CRLDistributionPoints

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

be.cardon.asn1.x509.extensions
Class CRLDistributionPoints

java.lang.Object
  org.bouncycastle.asn1.ASN1Encodable
      be.cardon.asn1.x509.extensions.CRLDistributionPoints

All Implemented Interfaces:: org.bouncycastle.asn1.DEREncodable

public class CRLDistributionPoints
extends org.bouncycastle.asn1.ASN1Encodable
extends org.bouncycastle.asn1.ASN1Encodable

Extension CRLDistributionPoints.

Documentation from RFC 3280:

The CRL distribution points extension identifies how CRL information is obtained. The extension SHOULD be non-critical, but this profile RECOMMENDS support for this extension by CAs and applications. Further discussion of CRL management is contained in section 5.

The cRLDistributionPoints extension is a SEQUENCE of DistributionPoint. A DistributionPoint consists of three fields, each of which is optional: distributionPoint, reasons, and cRLIssuer. While each of these fields is optional, a DistributionPoint MUST NOT consist of only the reasons field; either distributionPoint or cRLIssuer MUST be present. If the certificate issuer is not the CRL issuer, then the cRLIssuer field MUST be present and contain the Name of the CRL issuer. If the certificate issuer is also the CRL issuer, then the cRLIssuer field MUST be omitted and the distributionPoint field MUST be present. If the distributionPoint field is omitted, cRLIssuer MUST be present and include a Name corresponding to an X.500 or LDAP directory entry where the CRL is located.

When the distributionPoint field is present, it contains either a SEQUENCE of general names or a single value, nameRelativeToCRLIssuer. If the cRLDistributionPoints extension contains a general name of type URI, the following semantics MUST be assumed: the URI is a pointer to the current CRL for the associated reasons and will be issued by the associated cRLIssuer. The expected values for the URI are those defined in 4.2.1.7. Processing rules for other values are not defined by this specification.

If the DistributionPointName contains multiple values, each name describes a different mechanism to obtain the same CRL. For example, the same CRL could be available for retrieval through both LDAP and HTTP.

If the DistributionPointName contains the single value nameRelativeToCRLIssuer, the value provides a distinguished name fragment. The fragment is appended to the X.500 distinguished name of the CRL issuer to obtain the distribution point name. If the cRLIssuer field in the DistributionPoint is present, then the name fragment is appended to the distinguished name that it contains; otherwise, the name fragment is appended to the certificate issuer distinguished name. The {code DistributionPointName} MUST NOT use the nameRealtiveToCRLIssuer alternative when cRLIssuer contains more than one distinguished name.

If the DistributionPoint omits the reasons field, the CRL MUST include revocation information for all reasons.

The cRLIssuer identifies the entity who signs and issues the CRL. If present, the cRLIssuer MUST contain at least one an X.500 distinguished name (DN), and MAY also contain other name forms. Since the cRLIssuer is compared to the CRL issuer name, the X.501 type Name MUST follow the encoding rules for the issuer name field in the certificate (section 4.1.2.4).

ASN.1 definitions:

   id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 }

   CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint

   DistributionPoint ::= SEQUENCE {
        distributionPoint       [0]     DistributionPointName OPTIONAL,
        reasons                 [1]     ReasonFlags OPTIONAL,
        cRLIssuer               [2]     GeneralNames OPTIONAL }

   DistributionPointName ::= CHOICE {
        fullName                [0]     GeneralNames,
        nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }

   ReasonFlags ::= BIT STRING {
        unused                  (0),
        keyCompromise           (1),
        cACompromise            (2),
        affiliationChanged      (3),
        superseded              (4),
        cessationOfOperation    (5),
        certificateHold         (6),
        privilegeWithdrawn      (7),
        aACompromise            (8) }

Field Summary

Fields inherited from class org.bouncycastle.asn1.ASN1Encodable
`BER, DER`

Constructor Summary
`CRLDistributionPoints(org.bouncycastle.asn1.ASN1Sequence seq)` Creates an new instance from a `ASN1Sequence` object.
`CRLDistributionPoints(java.util.Vector<DistributionPoint> distributionPointVector)` Create an new instance from given distribution points.

Method Summary
`java.util.Vector<DistributionPoint>`	`getDistributionPointVector()` Returns the distribution points making up the sequence.
`static CRLDistributionPoints`	`getInstance(org.bouncycastle.asn1.ASN1TaggedObject obj, boolean explicit)` Returns an instance from a ASN.1 tagged object.
`static CRLDistributionPoints`	`getInstance(java.lang.Object obj)` Returns an instance from a `ASN1Sequence`, or `CRLDistributionPoints` object.
`org.bouncycastle.asn1.DERObject`	`toASN1Object()`

Methods inherited from class org.bouncycastle.asn1.ASN1Encodable
`equals, getDEREncoded, getDERObject, getEncoded, getEncoded, hashCode`

Methods inherited from class java.lang.Object
`clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail