java.lang.Object java.security.cert.X509CRLSelector
A CRLSelector that selects X509CRLs that match all specified criteria. This class is particularly useful when selecting CRLs from a CertStore to check revocation status of a particular certificate.
When first constructed, an X509CRLSelector has no criteria enabled and each of the get methods return a default value (null). Therefore, the match method would return true for any X509CRL. Typically, several criteria are enabled (by calling setIssuerNames or setDateAndTime , for instance) and then the X509CRLSelector is passed to CertStore.getCRLs or some similar method.
Please refer to RFC 2459 for definitions of the X.509 CRL fields and extensions mentioned below.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
Constructor Summary | |
---|---|
X509CRLSelector
() Creates an X509CRLSelector. |
Method Summary | |
---|---|
void |
addIssuer
(
X500Principal
Adds a name to the issuerNames criterion. |
void |
addIssuerName
(byte[] name) Adds a name to the issuerNames criterion. |
void |
addIssuerName
(
String
name) Adds a name to the issuerNames criterion. |
Object |
clone
() Returns a copy of this object. |
X509Certificate |
getCertificateChecking
() Returns the certificate being checked. |
Date |
getDateAndTime
() Returns the dateAndTime criterion. |
Collection < Object |
getIssuerNames
() Returns a copy of the issuerNames criterion. |
Collection < X500Principal |
getIssuers
()
Returns the issuerNames criterion. |
BigInteger |
getMaxCRL
() Returns the maxCRLNumber criterion. |
BigInteger |
getMinCRL
() Returns the minCRLNumber criterion. |
boolean |
match
(
CRL
crl) Decides whether a CRL should be selected. |
void |
setCertificateChecking
(
X509Certificate
cert) Sets the certificate being checked. |
void |
setDateAndTime
(
Date
dateAndTime) Sets the dateAndTime criterion. |
void |
setIssuerNames
(
Collection
<
Object
Sets the issuerNames criterion. |
void |
setIssuers
(
Collection
<
X500Principal
Sets the issuerNames criterion. |
void |
setMaxCRLNumber
(
BigInteger
maxCRL) Sets the maxCRLNumber criterion. |
void |
setMinCRLNumber
(
BigInteger
minCRL) Sets the minCRLNumber criterion. |
String |
toString
() Returns a printable representation of the X509CRLSelector. |
Methods inherited from class java.lang. Object |
---|
equals , finalize , getClass , hashCode , notify , notifyAll , wait , wait , wait |
Constructor Detail |
---|
public X509CRLSelector()
Method Detail |
---|
public void setIssuers ( Collection< X500Principal> issuers)
This method allows the caller to specify, with a single method call, the complete set of issuer names which X509CRLs may contain. The specified value replaces the previous value for the issuerNames criterion.
The names parameter (if not null) is a Collection of X500Principals.
Note that the names parameter can contain duplicate distinguished names, but they may be removed from the Collection of names returned by the getIssuers method.
Note that a copy is performed on the Collection to protect against subsequent modifications.
public void setIssuerNames(Collection< Objectnames) throwsIOException> names) throws IOException
This method allows the caller to specify, with a single method call, the complete set of issuer names which X509CRLs may contain. The specified value replaces the previous value for the issuerNames criterion.
The names parameter (if not null) is a Collection of names. Each name is a String or a byte array representing a distinguished name (in RFC 2253 or ASN.1 DER encoded form, respectively). If null is supplied as the value for this argument, no issuerNames check will be performed.
Note that the names parameter can contain duplicate distinguished names, but they may be removed from the Collection of names returned by the getIssuerNames method.
If a name is specified as a byte array, it should contain a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure is as follows.
Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType .... DirectoryString ::= CHOICE { teletexString TeletexString (SIZE (1..MAX)), printableString PrintableString (SIZE (1..MAX)), universalString UniversalString (SIZE (1..MAX)), utf8String UTF8String (SIZE (1.. MAX)), bmpString BMPString (SIZE (1..MAX)) }
Note that a deep copy is performed on the Collection to protect against subsequent modifications.
public void addIssuer ( X500Principal issuer)
This method allows the caller to add a name to the set of issuer names which X509CRLs may contain. The specified name is added to any previous value for the issuerNames criterion. If the specified name is a duplicate, it may be ignored.
public void addIssuerName(String name) throws IOException
This method allows the caller to add a name to the set of issuer names which X509CRLs may contain. The specified name is added to any previous value for the issuerNames criterion. If the specified name is a duplicate, it may be ignored.
public void addIssuerName(byte[] name) throws IOException
This method allows the caller to add a name to the set of issuer names which X509CRLs may contain. The specified name is added to any previous value for the issuerNames criterion. If the specified name is a duplicate, it may be ignored. If a name is specified as a byte array, it should contain a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure is as follows.
The name is provided as a byte array. This byte array should contain a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure appears in the documentation for setIssuerNames(Collection names) .
Note that the byte array supplied here is cloned to protect against subsequent modifications.
public void setMinCRLNumber(BigInteger minCRL)
public void setMaxCRLNumber(BigInteger maxCRL)
public void setDateAndTime(Date dateAndTime)
Note that the Date supplied here is cloned to protect against subsequent modifications.
public void setCertificateChecking(X509Certificate cert)
public Collection< X500Principal> getIssuers ()
If the value returned is not null, it is a unmodifiable Collection of X500Principals.
public Collection< Object> getIssuerNames()
If the value returned is not null, it is a Collection of names. Each name is a String or a byte array representing a distinguished name (in RFC 2253 or ASN.1 DER encoded form, respectively). Note that the Collection returned may contain duplicate names.
If a name is specified as a byte array, it should contain a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure is given in the documentation for setIssuerNames(Collection names) .
Note that a deep copy is performed on the Collection to protect against subsequent modifications.
public BigInteger getMinCRL()
public BigInteger getMaxCRL()
public Date getDateAndTime()
Note that the Date returned is cloned to protect against subsequent modifications.
public X509Certificate getCertificateChecking()
public String toString()
public boolean match(CRL crl)
public Object clone()