org.bouncycastle.x509

Class X509CRLStoreSelector

public class X509CRLStoreSelector extends X509CRLSelector implements Selector

This class is a Selector implementation for X.509 certificate revocation lists.

See Also: Selector X509Store X509StoreCRLCollection

Method Summary
Objectclone()
X509AttributeCertificategetAttrCertificateChecking()
Returns the attribute certificate being checked.
static X509CRLStoreSelectorgetInstance(X509CRLSelector selector)
Returns an instance of this from a X509CRLSelector.
CollectiongetIssuers()
byte[]getIssuingDistributionPoint()
Returns the issuing distribution point.
BigIntegergetMaxBaseCRLNumber()
Get the maximum base CRL number.
booleanisCompleteCRLEnabled()
If true only complete CRLs are returned.
booleanisDeltaCRLIndicatorEnabled()
Returns if this selector must match CRLs with the delta CRL indicator extension set.
booleanisIssuingDistributionPointEnabled()
Returns if the issuing distribution point criteria should be applied.
booleanmatch(Object obj)
voidsetAttrCertificateChecking(X509AttributeCertificate attrCert)
Sets the attribute certificate being checked.
voidsetCompleteCRLEnabled(boolean completeCRLEnabled)
If set to true only complete CRLs are returned.
voidsetDeltaCRLIndicatorEnabled(boolean deltaCRLIndicator)
If this is set to true the CRL reported contains the delta CRL indicator CRL extension.
voidsetIssuers(Collection issuers)
voidsetIssuingDistributionPoint(byte[] issuingDistributionPoint)
Sets the issuing distribution point.
voidsetIssuingDistributionPointEnabled(boolean issuingDistributionPointEnabled)
Enables or disables the issuing distribution point check.
voidsetMaxBaseCRLNumber(BigInteger maxBaseCRLNumber)
Sets the maximum base CRL number.

Method Detail

clone

public Object clone()

getAttrCertificateChecking

public X509AttributeCertificate getAttrCertificateChecking()
Returns the attribute certificate being checked.

Returns: Returns the attribute certificate being checked.

See Also: setAttrCertificateChecking

getInstance

public static X509CRLStoreSelector getInstance(X509CRLSelector selector)
Returns an instance of this from a X509CRLSelector.

Parameters: selector A X509CRLSelector instance.

Returns: An instance of an X509CRLStoreSelector.

Throws: IllegalArgumentException if selector is null or creation fails.

getIssuers

public Collection getIssuers()

getIssuingDistributionPoint

public byte[] getIssuingDistributionPoint()
Returns the issuing distribution point. Defaults to null, which is a missing issuing distribution point extension.

The internal byte array is cloned before it is returned.

The criteria must be enable with X509CRLStoreSelector.

Returns: Returns the issuing distribution point.

See Also: (byte[])

getMaxBaseCRLNumber

public BigInteger getMaxBaseCRLNumber()
Get the maximum base CRL number. Defaults to null.

Returns: Returns the maximum base CRL number.

See Also: setMaxBaseCRLNumber

isCompleteCRLEnabled

public boolean isCompleteCRLEnabled()
If true only complete CRLs are returned. Defaults to false.

Returns: true if only complete CRLs are returned.

isDeltaCRLIndicatorEnabled

public boolean isDeltaCRLIndicatorEnabled()
Returns if this selector must match CRLs with the delta CRL indicator extension set. Defaults to false.

Returns: Returns true if only CRLs with the delta CRL indicator extension are selected.

isIssuingDistributionPointEnabled

public boolean isIssuingDistributionPointEnabled()
Returns if the issuing distribution point criteria should be applied. Defaults to false.

You may also set the issuing distribution point criteria if not a missing issuing distribution point should be assumed.

Returns: Returns if the issuing distribution point check is enabled.

match

public boolean match(Object obj)

setAttrCertificateChecking

public void setAttrCertificateChecking(X509AttributeCertificate attrCert)
Sets the attribute certificate being checked. This is not a criterion. Rather, it is optional information that may help a X509Store find CRLs that would be relevant when checking revocation for the specified attribute certificate. If null is specified, then no such optional information is provided.

Parameters: attrCert the X509AttributeCertificate being checked (or null)

See Also: getAttrCertificateChecking

setCompleteCRLEnabled

public void setCompleteCRLEnabled(boolean completeCRLEnabled)
If set to true only complete CRLs are returned.

X509CRLStoreSelector and X509CRLStoreSelector excluded each other.

Parameters: completeCRLEnabled true if only complete CRLs should be returned.

setDeltaCRLIndicatorEnabled

public void setDeltaCRLIndicatorEnabled(boolean deltaCRLIndicator)
If this is set to true the CRL reported contains the delta CRL indicator CRL extension.

X509CRLStoreSelector and X509CRLStoreSelector excluded each other.

Parameters: deltaCRLIndicator true if the delta CRL indicator extension must be in the CRL.

setIssuers

public void setIssuers(Collection issuers)

setIssuingDistributionPoint

public void setIssuingDistributionPoint(byte[] issuingDistributionPoint)
Sets the issuing distribution point.

The issuing distribution point extension is a CRL extension which identifies the scope and the distribution point of a CRL. The scope contains among others information about revocation reasons contained in the CRL. Delta CRLs and complete CRLs must have matching issuing distribution points.

The byte array is cloned to protect against subsequent modifications.

You must also enable or disable this criteria with X509CRLStoreSelector.

Parameters: issuingDistributionPoint The issuing distribution point to set. This is the DER encoded OCTET STRING extension value.

See Also: getIssuingDistributionPoint

setIssuingDistributionPointEnabled

public void setIssuingDistributionPointEnabled(boolean issuingDistributionPointEnabled)
Enables or disables the issuing distribution point check.

Parameters: issuingDistributionPointEnabled true to enable the issuing distribution point check.

setMaxBaseCRLNumber

public void setMaxBaseCRLNumber(BigInteger maxBaseCRLNumber)
Sets the maximum base CRL number. Setting to null disables this cheack.

This is only meaningful for delta CRLs. Complete CRLs must have a CRL number which is greater or equal than the base number of the corresponding CRL.

Parameters: maxBaseCRLNumber The maximum base CRL number to set.