Package org.bouncycastle.x509

Class X509CRLStoreSelector

java.lang.Object
java.security.cert.X509CRLSelector
org.bouncycastle.x509.X509CRLStoreSelector
All Implemented Interfaces:
Cloneable, CRLSelector, Selector
public class X509CRLStoreSelector extends X509CRLSelector implements Selector
This class is a Selector implementation for X.509 certificate revocation lists.
See Also:

  • Constructor Details

    • X509CRLStoreSelector

      public X509CRLStoreSelector()

  • Method Details

    • isIssuingDistributionPointEnabled

      public boolean isIssuingDistributionPointEnabled()
      Returns if the issuing distribution point criteria should be applied. Defaults to false.

      You may also set the issuing distribution point criteria if not a missing issuing distribution point should be assumed.

      Returns:
      Returns if the issuing distribution point check is enabled.

    • setIssuingDistributionPointEnabled

      public void setIssuingDistributionPointEnabled(boolean issuingDistributionPointEnabled)
      Enables or disables the issuing distribution point check.
      Parameters:
      issuingDistributionPointEnabled - true to enable the issuing distribution point check.

    • setAttrCertificateChecking

      public void setAttrCertificateChecking(X509AttributeCertificate attrCert)
      Sets the attribute certificate being checked. This is not a criterion. Rather, it is optional information that may help a X509Store find CRLs that would be relevant when checking revocation for the specified attribute certificate. If null is specified, then no such optional information is provided.
      Parameters:
      attrCert - the X509AttributeCertificate being checked (or null)
      See Also:

    • getAttrCertificateChecking

      public X509AttributeCertificate getAttrCertificateChecking()
      Returns the attribute certificate being checked.
      Returns:
      Returns the attribute certificate being checked.
      See Also:

    • match

      public boolean match(Object obj)
      Description copied from interface: Selector
      Match the passed in object, returning true if it would be selected by this selector, false otherwise.
      Specified by:
      match in interface Selector
      Parameters:
      obj - the object to be matched.
      Returns:
      true if the object is a match for this selector, false otherwise.

    • match

      public boolean match(CRL crl)
      Specified by:
      match in interface CRLSelector
      Overrides:
      match in class X509CRLSelector

    • isDeltaCRLIndicatorEnabled

      public boolean isDeltaCRLIndicatorEnabled()
      Returns if this selector must match CRLs with the delta CRL indicator extension set. Defaults to false.
      Returns:
      Returns true if only CRLs with the delta CRL indicator extension are selected.

    • setDeltaCRLIndicatorEnabled

      public void setDeltaCRLIndicatorEnabled(boolean deltaCRLIndicator)
      If this is set to true the CRL reported contains the delta CRL indicator CRL extension.

      setCompleteCRLEnabled(boolean) and setDeltaCRLIndicatorEnabled(boolean) excluded each other.

      Parameters:
      deltaCRLIndicator - true if the delta CRL indicator extension must be in the CRL.

    • getInstance

      public static X509CRLStoreSelector getInstance(X509CRLSelector selector)
      Returns an instance of this from a X509CRLSelector.
      Parameters:
      selector - A X509CRLSelector instance.
      Returns:
      An instance of an X509CRLStoreSelector.
      Throws:
      IllegalArgumentException - if selector is null or creation fails.

    • clone

      public Object clone()
      Specified by:
      clone in interface CRLSelector
      Specified by:
      clone in interface Selector
      Overrides:
      clone in class X509CRLSelector

    • isCompleteCRLEnabled

      public boolean isCompleteCRLEnabled()
      If true only complete CRLs are returned. Defaults to false.
      Returns:
      true if only complete CRLs are returned.

    • setCompleteCRLEnabled

      public void setCompleteCRLEnabled(boolean completeCRLEnabled)
      If set to true only complete CRLs are returned.

      setCompleteCRLEnabled(boolean) and setDeltaCRLIndicatorEnabled(boolean) excluded each other.

      Parameters:
      completeCRLEnabled - true if only complete CRLs should be returned.

    • getMaxBaseCRLNumber

      public BigInteger getMaxBaseCRLNumber()
      Get the maximum base CRL number. Defaults to null.
      Returns:
      Returns the maximum base CRL number.
      See Also:

    • setMaxBaseCRLNumber

      public void setMaxBaseCRLNumber(BigInteger maxBaseCRLNumber)
      Sets the maximum base CRL number. Setting to null disables this cheack.

      This is only meaningful for delta CRLs. Complete CRLs must have a CRL number which is greater or equal than the base number of the corresponding CRL.

      Parameters:
      maxBaseCRLNumber - The maximum base CRL number to set.

    • getIssuingDistributionPoint

      public byte[] getIssuingDistributionPoint()
      Returns the issuing distribution point. Defaults to null, which is a missing issuing distribution point extension.

      The internal byte array is cloned before it is returned.

      The criteria must be enable with setIssuingDistributionPointEnabled(boolean).

      Returns:
      Returns the issuing distribution point.
      See Also:

    • setIssuingDistributionPoint

      public void setIssuingDistributionPoint(byte[] issuingDistributionPoint)
      Sets the issuing distribution point.

      The issuing distribution point extension is a CRL extension which identifies the scope and the distribution point of a CRL. The scope contains among others information about revocation reasons contained in the CRL. Delta CRLs and complete CRLs must have matching issuing distribution points.

      The byte array is cloned to protect against subsequent modifications.

      You must also enable or disable this criteria with setIssuingDistributionPointEnabled(boolean).

      Parameters:
      issuingDistributionPoint - The issuing distribution point to set. This is the DER encoded OCTET STRING extension value.
      See Also: