153 *
154 * @return the hashcode value.
155 */
156 public int hashCode() {
157 int retval = 0;
158 try {
159 byte[] crlData = X509CRLImpl.getEncodedInternal(this);
160 for (int i = 1; i < crlData.length; i++) {
161 retval += crlData[i] * i;
162 }
163 return retval;
164 } catch (CRLException e) {
165 return retval;
166 }
167 }
168
169 /**
170 * Returns the ASN.1 DER-encoded form of this CRL.
171 *
172 * @return the encoded form of this certificate
173 * @exception CRLException if an encoding error occurs.
174 */
175 public abstract byte[] getEncoded()
176 throws CRLException;
177
178 /**
179 * Verifies that this CRL was signed using the
180 * private key that corresponds to the given public key.
181 *
182 * @param key the PublicKey used to carry out the verification.
183 *
184 * @exception NoSuchAlgorithmException on unsupported signature
185 * algorithms.
186 * @exception InvalidKeyException on incorrect key.
187 * @exception NoSuchProviderException if there's no default provider.
188 * @exception SignatureException on signature errors.
189 * @exception CRLException on encoding errors.
190 */
191 public abstract void verify(PublicKey key)
192 throws CRLException, NoSuchAlgorithmException,
193 InvalidKeyException, NoSuchProviderException,
194 SignatureException;
195
196 /**
197 * Verifies that this CRL was signed using the
198 * private key that corresponds to the given public key.
199 * This method uses the signature verification engine
200 * supplied by the given provider.
201 *
202 * @param key the PublicKey used to carry out the verification.
203 * @param sigProvider the name of the signature provider.
204 *
205 * @exception NoSuchAlgorithmException on unsupported signature
206 * algorithms.
207 * @exception InvalidKeyException on incorrect key.
208 * @exception NoSuchProviderException on incorrect provider.
209 * @exception SignatureException on signature errors.
210 * @exception CRLException on encoding errors.
211 */
212 public abstract void verify(PublicKey key, String sigProvider)
213 throws CRLException, NoSuchAlgorithmException,
214 InvalidKeyException, NoSuchProviderException,
215 SignatureException;
216
217 /**
218 * Verifies that this CRL was signed using the
219 * private key that corresponds to the given public key.
220 * This method uses the signature verification engine
221 * supplied by the given provider. Note that the specified Provider object
222 * does not have to be registered in the provider list.
223 *
224 * This method was added to version 1.8 of the Java Platform Standard
225 * Edition. In order to maintain backwards compatibility with existing
226 * service providers, this method is not {@code abstract}
227 * and it provides a default implementation.
228 *
229 * @param key the PublicKey used to carry out the verification.
230 * @param sigProvider the signature provider.
231 *
232 * @exception NoSuchAlgorithmException on unsupported signature
233 * algorithms.
234 * @exception InvalidKeyException on incorrect key.
235 * @exception SignatureException on signature errors.
236 * @exception CRLException on encoding errors.
237 * @since 1.8
238 */
239 public void verify(PublicKey key, Provider sigProvider)
240 throws CRLException, NoSuchAlgorithmException,
241 InvalidKeyException, SignatureException {
242 String sigAlgName = getSigAlgName();
243 Signature sig = (sigProvider == null)
244 ? Signature.getInstance(sigAlgName)
245 : Signature.getInstance(sigAlgName, sigProvider);
246
247 try {
248 byte[] paramBytes = getSigAlgParams();
249 SignatureUtil.initVerifyWithParam(sig, key,
250 SignatureUtil.getParamSpec(sigAlgName, paramBytes));
251 } catch (ProviderException e) {
252 throw new CRLException(e.getMessage(), e.getCause());
253 } catch (InvalidAlgorithmParameterException e) {
254 throw new CRLException(e);
255 }
256
366 * @return the entry with the given serial number, or null if no such entry
367 * exists in this CRL.
368 * @see X509CRLEntry
369 */
370 public abstract X509CRLEntry
371 getRevokedCertificate(BigInteger serialNumber);
372
373 /**
374 * Get the CRL entry, if any, for the given certificate.
375 *
376 * <p>This method can be used to lookup CRL entries in indirect CRLs,
377 * that means CRLs that contain entries from issuers other than the CRL
378 * issuer. The default implementation will only return entries for
379 * certificates issued by the CRL issuer. Subclasses that wish to
380 * support indirect CRLs should override this method.
381 *
382 * @param certificate the certificate for which a CRL entry is to be looked
383 * up
384 * @return the entry for the given certificate, or null if no such entry
385 * exists in this CRL.
386 * @exception NullPointerException if certificate is null
387 *
388 * @since 1.5
389 */
390 public X509CRLEntry getRevokedCertificate(X509Certificate certificate) {
391 X500Principal certIssuer = certificate.getIssuerX500Principal();
392 X500Principal crlIssuer = getIssuerX500Principal();
393 if (certIssuer.equals(crlIssuer) == false) {
394 return null;
395 }
396 return getRevokedCertificate(certificate.getSerialNumber());
397 }
398
399 /**
400 * Gets all the entries from this CRL.
401 * This returns a Set of X509CRLEntry objects.
402 *
403 * @return all the entries or null if there are none present.
404 * @see X509CRLEntry
405 */
406 public abstract Set<? extends X509CRLEntry> getRevokedCertificates();
407
408 /**
409 * Gets the DER-encoded CRL information, the
410 * {@code tbsCertList} from this CRL.
411 * This can be used to verify the signature independently.
412 *
413 * @return the DER-encoded CRL information.
414 * @exception CRLException if an encoding error occurs.
415 */
416 public abstract byte[] getTBSCertList() throws CRLException;
417
418 /**
419 * Gets the {@code signature} value (the raw signature bits) from
420 * the CRL.
421 * The ASN.1 definition for this is:
422 * <pre>
423 * signature BIT STRING
424 * </pre>
425 *
426 * @return the signature.
427 */
428 public abstract byte[] getSignature();
429
430 /**
431 * Gets the signature algorithm name for the CRL
432 * signature algorithm. An example is the string "SHA256withRSA".
433 * The ASN.1 definition for this is:
434 * <pre>
|
153 *
154 * @return the hashcode value.
155 */
156 public int hashCode() {
157 int retval = 0;
158 try {
159 byte[] crlData = X509CRLImpl.getEncodedInternal(this);
160 for (int i = 1; i < crlData.length; i++) {
161 retval += crlData[i] * i;
162 }
163 return retval;
164 } catch (CRLException e) {
165 return retval;
166 }
167 }
168
169 /**
170 * Returns the ASN.1 DER-encoded form of this CRL.
171 *
172 * @return the encoded form of this certificate
173 * @throws CRLException if an encoding error occurs.
174 */
175 public abstract byte[] getEncoded()
176 throws CRLException;
177
178 /**
179 * Verifies that this CRL was signed using the
180 * private key that corresponds to the given public key.
181 *
182 * @param key the PublicKey used to carry out the verification.
183 *
184 * @throws NoSuchAlgorithmException on unsupported signature
185 * algorithms.
186 * @throws InvalidKeyException on incorrect key.
187 * @throws NoSuchProviderException if there's no default provider.
188 * @throws SignatureException on signature errors.
189 * @throws CRLException on encoding errors.
190 */
191 public abstract void verify(PublicKey key)
192 throws CRLException, NoSuchAlgorithmException,
193 InvalidKeyException, NoSuchProviderException,
194 SignatureException;
195
196 /**
197 * Verifies that this CRL was signed using the
198 * private key that corresponds to the given public key.
199 * This method uses the signature verification engine
200 * supplied by the given provider.
201 *
202 * @param key the PublicKey used to carry out the verification.
203 * @param sigProvider the name of the signature provider.
204 *
205 * @throws NoSuchAlgorithmException on unsupported signature
206 * algorithms.
207 * @throws InvalidKeyException on incorrect key.
208 * @throws NoSuchProviderException on incorrect provider.
209 * @throws SignatureException on signature errors.
210 * @throws CRLException on encoding errors.
211 */
212 public abstract void verify(PublicKey key, String sigProvider)
213 throws CRLException, NoSuchAlgorithmException,
214 InvalidKeyException, NoSuchProviderException,
215 SignatureException;
216
217 /**
218 * Verifies that this CRL was signed using the
219 * private key that corresponds to the given public key.
220 * This method uses the signature verification engine
221 * supplied by the given provider. Note that the specified Provider object
222 * does not have to be registered in the provider list.
223 *
224 * This method was added to version 1.8 of the Java Platform Standard
225 * Edition. In order to maintain backwards compatibility with existing
226 * service providers, this method is not {@code abstract}
227 * and it provides a default implementation.
228 *
229 * @param key the PublicKey used to carry out the verification.
230 * @param sigProvider the signature provider.
231 *
232 * @throws NoSuchAlgorithmException on unsupported signature
233 * algorithms.
234 * @throws InvalidKeyException on incorrect key.
235 * @throws SignatureException on signature errors.
236 * @throws CRLException on encoding errors.
237 * @since 1.8
238 */
239 public void verify(PublicKey key, Provider sigProvider)
240 throws CRLException, NoSuchAlgorithmException,
241 InvalidKeyException, SignatureException {
242 String sigAlgName = getSigAlgName();
243 Signature sig = (sigProvider == null)
244 ? Signature.getInstance(sigAlgName)
245 : Signature.getInstance(sigAlgName, sigProvider);
246
247 try {
248 byte[] paramBytes = getSigAlgParams();
249 SignatureUtil.initVerifyWithParam(sig, key,
250 SignatureUtil.getParamSpec(sigAlgName, paramBytes));
251 } catch (ProviderException e) {
252 throw new CRLException(e.getMessage(), e.getCause());
253 } catch (InvalidAlgorithmParameterException e) {
254 throw new CRLException(e);
255 }
256
366 * @return the entry with the given serial number, or null if no such entry
367 * exists in this CRL.
368 * @see X509CRLEntry
369 */
370 public abstract X509CRLEntry
371 getRevokedCertificate(BigInteger serialNumber);
372
373 /**
374 * Get the CRL entry, if any, for the given certificate.
375 *
376 * <p>This method can be used to lookup CRL entries in indirect CRLs,
377 * that means CRLs that contain entries from issuers other than the CRL
378 * issuer. The default implementation will only return entries for
379 * certificates issued by the CRL issuer. Subclasses that wish to
380 * support indirect CRLs should override this method.
381 *
382 * @param certificate the certificate for which a CRL entry is to be looked
383 * up
384 * @return the entry for the given certificate, or null if no such entry
385 * exists in this CRL.
386 * @throws NullPointerException if certificate is null
387 *
388 * @since 1.5
389 */
390 public X509CRLEntry getRevokedCertificate(X509Certificate certificate) {
391 X500Principal certIssuer = certificate.getIssuerX500Principal();
392 X500Principal crlIssuer = getIssuerX500Principal();
393 if (certIssuer.equals(crlIssuer) == false) {
394 return null;
395 }
396 return getRevokedCertificate(certificate.getSerialNumber());
397 }
398
399 /**
400 * Gets all the entries from this CRL.
401 * This returns a Set of X509CRLEntry objects.
402 *
403 * @return all the entries or null if there are none present.
404 * @see X509CRLEntry
405 */
406 public abstract Set<? extends X509CRLEntry> getRevokedCertificates();
407
408 /**
409 * Gets the DER-encoded CRL information, the
410 * {@code tbsCertList} from this CRL.
411 * This can be used to verify the signature independently.
412 *
413 * @return the DER-encoded CRL information.
414 * @throws CRLException if an encoding error occurs.
415 */
416 public abstract byte[] getTBSCertList() throws CRLException;
417
418 /**
419 * Gets the {@code signature} value (the raw signature bits) from
420 * the CRL.
421 * The ASN.1 definition for this is:
422 * <pre>
423 * signature BIT STRING
424 * </pre>
425 *
426 * @return the signature.
427 */
428 public abstract byte[] getSignature();
429
430 /**
431 * Gets the signature algorithm name for the CRL
432 * signature algorithm. An example is the string "SHA256withRSA".
433 * The ASN.1 definition for this is:
434 * <pre>
|