL object and adds an DistributionPoint.

Method Summary

Methods

Modifier and Type	Method and Description
ObjectID	getObjectID() Returns the object ID of this FreshestCRL extension
int	hashCode() Returns a hashcode for this identity.

Methods inherited from class iaik.x509.extensions.CRLDistPointsSyntax

addDistributionPoint, getDistributionPoints, init, removeAllDistributionPoints, toASN1Object, toString

Methods inherited from class iaik.x509.V3Extension

getName, isCritical, setCritical

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

oid

public static final ObjectID oid

The object identifier of this FreshestCRL extension. The corresponding OID string is "2.5.29.46".

Constructor Detail

FreshestCRL

public FreshestCRL()

Default constructor. Creates an empty FreshestCRL object.

For adding a distribution point use the addDistributionPoint method. Any distribution point to be added has to be of type iaik.asn1.structures.DistributionPoint, e.g.:

 GeneralName dpName = new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.test-ca.at/repository/delta.crl");
 DistributionPoint dp = new DistributionPoint(new GeneralNames(dpName));
 FreshestCRL freshestCRL = new FreshestCRL();
 freshestCRL.addDistriputionPoint(distributionPoint);
 

See Also:

DistributionPoint

FreshestCRL

public FreshestCRL(DistributionPoint dp)

Creates an FreshestCRL object and adds an DistributionPoint.

The distribution point to be added has to be of type iaik.asn1.structures.DistributionPoint, e.g.:

 GeneralName dpName = new GeneralName(GeneralName.uniformResourceIdentifier, "http://www.test-ca.at/repository/delta.crl");
 DistributionPoint dp = new DistributionPoint(new GeneralNames(dpName));
 FreshestCRL FreshestCRL = new FreshestCRL(distributionPoint);
 

Parameters:

dp - the distribution point to add

See Also:

DistributionPoint

Method Detail

getObjectID

public ObjectID getObjectID()

Returns the object ID of this FreshestCRL extension

Specified by:

getObjectID in class V3Extension

Returns:

the object ID

hashCode

public int hashCode()

Returns a hashcode for this identity.

Specified by:

hashCode in class V3Extension

Returns:

a hash code for this identity