* Abstract class for an X.509 Certificate Revocation List (CRL). * A CRL is a time-stamped list identifying revoked certificates. * It is signed by a Certificate Authority (CA) and made freely * available in a public repository. *
Each revoked certificate is * identified in a CRL by its certificate serial number. When a * certificate-using system uses a certificate (e.g., for verifying a * remote user's digital signature), that system not only checks the * certificate signature and validity but also acquires a suitably- * recent CRL and checks that the certificate serial number is not on * that CRL. The meaning of "suitably-recent" may vary with local * policy, but it usually means the most recently-issued CRL. A CA * issues a new CRL on a regular periodic basis (e.g., hourly, daily, or * weekly). Entries are added to CRLs as revocations occur, and an * entry may be removed when the certificate expiration date is reached. *
* The X.509 v2 CRL format is described below in ASN.1: *
* CertificateList ::= SEQUENCE {
* tbsCertList TBSCertList,
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING }
*
* * More information can be found in * RFC 3280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. *
* The ASN.1 definition of {@code tbsCertList} is: *
* TBSCertList ::= SEQUENCE {
* version Version OPTIONAL,
* -- if present, must be v2
* signature AlgorithmIdentifier,
* issuer Name,
* thisUpdate ChoiceOfTime,
* nextUpdate ChoiceOfTime OPTIONAL,
* revokedCertificates SEQUENCE OF SEQUENCE {
* userCertificate CertificateSerialNumber,
* revocationDate ChoiceOfTime,
* crlEntryExtensions Extensions OPTIONAL
* -- if present, must be v2
* } OPTIONAL,
* crlExtensions [0] EXPLICIT Extensions OPTIONAL
* -- if present, must be v2
* }
*
* * CRLs are instantiated using a certificate factory. The following is an * example of how to instantiate an X.509 CRL: *
{@code
* try (InputStream inStream = new FileInputStream("fileName-of-crl")) {
* CertificateFactory cf = CertificateFactory.getInstance("X.509");
* X509CRL crl = (X509CRL)cf.generateCRL(inStream);
* }
* }
* @author Hemma Prafullchandra
* @see CRL
* @see CertificateFactory
* @see X509Extension
*/
// @ts-ignore
abstract class X509CRL extends java.security.cert.CRL implements java.security.cert.X509Extension {
/**
* Constructor for X.509 CRLs.
*/
// @ts-ignore
constructor()
/**
* Compares this CRL for equality with the given
* object. If the {@code other} object is an
* {@code instanceof} {@code X509CRL}, then
* its encoded form is retrieved and compared with the
* encoded form of this CRL.
* @param other the object to test for equality with this CRL.
* @return true iff the encoded forms of the two CRLs
* match, false otherwise.
*/
// @ts-ignore
public equals(other: java.lang.Object | any): boolean
/**
* Returns a hashcode value for this CRL from its
* encoded form.
* @return the hashcode value.
*/
// @ts-ignore
public hashCode(): number /*int*/
/**
* Returns the ASN.1 DER-encoded form of this CRL.
* @return the encoded form of this certificate
* @exception CRLException if an encoding error occurs.
*/
// @ts-ignore
public abstract getEncoded(): number /*byte*/[]
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key.
* @param key the PublicKey used to carry out the verification.
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception NoSuchProviderException if there's no default provider.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
*/
// @ts-ignore
public abstract verify(key: java.security.PublicKey): void
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key.
* This method uses the signature verification engine
* supplied by the given provider.
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the name of the signature provider.
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception NoSuchProviderException on incorrect provider.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
*/
// @ts-ignore
public abstract verify(key: java.security.PublicKey, sigProvider: java.lang.String | string): void
/**
* Verifies that this CRL was signed using the
* private key that corresponds to the given public key.
* This method uses the signature verification engine
* supplied by the given provider. Note that the specified Provider object
* does not have to be registered in the provider list.
* This method was added to version 1.8 of the Java Platform Standard
* Edition. In order to maintain backwards compatibility with existing
* service providers, this method is not {@code abstract}
* and it provides a default implementation.
* @param key the PublicKey used to carry out the verification.
* @param sigProvider the signature provider.
* @exception NoSuchAlgorithmException on unsupported signature
* algorithms.
* @exception InvalidKeyException on incorrect key.
* @exception SignatureException on signature errors.
* @exception CRLException on encoding errors.
* @since 1.8
*/
// @ts-ignore
public verify(key: java.security.PublicKey, sigProvider: java.security.Provider): void
/**
* Gets the {@code version} (version number) value from the CRL.
* The ASN.1 definition for this is:
*
* version Version OPTIONAL,
* -- if present, must be v2
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
* -- v3 does not apply to CRLs but appears for consistency
* -- with definition of Version for certs
*
* @return the version number, i.e. 1 or 2.
*/
// @ts-ignore
public abstract getVersion(): number /*int*/
/**
* Denigrated, replaced by {@linkplain
* #getIssuerX500Principal()}. This method returns the {@code issuer}
* as an implementation specific Principal object, which should not be
* relied upon by portable code.
* * Gets the {@code issuer} (issuer distinguished name) value from * the CRL. The issuer name identifies the entity that signed (and * issued) the CRL. *
The issuer name field contains an * X.500 distinguished name (DN). * The ASN.1 definition for this is: *
* issuer Name
* Name ::= CHOICE { RDNSequence }
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
* RelativeDistinguishedName ::=
* SET OF AttributeValueAssertion
* AttributeValueAssertion ::= SEQUENCE {
* AttributeType,
* AttributeValue }
* AttributeType ::= OBJECT IDENTIFIER
* AttributeValue ::= ANY
*
* The {@code Name} describes a hierarchical name composed of
* attributes,
* such as country name, and corresponding values, such as US.
* The type of the {@code AttributeValue} component is determined by
* the {@code AttributeType}; in general it will be a
* {@code directoryString}. A {@code directoryString} is usually
* one of {@code PrintableString},
* {@code TeletexString} or {@code UniversalString}.
* @return a Principal whose name is the issuer distinguished name.
*/
// @ts-ignore
public abstract getIssuerDN(): java.security.Principal
/**
* Returns the issuer (issuer distinguished name) value from the
* CRL as an {@code X500Principal}.
* * It is recommended that subclasses override this method. * @return an {#code X500Principal} representing the issuer * distinguished name * @since 1.4 */ // @ts-ignore public getIssuerX500Principal(): javax.security.auth.x500.X500Principal /** * Gets the {@code thisUpdate} date from the CRL. * The ASN.1 definition for this is: *
* thisUpdate ChoiceOfTime
* ChoiceOfTime ::= CHOICE {
* utcTime UTCTime,
* generalTime GeneralizedTime }
*
* @return the {#code thisUpdate} date from the CRL.
*/
// @ts-ignore
public abstract getThisUpdate(): java.util.Date
/**
* Gets the {@code nextUpdate} date from the CRL.
* @return the {#code nextUpdate} date from the CRL, or null if
* not present.
*/
// @ts-ignore
public abstract getNextUpdate(): java.util.Date
/**
* Gets the CRL entry, if any, with the given certificate serialNumber.
* @param serialNumber the serial number of the certificate for which a CRL entry
* is to be looked up
* @return the entry with the given serial number, or null if no such entry
* exists in this CRL.
* @see X509CRLEntry
*/
// @ts-ignore
public abstract getRevokedCertificate(serialNumber: java.math.BigInteger): java.security.cert.X509CRLEntry
/**
* Get the CRL entry, if any, for the given certificate.
* This method can be used to lookup CRL entries in indirect CRLs,
* that means CRLs that contain entries from issuers other than the CRL
* issuer. The default implementation will only return entries for
* certificates issued by the CRL issuer. Subclasses that wish to
* support indirect CRLs should override this method.
* @param certificate the certificate for which a CRL entry is to be looked
* up
* @return the entry for the given certificate, or null if no such entry
* exists in this CRL.
* @exception NullPointerException if certificate is null
* @since 1.5
*/
// @ts-ignore
public getRevokedCertificate(certificate: java.security.cert.X509Certificate): java.security.cert.X509CRLEntry
/**
* Gets all the entries from this CRL.
* This returns a Set of X509CRLEntry objects.
* @return all the entries or null if there are none present.
* @see X509CRLEntry
*/
// @ts-ignore
public abstract getRevokedCertificates(): Array The algorithm name is determined from the {@code algorithm}
* OID string.
* @return the signature algorithm name.
*/
// @ts-ignore
public abstract getSigAlgName(): string
/**
* Gets the signature algorithm OID string from the CRL.
* An OID is represented by a set of nonnegative whole numbers separated
* by periods.
* For example, the string "1.2.840.10040.4.3" identifies the SHA-1
* with DSA signature algorithm defined in
* RFC 3279: Algorithms and
* Identifiers for the Internet X.509 Public Key Infrastructure Certificate
* and CRL Profile.
* See {@link #getSigAlgName() getSigAlgName} for
* relevant ASN.1 definitions.
* @return the signature algorithm OID string.
*/
// @ts-ignore
public abstract getSigAlgOID(): string
/**
* Gets the DER-encoded signature algorithm parameters from this
* CRL's signature algorithm. In most cases, the signature
* algorithm parameters are null; the parameters are usually
* supplied with the public key.
* If access to individual parameter values is needed then use
* {@link java.security.AlgorithmParameters AlgorithmParameters}
* and instantiate with the name returned by
* {@link #getSigAlgName() getSigAlgName}.
* See {@link #getSigAlgName() getSigAlgName} for
* relevant ASN.1 definitions.
* @return the DER-encoded signature algorithm parameters, or
* null if no parameters are present.
*/
// @ts-ignore
public abstract getSigAlgParams(): number /*byte*/[]
}
}
}
}
* signature BIT STRING
*
* @return the signature.
*/
// @ts-ignore
public abstract getSignature(): number /*byte*/[]
/**
* Gets the signature algorithm name for the CRL
* signature algorithm. An example is the string "SHA256withRSA".
* The ASN.1 definition for this is:
*
* signatureAlgorithm AlgorithmIdentifier
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
* -- contains a value of the type
* -- registered for use with the
* -- algorithm object identifier value
*
*