| java.lang.Object | ||
| ↳ | java.security.cert.X509CRLSelector | |
| ↳ | org.bouncycastle.x509.X509CRLStoreSelector | |
Class Overview
This class is a Selector implementation for X.509 certificate revocation lists.
Summary
| Public Constructors | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Public Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Returns the attribute certificate being checked.
| |||||||||||
Returns an instance of this from a
X509CRLSelector. | |||||||||||
Returns the issuing distribution point.
| |||||||||||
Get the maximum base CRL number.
| |||||||||||
If
true only complete CRLs are returned. | |||||||||||
Returns if this selector must match CRLs with the delta CRL indicator
extension set.
| |||||||||||
Returns if the issuing distribution point criteria should be applied.
| |||||||||||
Sets the attribute certificate being checked.
| |||||||||||
If set to
true only complete CRLs are returned. | |||||||||||
If this is set to
true the CRL reported contains the delta
CRL indicator CRL extension. | |||||||||||
Sets the issuing distribution point.
| |||||||||||
Enables or disables the issuing distribution point check.
| |||||||||||
Sets the maximum base CRL number.
| |||||||||||
|
[Expand]
Inherited Methods | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
From class
java.security.cert.X509CRLSelector
| |||||||||||
|
From class
java.lang.Object
| |||||||||||
|
From interface
java.security.cert.CRLSelector
| |||||||||||
|
From interface
org.bouncycastle.util.Selector
| |||||||||||
Public Constructors
public X509CRLStoreSelector ()
Public Methods
public X509AttributeCertificate getAttrCertificateChecking ()
Returns the attribute certificate being checked.
Returns
- Returns the attribute certificate being checked.
public static X509CRLStoreSelector getInstance (X509CRLSelector selector)
Returns an instance of this from a X509CRLSelector.
Parameters
| selector | A X509CRLSelector instance. |
|---|
Returns
- An instance of an
X509CRLStoreSelector.
Throws
| IllegalArgumentException | if selector is null or creation fails. |
|---|
public byte[] getIssuingDistributionPoint ()
Returns the issuing distribution point. Defaults to null,
which is a missing issuing distribution point extension.
The internal byte array is cloned before it is returned.
The criteria must be enable with
setIssuingDistributionPointEnabled(boolean).
Returns
- Returns the issuing distribution point.
See Also
public BigInteger getMaxBaseCRLNumber ()
Get the maximum base CRL number. Defaults to null.
Returns
- Returns the maximum base CRL number.
See Also
public boolean isCompleteCRLEnabled ()
If true only complete CRLs are returned. Defaults to
false.
Returns
trueif only complete CRLs are returned.
public boolean isDeltaCRLIndicatorEnabled ()
Returns if this selector must match CRLs with the delta CRL indicator
extension set. Defaults to false.
Returns
- Returns
trueif only CRLs with the delta CRL indicator extension are selected.
public boolean isIssuingDistributionPointEnabled ()
Returns if the issuing distribution point criteria should be applied.
Defaults to false.
You may also set the issuing distribution point criteria if not a missing issuing distribution point should be assumed.
Returns
- Returns if the issuing distribution point check is enabled.
public void setAttrCertificateChecking (X509AttributeCertificate attrCert)
Sets the attribute certificate being checked. This is not a criterion.
Rather, it is optional information that may help a X509Store find
CRLs that would be relevant when checking revocation for the specified
attribute certificate. If null is specified, then no such
optional information is provided.
Parameters
| attrCert | the X509AttributeCertificate being checked (or
null) |
|---|
See Also
public void setCompleteCRLEnabled (boolean completeCRLEnabled)
If set to true only complete CRLs are returned.
setCompleteCRLEnabled(boolean) and
setDeltaCRLIndicatorEnabled(boolean) excluded each other.
Parameters
| completeCRLEnabled | true if only complete CRLs
should be returned.
|
|---|
public void setDeltaCRLIndicatorEnabled (boolean deltaCRLIndicator)
If this is set to true the CRL reported contains the delta
CRL indicator CRL extension.
setCompleteCRLEnabled(boolean) and
setDeltaCRLIndicatorEnabled(boolean) excluded each other.
Parameters
| deltaCRLIndicator | true if the delta CRL indicator
extension must be in the CRL.
|
|---|
public void setIssuingDistributionPoint (byte[] issuingDistributionPoint)
Sets the issuing distribution point.
The issuing distribution point extension is a CRL extension which identifies the scope and the distribution point of a CRL. The scope contains among others information about revocation reasons contained in the CRL. Delta CRLs and complete CRLs must have matching issuing distribution points.
The byte array is cloned to protect against subsequent modifications.
You must also enable or disable this criteria with
setIssuingDistributionPointEnabled(boolean).
Parameters
| issuingDistributionPoint | The issuing distribution point to set. This is the DER encoded OCTET STRING extension value. |
|---|
See Also
public void setIssuingDistributionPointEnabled (boolean issuingDistributionPointEnabled)
Enables or disables the issuing distribution point check.
Parameters
| issuingDistributionPointEnabled | true to enable the
issuing distribution point check.
|
|---|
public void setMaxBaseCRLNumber (BigInteger maxBaseCRLNumber)
Sets the maximum base CRL number. Setting to null disables
this cheack.
This is only meaningful for delta CRLs. Complete CRLs must have a CRL number which is greater or equal than the base number of the corresponding CRL.
Parameters
| maxBaseCRLNumber | The maximum base CRL number to set. |
|---|