Class CRLDistributionPointsExtension

  • All Implemented Interfaces:
    java.io.Serializable

    @NotMutable
    @ThreadSafety(level=COMPLETELY_THREADSAFE)
    public final class CRLDistributionPointsExtension
    extends X509CertificateExtension
    This class provides an implementation of the CRL distribution points X.509 certificate extension as described in RFC 5280 section 4.2.1.13. This can be used to provide information about the location of certificate revocation lists (CRLs) that can be examined to check the validity of this certificate.

    The OID for this extension is 2.5.29.31 and the value has the following encoding:
       CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
    
       DistributionPoint ::= SEQUENCE {
            distributionPoint       [0]     DistributionPointName OPTIONAL,
            reasons                 [1]     ReasonFlags OPTIONAL,
            cRLIssuer               [2]     GeneralNames OPTIONAL }
    
       DistributionPointName ::= CHOICE {
            fullName                [0]     GeneralNames,
            nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
    
       ReasonFlags ::= BIT STRING {
            unused                  (0),
            keyCompromise           (1),
            cACompromise            (2),
            affiliationChanged      (3),
            superseded              (4),
            cessationOfOperation    (5),
            certificateHold         (6),
            privilegeWithdrawn      (7),
            aACompromise            (8) }
     
    See Also:
    Serialized Form