com.dstc.security.pki
Class X509CRLGen

java.lang.Object
  |
  +--com.dstc.security.pki.X509CRLGen

public class X509CRLGen
extends Object

Class for generating X.509 Certificate Revocation Lists (CRL's). The following code snippet illustrates the typical usage for this object:

 X509CRLGen crlGen = new X509CRLGen(caSignature, caCert);
 cg.setThisUpdate(new Date());
 Calendar c = Calendar.getInstance();
 c.set(2002,5,21);
 cg.setNextUpdate(c.getTime());
 cg.setCRLNumber(BigInteger.valueOf((long)635));

 cg.addRevokedCert(BigInteger.valueOf((long)35467));
 cg.addRevokedCert(BigInteger.valueOf((long)4587467));

 X509CRL crl = crlGen.getCRL();
 


Field Summary
static int MODE_RAW_PKCS7
           
static int MODE_RAW_X509
           
 
Constructor Summary
X509CRLGen()
          Default constructor.
X509CRLGen(PrivateKey key, String alg, String provider, X509Certificate cert)
           Constructs X509CRLGen from the signer's private key, the signature algorithm, the provider for the Signature object to be used and the signer's certificate.
X509CRLGen(PrivateKey key, String alg, X509Certificate cert)
           Constructs X509CRLGen from the signer's private key, the signature algorithm and the signer's certificate.
X509CRLGen(Signature sigObject, X509Certificate cert)
           Constructs X509CRLGen from a(n initialized) Signature object.
X509CRLGen(String issName, Signature sig)
          Constructor using IssuerName and Signature.
 
Method Summary
 void addRevokedCert(BigInteger serial)
           Add a revoked certificate to this CRL.
 void addRevokedCert(BigInteger serial, Date revocationTime)
           Add a revoked certificate to this CRL.
 void addRevokedCert(BigInteger serial, Date revocationTime, com.dstc.security.x509.Extensions extns)
           Add a revoked certificate to this CRL.
 void addRevokedCert(BigInteger serial, com.dstc.security.x509.Extensions extns)
           Add a revoked certificate to this CRL.
 void addRevokedCert(X509CRLEntry entry)
           Add a revoked certificate to this CRL.
 void deleteRevokedCert(BigInteger serial)
           Delete a revoked certificate from this CRL.
 X509CRL getCRL()
           Returns the CRL being generated by this X509CRLGen object.
 byte[] getEncoded(int mode)
           Returns the DER encoding of the CRL generated by this X509CRLGen object.
 void setAuthorityKeyIdentifier(byte[] keyId)
           Set the issuer's AuthorityKeyIdentifier extension for this CRL.
 void setCRLNumber(BigInteger num)
           Set this CRL's CRLNumber extension.
 void setIssuerDirectoryName(String name)
           Set the issuer's DirectoryName as part of the IssuerAltName extension for this CRL.
 void setIssuerDNSName(String name)
           Set the issuer's DNSName as part of the IssuerAltName extension for this CRL.
 void setIssuerEmail(String email)
           Set the issuer's e-mail address as part of the IssuerAltName extension for this CRL.
 void setIssuerIPAddress(String name)
           Set the issuer's IP address as part of the IssuerAltName extension for this CRL.
 void setIssuerURL(String name)
           Set the issuer's URL as part of the IssuerAltName extension for this CRL.
 void setNextUpdate(Date nextUpdate)
           Set the Date for the next update.
 void setRevokedCerts(Set revCerts)
           Add a set of revoked certificates to this CRL.
 void setThisUpdate(Date thisUpdate)
           Set the Date for this update.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

MODE_RAW_X509

public static final int MODE_RAW_X509

MODE_RAW_PKCS7

public static final int MODE_RAW_PKCS7
Constructor Detail

X509CRLGen

public X509CRLGen()
Default constructor.

X509CRLGen

public X509CRLGen(PrivateKey key,
                  String alg,
                  X509Certificate cert)
           throws X509CRLGenException

Constructs X509CRLGen from the signer's private key, the signature algorithm and the signer's certificate.

Parameters:
key - the signer's private key.
alg - the algorithm used to sign the CRL.
cert - the signer's certificate (the CA cert).
Throws:
X509CRLGenException - if no such algorithm is available or the key is invalid.

X509CRLGen

public X509CRLGen(PrivateKey key,
                  String alg,
                  String provider,
                  X509Certificate cert)
           throws X509CRLGenException

Constructs X509CRLGen from the signer's private key, the signature algorithm, the provider for the Signature object to be used and the signer's certificate.

Parameters:
key - the signer's private key.
alg - the algorithm used to sign the CRL.
provider - the provider to use for the internal Signature instance.
cert - the signer's certificate (the CA cert).
Throws:
X509CRLGenException - if no such algorithm is available, no such provider is available or the key is invalid.

X509CRLGen

public X509CRLGen(Signature sigObject,
                  X509Certificate cert)

Constructs X509CRLGen from a(n initialized) Signature object.

Parameters:
sigObject - the (initialized) Signature object used to sign the CRL.
cert - the signer's certificate (the CA cert).

X509CRLGen

public X509CRLGen(String issName,
                  Signature sig)
Constructor using IssuerName and Signature.
Parameters:
issName - String representing the X500Name of the issuer.
sig - the (initialized) Signature object used to sign the CRL.
Method Detail

setThisUpdate

public void setThisUpdate(Date thisUpdate)

Set the Date for this update.

Parameters:
thisUpdate - the date this CRL was issued.

setNextUpdate

public void setNextUpdate(Date nextUpdate)

Set the Date for the next update.

Parameters:
nextUpdate - the date the next CRL will be issued.

addRevokedCert

public void addRevokedCert(BigInteger serial)

Add a revoked certificate to this CRL.

Parameters:
serial - the serial number of the Certificate which is being revoked.

addRevokedCert

public void addRevokedCert(BigInteger serial,
                           com.dstc.security.x509.Extensions extns)

Add a revoked certificate to this CRL.

Parameters:
serial - the serial number of the Certificate which is being revoked.
extns - a set of Extensions to add to this CRL.

addRevokedCert

public void addRevokedCert(BigInteger serial,
                           Date revocationTime)

Add a revoked certificate to this CRL.

Parameters:
serial - the serial number of the Certificate which is being revoked.
revocationTime - the Date from which this certificate has been revoked.

addRevokedCert

public void addRevokedCert(BigInteger serial,
                           Date revocationTime,
                           com.dstc.security.x509.Extensions extns)

Add a revoked certificate to this CRL.

Parameters:
serial - the serial number of the Certificate which is being revoked.
revocationTime - the Date from which this certificate has been revoked.
extns - a set of Extensions to add to this CRL.

addRevokedCert

public void addRevokedCert(X509CRLEntry entry)

Add a revoked certificate to this CRL.

Parameters:
entry - the X509CRLEntry object corresponding to the certificate being revoked.

setRevokedCerts

public void setRevokedCerts(Set revCerts)

Add a set of revoked certificates to this CRL.

Parameters:
revCerts - the Set of X509CRLEntry objects corresponding to the certificates being revoked.

deleteRevokedCert

public void deleteRevokedCert(BigInteger serial)

Delete a revoked certificate from this CRL.

Parameters:
serial - the serial number of the Certificate which is being deleted from this CRL.

setIssuerEmail

public void setIssuerEmail(String email)

Set the issuer's e-mail address as part of the IssuerAltName extension for this CRL.

Parameters:
email - the issuer's e-mail address.

setIssuerDNSName

public void setIssuerDNSName(String name)

Set the issuer's DNSName as part of the IssuerAltName extension for this CRL.

Parameters:
name - the issuer's DNSName.

setIssuerDirectoryName

public void setIssuerDirectoryName(String name)

Set the issuer's DirectoryName as part of the IssuerAltName extension for this CRL.

Parameters:
name - the issuer's DirectoryName.

setIssuerURL

public void setIssuerURL(String name)

Set the issuer's URL as part of the IssuerAltName extension for this CRL.

Parameters:
name - the issuer's URL.

setIssuerIPAddress

public void setIssuerIPAddress(String name)

Set the issuer's IP address as part of the IssuerAltName extension for this CRL.

Parameters:
name - the issuer's IP address.

setAuthorityKeyIdentifier

public void setAuthorityKeyIdentifier(byte[] keyId)
                               throws X509CRLGenException

Set the issuer's AuthorityKeyIdentifier extension for this CRL.

Parameters:
keyId - a byte array which identifies the issuer's key pair.
Throws:
X509CRLGenException -  

setCRLNumber

public void setCRLNumber(BigInteger num)
                  throws X509CRLGenException

Set this CRL's CRLNumber extension.

Parameters:
num - the serial number associated to this CRL.
Throws:
X509CRLGenException -  

getCRL

public X509CRL getCRL()
               throws X509CRLGenException

Returns the CRL being generated by this X509CRLGen object.

Returns:
the java.security.cert.X509CRL generated by this object.
Throws:
X509CRLGenException -  

getEncoded

public byte[] getEncoded(int mode)
                  throws X509CRLGenException

Returns the DER encoding of the CRL generated by this X509CRLGen object.

The encoding can be in X.509 format or PKCS7 format depending on the argument given to this method.

      mode == 0 == MODE_RAW_X509    (X.509 encoding)
      mode == 1 == MODE_RAW_PKCS7    (PKCS7 encoding)
 
Returns:
the byte array of the encoded CRL.
Throws:
X509CRLGenException -