-
CertificateRevokedException
-
serialVersionUID: long
-
revocationDate: Date
-
reason: CRLReason
-
authority: X500Principal
-
extensions: Map<String, Extension>
-
CertificateRevokedException(Date, CRLReason, X500Principal, Map<String, Extension>): void
-
getRevocationDate(): Date
-
getRevocationReason(): CRLReason
-
getAuthorityName(): X500Principal
-
getInvalidityDate(): Date
-
getExtensions(): Map<String, Extension>
-
getMessage(): String
-
writeObject(ObjectOutputStream): void
-
readObject(ObjectInputStream): void
-
/*
* Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package java.security.cert;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.IOException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import sun.security.util.IOUtils;
import sun.security.util.ObjectIdentifier;
import sun.security.x509.InvalidityDateExtension;
An exception that indicates an X.509 certificate is revoked. A CertificateRevokedException contains additional information about the revoked certificate, such as the date on which the certificate was revoked and the reason it was revoked. Author: Sean Mullan See Also: Since: 1.7
/**
* An exception that indicates an X.509 certificate is revoked. A
* {@code CertificateRevokedException} contains additional information
* about the revoked certificate, such as the date on which the
* certificate was revoked and the reason it was revoked.
*
* @author Sean Mullan
* @since 1.7
* @see CertPathValidatorException
*/
public class CertificateRevokedException extends CertificateException {
private static final long serialVersionUID = 7839996631571608627L;
@serial the date on which the certificate was revoked
/**
* @serial the date on which the certificate was revoked
*/
private Date revocationDate;
@serial the revocation reason
/**
* @serial the revocation reason
*/
private final CRLReason reason;
@serial the X500Principal that represents the name of the authority that signed the certificate's revocation status information
/**
* @serial the {@code X500Principal} that represents the name of the
* authority that signed the certificate's revocation status information
*/
private final X500Principal authority;
private transient Map<String, Extension> extensions;
Constructs a CertificateRevokedException with the specified revocation date, reason code, authority name, and map of extensions. Params: - revocationDate – the date on which the certificate was revoked. The
date is copied to protect against subsequent modification.
- reason – the revocation reason
- extensions – a map of X.509 Extensions. Each key is an OID String
that maps to the corresponding Extension. The map is copied to
prevent subsequent modification.
- authority – the
X500Principal that represents the name of the authority that signed the certificate's revocation status information
Throws: - NullPointerException – if
revocationDate, reason, authority, or extensions is null - ClassCastException – if
extensions contains an incorrectly typed key or value
/**
* Constructs a {@code CertificateRevokedException} with
* the specified revocation date, reason code, authority name, and map
* of extensions.
*
* @param revocationDate the date on which the certificate was revoked. The
* date is copied to protect against subsequent modification.
* @param reason the revocation reason
* @param extensions a map of X.509 Extensions. Each key is an OID String
* that maps to the corresponding Extension. The map is copied to
* prevent subsequent modification.
* @param authority the {@code X500Principal} that represents the name
* of the authority that signed the certificate's revocation status
* information
* @throws NullPointerException if {@code revocationDate},
* {@code reason}, {@code authority}, or
* {@code extensions} is {@code null}
* @throws ClassCastException if {@code extensions} contains an incorrectly
* typed key or value
*/
public CertificateRevokedException(Date revocationDate, CRLReason reason,
X500Principal authority, Map<String, Extension> extensions) {
if (revocationDate == null || reason == null || authority == null ||
extensions == null) {
throw new NullPointerException();
}
this.revocationDate = new Date(revocationDate.getTime());
this.reason = reason;
this.authority = authority;
// make sure Map only contains correct types
this.extensions = Collections.checkedMap(new HashMap<>(),
String.class, Extension.class);
this.extensions.putAll(extensions);
}
Returns the date on which the certificate was revoked. A new copy is
returned each time the method is invoked to protect against subsequent
modification.
Returns: the revocation date
/**
* Returns the date on which the certificate was revoked. A new copy is
* returned each time the method is invoked to protect against subsequent
* modification.
*
* @return the revocation date
*/
public Date getRevocationDate() {
return (Date) revocationDate.clone();
}
Returns the reason the certificate was revoked.
Returns: the revocation reason
/**
* Returns the reason the certificate was revoked.
*
* @return the revocation reason
*/
public CRLReason getRevocationReason() {
return reason;
}
Returns the name of the authority that signed the certificate's
revocation status information.
Returns: the X500Principal that represents the name of the authority that signed the certificate's revocation status information
/**
* Returns the name of the authority that signed the certificate's
* revocation status information.
*
* @return the {@code X500Principal} that represents the name of the
* authority that signed the certificate's revocation status information
*/
public X500Principal getAuthorityName() {
return authority;
}
Returns the invalidity date, as specified in the Invalidity Date extension of this CertificateRevokedException. The invalidity date is the date on which it is known or suspected that the private key was compromised or that the certificate otherwise became invalid. This implementation calls getExtensions() and checks the returned map for an entry for the Invalidity Date extension OID ("2.5.29.24"). If found, it returns the invalidity date in the extension; otherwise null. A new Date object is returned each time the method is invoked to protect against subsequent modification. Returns: the invalidity date, or null if not specified
/**
* Returns the invalidity date, as specified in the Invalidity Date
* extension of this {@code CertificateRevokedException}. The
* invalidity date is the date on which it is known or suspected that the
* private key was compromised or that the certificate otherwise became
* invalid. This implementation calls {@code getExtensions()} and
* checks the returned map for an entry for the Invalidity Date extension
* OID ("2.5.29.24"). If found, it returns the invalidity date in the
* extension; otherwise null. A new Date object is returned each time the
* method is invoked to protect against subsequent modification.
*
* @return the invalidity date, or {@code null} if not specified
*/
public Date getInvalidityDate() {
Extension ext = getExtensions().get("2.5.29.24");
if (ext == null) {
return null;
} else {
try {
Date invalidity = InvalidityDateExtension.toImpl(ext).get("DATE");
return new Date(invalidity.getTime());
} catch (IOException ioe) {
return null;
}
}
}
Returns a map of X.509 extensions containing additional information
about the revoked certificate, such as the Invalidity Date
Extension. Each key is an OID String that maps to the corresponding
Extension.
Returns: an unmodifiable map of X.509 extensions, or an empty map
if there are no extensions
/**
* Returns a map of X.509 extensions containing additional information
* about the revoked certificate, such as the Invalidity Date
* Extension. Each key is an OID String that maps to the corresponding
* Extension.
*
* @return an unmodifiable map of X.509 extensions, or an empty map
* if there are no extensions
*/
public Map<String, Extension> getExtensions() {
return Collections.unmodifiableMap(extensions);
}
@Override
public String getMessage() {
return "Certificate has been revoked, reason: "
+ reason + ", revocation date: " + revocationDate
+ ", authority: " + authority + ", extension OIDs: "
+ extensions.keySet();
}
Serialize this CertificateRevokedException instance. @serialData the size of the extensions map (int), followed by all of
the extensions in the map, in no particular order. For each extension,
the following data is emitted: the OID String (Object), the criticality
flag (boolean), the length of the encoded extension value byte array
(int), and the encoded extension value bytes.
/**
* Serialize this {@code CertificateRevokedException} instance.
*
* @serialData the size of the extensions map (int), followed by all of
* the extensions in the map, in no particular order. For each extension,
* the following data is emitted: the OID String (Object), the criticality
* flag (boolean), the length of the encoded extension value byte array
* (int), and the encoded extension value bytes.
*/
private void writeObject(ObjectOutputStream oos) throws IOException {
// Write out the non-transient fields
// (revocationDate, reason, authority)
oos.defaultWriteObject();
// Write out the size (number of mappings) of the extensions map
oos.writeInt(extensions.size());
// For each extension in the map, the following are emitted (in order):
// the OID String (Object), the criticality flag (boolean), the length
// of the encoded extension value byte array (int), and the encoded
// extension value byte array. The extensions themselves are emitted
// in no particular order.
for (Map.Entry<String, Extension> entry : extensions.entrySet()) {
Extension ext = entry.getValue();
oos.writeObject(ext.getId());
oos.writeBoolean(ext.isCritical());
byte[] extVal = ext.getValue();
oos.writeInt(extVal.length);
oos.write(extVal);
}
}
Deserialize the CertificateRevokedException instance. /**
* Deserialize the {@code CertificateRevokedException} instance.
*/
private void readObject(ObjectInputStream ois)
throws IOException, ClassNotFoundException {
// Read in the non-transient fields
// (revocationDate, reason, authority)
ois.defaultReadObject();
// Defensively copy the revocation date
revocationDate = new Date(revocationDate.getTime());
// Read in the size (number of mappings) of the extensions map
// and create the extensions map
int size = ois.readInt();
if (size == 0) {
extensions = Collections.emptyMap();
} else if (size < 0) {
throw new IOException("size cannot be negative");
} else {
extensions = new HashMap<>(size > 20 ? 20 : size);
}
// Read in the extensions and put the mappings in the extensions map
for (int i = 0; i < size; i++) {
String oid = (String) ois.readObject();
boolean critical = ois.readBoolean();
byte[] extVal = IOUtils.readExactlyNBytes(ois, ois.readInt());
Extension ext = sun.security.x509.Extension.newExtension
(new ObjectIdentifier(oid), critical, extVal);
extensions.put(oid, ext);
}
}
}