declare namespace java { namespace security { namespace cert { /** *
* Abstract class for an X.509 Certificate Revocation List (CRL). * A CRL is a time-stamped list identifying revoked certificates. * It is signed by a Certificate Authority (CA) and made freely * available in a public repository. *
Each revoked certificate is * identified in a CRL by its certificate serial number. When a * certificate-using system uses a certificate (e.g., for verifying a * remote user's digital signature), that system not only checks the * certificate signature and validity but also acquires a suitably- * recent CRL and checks that the certificate serial number is not on * that CRL. The meaning of "suitably-recent" may vary with local * policy, but it usually means the most recently-issued CRL. A CA * issues a new CRL on a regular periodic basis (e.g., hourly, daily, or * weekly). Entries are added to CRLs as revocations occur, and an * entry may be removed when the certificate expiration date is reached. *
* The X.509 v2 CRL format is described below in ASN.1: *
* CertificateList ::= SEQUENCE { * tbsCertList TBSCertList, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING } **
* More information can be found in * RFC 3280: Internet X.509 * Public Key Infrastructure Certificate and CRL Profile. *
* The ASN.1 definition of {@code tbsCertList} is: *
* TBSCertList ::= SEQUENCE { * version Version OPTIONAL, * -- if present, must be v2 * signature AlgorithmIdentifier, * issuer Name, * thisUpdate ChoiceOfTime, * nextUpdate ChoiceOfTime OPTIONAL, * revokedCertificates SEQUENCE OF SEQUENCE { * userCertificate CertificateSerialNumber, * revocationDate ChoiceOfTime, * crlEntryExtensions Extensions OPTIONAL * -- if present, must be v2 * } OPTIONAL, * crlExtensions [0] EXPLICIT Extensions OPTIONAL * -- if present, must be v2 * } **
* CRLs are instantiated using a certificate factory. The following is an * example of how to instantiate an X.509 CRL: *
{@code * try (InputStream inStream = new FileInputStream("fileName-of-crl")) { * CertificateFactory cf = CertificateFactory.getInstance("X.509"); * X509CRL crl = (X509CRL)cf.generateCRL(inStream); * } * }* @author Hemma Prafullchandra * @see CRL * @see CertificateFactory * @see X509Extension */ // @ts-ignore abstract class X509CRL extends java.security.cert.CRL implements java.security.cert.X509Extension { /** * Constructor for X.509 CRLs. */ // @ts-ignore constructor() /** * Compares this CRL for equality with the given * object. If the {@code other} object is an * {@code instanceof} {@code X509CRL}, then * its encoded form is retrieved and compared with the * encoded form of this CRL. * @param other the object to test for equality with this CRL. * @return true iff the encoded forms of the two CRLs * match, false otherwise. */ // @ts-ignore public equals(other: java.lang.Object | any): boolean /** * Returns a hashcode value for this CRL from its * encoded form. * @return the hashcode value. */ // @ts-ignore public hashCode(): number /*int*/ /** * Returns the ASN.1 DER-encoded form of this CRL. * @return the encoded form of this certificate * @exception CRLException if an encoding error occurs. */ // @ts-ignore public abstract getEncoded(): number /*byte*/[] /** * Verifies that this CRL was signed using the * private key that corresponds to the given public key. * @param key the PublicKey used to carry out the verification. * @exception NoSuchAlgorithmException on unsupported signature * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException if there's no default provider. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. */ // @ts-ignore public abstract verify(key: java.security.PublicKey): void /** * Verifies that this CRL was signed using the * private key that corresponds to the given public key. * This method uses the signature verification engine * supplied by the given provider. * @param key the PublicKey used to carry out the verification. * @param sigProvider the name of the signature provider. * @exception NoSuchAlgorithmException on unsupported signature * algorithms. * @exception InvalidKeyException on incorrect key. * @exception NoSuchProviderException on incorrect provider. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. */ // @ts-ignore public abstract verify(key: java.security.PublicKey, sigProvider: java.lang.String | string): void /** * Verifies that this CRL was signed using the * private key that corresponds to the given public key. * This method uses the signature verification engine * supplied by the given provider. Note that the specified Provider object * does not have to be registered in the provider list. * This method was added to version 1.8 of the Java Platform Standard * Edition. In order to maintain backwards compatibility with existing * service providers, this method is not {@code abstract} * and it provides a default implementation. * @param key the PublicKey used to carry out the verification. * @param sigProvider the signature provider. * @exception NoSuchAlgorithmException on unsupported signature * algorithms. * @exception InvalidKeyException on incorrect key. * @exception SignatureException on signature errors. * @exception CRLException on encoding errors. * @since 1.8 */ // @ts-ignore public verify(key: java.security.PublicKey, sigProvider: java.security.Provider): void /** * Gets the {@code version} (version number) value from the CRL. * The ASN.1 definition for this is: *
* version Version OPTIONAL, * -- if present, must be v2 * Version ::= INTEGER { v1(0), v2(1), v3(2) } * -- v3 does not apply to CRLs but appears for consistency * -- with definition of Version for certs ** @return the version number, i.e. 1 or 2. */ // @ts-ignore public abstract getVersion(): number /*int*/ /** * Denigrated, replaced by {@linkplain * #getIssuerX500Principal()}. This method returns the {@code issuer} * as an implementation specific Principal object, which should not be * relied upon by portable code. *
* Gets the {@code issuer} (issuer distinguished name) value from * the CRL. The issuer name identifies the entity that signed (and * issued) the CRL. *
The issuer name field contains an * X.500 distinguished name (DN). * The ASN.1 definition for this is: *
* issuer Name * Name ::= CHOICE { RDNSequence } * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName * RelativeDistinguishedName ::= * SET OF AttributeValueAssertion * AttributeValueAssertion ::= SEQUENCE { * AttributeType, * AttributeValue } * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY ** The {@code Name} describes a hierarchical name composed of * attributes, * such as country name, and corresponding values, such as US. * The type of the {@code AttributeValue} component is determined by * the {@code AttributeType}; in general it will be a * {@code directoryString}. A {@code directoryString} is usually * one of {@code PrintableString}, * {@code TeletexString} or {@code UniversalString}. * @return a Principal whose name is the issuer distinguished name. */ // @ts-ignore public abstract getIssuerDN(): java.security.Principal /** * Returns the issuer (issuer distinguished name) value from the * CRL as an {@code X500Principal}. *
* It is recommended that subclasses override this method. * @return an {#code X500Principal} representing the issuer * distinguished name * @since 1.4 */ // @ts-ignore public getIssuerX500Principal(): javax.security.auth.x500.X500Principal /** * Gets the {@code thisUpdate} date from the CRL. * The ASN.1 definition for this is: *
* thisUpdate ChoiceOfTime * ChoiceOfTime ::= CHOICE { * utcTime UTCTime, * generalTime GeneralizedTime } ** @return the {#code thisUpdate} date from the CRL. */ // @ts-ignore public abstract getThisUpdate(): java.util.Date /** * Gets the {@code nextUpdate} date from the CRL. * @return the {#code nextUpdate} date from the CRL, or null if * not present. */ // @ts-ignore public abstract getNextUpdate(): java.util.Date /** * Gets the CRL entry, if any, with the given certificate serialNumber. * @param serialNumber the serial number of the certificate for which a CRL entry * is to be looked up * @return the entry with the given serial number, or null if no such entry * exists in this CRL. * @see X509CRLEntry */ // @ts-ignore public abstract getRevokedCertificate(serialNumber: java.math.BigInteger): java.security.cert.X509CRLEntry /** * Get the CRL entry, if any, for the given certificate. *
This method can be used to lookup CRL entries in indirect CRLs,
* that means CRLs that contain entries from issuers other than the CRL
* issuer. The default implementation will only return entries for
* certificates issued by the CRL issuer. Subclasses that wish to
* support indirect CRLs should override this method.
* @param certificate the certificate for which a CRL entry is to be looked
* up
* @return the entry for the given certificate, or null if no such entry
* exists in this CRL.
* @exception NullPointerException if certificate is null
* @since 1.5
*/
// @ts-ignore
public getRevokedCertificate(certificate: java.security.cert.X509Certificate): java.security.cert.X509CRLEntry
/**
* Gets all the entries from this CRL.
* This returns a Set of X509CRLEntry objects.
* @return all the entries or null if there are none present.
* @see X509CRLEntry
*/
// @ts-ignore
public abstract getRevokedCertificates(): Array The algorithm name is determined from the {@code algorithm}
* OID string.
* @return the signature algorithm name.
*/
// @ts-ignore
public abstract getSigAlgName(): string
/**
* Gets the signature algorithm OID string from the CRL.
* An OID is represented by a set of nonnegative whole numbers separated
* by periods.
* For example, the string "1.2.840.10040.4.3" identifies the SHA-1
* with DSA signature algorithm defined in
* RFC 3279: Algorithms and
* Identifiers for the Internet X.509 Public Key Infrastructure Certificate
* and CRL Profile.
* See {@link #getSigAlgName() getSigAlgName} for
* relevant ASN.1 definitions.
* @return the signature algorithm OID string.
*/
// @ts-ignore
public abstract getSigAlgOID(): string
/**
* Gets the DER-encoded signature algorithm parameters from this
* CRL's signature algorithm. In most cases, the signature
* algorithm parameters are null; the parameters are usually
* supplied with the public key.
* If access to individual parameter values is needed then use
* {@link java.security.AlgorithmParameters AlgorithmParameters}
* and instantiate with the name returned by
* {@link #getSigAlgName() getSigAlgName}.
* See {@link #getSigAlgName() getSigAlgName} for
* relevant ASN.1 definitions.
* @return the DER-encoded signature algorithm parameters, or
* null if no parameters are present.
*/
// @ts-ignore
public abstract getSigAlgParams(): number /*byte*/[]
}
}
}
}
* signature BIT STRING
*
* @return the signature.
*/
// @ts-ignore
public abstract getSignature(): number /*byte*/[]
/**
* Gets the signature algorithm name for the CRL
* signature algorithm. An example is the string "SHA256withRSA".
* The ASN.1 definition for this is:
*
* signatureAlgorithm AlgorithmIdentifier
* AlgorithmIdentifier ::= SEQUENCE {
* algorithm OBJECT IDENTIFIER,
* parameters ANY DEFINED BY algorithm OPTIONAL }
* -- contains a value of the type
* -- registered for use with the
* -- algorithm object identifier value
*
*