Example usage for java.security.cert X509CRL getCriticalExtensionOIDs

List of usage examples for java.security.cert X509CRL getCriticalExtensionOIDs

  1. HOME
  2. Java
  3. java
  4. java.security.cert.*
  5. X509CRL
  6. getCriticalExtensionOIDs

Introduction

In this page you can find the example usage for java.security.cert X509CRL getCriticalExtensionOIDs.

Prototype

public Set<String> getCriticalExtensionOIDs();

Source Link

Document

Gets a Set of the OID strings for the extension(s) marked CRITICAL in the certificate/CRL managed by the object implementing this interface.

Usage

From source file:mitm.common.security.crl.PKIXRevocationChecker.java

private boolean hasUnsupportedCriticalExtensions(X509CRL crl) {
    Set<String> criticalExtensions = crl.getCriticalExtensionOIDs();

    if (criticalExtensions != null) {
        criticalExtensions.remove(X509Extension.issuingDistributionPoint.getId());
        criticalExtensions.remove(X509Extension.deltaCRLIndicator.getId());
        criticalExtensions.remove(X509Extension.cRLNumber.getId());
        /*/*  w  w  w . jav a2  s .c o m*/
         * Some issuers (Verisign) add a critcal Authority Key Identifier to the CRL. 
         * 
         * RFC 3280 explicitly says: 
         * 
         * 4.2.1.1  Authority Key Identifier
         * ....
         * This extension MUST NOT be marked critical.
         * 
         * We will therefore ignore this extension if it's critical
         * 
         */
        criticalExtensions.remove(X509Extension.authorityKeyIdentifier.getId());
    }

    return criticalExtensions != null && criticalExtensions.size() > 0;
}