java.security.cert.X509CRLSelector Maven / Gradle / Ivy
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package java.security.cert;
import java.io.IOException;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import org.apache.harmony.security.asn1.ASN1Integer;
import org.apache.harmony.security.asn1.ASN1OctetString;
import org.apache.harmony.security.x501.Name;
/**
* A CRL selector ({@code CRLSelector} for selecting {@code
* X509CRL}s that match the specified criteria.
*
* When constructed, all criteria are set to default values that will match any
* {@code X509CRL}.
*/
public class X509CRLSelector implements CRLSelector {
// issuerNames criterion:
// contains X.500 distinguished names in CANONICAL format
private ArrayList issuerNames;
// contains X500Principal objects corresponding to the names
// from issuerNames collection (above)
private ArrayList issuerPrincipals;
// minCRLNumber criterion
private BigInteger minCRL;
// maxCRLNumber criterion
private BigInteger maxCRL;
// dateAndTime criterion
private long dateAndTime = -1;
// the certificate being checked
private X509Certificate certificateChecking;
/**
* Creates a new {@code X509CertSelector}.
*/
public X509CRLSelector() { }
/**
* Sets the criterion for the issuer distinguished names.
*
* The CRL issuer must match at least one of the specified distinguished
* names.
*
* @param issuers
* the list of issuer distinguished names to match, or {@code
* null} if any issuer distinguished name will do.
*/
public void setIssuers(Collection issuers) {
if (issuers == null) {
issuerNames = null;
issuerPrincipals = null;
return;
}
issuerNames = new ArrayList(issuers.size());
issuerPrincipals = new ArrayList(issuers);
for (X500Principal issuer: issuers) {
issuerNames.add(issuer.getName(X500Principal.CANONICAL));
}
}
/**
* Do not use: use {@link #setIssuers(Collection)} or one of
* {@link #addIssuerName} instead. Sets the criterion for the issuer
* distinguished names.
*
* The CRL issuer must match at least one of the specified distinguished
* names.
*
* The specified parameter {@code names} is a collection with an entry for
* each name to be included in the criterion. The name is specified as a
* {@code String} or a byte array specifying the name (in RFC 2253 or ASN.1
* DER encoded form)
*
* @param names
* the list of issuer distinguished names to match, or {@code
* null} if any issuer distinguished name will do.
* @throws IOException
* if parsing fails.
*/
public void setIssuerNames(Collection> names) throws IOException {
if (names == null) {
issuerNames = null;
issuerPrincipals = null;
return;
}
if (names.size() == 0) {
return;
}
issuerNames = new ArrayList(names.size());
for (Object name: names) {
if (name instanceof String) {
issuerNames.add(
new Name((String) name).getName(
X500Principal.CANONICAL));
} else if (name instanceof byte[]) {
issuerNames.add(
new Name((byte[]) name).getName(
X500Principal.CANONICAL));
} else {
throw new IOException("name neither a String nor a byte[]");
}
}
}
/**
* Adds an issuer to the criterion for the issuer distinguished names.
*
* The CRL issuer must match at least one of the specified distinguished
* names.
*
* @param issuer
* the issuer to add to the criterion
*/
public void addIssuer(X500Principal issuer) {
if (issuer == null) {
throw new NullPointerException("issuer == null");
}
if (issuerNames == null) {
issuerNames = new ArrayList();
}
String name = issuer.getName(X500Principal.CANONICAL);
if (!issuerNames.contains(name)) {
issuerNames.add(name);
}
if (issuerPrincipals == null) {
issuerPrincipals = new ArrayList(issuerNames.size());
}
// extend the list of issuer Principals
int size = issuerNames.size() - 1;
for (int i=issuerPrincipals.size(); iDo not use:, use {@link #addIssuer(X500Principal)} or
* {@link #addIssuerName(byte[])} instead. It can fail to match some CRLs
* because of a loss of encoding information in a RFC 2253 string.
*
* Adds an issuer to the criterion for the issuer distinguished names. The
* CRK issuer must match at least one of the specified distinguished names.
*
* @param iss_name
* the RFC 2253 encoded name.
* @throws IOException
* if parsing fails.
*/
public void addIssuerName(String iss_name) throws IOException {
if (issuerNames == null) {
issuerNames = new ArrayList();
}
if (iss_name == null) {
iss_name = "";
}
String name = new Name(iss_name).getName(X500Principal.CANONICAL);
if (!issuerNames.contains(name)) {
issuerNames.add(name);
}
}
/**
* Adds an issuer to the criterion for the issuer distinguished names.
*
* The CRL issuer must match at least one of the specified distinguished
* names.
*
* @param iss_name
* the issuer to add to the criterion in ASN.1 DER encoded form.
* @throws IOException
* if parsing fails.
*/
public void addIssuerName(byte[] iss_name) throws IOException {
if (iss_name == null) {
throw new NullPointerException("iss_name == null");
}
if (issuerNames == null) {
issuerNames = new ArrayList();
}
String name = new Name(iss_name).getName(X500Principal.CANONICAL);
if (!issuerNames.contains(name)) {
issuerNames.add(name);
}
}
/**
* Sets the criterion for the minimum CRL number.
*
* The CRL must have a number extension with a value greater than or equal
* to the specified parameter.
*
* @param minCRL
* the minimum CRL number or null to not check the minimum CRL
* number
*/
public void setMinCRLNumber(BigInteger minCRL) {
this.minCRL = minCRL;
}
/**
* Sets the criterion for the maximum CRL number.
*
* The CRL must have a number extension with a value less than or equal to
* the specified parameter.
*
* @param maxCRL
* the maximum CRL number or null to not check the maximum CRL
* number.
*/
public void setMaxCRLNumber(BigInteger maxCRL) {
this.maxCRL = maxCRL;
}
/**
* Sets the criterion for the CRL update period.
*
* The CRL's {@code thisUpdate} value must be equal or before the specified
* date and the {@code nextUpdate} value must be after the specified date.
*
* @param dateAndTime
* the date to search for valid CRL's or {@code null} to not
* check the date.
*/
public void setDateAndTime(Date dateAndTime) {
if (dateAndTime == null) {
this.dateAndTime = -1;
return;
}
this.dateAndTime = dateAndTime.getTime();
}
/**
* Sets a certificate hint to find CRLs. It's not a criterion but may help
* finding relevant CRLs.
*
* @param cert
* the certificate hint or {@code null}.
*/
public void setCertificateChecking(X509Certificate cert) {
this.certificateChecking = cert;
}
/**
* Returns the criterion for the issuer distinguished names.
*
* The CRL issuer must match at least one of the distinguished names.
*
* @return the unmodifiable list of issuer distinguished names to match, or
* {@code null} if any issuer distinguished name will do.
*/
public Collection getIssuers() {
if (issuerNames == null) {
return null;
}
if (issuerPrincipals == null) {
issuerPrincipals = new ArrayList(issuerNames.size());
}
int size = issuerNames.size();
// extend the list of issuer Principals
for (int i=issuerPrincipals.size(); i
* The CRL issuer must match at least one of the distinguished names.
*
* @return a copy of the list of issuer distinguished names to
* match, or {@code null} if any issuer distinguished name
* will do. The elements may be strings or ASN.1 DER
* encoded byte arrays.
*/
public Collection