Package org.xipki.security.asn1
Class CrlStreamParser
- java.lang.Object
-
- org.xipki.security.asn1.Asn1StreamParser
-
- org.xipki.security.asn1.CrlStreamParser
-
public class CrlStreamParser extends Asn1StreamParser
Both BouncyCastle and JDK read the whole CRL during the initialization. The size of the consumed memory is linear to the size of CRL. This may cause that OutOfMemory error for large CRLs.This class implements a real stream based parser of CRL with constant memory consumption.
Definition of CertificateList.
CertificateList ::= SEQUENCE { tbsCertList TBSCertList, signatureAlgorithm AlgorithmIdentifier, signatureValue BIT STRING } TBSCertList ::= SEQUENCE { version Version OPTIONAL, -- if present, MUST be v2 signature AlgorithmIdentifier, issuer Name, thisUpdate Time, nextUpdate Time OPTIONAL, revokedCertificates SEQUENCE OF SEQUENCE { userCertificate CertificateSerialNumber, revocationDate Time, crlEntryExtensions Extensions OPTIONAL -- if present, version MUST be v2 } OPTIONAL, crlExtensions [0] EXPLICIT Extensions OPTIONAL -- if present, version MUST be v2 }- Author:
- Lijun Liao (xipki)
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classCrlStreamParser.RevokedCertclassCrlStreamParser.RevokedCertsIterator-
Nested classes/interfaces inherited from class org.xipki.security.asn1.Asn1StreamParser
Asn1StreamParser.MyInt
-
-
Field Summary
-
Fields inherited from class org.xipki.security.asn1.Asn1StreamParser
TAG_CONSTRUCTED_SEQUENCE, TAG_CONSTRUCTED_SET
-
-
Constructor Summary
Constructors Constructor Description CrlStreamParser(File crlFile)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.bouncycastle.asn1.x509.AlgorithmIdentifiergetAlgorithmIdentifier()BigIntegergetBaseCrlNumber()org.bouncycastle.asn1.x509.ExtensionsgetCrlExtensions()BigIntegergetCrlNumber()org.bouncycastle.asn1.x500.X500NamegetIssuer()InstantgetNextUpdate()byte[]getSignature()InstantgetThisUpdate()intgetVersion()booleanisDeltaCrl()CrlStreamParser.RevokedCertsIteratorrevokedCertificates()booleanverifySignature(PublicKey publicKey)booleanverifySignature(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo)-
Methods inherited from class org.xipki.security.asn1.Asn1StreamParser
assertTag, markAndReadTag, readBlock, readBlock, readLength, readTime, readTime, readValue, skip
-
-
-
-
Constructor Detail
-
CrlStreamParser
public CrlStreamParser(File crlFile) throws IOException
- Throws:
IOException
-
-
Method Detail
-
getVersion
public int getVersion()
-
getIssuer
public org.bouncycastle.asn1.x500.X500Name getIssuer()
-
getThisUpdate
public Instant getThisUpdate()
-
getNextUpdate
public Instant getNextUpdate()
-
getAlgorithmIdentifier
public org.bouncycastle.asn1.x509.AlgorithmIdentifier getAlgorithmIdentifier()
-
getSignature
public byte[] getSignature()
-
getCrlNumber
public BigInteger getCrlNumber()
-
getBaseCrlNumber
public BigInteger getBaseCrlNumber()
-
isDeltaCrl
public boolean isDeltaCrl()
-
getCrlExtensions
public org.bouncycastle.asn1.x509.Extensions getCrlExtensions()
-
verifySignature
public boolean verifySignature(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo publicKeyInfo) throws IOException- Throws:
IOException
-
verifySignature
public boolean verifySignature(PublicKey publicKey) throws IOException
- Throws:
IOException
-
revokedCertificates
public CrlStreamParser.RevokedCertsIterator revokedCertificates() throws IOException
- Throws:
IOException
-
-