org.bouncycastle.x509
Class X509CRLStoreSelector

java.lang.Object
  java.security.cert.X509CRLSelector
      org.bouncycastle.x509.X509CRLStoreSelector

All Implemented Interfaces:

java.lang.Cloneable, java.security.cert.CRLSelector, Selector

public class X509CRLStoreSelector
extends java.security.cert.X509CRLSelector
implements Selector

This class is a Selector implementation for X.509 certificate revocation lists.

See Also:

Selector, X509Store, X509StoreCRLCollection

Constructor Summary

X509CRLStoreSelector()

Method Summary

java.lang.Object	clone()
X509AttributeCertificate	getAttrCertificateChecking() Returns the attribute certificate being checked.
static X509CRLStoreSelector	getInstance(java.security.cert.X509CRLSelector selector) Returns an instance of this from a X509CRLSelector.
byte[]	getIssuingDistributionPoint() Returns the issuing distribution point.
java.math.BigInteger	getMaxBaseCRLNumber() Get the maximum base CRL number.
boolean	isCompleteCRLEnabled() If true only complete CRLs are returned.
boolean	isDeltaCRLIndicatorEnabled() Returns if this selector must match CRLs with the delta CRL indicator extension set.
boolean	isIssuingDistributionPointEnabled() Returns if the issuing distribution point criteria should be applied.
boolean	match(java.security.cert.CRL crl)
boolean	match(java.lang.Object obj)
void	setAttrCertificateChecking(X509AttributeCertificate attrCert) Sets the attribute certificate being checked.
void	setCompleteCRLEnabled(boolean completeCRLEnabled) If set to true only complete CRLs are returned.
void	setDeltaCRLIndicatorEnabled(boolean deltaCRLIndicator) If this is set to true the CRL reported contains the delta CRL indicator CRL extension.
void	setIssuingDistributionPoint(byte[] issuingDistributionPoint) Sets the issuing distribution point.
void	setIssuingDistributionPointEnabled(boolean issuingDistributionPointEnabled) Enables or disables the issuing distribution point check.
void	setMaxBaseCRLNumber(java.math.BigInteger maxBaseCRLNumber) Sets the maximum base CRL number.

Methods inherited from class java.security.cert.X509CRLSelector

addIssuer, addIssuerName, addIssuerName, getCertificateChecking, getDateAndTime, getIssuerNames, getIssuers, getMaxCRL, getMinCRL, setCertificateChecking, setDateAndTime, setIssuerNames, setIssuers, setMaxCRLNumber, setMinCRLNumber, toString

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

X509CRLStoreSelector

public X509CRLStoreSelector()

Method Detail

isIssuingDistributionPointEnabled

public boolean isIssuingDistributionPointEnabled()

Returns if the issuing distribution point criteria should be applied. Defaults to false.

You may also set the issuing distribution point criteria if not a missing issuing distribution point should be assumed.

Returns:

Returns if the issuing distribution point check is enabled.

setIssuingDistributionPointEnabled

public void setIssuingDistributionPointEnabled(boolean issuingDistributionPointEnabled)

Enables or disables the issuing distribution point check.

Parameters:

issuingDistributionPointEnabled - true to enable the issuing distribution point check.

setAttrCertificateChecking

public void setAttrCertificateChecking(X509AttributeCertificate attrCert)

Sets the attribute certificate being checked. This is not a criterion. Rather, it is optional information that may help a X509Store find CRLs that would be relevant when checking revocation for the specified attribute certificate. If null is specified, then no such optional information is provided.

Parameters:

attrCert - the X509AttributeCertificate being checked (or null)

See Also:

getAttrCertificateChecking()

getAttrCertificateChecking

public X509AttributeCertificate getAttrCertificateChecking()

Returns the attribute certificate being checked.

Returns:

Returns the attribute certificate being checked.

See Also:

setAttrCertificateChecking(X509AttributeCertificate)

match

public boolean match(java.lang.Object obj)

Specified by:

match in interface Selector

match

public boolean match(java.security.cert.CRL crl)

Specified by:

match in interface java.security.cert.CRLSelector

Overrides:

match in class java.security.cert.X509CRLSelector

isDeltaCRLIndicatorEnabled

public boolean isDeltaCRLIndicatorEnabled()

Returns if this selector must match CRLs with the delta CRL indicator extension set. Defaults to false.

Returns:

Returns true if only CRLs with the delta CRL indicator extension are selected.

setDeltaCRLIndicatorEnabled

public void setDeltaCRLIndicatorEnabled(boolean deltaCRLIndicator)

If this is set to true the CRL reported contains the delta CRL indicator CRL extension.

setCompleteCRLEnabled(boolean) and setDeltaCRLIndicatorEnabled(boolean) excluded each other.

Parameters:

deltaCRLIndicator - true if the delta CRL indicator extension must be in the CRL.

getInstance

public static X509CRLStoreSelector getInstance(java.security.cert.X509CRLSelector selector)

Returns an instance of this from a X509CRLSelector.

Parameters:

selector - A X509CRLSelector instance.

Returns:

An instance of an X509CRLStoreSelector.

Throws:

java.lang.IllegalArgumentException - if selector is null or creation fails.

clone

public java.lang.Object clone()

Specified by:

clone in interface java.security.cert.CRLSelector

Specified by:

clone in interface Selector

Overrides:

clone in class java.security.cert.X509CRLSelector

isCompleteCRLEnabled

public boolean isCompleteCRLEnabled()

If true only complete CRLs are returned. Defaults to false.

Returns:

true if only complete CRLs are returned.

setCompleteCRLEnabled

public void setCompleteCRLEnabled(boolean completeCRLEnabled)

If set to true only complete CRLs are returned.

setCompleteCRLEnabled(boolean) and setDeltaCRLIndicatorEnabled(boolean) excluded each other.

Parameters:

completeCRLEnabled - true if only complete CRLs should be returned.

getMaxBaseCRLNumber

public java.math.BigInteger getMaxBaseCRLNumber()

Get the maximum base CRL number. Defaults to null.

Returns:

Returns the maximum base CRL number.

See Also:

setMaxBaseCRLNumber(BigInteger)

setMaxBaseCRLNumber

public void setMaxBaseCRLNumber(java.math.BigInteger maxBaseCRLNumber)

Sets the maximum base CRL number. Setting to null disables this cheack.

This is only meaningful for delta CRLs. Complete CRLs must have a CRL number which is greater or equal than the base number of the corresponding CRL.

Parameters:

maxBaseCRLNumber - The maximum base CRL number to set.

getIssuingDistributionPoint

public byte[] getIssuingDistributionPoint()

Returns the issuing distribution point. Defaults to null, which is a missing issuing distribution point extension.

The internal byte array is cloned before it is returned.

The criteria must be enable with setIssuingDistributionPointEnabled(boolean).

Returns:

Returns the issuing distribution point.

See Also:

setIssuingDistributionPoint(byte[])

setIssuingDistributionPoint

public void setIssuingDistributionPoint(byte[] issuingDistributionPoint)

Sets the issuing distribution point.

The issuing distribution point extension is a CRL extension which identifies the scope and the distribution point of a CRL. The scope contains among others information about revocation reasons contained in the CRL. Delta CRLs and complete CRLs must have matching issuing distribution points.

The byte array is cloned to protect against subsequent modifications.

You must also enable or disable this criteria with setIssuingDistributionPointEnabled(boolean).

Parameters:

issuingDistributionPoint - The issuing distribution point to set. This is the DER encoded OCTET STRING extension value.

See Also:

getIssuingDistributionPoint()