All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.distrimind.bouncycastle.x509.X509CRLStoreSelector Maven / Gradle / Ivy

There is a newer version: 1.78.1
Show newest version
package com.distrimind.bouncycastle.x509;

import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRL;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;

import com.distrimind.bouncycastle.asn1.ASN1Integer;
import com.distrimind.bouncycastle.asn1.x509.Extension;
import com.distrimind.bouncycastle.jce.provider.X509StoreCRLCollection;
import com.distrimind.bouncycastle.util.Arrays;
import com.distrimind.bouncycastle.util.Selector;
import com.distrimind.bouncycastle.x509.extension.X509ExtensionUtil;

/**
 * This class is a Selector implementation for X.509 certificate revocation
 * lists.
 * 
 * @see Selector
 * @see X509Store
 * @see X509StoreCRLCollection
 */
public class X509CRLStoreSelector
    extends X509CRLSelector
    implements Selector
{
    private boolean deltaCRLIndicator = false;

    private boolean completeCRLEnabled = false;

    private BigInteger maxBaseCRLNumber = null;

    private byte[] issuingDistributionPoint = null;

    private boolean issuingDistributionPointEnabled = false;

    private X509AttributeCertificate attrCertChecking;

    /**
     * Returns if the issuing distribution point criteria should be applied.
     * Defaults to false.
     * 

* You may also set the issuing distribution point criteria if not a missing * issuing distribution point should be assumed. * * @return Returns if the issuing distribution point check is enabled. */ public boolean isIssuingDistributionPointEnabled() { return issuingDistributionPointEnabled; } /** * Enables or disables the issuing distribution point check. * * @param issuingDistributionPointEnabled true to enable the * issuing distribution point check. */ public void setIssuingDistributionPointEnabled( boolean issuingDistributionPointEnabled) { this.issuingDistributionPointEnabled = issuingDistributionPointEnabled; } /** * Sets the attribute certificate being checked. This is not a criterion. * Rather, it is optional information that may help a {@link X509Store} find * CRLs that would be relevant when checking revocation for the specified * attribute certificate. If null is specified, then no such * optional information is provided. * * @param attrCert the X509AttributeCertificate being checked (or * null) * @see #getAttrCertificateChecking() */ public void setAttrCertificateChecking(X509AttributeCertificate attrCert) { attrCertChecking = attrCert; } /** * Returns the attribute certificate being checked. * * @return Returns the attribute certificate being checked. * @see #setAttrCertificateChecking(X509AttributeCertificate) */ public X509AttributeCertificate getAttrCertificateChecking() { return attrCertChecking; } public boolean match(Object obj) { if (!(obj instanceof X509CRL)) { return false; } X509CRL crl = (X509CRL)obj; ASN1Integer dci = null; try { byte[] bytes = crl .getExtensionValue(Extension.deltaCRLIndicator.getId()); if (bytes != null) { dci = ASN1Integer.getInstance(X509ExtensionUtil .fromExtensionValue(bytes)); } } catch (Exception e) { return false; } if (isDeltaCRLIndicatorEnabled()) { if (dci == null) { return false; } } if (isCompleteCRLEnabled()) { if (dci != null) { return false; } } if (dci != null) { if (maxBaseCRLNumber != null) { if (dci.getPositiveValue().compareTo(maxBaseCRLNumber) == 1) { return false; } } } if (issuingDistributionPointEnabled) { byte[] idp = crl .getExtensionValue(Extension.issuingDistributionPoint .getId()); if (issuingDistributionPoint == null) { if (idp != null) { return false; } } else { if (!Arrays.areEqual(idp, issuingDistributionPoint)) { return false; } } } return super.match((X509CRL)obj); } public boolean match(CRL crl) { return match((Object)crl); } /** * Returns if this selector must match CRLs with the delta CRL indicator * extension set. Defaults to false. * * @return Returns true if only CRLs with the delta CRL * indicator extension are selected. */ public boolean isDeltaCRLIndicatorEnabled() { return deltaCRLIndicator; } /** * If this is set to true the CRL reported contains the delta * CRL indicator CRL extension. *

* {@link #setCompleteCRLEnabled(boolean)} and * {@link #setDeltaCRLIndicatorEnabled(boolean)} excluded each other. * * @param deltaCRLIndicator true if the delta CRL indicator * extension must be in the CRL. */ public void setDeltaCRLIndicatorEnabled(boolean deltaCRLIndicator) { this.deltaCRLIndicator = deltaCRLIndicator; } /** * Returns an instance of this from a X509CRLSelector. * * @param selector A X509CRLSelector instance. * @return An instance of an X509CRLStoreSelector. * @exception IllegalArgumentException if selector is null or creation * fails. */ public static X509CRLStoreSelector getInstance(X509CRLSelector selector) { if (selector == null) { throw new IllegalArgumentException( "cannot create from null selector"); } X509CRLStoreSelector cs = new X509CRLStoreSelector(); cs.setCertificateChecking(selector.getCertificateChecking()); cs.setDateAndTime(selector.getDateAndTime()); try { cs.setIssuerNames(selector.getIssuerNames()); } catch (IOException e) { // cannot happen throw new IllegalArgumentException(e.getMessage()); } cs.setIssuers(selector.getIssuers()); cs.setMaxCRLNumber(selector.getMaxCRL()); cs.setMinCRLNumber(selector.getMinCRL()); return cs; } public Object clone() { X509CRLStoreSelector sel = X509CRLStoreSelector.getInstance(this); sel.deltaCRLIndicator = deltaCRLIndicator; sel.completeCRLEnabled = completeCRLEnabled; sel.maxBaseCRLNumber = maxBaseCRLNumber; sel.attrCertChecking = attrCertChecking; sel.issuingDistributionPointEnabled = issuingDistributionPointEnabled; sel.issuingDistributionPoint = Arrays.clone(issuingDistributionPoint); return sel; } /** * If true only complete CRLs are returned. Defaults to * false. * * @return true if only complete CRLs are returned. */ public boolean isCompleteCRLEnabled() { return completeCRLEnabled; } /** * If set to true only complete CRLs are returned. *

* {@link #setCompleteCRLEnabled(boolean)} and * {@link #setDeltaCRLIndicatorEnabled(boolean)} excluded each other. * * @param completeCRLEnabled true if only complete CRLs * should be returned. */ public void setCompleteCRLEnabled(boolean completeCRLEnabled) { this.completeCRLEnabled = completeCRLEnabled; } /** * Get the maximum base CRL number. Defaults to null. * * @return Returns the maximum base CRL number. * @see #setMaxBaseCRLNumber(BigInteger) */ public BigInteger getMaxBaseCRLNumber() { return maxBaseCRLNumber; } /** * Sets the maximum base CRL number. Setting to null disables * this cheack. *

* This is only meaningful for delta CRLs. Complete CRLs must have a CRL * number which is greater or equal than the base number of the * corresponding CRL. * * @param maxBaseCRLNumber The maximum base CRL number to set. */ public void setMaxBaseCRLNumber(BigInteger maxBaseCRLNumber) { this.maxBaseCRLNumber = maxBaseCRLNumber; } /** * Returns the issuing distribution point. Defaults to null, * which is a missing issuing distribution point extension. *

* The internal byte array is cloned before it is returned. *

* The criteria must be enable with * {@link #setIssuingDistributionPointEnabled(boolean)}. * * @return Returns the issuing distribution point. * @see #setIssuingDistributionPoint(byte[]) */ public byte[] getIssuingDistributionPoint() { return Arrays.clone(issuingDistributionPoint); } /** * Sets the issuing distribution point. *

* The issuing distribution point extension is a CRL extension which * identifies the scope and the distribution point of a CRL. The scope * contains among others information about revocation reasons contained in * the CRL. Delta CRLs and complete CRLs must have matching issuing * distribution points. *

* The byte array is cloned to protect against subsequent modifications. *

* You must also enable or disable this criteria with * {@link #setIssuingDistributionPointEnabled(boolean)}. * * @param issuingDistributionPoint The issuing distribution point to set. * This is the DER encoded OCTET STRING extension value. * @see #getIssuingDistributionPoint() */ public void setIssuingDistributionPoint(byte[] issuingDistributionPoint) { this.issuingDistributionPoint = Arrays.clone(issuingDistributionPoint); } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy