Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4941974

new X509CRL.getRevokedCerts() should return an ordered List (and not a Set)

    Details

    • Type: Enhancement
    • Status: Closed
    • Priority: P4
    • Resolution: Duplicate
    • Affects Version/s: 1.4.2
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description



      Name: rmT116609 Date: 10/22/2003


      A DESCRIPTION OF THE REQUEST :
      At the moment, the X509CRL interface and hence the Sun implementation, only defines the method "Set getRevokedCertificates()". Set is by definition unordered. This is fine if the CRL is a direct CRL.

      JUSTIFICATION :
      However, if the CRL is an indirect CRL, it is imperative that the revoked certificates are ordered to allow proper processing. By indirect CRLs, the certificate issuer of the revoked certificate is dependent on the previous revoked certificate entry. See RFC 5.3.4 Certificate Issuer for a complete description of this.
      Thus I request a new method "List getRevokedCerts()" to be defined or at least a "X509CRLEntry getRevokedCertificate(X509Certificate)" that follows RFC 3280 and properly handles indirect Crls.
      At the moment, all indirect Crls must be locally parsed (ie use another Provider or ASN1 parser) in order to perform proper revocation checks.
      (Incident Review ID: 215465)
      ======================================================================

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andreas Andreas Sterbenz
                Reporter:
                rmandalasunw Ranjith Mandala (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: