com.tencent.kona.sun.security.x509

Class IssuingDistributionPointExtension

java.lang.Object

com.tencent.kona.sun.security.x509.Extension

com.tencent.kona.sun.security.x509.IssuingDistributionPointExtension

All Implemented Interfaces:

com.tencent.kona.sun.security.util.DerEncoder, java.security.cert.Extension

public class IssuingDistributionPointExtension
extends Extension

Represents the CRL Issuing Distribution Point Extension (OID = 2.5.29.28).

The issuing distribution point is a critical CRL extension that identifies the CRL distribution point and scope for a particular CRL, and it indicates whether the CRL covers revocation for end entity certificates only, CA certificates only, attribute certificates only, or a limited set of reason codes.

The extension is defined in Section 5.2.5 of Internet X.509 PKI Certificate and Certificate Revocation List (CRL) Profile.

Its ASN.1 definition is as follows:

     id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }

     issuingDistributionPoint ::= SEQUENCE {
          distributionPoint          [0] DistributionPointName OPTIONAL,
          onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
          onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
          onlySomeReasons            [3] ReasonFlags OPTIONAL,
          indirectCRL                [4] BOOLEAN DEFAULT FALSE,
          onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
 

Since:

1.6

See Also:

DistributionPoint

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	NAME

Fields inherited from class com.tencent.kona.sun.security.x509.Extension

critical, extensionId, extensionValue

Constructor Summary

Constructors

Constructor and Description
IssuingDistributionPointExtension(java.lang.Boolean critical, java.lang.Object value) Creates a critical IssuingDistributionPointExtension from its DER-encoding.
IssuingDistributionPointExtension(DistributionPointName distributionPoint, ReasonFlags revocationReasons, boolean hasOnlyUserCerts, boolean hasOnlyCACerts, boolean hasOnlyAttributeCerts, boolean isIndirectCRL) Creates a critical IssuingDistributionPointExtension.

Method Summary

Modifier and Type	Method and Description
void	encode(com.tencent.kona.sun.security.util.DerOutputStream out) Encodes the issuing distribution point extension and writes it to the DerOutputStream.
DistributionPointName	getDistributionPoint()
java.lang.String	getName() Returns the name of this extension.
ReasonFlags	getRevocationReasons()
boolean	hasOnlyAttributeCerts()
boolean	hasOnlyCACerts()
boolean	hasOnlyUserCerts()
boolean	isIndirectCRL()
void	setRevocationReasons(ReasonFlags val)
java.lang.String	toString() Returns the extension as user readable string.

Methods inherited from class com.tencent.kona.sun.security.x509.Extension

encode, equals, getExtensionId, getExtensionValue, getId, getValue, hashCode, isCritical, newExtension

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

NAME

public static final java.lang.String NAME

See Also:

Constant Field Values

Constructor Detail

IssuingDistributionPointExtension

public IssuingDistributionPointExtension(DistributionPointName distributionPoint,
                                         ReasonFlags revocationReasons,
                                         boolean hasOnlyUserCerts,
                                         boolean hasOnlyCACerts,
                                         boolean hasOnlyAttributeCerts,
                                         boolean isIndirectCRL)

Creates a critical IssuingDistributionPointExtension.

Parameters:

distributionPoint - the name of the distribution point, or null for none.

revocationReasons - the revocation reasons associated with the distribution point, or null for none.

hasOnlyUserCerts - if true then scope of the CRL includes only user certificates.

hasOnlyCACerts - if true then scope of the CRL includes only CA certificates.

hasOnlyAttributeCerts - if true then scope of the CRL includes only attribute certificates.

isIndirectCRL - if true then the scope of the CRL includes certificates issued by authorities other than the CRL issuer. The responsible authority is indicated by a certificate issuer CRL entry extension.

Throws:

java.lang.IllegalArgumentException - if more than one of hasOnlyUserCerts, hasOnlyCACerts, hasOnlyAttributeCerts is set to true, or all arguments are either null or false.

IssuingDistributionPointExtension

public IssuingDistributionPointExtension(java.lang.Boolean critical,
                                         java.lang.Object value)
                                  throws java.io.IOException

Creates a critical IssuingDistributionPointExtension from its DER-encoding.

Parameters:

critical - true if the extension is to be treated as critical.

value - the DER-encoded value. It must be a byte[].

Throws:

java.io.IOException - on decoding error.

Method Detail

getName

public java.lang.String getName()

Returns the name of this extension.

Overrides:

getName in class Extension

encode

public void encode(com.tencent.kona.sun.security.util.DerOutputStream out)

Encodes the issuing distribution point extension and writes it to the DerOutputStream.

Specified by:

encode in interface com.tencent.kona.sun.security.util.DerEncoder

Overrides:

encode in class Extension

Parameters:

out - the output stream.

setRevocationReasons

public void setRevocationReasons(ReasonFlags val)
                          throws java.io.IOException

Throws:

java.io.IOException

getDistributionPoint

public DistributionPointName getDistributionPoint()

getRevocationReasons

public ReasonFlags getRevocationReasons()

hasOnlyUserCerts

public boolean hasOnlyUserCerts()

hasOnlyCACerts

public boolean hasOnlyCACerts()

hasOnlyAttributeCerts

public boolean hasOnlyAttributeCerts()

isIndirectCRL

public boolean isIndirectCRL()

toString

public java.lang.String toString()

Returns the extension as user readable string.

Overrides:

toString in class Extension