public class X509CRLSelector extends Object implements CRLSelector, Cloneable
Use of this class requires extensive knowledge of the Internet Engineering Task Force's Public Key Infrastructure (X.509). The primary document describing this standard is RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.
Note that this class is not thread-safe. If multiple threads will use or modify this class then they need to synchronize on the object.
Constructor and Description |
---|
X509CRLSelector()
Creates a new CRL selector with no criteria enabled; i.e., every CRL
will be matched.
|
Modifier and Type | Method and Description |
---|---|
void |
addIssuerName(byte[] name)
Add an issuer name to the set of issuer names criteria, as the DER
encoded form.
|
void |
addIssuerName(String name)
Add an issuer name to the set of issuer names criteria, as a
String representation.
|
Object |
clone()
Returns a copy of this object.
|
X509Certificate |
getCertificateChecking()
Returns the certificate being checked, or
null if this
value is not set. |
Date |
getDateAndTime()
Returns the date when this CRL must be valid; that is, the date
must be after the thisUpdate date, but before the nextUpdate date.
|
Collection<Object> |
getIssuerNames()
Returns the set of issuer names that are matched by this selector,
or
null if this criteria is not set. |
BigInteger |
getMaxCRL()
Returns the maximum value of the CRLNumber extension present in
CRLs matched by this selector, or
null if this
criteria is not set. |
BigInteger |
getMinCRL()
Returns the minimum value of the CRLNumber extension present in
CRLs matched by this selector, or
null if this
criteria is not set. |
boolean |
match(CRL _crl)
Checks a CRL against the criteria of this selector, returning
true if the given CRL matches all the criteria. |
void |
setCertificateChecking(X509Certificate cert)
Sets the certificate being checked.
|
void |
setDateAndTime(Date date)
Sets the date at which this CRL must be valid.
|
void |
setIssuerNames(Collection<?> names)
Sets the issuer names criterion.
|
void |
setMaxCRLNumber(BigInteger maxCrlNumber)
Sets the maximum value of the CRLNumber extension present in CRLs
matched by this selector.
|
void |
setMinCRLNumber(BigInteger minCrlNumber)
Sets the minimum value of the CRLNumber extension present in CRLs
matched by this selector.
|
String |
toString()
Returns a string representation of this selector.
|
public X509CRLSelector()
public void addIssuerName(byte[] name) throws IOException
name
- The name to add, as DER bytes.IOException
- If the argument is not a valid DER-encoding.public void addIssuerName(String name) throws IOException
name
- The name to add.IOException
- If the argument is not a valid name.public void setIssuerNames(Collection<?> names) throws IOException
null
to clear this
value. CRLs matched by this selector must have an issuer name in this
set.names
- The issuer names.IOException
- If any of the elements in the collection is not
a valid name.public Collection<Object> getIssuerNames()
null
if this criteria is not set. The returned
collection is not modifiable.public BigInteger getMaxCRL()
null
if this
criteria is not set.public BigInteger getMinCRL()
null
if this
criteria is not set.public void setMaxCRLNumber(BigInteger maxCrlNumber)
null
to clear this
criterion.maxCrlNumber
- The maximum CRL number.public void setMinCRLNumber(BigInteger minCrlNumber)
null
to clear this
criterion.minCrlNumber
- The minimum CRL number.public Date getDateAndTime()
null
if this criterion is not set.public void setDateAndTime(Date date)
null
to clear this criterion.date
- The date.public X509Certificate getCertificateChecking()
null
if this
value is not set.public void setCertificateChecking(X509Certificate cert)
cert
- The certificate.public String toString()
toString
in class Object
Object.getClass()
,
Object.hashCode()
,
Class.getName()
,
Integer.toHexString(int)
public boolean match(CRL _crl)
true
if the given CRL matches all the criteria.match
in interface CRLSelector
_crl
- The CRL being checked.