File Doc Category Size Date Package
X509CRLSelector.java API Doc Android 1.5 API 16842 Wed May 06 22:41:06 BST 2009 java.security.cert

X509CRLSelector

java.lang.Object

public class X509CRLSelector extends Object implements CRLSelector

A CRL selector ({@code CRLSelector} for selecting {@code X509CRL}s that match the specified criteria.

When constructed, all criteria are set to default values that will match any {@code X509CRL}.

since: Android 1.0

Fields Summary
private ArrayList
issuerNames
private ArrayList
issuerPrincipals
private BigInteger
minCRL
private BigInteger
maxCRL
private long
dateAndTime
private X509Certificate
certificateChecking
Constructors Summary
public X509CRLSelector()
Creates a new {@code X509CertSelector}.
since
Android 1.0
Methods Summary
public void addIssuer(javax.security.auth.x500.X500Principal issuer)
Adds an issuer to the criterion for the issuer distinguished names.
The CRL issuer must match at least one of the specified distinguished names.
param
issuer the issuer to add to the criterion
since
Android 1.0
if (issuer == null) { throw new NullPointerException(Messages.getString("security.61")); //$NON-NLS-1$ } if (issuerNames == null) { issuerNames = new ArrayList<String>(); } String name = issuer.getName(X500Principal.CANONICAL); if (!issuerNames.contains(name)) { issuerNames.add(name); } if (issuerPrincipals == null) { issuerPrincipals = new ArrayList<X500Principal>(issuerNames.size()); } // extend the list of issuer Principals int size = issuerNames.size() - 1; for (int i=issuerPrincipals.size(); i<size; i++) { issuerPrincipals.add(new X500Principal(issuerNames.get(i))); } issuerPrincipals.add(issuer);
public void addIssuerName(java.lang.String iss_name)
Do not use:, use {@link #addIssuer(X500Principal)} or {@link #addIssuerName(byte[])} instead. It can fail to match some CRLs because of a loss of encoding information in a RFC 2253 string.
Adds an issuer to the criterion for the issuer distinguished names. The CRK issuer must match at least one of the specified distinguished names.
param
iss_name the RFC 2253 encoded name.
throws
IOException if parsing fails.
since
Android 1.0
if (issuerNames == null) { issuerNames = new ArrayList<String>(); } if (iss_name == null) { iss_name = ""; //$NON-NLS-1$ } String name = new Name(iss_name).getName(X500Principal.CANONICAL); if (!issuerNames.contains(name)) { issuerNames.add(name); }
public void addIssuerName(byte[] iss_name)
Adds an issuer to the criterion for the issuer distinguished names.
The CRL issuer must match at least one of the specified distinguished names.
param
iss_name the issuer to add to the criterion in ASN.1 DER encoded form.
throws
IOException if parsing fails.
since
Android 1.0
if (iss_name == null) { throw new NullPointerException(Messages.getString("security.63")); //$NON-NLS-1$ } if (issuerNames == null) { issuerNames = new ArrayList<String>(); } String name = new Name(iss_name).getName(X500Principal.CANONICAL); if (!issuerNames.contains(name)) { issuerNames.add(name); }
public java.lang.Object clone()
Clones this {@code X509CRL} instance.
return
the cloned instance.
since
Android 1.0
X509CRLSelector result = new X509CRLSelector(); if (issuerNames != null) { result.issuerNames = new ArrayList<String>(issuerNames); } result.minCRL = minCRL; result.maxCRL = maxCRL; result.dateAndTime = dateAndTime; result.certificateChecking = certificateChecking; return result;
public java.security.cert.X509Certificate getCertificateChecking()
Returns the certificate hint to find CRLs. It's not a criterion but may help finding relevant CRLs.
return
the certificate hint or {@code null} if none set.
since
Android 1.0
return certificateChecking;
public java.util.Date getDateAndTime()
Returns the criterion for the CRL update period.
The CRL's {@code thisUpdate} value must be equal or before the returned date and the {@code nextUpdate} value must be after the returned date.
return
the date to search for valid CRL's or {@code null} if the date is not checked.
since
Android 1.0
if (dateAndTime == -1) { return null; } return new Date(dateAndTime);
public java.util.Collection getIssuerNames()
Returns the criterion for the issuer distinguished names.
The CRL issuer must match at least one of the distinguished names.
return
a copy of the list of issuer distinguished names to match, or {@code null} if any issuer distinguished name will do.
since
Android 1.0
if (issuerNames == null) { return null; } return Collections.unmodifiableCollection((ArrayList<?>) issuerNames);
public java.util.Collection getIssuers()
Returns the criterion for the issuer distinguished names.
The CRL issuer must match at least one of the distinguished names.
return
the unmodifiable list of issuer distinguished names to match, or {@code null} if any issuer distinguished name will do.
since
Android 1.0
if (issuerNames == null) { return null; } if (issuerPrincipals == null) { issuerPrincipals = new ArrayList<X500Principal>(issuerNames.size()); } int size = issuerNames.size(); // extend the list of issuer Principals for (int i=issuerPrincipals.size(); i<size; i++) { issuerPrincipals.add(new X500Principal(issuerNames.get(i))); } return Collections.unmodifiableCollection(issuerPrincipals);
public java.math.BigInteger getMaxCRL()
Returns the criterion for the maximum CRL number.
The CRL must have a number extension with a value less than or equal to the returned value.
return
the maximum CRL number or null if the maximum CRL number is not checked.
since
Android 1.0
return maxCRL;
public java.math.BigInteger getMinCRL()
Returns the criterion for the minimum CRL number.
The CRL must have a number extension with a value greater than or equal to the returned value.
return
the minimum CRL number or {@code null} if the minimum CRL number is not to be checked.
since
Android 1.0
return minCRL;
public boolean match(java.security.cert.CRL crl)
Returns whether the specified CRL matches all the criteria collected in this instance.
param
crl the CRL to check.
return
{@code true} if the CRL matches all the criteria, otherwise {@code false}.
since
Android 1.0
if (!(crl instanceof X509CRL)) { return false; } X509CRL crlist = (X509CRL) crl; if ((issuerNames != null) && // the search speed depends on the class of issuerNames !(issuerNames.contains( crlist.getIssuerX500Principal().getName( X500Principal.CANONICAL)))) { return false; } if ((minCRL != null) || (maxCRL != null)) { try { // As specified in rfc 3280 (http://www.ietf.org/rfc/rfc3280.txt) // CRL Number Extension's OID is 2.5.29.20 . byte[] bytes = crlist.getExtensionValue("2.5.29.20"); //$NON-NLS-1$ bytes = (byte[]) ASN1OctetString.getInstance().decode(bytes); BigInteger crlNumber = new BigInteger((byte[]) ASN1Integer.getInstance().decode(bytes)); if ((minCRL != null) && (crlNumber.compareTo(minCRL) < 0)) { return false; } if ((maxCRL != null) && (crlNumber.compareTo(maxCRL) > 0)) { return false; } } catch (IOException e) { return false; } } if (dateAndTime != -1) { Date thisUp = crlist.getThisUpdate(); Date nextUp = crlist.getNextUpdate(); if ((thisUp == null) || (nextUp == null)) { return false; } if ((dateAndTime < thisUp.getTime()) || (dateAndTime > nextUp.getTime())) { return false; } } return true;
public void setCertificateChecking(java.security.cert.X509Certificate cert)
Sets a certificate hint to find CRLs. It's not a criterion but may help finding relevant CRLs.
param
cert the certificate hint or {@code null}.
since
Android 1.0
this.certificateChecking = cert;
public void setDateAndTime(java.util.Date dateAndTime)
Sets the criterion for the CRL update period.
The CRL's {@code thisUpdate} value must be equal or before the specified date and the {@code nextUpdate} value must be after the specified date.
param
dateAndTime the date to search for valid CRL's or {@code null} to not check the date.
since
Android 1.0
if (dateAndTime == null) { this.dateAndTime = -1; return; } this.dateAndTime = dateAndTime.getTime();
public void setIssuerNames(java.util.Collection names)
Do not use: use {@link #setIssuers(Collection)} or one of {@link #addIssuerName} instead. Sets the criterion for the issuer distinguished names.
The CRL issuer must match at least one of the specified distinguished names.

The specified parameter {@code names} is a collection with an entry for each name to be included in the criterion. The name is specified as a {@code String} or a byte array specifying the name (in RFC 2253 or ASN.1 DER encoded form)
param
names the list of issuer distinguished names to match, or {@code null} if any issuer distinguished name will do.
throws
IOException if parsing fails.
since
Android 1.0
if (names == null) { issuerNames = null; issuerPrincipals = null; return; } if (names.size() == 0) { return; } issuerNames = new ArrayList<String>(names.size()); for (Object name: names) { if (name instanceof String) { issuerNames.add( new Name((String) name).getName( X500Principal.CANONICAL)); } else if (name instanceof byte[]) { issuerNames.add( new Name((byte[]) name).getName( X500Principal.CANONICAL)); } else { throw new IOException( Messages.getString("security.62")); //$NON-NLS-1$ } }
public void setIssuers(java.util.Collection issuers)
Sets the criterion for the issuer distinguished names.
The CRL issuer must match at least one of the specified distinguished names.
param
issuers the list of issuer distinguished names to match, or {@code null} if any issuer distinguished name will do.
since
Android 1.0
if (issuers == null) { issuerNames = null; issuerPrincipals = null; return; } issuerNames = new ArrayList<String>(issuers.size()); issuerPrincipals = new ArrayList<X500Principal>(issuers); for (X500Principal issuer: issuers) { issuerNames.add(issuer.getName(X500Principal.CANONICAL)); }
public void setMaxCRLNumber(java.math.BigInteger maxCRL)
Sets the criterion for the maximum CRL number.
The CRL must have a number extension with a value less than or equal to the specified parameter.
param
maxCRL the maximum CRL number or null to not check the maximum CRL number.
since
Android 1.0
this.maxCRL = maxCRL;
public void setMinCRLNumber(java.math.BigInteger minCRL)
Sets the criterion for the minimum CRL number.
The CRL must have a number extension with a value greater than or equal to the specified parameter.
param
minCRL the minimum CRL number or null to not check the minimum CRL number
since
Android 1.0
this.minCRL = minCRL;
public java.lang.String toString()
Returns a string representation of this {@code X509CRLSelector} instance.
return
a string representation of this {@code X509CRLSelector} instance.
since
Android 1.0
StringBuffer result = new StringBuffer(); result.append("X509CRLSelector:\n["); //$NON-NLS-1$ if (issuerNames != null) { result.append("\n IssuerNames:\n ["); //$NON-NLS-1$ int size = issuerNames.size(); for (int i=0; i<size; i++) { result.append("\n " //$NON-NLS-1$ + issuerNames.get(i)); } result.append("\n ]"); //$NON-NLS-1$ } if (minCRL != null) { result.append("\n minCRL: " + minCRL); //$NON-NLS-1$ } if (maxCRL != null) { result.append("\n maxCRL: " + maxCRL); //$NON-NLS-1$ } if (dateAndTime != -1) { result.append("\n dateAndTime: " + (new Date(dateAndTime))); //$NON-NLS-1$ } if (certificateChecking != null) { result.append("\n certificateChecking: " + certificateChecking); //$NON-NLS-1$ } result.append("\n]"); //$NON-NLS-1$ return result.toString();