src/share/classes/java/security/cert/X509CRLSelector.java
Print this page
*** 35,56 ****
import sun.security.util.DerInputStream;
import sun.security.x509.CRLNumberExtension;
import sun.security.x509.X500Name;
/**
! * A <code>CRLSelector</code> that selects <code>X509CRLs</code> that
* match all specified criteria. This class is particularly useful when
! * selecting CRLs from a <code>CertStore</code> to check revocation status
* of a particular certificate.
* <p>
! * When first constructed, an <code>X509CRLSelector</code> has no criteria
! * enabled and each of the <code>get</code> methods return a default
! * value (<code>null</code>). Therefore, the {@link #match match} method
! * would return <code>true</code> for any <code>X509CRL</code>. Typically,
* several criteria are enabled (by calling {@link #setIssuers setIssuers}
* or {@link #setDateAndTime setDateAndTime}, for instance) and then the
! * <code>X509CRLSelector</code> is passed to
* {@link CertStore#getCRLs CertStore.getCRLs} or some similar
* method.
* <p>
* Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280:
* Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>
--- 35,56 ----
import sun.security.util.DerInputStream;
import sun.security.x509.CRLNumberExtension;
import sun.security.x509.X500Name;
/**
! * A {@code CRLSelector} that selects {@code X509CRLs} that
* match all specified criteria. This class is particularly useful when
! * selecting CRLs from a {@code CertStore} to check revocation status
* of a particular certificate.
* <p>
! * When first constructed, an {@code X509CRLSelector} has no criteria
! * enabled and each of the {@code get} methods return a default
! * value ({@code null}). Therefore, the {@link #match match} method
! * would return {@code true} for any {@code X509CRL}. Typically,
* several criteria are enabled (by calling {@link #setIssuers setIssuers}
* or {@link #setDateAndTime setDateAndTime}, for instance) and then the
! * {@code X509CRLSelector} is passed to
* {@link CertStore#getCRLs CertStore.getCRLs} or some similar
* method.
* <p>
* Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280:
* Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a>
*** 84,122 ****
private Date dateAndTime;
private X509Certificate certChecking;
private long skew = 0;
/**
! * Creates an <code>X509CRLSelector</code>. Initially, no criteria are set
! * so any <code>X509CRL</code> will match.
*/
public X509CRLSelector() {}
/**
* Sets the issuerNames criterion. The issuer distinguished name in the
! * <code>X509CRL</code> must match at least one of the specified
! * distinguished names. If <code>null</code>, any issuer distinguished name
* will do.
* <p>
* This method allows the caller to specify, with a single method call,
! * the complete set of issuer names which <code>X509CRLs</code> may contain.
* The specified value replaces the previous value for the issuerNames
* criterion.
* <p>
! * The <code>names</code> parameter (if not <code>null</code>) is a
! * <code>Collection</code> of <code>X500Principal</code>s.
* <p>
! * Note that the <code>names</code> parameter can contain duplicate
* distinguished names, but they may be removed from the
! * <code>Collection</code> of names returned by the
* {@link #getIssuers getIssuers} method.
* <p>
! * Note that a copy is performed on the <code>Collection</code> to
* protect against subsequent modifications.
*
! * @param issuers a <code>Collection</code> of X500Principals
! * (or <code>null</code>)
* @see #getIssuers
* @since 1.5
*/
public void setIssuers(Collection<X500Principal> issuers) {
if ((issuers == null) || issuers.isEmpty()) {
--- 84,122 ----
private Date dateAndTime;
private X509Certificate certChecking;
private long skew = 0;
/**
! * Creates an {@code X509CRLSelector}. Initially, no criteria are set
! * so any {@code X509CRL} will match.
*/
public X509CRLSelector() {}
/**
* Sets the issuerNames criterion. The issuer distinguished name in the
! * {@code X509CRL} must match at least one of the specified
! * distinguished names. If {@code null}, any issuer distinguished name
* will do.
* <p>
* This method allows the caller to specify, with a single method call,
! * the complete set of issuer names which {@code X509CRLs} may contain.
* The specified value replaces the previous value for the issuerNames
* criterion.
* <p>
! * The {@code names} parameter (if not {@code null}) is a
! * {@code Collection} of {@code X500Principal}s.
* <p>
! * Note that the {@code names} parameter can contain duplicate
* distinguished names, but they may be removed from the
! * {@code Collection} of names returned by the
* {@link #getIssuers getIssuers} method.
* <p>
! * Note that a copy is performed on the {@code Collection} to
* protect against subsequent modifications.
*
! * @param issuers a {@code Collection} of X500Principals
! * (or {@code null})
* @see #getIssuers
* @since 1.5
*/
public void setIssuers(Collection<X500Principal> issuers) {
if ((issuers == null) || issuers.isEmpty()) {
*** 136,170 ****
* <strong>Note:</strong> use {@linkplain #setIssuers(Collection)} instead
* or only specify the byte array form of distinguished names when using
* this method. See {@link #addIssuerName(String)} for more information.
* <p>
* Sets the issuerNames criterion. The issuer distinguished name in the
! * <code>X509CRL</code> must match at least one of the specified
! * distinguished names. If <code>null</code>, any issuer distinguished name
* will do.
* <p>
* This method allows the caller to specify, with a single method call,
! * the complete set of issuer names which <code>X509CRLs</code> may contain.
* The specified value replaces the previous value for the issuerNames
* criterion.
* <p>
! * The <code>names</code> parameter (if not <code>null</code>) is a
! * <code>Collection</code> of names. Each name is a <code>String</code>
* or a byte array representing a distinguished name (in
* <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> or
! * ASN.1 DER encoded form, respectively). If <code>null</code> is supplied
* as the value for this argument, no issuerNames check will be performed.
* <p>
! * Note that the <code>names</code> parameter can contain duplicate
* distinguished names, but they may be removed from the
! * <code>Collection</code> of names returned by the
* {@link #getIssuerNames getIssuerNames} method.
* <p>
* If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is as follows.
! * <pre><code>
* Name ::= CHOICE {
* RDNSequence }
*
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
*
--- 136,170 ----
* <strong>Note:</strong> use {@linkplain #setIssuers(Collection)} instead
* or only specify the byte array form of distinguished names when using
* this method. See {@link #addIssuerName(String)} for more information.
* <p>
* Sets the issuerNames criterion. The issuer distinguished name in the
! * {@code X509CRL} must match at least one of the specified
! * distinguished names. If {@code null}, any issuer distinguished name
* will do.
* <p>
* This method allows the caller to specify, with a single method call,
! * the complete set of issuer names which {@code X509CRLs} may contain.
* The specified value replaces the previous value for the issuerNames
* criterion.
* <p>
! * The {@code names} parameter (if not {@code null}) is a
! * {@code Collection} of names. Each name is a {@code String}
* or a byte array representing a distinguished name (in
* <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> or
! * ASN.1 DER encoded form, respectively). If {@code null} is supplied
* as the value for this argument, no issuerNames check will be performed.
* <p>
! * Note that the {@code names} parameter can contain duplicate
* distinguished names, but they may be removed from the
! * {@code Collection} of names returned by the
* {@link #getIssuerNames getIssuerNames} method.
* <p>
* If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is as follows.
! * <pre>{@code
* Name ::= CHOICE {
* RDNSequence }
*
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
*
*** 183,198 ****
* teletexString TeletexString (SIZE (1..MAX)),
* printableString PrintableString (SIZE (1..MAX)),
* universalString UniversalString (SIZE (1..MAX)),
* utf8String UTF8String (SIZE (1.. MAX)),
* bmpString BMPString (SIZE (1..MAX)) }
! * </code></pre>
* <p>
! * Note that a deep copy is performed on the <code>Collection</code> to
* protect against subsequent modifications.
*
! * @param names a <code>Collection</code> of names (or <code>null</code>)
* @throws IOException if a parsing error occurs
* @see #getIssuerNames
*/
public void setIssuerNames(Collection<?> names) throws IOException {
if (names == null || names.size() == 0) {
--- 183,198 ----
* teletexString TeletexString (SIZE (1..MAX)),
* printableString PrintableString (SIZE (1..MAX)),
* universalString UniversalString (SIZE (1..MAX)),
* utf8String UTF8String (SIZE (1.. MAX)),
* bmpString BMPString (SIZE (1..MAX)) }
! * }</pre>
* <p>
! * Note that a deep copy is performed on the {@code Collection} to
* protect against subsequent modifications.
*
! * @param names a {@code Collection} of names (or {@code null})
* @throws IOException if a parsing error occurs
* @see #getIssuerNames
*/
public void setIssuerNames(Collection<?> names) throws IOException {
if (names == null || names.size() == 0) {
*** 206,220 ****
}
}
/**
* Adds a name to the issuerNames criterion. The issuer distinguished
! * name in the <code>X509CRL</code> must match at least one of the specified
* distinguished names.
* <p>
* This method allows the caller to add a name to the set of issuer names
! * which <code>X509CRLs</code> may contain. The specified name is added to
* any previous value for the issuerNames criterion.
* If the specified name is a duplicate, it may be ignored.
*
* @param issuer the issuer as X500Principal
* @since 1.5
--- 206,220 ----
}
}
/**
* Adds a name to the issuerNames criterion. The issuer distinguished
! * name in the {@code X509CRL} must match at least one of the specified
* distinguished names.
* <p>
* This method allows the caller to add a name to the set of issuer names
! * which {@code X509CRLs} may contain. The specified name is added to
* any previous value for the issuerNames criterion.
* If the specified name is a duplicate, it may be ignored.
*
* @param issuer the issuer as X500Principal
* @since 1.5
*** 230,244 ****
* relied on as it can fail to match some CRLs because of a loss of
* encoding information in the RFC 2253 String form of some distinguished
* names.
* <p>
* Adds a name to the issuerNames criterion. The issuer distinguished
! * name in the <code>X509CRL</code> must match at least one of the specified
* distinguished names.
* <p>
* This method allows the caller to add a name to the set of issuer names
! * which <code>X509CRLs</code> may contain. The specified name is added to
* any previous value for the issuerNames criterion.
* If the specified name is a duplicate, it may be ignored.
*
* @param name the name in RFC 2253 form
* @throws IOException if a parsing error occurs
--- 230,244 ----
* relied on as it can fail to match some CRLs because of a loss of
* encoding information in the RFC 2253 String form of some distinguished
* names.
* <p>
* Adds a name to the issuerNames criterion. The issuer distinguished
! * name in the {@code X509CRL} must match at least one of the specified
* distinguished names.
* <p>
* This method allows the caller to add a name to the set of issuer names
! * which {@code X509CRLs} may contain. The specified name is added to
* any previous value for the issuerNames criterion.
* If the specified name is a duplicate, it may be ignored.
*
* @param name the name in RFC 2253 form
* @throws IOException if a parsing error occurs
*** 247,261 ****
addIssuerNameInternal(name, new X500Name(name).asX500Principal());
}
/**
* Adds a name to the issuerNames criterion. The issuer distinguished
! * name in the <code>X509CRL</code> must match at least one of the specified
* distinguished names.
* <p>
* This method allows the caller to add a name to the set of issuer names
! * which <code>X509CRLs</code> may contain. The specified name is added to
* any previous value for the issuerNames criterion. If the specified name
* is a duplicate, it may be ignored.
* If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is as follows.
--- 247,261 ----
addIssuerNameInternal(name, new X500Name(name).asX500Principal());
}
/**
* Adds a name to the issuerNames criterion. The issuer distinguished
! * name in the {@code X509CRL} must match at least one of the specified
* distinguished names.
* <p>
* This method allows the caller to add a name to the set of issuer names
! * which {@code X509CRLs} may contain. The specified name is added to
* any previous value for the issuerNames criterion. If the specified name
* is a duplicate, it may be ignored.
* If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is as follows.
*** 277,287 ****
}
/**
* A private method that adds a name (String or byte array) to the
* issuerNames criterion. The issuer distinguished
! * name in the <code>X509CRL</code> must match at least one of the specified
* distinguished names.
*
* @param name the name in string or byte array form
* @param principal the name in X500Principal form
* @throws IOException if a parsing error occurs
--- 277,287 ----
}
/**
* A private method that adds a name (String or byte array) to the
* issuerNames criterion. The issuer distinguished
! * name in the {@code X509CRL} must match at least one of the specified
* distinguished names.
*
* @param name the name in string or byte array form
* @param principal the name in X500Principal form
* @throws IOException if a parsing error occurs
*** 299,313 ****
/**
* Clone and check an argument of the form passed to
* setIssuerNames. Throw an IOException if the argument is malformed.
*
! * @param names a <code>Collection</code> of names. Each entry is a
* String or a byte array (the name, in string or ASN.1
! * DER encoded form, respectively). <code>null</code> is
* not an acceptable value.
! * @return a deep copy of the specified <code>Collection</code>
* @throws IOException if a parsing error occurs
*/
private static HashSet<Object> cloneAndCheckIssuerNames(Collection<?> names)
throws IOException
{
--- 299,313 ----
/**
* Clone and check an argument of the form passed to
* setIssuerNames. Throw an IOException if the argument is malformed.
*
! * @param names a {@code Collection} of names. Each entry is a
* String or a byte array (the name, in string or ASN.1
! * DER encoded form, respectively). {@code null} is
* not an acceptable value.
! * @return a deep copy of the specified {@code Collection}
* @throws IOException if a parsing error occurs
*/
private static HashSet<Object> cloneAndCheckIssuerNames(Collection<?> names)
throws IOException
{
*** 332,346 ****
* <p>
* This method wraps cloneAndCheckIssuerNames, changing any IOException
* into a RuntimeException. This method should be used when the object being
* cloned has already been checked, so there should never be any exceptions.
*
! * @param names a <code>Collection</code> of names. Each entry is a
* String or a byte array (the name, in string or ASN.1
! * DER encoded form, respectively). <code>null</code> is
* not an acceptable value.
! * @return a deep copy of the specified <code>Collection</code>
* @throws RuntimeException if a parsing error occurs
*/
private static HashSet<Object> cloneIssuerNames(Collection<Object> names) {
try {
return cloneAndCheckIssuerNames(names);
--- 332,346 ----
* <p>
* This method wraps cloneAndCheckIssuerNames, changing any IOException
* into a RuntimeException. This method should be used when the object being
* cloned has already been checked, so there should never be any exceptions.
*
! * @param names a {@code Collection} of names. Each entry is a
* String or a byte array (the name, in string or ASN.1
! * DER encoded form, respectively). {@code null} is
* not an acceptable value.
! * @return a deep copy of the specified {@code Collection}
* @throws RuntimeException if a parsing error occurs
*/
private static HashSet<Object> cloneIssuerNames(Collection<Object> names) {
try {
return cloneAndCheckIssuerNames(names);
*** 352,362 ****
/**
* Parse an argument of the form passed to setIssuerNames,
* returning a Collection of issuerX500Principals.
* Throw an IOException if the argument is malformed.
*
! * @param names a <code>Collection</code> of names. Each entry is a
* String or a byte array (the name, in string or ASN.1
* DER encoded form, respectively). <Code>Null</Code> is
* not an acceptable value.
* @return a HashSet of issuerX500Principals
* @throws IOException if a parsing error occurs
--- 352,362 ----
/**
* Parse an argument of the form passed to setIssuerNames,
* returning a Collection of issuerX500Principals.
* Throw an IOException if the argument is malformed.
*
! * @param names a {@code Collection} of names. Each entry is a
* String or a byte array (the name, in string or ASN.1
* DER encoded form, respectively). <Code>Null</Code> is
* not an acceptable value.
* @return a HashSet of issuerX500Principals
* @throws IOException if a parsing error occurs
*** 378,423 ****
}
return x500Principals;
}
/**
! * Sets the minCRLNumber criterion. The <code>X509CRL</code> must have a
* CRL number extension whose value is greater than or equal to the
! * specified value. If <code>null</code>, no minCRLNumber check will be
* done.
*
! * @param minCRL the minimum CRL number accepted (or <code>null</code>)
*/
public void setMinCRLNumber(BigInteger minCRL) {
this.minCRL = minCRL;
}
/**
! * Sets the maxCRLNumber criterion. The <code>X509CRL</code> must have a
* CRL number extension whose value is less than or equal to the
! * specified value. If <code>null</code>, no maxCRLNumber check will be
* done.
*
! * @param maxCRL the maximum CRL number accepted (or <code>null</code>)
*/
public void setMaxCRLNumber(BigInteger maxCRL) {
this.maxCRL = maxCRL;
}
/**
* Sets the dateAndTime criterion. The specified date must be
* equal to or later than the value of the thisUpdate component
! * of the <code>X509CRL</code> and earlier than the value of the
! * nextUpdate component. There is no match if the <code>X509CRL</code>
* does not contain a nextUpdate component.
! * If <code>null</code>, no dateAndTime check will be done.
* <p>
! * Note that the <code>Date</code> supplied here is cloned to protect
* against subsequent modifications.
*
! * @param dateAndTime the <code>Date</code> to match against
! * (or <code>null</code>)
* @see #getDateAndTime
*/
public void setDateAndTime(Date dateAndTime) {
if (dateAndTime == null)
this.dateAndTime = null;
--- 378,423 ----
}
return x500Principals;
}
/**
! * Sets the minCRLNumber criterion. The {@code X509CRL} must have a
* CRL number extension whose value is greater than or equal to the
! * specified value. If {@code null}, no minCRLNumber check will be
* done.
*
! * @param minCRL the minimum CRL number accepted (or {@code null})
*/
public void setMinCRLNumber(BigInteger minCRL) {
this.minCRL = minCRL;
}
/**
! * Sets the maxCRLNumber criterion. The {@code X509CRL} must have a
* CRL number extension whose value is less than or equal to the
! * specified value. If {@code null}, no maxCRLNumber check will be
* done.
*
! * @param maxCRL the maximum CRL number accepted (or {@code null})
*/
public void setMaxCRLNumber(BigInteger maxCRL) {
this.maxCRL = maxCRL;
}
/**
* Sets the dateAndTime criterion. The specified date must be
* equal to or later than the value of the thisUpdate component
! * of the {@code X509CRL} and earlier than the value of the
! * nextUpdate component. There is no match if the {@code X509CRL}
* does not contain a nextUpdate component.
! * If {@code null}, no dateAndTime check will be done.
* <p>
! * Note that the {@code Date} supplied here is cloned to protect
* against subsequent modifications.
*
! * @param dateAndTime the {@code Date} to match against
! * (or {@code null})
* @see #getDateAndTime
*/
public void setDateAndTime(Date dateAndTime) {
if (dateAndTime == null)
this.dateAndTime = null;
*** 436,469 ****
this.skew = skew;
}
/**
* Sets the certificate being checked. This is not a criterion. Rather,
! * it is optional information that may help a <code>CertStore</code>
* find CRLs that would be relevant when checking revocation for the
! * specified certificate. If <code>null</code> is specified, then no
* such optional information is provided.
*
! * @param cert the <code>X509Certificate</code> being checked
! * (or <code>null</code>)
* @see #getCertificateChecking
*/
public void setCertificateChecking(X509Certificate cert) {
certChecking = cert;
}
/**
* Returns the issuerNames criterion. The issuer distinguished
! * name in the <code>X509CRL</code> must match at least one of the specified
! * distinguished names. If the value returned is <code>null</code>, any
* issuer distinguished name will do.
* <p>
! * If the value returned is not <code>null</code>, it is a
! * unmodifiable <code>Collection</code> of <code>X500Principal</code>s.
*
! * @return an unmodifiable <code>Collection</code> of names
! * (or <code>null</code>)
* @see #setIssuers
* @since 1.5
*/
public Collection<X500Principal> getIssuers() {
if (issuerX500Principals == null) {
--- 436,469 ----
this.skew = skew;
}
/**
* Sets the certificate being checked. This is not a criterion. Rather,
! * it is optional information that may help a {@code CertStore}
* find CRLs that would be relevant when checking revocation for the
! * specified certificate. If {@code null} is specified, then no
* such optional information is provided.
*
! * @param cert the {@code X509Certificate} being checked
! * (or {@code null})
* @see #getCertificateChecking
*/
public void setCertificateChecking(X509Certificate cert) {
certChecking = cert;
}
/**
* Returns the issuerNames criterion. The issuer distinguished
! * name in the {@code X509CRL} must match at least one of the specified
! * distinguished names. If the value returned is {@code null}, any
* issuer distinguished name will do.
* <p>
! * If the value returned is not {@code null}, it is a
! * unmodifiable {@code Collection} of {@code X500Principal}s.
*
! * @return an unmodifiable {@code Collection} of names
! * (or {@code null})
* @see #setIssuers
* @since 1.5
*/
public Collection<X500Principal> getIssuers() {
if (issuerX500Principals == null) {
*** 472,571 ****
return Collections.unmodifiableCollection(issuerX500Principals);
}
/**
* Returns a copy of the issuerNames criterion. The issuer distinguished
! * name in the <code>X509CRL</code> must match at least one of the specified
! * distinguished names. If the value returned is <code>null</code>, any
* issuer distinguished name will do.
* <p>
! * If the value returned is not <code>null</code>, it is a
! * <code>Collection</code> of names. Each name is a <code>String</code>
* or a byte array representing a distinguished name (in RFC 2253 or
* ASN.1 DER encoded form, respectively). Note that the
! * <code>Collection</code> returned may contain duplicate names.
* <p>
* If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is given in the documentation for
* {@link #setIssuerNames setIssuerNames(Collection names)}.
* <p>
! * Note that a deep copy is performed on the <code>Collection</code> to
* protect against subsequent modifications.
*
! * @return a <code>Collection</code> of names (or <code>null</code>)
* @see #setIssuerNames
*/
public Collection<Object> getIssuerNames() {
if (issuerNames == null) {
return null;
}
return cloneIssuerNames(issuerNames);
}
/**
! * Returns the minCRLNumber criterion. The <code>X509CRL</code> must have a
* CRL number extension whose value is greater than or equal to the
! * specified value. If <code>null</code>, no minCRLNumber check will be done.
*
! * @return the minimum CRL number accepted (or <code>null</code>)
*/
public BigInteger getMinCRL() {
return minCRL;
}
/**
! * Returns the maxCRLNumber criterion. The <code>X509CRL</code> must have a
* CRL number extension whose value is less than or equal to the
! * specified value. If <code>null</code>, no maxCRLNumber check will be
* done.
*
! * @return the maximum CRL number accepted (or <code>null</code>)
*/
public BigInteger getMaxCRL() {
return maxCRL;
}
/**
* Returns the dateAndTime criterion. The specified date must be
* equal to or later than the value of the thisUpdate component
! * of the <code>X509CRL</code> and earlier than the value of the
* nextUpdate component. There is no match if the
! * <code>X509CRL</code> does not contain a nextUpdate component.
! * If <code>null</code>, no dateAndTime check will be done.
* <p>
! * Note that the <code>Date</code> returned is cloned to protect against
* subsequent modifications.
*
! * @return the <code>Date</code> to match against (or <code>null</code>)
* @see #setDateAndTime
*/
public Date getDateAndTime() {
if (dateAndTime == null)
return null;
return (Date) dateAndTime.clone();
}
/**
* Returns the certificate being checked. This is not a criterion. Rather,
! * it is optional information that may help a <code>CertStore</code>
* find CRLs that would be relevant when checking revocation for the
! * specified certificate. If the value returned is <code>null</code>, then
* no such optional information is provided.
*
! * @return the certificate being checked (or <code>null</code>)
* @see #setCertificateChecking
*/
public X509Certificate getCertificateChecking() {
return certChecking;
}
/**
! * Returns a printable representation of the <code>X509CRLSelector</code>.
*
! * @return a <code>String</code> describing the contents of the
! * <code>X509CRLSelector</code>.
*/
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append("X509CRLSelector: [\n");
if (issuerNames != null) {
--- 472,571 ----
return Collections.unmodifiableCollection(issuerX500Principals);
}
/**
* Returns a copy of the issuerNames criterion. The issuer distinguished
! * name in the {@code X509CRL} must match at least one of the specified
! * distinguished names. If the value returned is {@code null}, any
* issuer distinguished name will do.
* <p>
! * If the value returned is not {@code null}, it is a
! * {@code Collection} of names. Each name is a {@code String}
* or a byte array representing a distinguished name (in RFC 2253 or
* ASN.1 DER encoded form, respectively). Note that the
! * {@code Collection} returned may contain duplicate names.
* <p>
* If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is given in the documentation for
* {@link #setIssuerNames setIssuerNames(Collection names)}.
* <p>
! * Note that a deep copy is performed on the {@code Collection} to
* protect against subsequent modifications.
*
! * @return a {@code Collection} of names (or {@code null})
* @see #setIssuerNames
*/
public Collection<Object> getIssuerNames() {
if (issuerNames == null) {
return null;
}
return cloneIssuerNames(issuerNames);
}
/**
! * Returns the minCRLNumber criterion. The {@code X509CRL} must have a
* CRL number extension whose value is greater than or equal to the
! * specified value. If {@code null}, no minCRLNumber check will be done.
*
! * @return the minimum CRL number accepted (or {@code null})
*/
public BigInteger getMinCRL() {
return minCRL;
}
/**
! * Returns the maxCRLNumber criterion. The {@code X509CRL} must have a
* CRL number extension whose value is less than or equal to the
! * specified value. If {@code null}, no maxCRLNumber check will be
* done.
*
! * @return the maximum CRL number accepted (or {@code null})
*/
public BigInteger getMaxCRL() {
return maxCRL;
}
/**
* Returns the dateAndTime criterion. The specified date must be
* equal to or later than the value of the thisUpdate component
! * of the {@code X509CRL} and earlier than the value of the
* nextUpdate component. There is no match if the
! * {@code X509CRL} does not contain a nextUpdate component.
! * If {@code null}, no dateAndTime check will be done.
* <p>
! * Note that the {@code Date} returned is cloned to protect against
* subsequent modifications.
*
! * @return the {@code Date} to match against (or {@code null})
* @see #setDateAndTime
*/
public Date getDateAndTime() {
if (dateAndTime == null)
return null;
return (Date) dateAndTime.clone();
}
/**
* Returns the certificate being checked. This is not a criterion. Rather,
! * it is optional information that may help a {@code CertStore}
* find CRLs that would be relevant when checking revocation for the
! * specified certificate. If the value returned is {@code null}, then
* no such optional information is provided.
*
! * @return the certificate being checked (or {@code null})
* @see #setCertificateChecking
*/
public X509Certificate getCertificateChecking() {
return certChecking;
}
/**
! * Returns a printable representation of the {@code X509CRLSelector}.
*
! * @return a {@code String} describing the contents of the
! * {@code X509CRLSelector}.
*/
public String toString() {
StringBuffer sb = new StringBuffer();
sb.append("X509CRLSelector: [\n");
if (issuerNames != null) {
*** 585,599 ****
sb.append("]");
return sb.toString();
}
/**
! * Decides whether a <code>CRL</code> should be selected.
*
! * @param crl the <code>CRL</code> to be checked
! * @return <code>true</code> if the <code>CRL</code> should be selected,
! * <code>false</code> otherwise
*/
public boolean match(CRL crl) {
if (!(crl instanceof X509CRL)) {
return false;
}
--- 585,599 ----
sb.append("]");
return sb.toString();
}
/**
! * Decides whether a {@code CRL} should be selected.
*
! * @param crl the {@code CRL} to be checked
! * @return {@code true} if the {@code CRL} should be selected,
! * {@code false} otherwise
*/
public boolean match(CRL crl) {
if (!(crl instanceof X509CRL)) {
return false;
}