java.security.cert
Class X509CRLSelector

java.lang.Object
  extended by java.security.cert.X509CRLSelector
All Implemented Interfaces:
Cloneable, CRLSelector

public class X509CRLSelector
extends Object
implements CRLSelector, Cloneable

A class for matching X.509 certificate revocation lists by criteria.

Use of this class requires extensive knowledge of the Internet Engineering Task Force's Public Key Infrastructure (X.509). The primary document describing this standard is RFC 3280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile.

Note that this class is not thread-safe. If multiple threads will use or modify this class then they need to synchronize on the object.

Since:
1.4

Constructor Summary
X509CRLSelector()
          Creates a new CRL selector with no criteria enabled; i.e., every CRL will be matched.
 
Method Summary
 void addIssuerName(byte[] name)
          Add an issuer name to the set of issuer names criteria, as the DER encoded form.
 void addIssuerName(String name)
          Add an issuer name to the set of issuer names criteria, as a String representation.
 Object clone()
          Returns a copy of this object.
 X509Certificate getCertificateChecking()
          Returns the certificate being checked, or null if this value is not set.
 Date getDateAndTime()
          Returns the date when this CRL must be valid; that is, the date must be after the thisUpdate date, but before the nextUpdate date.
 Collection<Object> getIssuerNames()
          Returns the set of issuer names that are matched by this selector, or null if this criteria is not set.
 BigInteger getMaxCRL()
          Returns the maximum value of the CRLNumber extension present in CRLs matched by this selector, or null if this criteria is not set.
 BigInteger getMinCRL()
          Returns the minimum value of the CRLNumber extension present in CRLs matched by this selector, or null if this criteria is not set.
 boolean match(CRL _crl)
          Checks a CRL against the criteria of this selector, returning true if the given CRL matches all the criteria.
 void setCertificateChecking(X509Certificate cert)
          Sets the certificate being checked.
 void setDateAndTime(Date date)
          Sets the date at which this CRL must be valid.
 void setIssuerNames(Collection<?> names)
          Sets the issuer names criterion.
 void setMaxCRLNumber(BigInteger maxCrlNumber)
          Sets the maximum value of the CRLNumber extension present in CRLs matched by this selector.
 void setMinCRLNumber(BigInteger minCrlNumber)
          Sets the minimum value of the CRLNumber extension present in CRLs matched by this selector.
 String toString()
          Returns a string representation of this selector.
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

X509CRLSelector

public X509CRLSelector()
Creates a new CRL selector with no criteria enabled; i.e., every CRL will be matched.

Method Detail

addIssuerName

public void addIssuerName(byte[] name)
                   throws IOException
Add an issuer name to the set of issuer names criteria, as the DER encoded form.

Parameters:
name - The name to add, as DER bytes.
Throws:
IOException - If the argument is not a valid DER-encoding.

addIssuerName

public void addIssuerName(String name)
                   throws IOException
Add an issuer name to the set of issuer names criteria, as a String representation.

Parameters:
name - The name to add.
Throws:
IOException - If the argument is not a valid name.

setIssuerNames

public void setIssuerNames(Collection<?> names)
                    throws IOException
Sets the issuer names criterion. Pass null to clear this value. CRLs matched by this selector must have an issuer name in this set.

Parameters:
names - The issuer names.
Throws:
IOException - If any of the elements in the collection is not a valid name.

getIssuerNames

public Collection<Object> getIssuerNames()
Returns the set of issuer names that are matched by this selector, or null if this criteria is not set. The returned collection is not modifiable.

Returns:
The set of issuer names.

getMaxCRL

public BigInteger getMaxCRL()
Returns the maximum value of the CRLNumber extension present in CRLs matched by this selector, or null if this criteria is not set.

Returns:
The maximum CRL number.

getMinCRL

public BigInteger getMinCRL()
Returns the minimum value of the CRLNumber extension present in CRLs matched by this selector, or null if this criteria is not set.

Returns:
The minimum CRL number.

setMaxCRLNumber

public void setMaxCRLNumber(BigInteger maxCrlNumber)
Sets the maximum value of the CRLNumber extension present in CRLs matched by this selector. Specify null to clear this criterion.

Parameters:
maxCrlNumber - The maximum CRL number.

setMinCRLNumber

public void setMinCRLNumber(BigInteger minCrlNumber)
Sets the minimum value of the CRLNumber extension present in CRLs matched by this selector. Specify null to clear this criterion.

Parameters:
minCrlNumber - The minimum CRL number.

getDateAndTime

public Date getDateAndTime()
Returns the date when this CRL must be valid; that is, the date must be after the thisUpdate date, but before the nextUpdate date. Returns null if this criterion is not set.

Returns:
The date.

setDateAndTime

public void setDateAndTime(Date date)
Sets the date at which this CRL must be valid. Specify null to clear this criterion.

Parameters:
date - The date.

getCertificateChecking

public X509Certificate getCertificateChecking()
Returns the certificate being checked, or null if this value is not set.

Returns:
The certificate.

setCertificateChecking

public void setCertificateChecking(X509Certificate cert)
Sets the certificate being checked. This is not a criterion, but info used by certificate store implementations to aid in searching.

Parameters:
cert - The certificate.

toString

public String toString()
Returns a string representation of this selector. The string will only describe the enabled criteria, so if none are enabled this will return a string that contains little else besides the class name.

Overrides:
toString in class Object
Returns:
The string.
See Also:
Object.getClass(), Object.hashCode(), Class.getName(), Integer.toHexString(int)

match

public boolean match(CRL _crl)
Checks a CRL against the criteria of this selector, returning true if the given CRL matches all the criteria.

Specified by:
match in interface CRLSelector
Parameters:
_crl - The CRL being checked.
Returns:
True if the CRL matches, false otherwise.

clone

public Object clone()
Returns a copy of this object.

Specified by:
clone in interface CRLSelector
Overrides:
clone in class Object
Returns:
The copy.
See Also:
Cloneable