Package java.security.cert

Class X509CRLSelector

java.lang.Object
java.security.cert.X509CRLSelector
All Implemented Interfaces:
Cloneable, CRLSelector
Direct Known Subclasses:
X509CRLStoreSelector
public class X509CRLSelector
extends Object
implements CRLSelector
A CRL selector (CRLSelector for selecting X509CRLs that match the specified criteria.

When constructed, all criteria are set to default values that will match any X509CRL.

  • Constructor Details

    • X509CRLSelector

      public X509CRLSelector()
      Creates a new X509CertSelector.

  • Method Details

    • setIssuers

      public void setIssuers​(Collection<X500Principal> issuers)
      Sets the criterion for the issuer distinguished names.

      The CRL issuer must match at least one of the specified distinguished names.

      Parameters:
      issuers - the list of issuer distinguished names to match, or null if any issuer distinguished name will do.

    • setIssuerNames

      public void setIssuerNames​(Collection<?> names) throws IOException
      Do not use: use setIssuers(Collection) or one of addIssuerName(java.lang.String) instead. Sets the criterion for the issuer distinguished names.

      The CRL issuer must match at least one of the specified distinguished names.

      The specified parameter names is a collection with an entry for each name to be included in the criterion. The name is specified as a String or a byte array specifying the name (in RFC 2253 or ASN.1 DER encoded form)

      Parameters:
      names - the list of issuer distinguished names to match, or null if any issuer distinguished name will do.
      Throws:
      IOException - if parsing fails.

    • addIssuer

      public void addIssuer​(X500Principal issuer)
      Adds an issuer to the criterion for the issuer distinguished names.

      The CRL issuer must match at least one of the specified distinguished names.

      Parameters:
      issuer - the issuer to add to the criterion

    • addIssuerName

      public void addIssuerName​(String iss_name) throws IOException
      Do not use:, use addIssuer(X500Principal) or addIssuerName(byte[]) instead. It can fail to match some CRLs because of a loss of encoding information in a RFC 2253 string.

      Adds an issuer to the criterion for the issuer distinguished names. The CRK issuer must match at least one of the specified distinguished names.

      Parameters:
      iss_name - the RFC 2253 encoded name.
      Throws:
      IOException - if parsing fails.

    • addIssuerName

      public void addIssuerName​(byte[] iss_name) throws IOException
      Adds an issuer to the criterion for the issuer distinguished names.

      The CRL issuer must match at least one of the specified distinguished names.

      Parameters:
      iss_name - the issuer to add to the criterion in ASN.1 DER encoded form.
      Throws:
      IOException - if parsing fails.

    • setMinCRLNumber

      public void setMinCRLNumber​(BigInteger minCRL)
      Sets the criterion for the minimum CRL number.

      The CRL must have a number extension with a value greater than or equal to the specified parameter.

      Parameters:
      minCRL - the minimum CRL number or null to not check the minimum CRL number

    • setMaxCRLNumber

      public void setMaxCRLNumber​(BigInteger maxCRL)
      Sets the criterion for the maximum CRL number.

      The CRL must have a number extension with a value less than or equal to the specified parameter.

      Parameters:
      maxCRL - the maximum CRL number or null to not check the maximum CRL number.

    • setDateAndTime

      public void setDateAndTime​(Date dateAndTime)
      Sets the criterion for the CRL update period.

      The CRL's thisUpdate value must be equal or before the specified date and the nextUpdate value must be after the specified date.

      Parameters:
      dateAndTime - the date to search for valid CRL's or null to not check the date.

    • setCertificateChecking

      public void setCertificateChecking​(X509Certificate cert)
      Sets a certificate hint to find CRLs. It's not a criterion but may help finding relevant CRLs.
      Parameters:
      cert - the certificate hint or null.

    • getIssuers

      public Collection<X500Principal> getIssuers()
      Returns the criterion for the issuer distinguished names.

      The CRL issuer must match at least one of the distinguished names.

      Returns:
      the unmodifiable list of issuer distinguished names to match, or null if any issuer distinguished name will do.

    • getIssuerNames

      public Collection<Object> getIssuerNames()
      Returns the criterion for the issuer distinguished names.

      The CRL issuer must match at least one of the distinguished names.

      Returns:
      a copy of the list of issuer distinguished names to match, or null if any issuer distinguished name will do. The elements may be strings or ASN.1 DER encoded byte arrays.

    • getMinCRL

      public BigInteger getMinCRL()
      Returns the criterion for the minimum CRL number.

      The CRL must have a number extension with a value greater than or equal to the returned value.

      Returns:
      the minimum CRL number or null if the minimum CRL number is not to be checked.

    • getMaxCRL

      public BigInteger getMaxCRL()
      Returns the criterion for the maximum CRL number.

      The CRL must have a number extension with a value less than or equal to the returned value.

      Returns:
      the maximum CRL number or null if the maximum CRL number is not checked.

    • getDateAndTime

      public Date getDateAndTime()
      Returns the criterion for the CRL update period.

      The CRL's thisUpdate value must be equal or before the returned date and the nextUpdate value must be after the returned date.

      Returns:
      the date to search for valid CRL's or null if the date is not checked.

    • getCertificateChecking

      public X509Certificate getCertificateChecking()
      Returns the certificate hint to find CRLs. It's not a criterion but may help finding relevant CRLs.
      Returns:
      the certificate hint or null if none set.

    • toString

      public String toString()
      Returns a string representation of this X509CRLSelector instance.
      Overrides:
      toString in class Object
      Returns:
      a string representation of this X509CRLSelector instance.

    • match

      public boolean match​(CRL crl)
      Returns whether the specified CRL matches all the criteria collected in this instance.
      Specified by:
      match in interface CRLSelector
      Parameters:
      crl - the CRL to check.
      Returns:
      true if the CRL matches all the criteria, otherwise false.

    • clone

      public Object clone()
      Clones this X509CRL instance.
      Specified by:
      clone in interface CRLSelector
      Overrides:
      clone in class Object
      Returns:
      the cloned instance.