CRL Type
Represents a Certificate Revocation List.
Remarks
CRLs store information about revoked certificates, i.e., certificates that have been identified as invalid by their issuing certificate authority (CA) for any number of reasons.
Each CRL object lists certificates from a single CA and identifies them by their serial numbers. A CA may or may not publish a CRL, may publish several CRLs, or may publish the same CRL in multiple locations.
Unlike OCSP responses, CRLs only list certificates that have been revoked. They do not list certificates that are still valid.
Fields
Bytes byte[] |
Returns raw CRL data in DER format. |
CAKeyID byte[] |
A unique identifier (fingerprint) of the CA certificate's private key, if present in the CRL. |
EntryCount int |
Returns the number of certificate status entries in the CRL. |
Issuer String |
The common name of the CRL issuer (CA), typically a company name. |
IssuerRDN String |
A collection of information, in the form of [OID, Value] pairs, uniquely identifying the CRL issuer. |
Location String |
The URL that the CRL was downloaded from. |
NextUpdate String |
The planned time and date of the next version of this CRL to be published. |
SigAlgorithm String |
The public key algorithm that was used by the CA to sign this CRL. |
TBS byte[] |
The to-be-signed part of the CRL (the CRL without the signature part). |
ThisUpdate String |
The date and time at which this version of the CRL was published. |
Constructors
public CRL(byte[] bytes, int startIndex, int count);
Creates a CRL object from a memory buffer. Bytes is a buffer containing raw (DER) CRL data, StartIndex and Count specify the starting position and the length of the CRL data in the buffer, respectively.
public CRL(String location);
Creates a CRL object by downloading it from a remote location.
public CRL(java.io.InputStream stream);
Creates a CRL object from data contained in a stream.
public CRL();
Creates an empty CRL object.