X509CRLSelector
open class X509CRLSelector : CRLSelector
kotlin.Any | |
↳ | java.security.cert.X509CRLSelector |
A CRLSelector
that selects X509CRLs
that match all specified criteria. This class is particularly useful when selecting CRLs from a CertStore
to check revocation status of a particular certificate.
When first constructed, an X509CRLSelector
has no criteria enabled and each of the get
methods return a default value (null
). Therefore, the match
method would return true
for any X509CRL
. Typically, several criteria are enabled (by calling setIssuers
or setDateAndTime
, for instance) and then the X509CRLSelector
is passed to CertStore.getCRLs
or some similar method.
Please refer to RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile for definitions of the X.509 CRL fields and extensions mentioned below.
Concurrent Access
Unless otherwise specified, the methods defined in this class are not thread-safe. Multiple threads that need to access a single object concurrently should synchronize amongst themselves and provide the necessary locking. Multiple threads each manipulating separate objects need not synchronize.
Summary
Public constructors | |
---|---|
Creates an |
Public methods | |
---|---|
open Unit |
addIssuer(issuer: X500Principal!) Adds a name to the issuerNames criterion. |
open Unit |
addIssuerName(name: ByteArray!) Adds a name to the issuerNames criterion. |
open Unit |
addIssuerName(name: String!) Denigrated, use addIssuer(javax.security.auth.x500.X500Principal) or addIssuerName(byte[]) instead. |
open Any |
clone() Returns a copy of this object. |
open X509Certificate! |
Returns the certificate being checked. |
open Date! |
Returns the dateAndTime criterion. |
open MutableCollection<Any!>! |
Returns a copy of the issuerNames criterion. |
open MutableCollection<X500Principal!>! |
Returns the issuerNames criterion. |
open BigInteger! |
Returns the maxCRLNumber criterion. |
open BigInteger! |
Returns the minCRLNumber criterion. |
open Boolean |
Decides whether a |
open Unit |
Sets the certificate being checked. |
open Unit |
setDateAndTime(dateAndTime: Date!) Sets the dateAndTime criterion. |
open Unit |
setIssuerNames(names: MutableCollection<*>!) Note: use setIssuers(java.util.Collection) instead or only specify the byte array form of distinguished names when using this method. |
open Unit |
setIssuers(issuers: MutableCollection<X500Principal!>!) Sets the issuerNames criterion. |
open Unit |
setMaxCRLNumber(maxCRL: BigInteger!) Sets the maxCRLNumber criterion. |
open Unit |
setMinCRLNumber(minCRL: BigInteger!) Sets the minCRLNumber criterion. |
open String |
toString() Returns a printable representation of the |
Public constructors
X509CRLSelector
X509CRLSelector()
Creates an X509CRLSelector
. Initially, no criteria are set so any X509CRL
will match.
Public methods
addIssuer
open fun addIssuer(issuer: X500Principal!): Unit
Adds a name to the issuerNames criterion. The issuer distinguished name in the X509CRL
must match at least one of the specified distinguished names.
This method allows the caller to add a name to the set of issuer names which X509CRLs
may contain. The specified name is added to any previous value for the issuerNames criterion. If the specified name is a duplicate, it may be ignored.
Parameters | |
---|---|
issuer |
X500Principal!: the issuer as X500Principal |
addIssuerName
open fun addIssuerName(name: ByteArray!): Unit
Adds a name to the issuerNames criterion. The issuer distinguished name in the X509CRL
must match at least one of the specified distinguished names.
This method allows the caller to add a name to the set of issuer names which X509CRLs
may contain. The specified name is added to any previous value for the issuerNames criterion. If the specified name is a duplicate, it may be ignored. If a name is specified as a byte array, it should contain a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure is as follows.
The name is provided as a byte array. This byte array should contain a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure appears in the documentation for setIssuerNames(java.util.Collection)
.
Note that the byte array supplied here is cloned to protect against subsequent modifications.
Parameters | |
---|---|
name |
ByteArray!: a byte array containing the name in ASN.1 DER encoded form |
Exceptions | |
---|---|
java.io.IOException |
if a parsing error occurs |
addIssuerName
open fun addIssuerName(name: String!): Unit
Denigrated, use addIssuer(javax.security.auth.x500.X500Principal) or addIssuerName(byte[]) instead. This method should not be relied on as it can fail to match some CRLs because of a loss of encoding information in the RFC 2253 String form of some distinguished names.
Adds a name to the issuerNames criterion. The issuer distinguished name in the X509CRL
must match at least one of the specified distinguished names.
This method allows the caller to add a name to the set of issuer names which X509CRLs
may contain. The specified name is added to any previous value for the issuerNames criterion. If the specified name is a duplicate, it may be ignored.
Parameters | |
---|---|
name |
String!: the name in RFC 2253 form |
Exceptions | |
---|---|
java.io.IOException |
if a parsing error occurs |
clone
open fun clone(): Any
Returns a copy of this object.
Return | |
---|---|
Any |
the copy |
Exceptions | |
---|---|
java.lang.CloneNotSupportedException |
if the object's class does not support the Cloneable interface. Subclasses that override the clone method can also throw this exception to indicate that an instance cannot be cloned. |
getCertificateChecking
open fun getCertificateChecking(): X509Certificate!
Returns the certificate being checked. This is not a criterion. Rather, it is optional information that may help a CertStore
find CRLs that would be relevant when checking revocation for the specified certificate. If the value returned is null
, then no such optional information is provided.
Return | |
---|---|
X509Certificate! |
the certificate being checked (or null ) |
See Also
getDateAndTime
open fun getDateAndTime(): Date!
Returns the dateAndTime criterion. The specified date must be equal to or later than the value of the thisUpdate component of the X509CRL
and earlier than the value of the nextUpdate component. There is no match if the X509CRL
does not contain a nextUpdate component. If null
, no dateAndTime check will be done.
Note that the Date
returned is cloned to protect against subsequent modifications.
Return | |
---|---|
Date! |
the Date to match against (or null ) |
See Also
getIssuerNames
open fun getIssuerNames(): MutableCollection<Any!>!
Returns a copy of the issuerNames criterion. The issuer distinguished name in the X509CRL
must match at least one of the specified distinguished names. If the value returned is null
, any issuer distinguished name will do.
If the value returned is not null
, it is a Collection
of names. Each name is a String
or a byte array representing a distinguished name (in RFC 2253 or ASN.1 DER encoded form, respectively). Note that the Collection
returned may contain duplicate names.
If a name is specified as a byte array, it should contain a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure is given in the documentation for setIssuerNames(java.util.Collection)
.
Note that a deep copy is performed on the Collection
to protect against subsequent modifications.
Return | |
---|---|
MutableCollection<Any!>! |
a Collection of names (or null ) |
See Also
getIssuers
open fun getIssuers(): MutableCollection<X500Principal!>!
Returns the issuerNames criterion. The issuer distinguished name in the X509CRL
must match at least one of the specified distinguished names. If the value returned is null
, any issuer distinguished name will do.
If the value returned is not null
, it is a unmodifiable Collection
of X500Principal
s.
Return | |
---|---|
MutableCollection<X500Principal!>! |
an unmodifiable Collection of names (or null ) |
See Also
getMaxCRL
open fun getMaxCRL(): BigInteger!
Returns the maxCRLNumber criterion. The X509CRL
must have a CRL number extension whose value is less than or equal to the specified value. If null
, no maxCRLNumber check will be done.
Return | |
---|---|
BigInteger! |
the maximum CRL number accepted (or null ) |
getMinCRL
open fun getMinCRL(): BigInteger!
Returns the minCRLNumber criterion. The X509CRL
must have a CRL number extension whose value is greater than or equal to the specified value. If null
, no minCRLNumber check will be done.
Return | |
---|---|
BigInteger! |
the minimum CRL number accepted (or null ) |
match
open fun match(crl: CRL!): Boolean
Decides whether a CRL
should be selected.
Parameters | |
---|---|
crl |
CRL!: the CRL to be checked |
Return | |
---|---|
Boolean |
true if the CRL should be selected, false otherwise |
setCertificateChecking
open fun setCertificateChecking(cert: X509Certificate!): Unit
Sets the certificate being checked. This is not a criterion. Rather, it is optional information that may help a CertStore
find CRLs that would be relevant when checking revocation for the specified certificate. If null
is specified, then no such optional information is provided.
Parameters | |
---|---|
cert |
X509Certificate!: the X509Certificate being checked (or null ) |
See Also
setDateAndTime
open fun setDateAndTime(dateAndTime: Date!): Unit
Sets the dateAndTime criterion. The specified date must be equal to or later than the value of the thisUpdate component of the X509CRL
and earlier than the value of the nextUpdate component. There is no match if the X509CRL
does not contain a nextUpdate component. If null
, no dateAndTime check will be done.
Note that the Date
supplied here is cloned to protect against subsequent modifications.
Parameters | |
---|---|
dateAndTime |
Date!: the Date to match against (or null ) |
See Also
setIssuerNames
open fun setIssuerNames(names: MutableCollection<*>!): Unit
Note: use setIssuers(java.util.Collection) instead or only specify the byte array form of distinguished names when using this method. See addIssuerName(java.lang.String)
for more information.
Sets the issuerNames criterion. The issuer distinguished name in the X509CRL
must match at least one of the specified distinguished names. If null
, any issuer distinguished name will do.
This method allows the caller to specify, with a single method call, the complete set of issuer names which X509CRLs
may contain. The specified value replaces the previous value for the issuerNames criterion.
The names
parameter (if not null
) is a Collection
of names. Each name is a String
or a byte array representing a distinguished name (in RFC 2253 or ASN.1 DER encoded form, respectively). If null
is supplied as the value for this argument, no issuerNames check will be performed.
Note that the names
parameter can contain duplicate distinguished names, but they may be removed from the Collection
of names returned by the getIssuerNames
method.
If a name is specified as a byte array, it should contain a single DER encoded distinguished name, as defined in X.501. The ASN.1 notation for this structure is as follows.
<code>Name ::= CHOICE { RDNSequence } RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF AttributeTypeAndValue AttributeTypeAndValue ::= SEQUENCE { type AttributeType, value AttributeValue } AttributeType ::= OBJECT IDENTIFIER AttributeValue ::= ANY DEFINED BY AttributeType .... DirectoryString ::= CHOICE { teletexString TeletexString (SIZE (1..MAX)), printableString PrintableString (SIZE (1..MAX)), universalString UniversalString (SIZE (1..MAX)), utf8String UTF8String (SIZE (1.. MAX)), bmpString BMPString (SIZE (1..MAX)) } </code>
Note that a deep copy is performed on the Collection
to protect against subsequent modifications.
Parameters | |
---|---|
names |
MutableCollection<*>!: a Collection of names (or null ) |
Exceptions | |
---|---|
java.io.IOException |
if a parsing error occurs |
See Also
setIssuers
open fun setIssuers(issuers: MutableCollection<X500Principal!>!): Unit
Sets the issuerNames criterion. The issuer distinguished name in the X509CRL
must match at least one of the specified distinguished names. If null
, any issuer distinguished name will do.
This method allows the caller to specify, with a single method call, the complete set of issuer names which X509CRLs
may contain. The specified value replaces the previous value for the issuerNames criterion.
The names
parameter (if not null
) is a Collection
of X500Principal
s.
Note that the names
parameter can contain duplicate distinguished names, but they may be removed from the Collection
of names returned by the getIssuers
method.
Note that a copy is performed on the Collection
to protect against subsequent modifications.
Parameters | |
---|---|
issuers |
MutableCollection<X500Principal!>!: a Collection of X500Principals (or null ) |
See Also
setMaxCRLNumber
open fun setMaxCRLNumber(maxCRL: BigInteger!): Unit
Sets the maxCRLNumber criterion. The X509CRL
must have a CRL number extension whose value is less than or equal to the specified value. If null
, no maxCRLNumber check will be done.
Parameters | |
---|---|
maxCRL |
BigInteger!: the maximum CRL number accepted (or null ) |
setMinCRLNumber
open fun setMinCRLNumber(minCRL: BigInteger!): Unit
Sets the minCRLNumber criterion. The X509CRL
must have a CRL number extension whose value is greater than or equal to the specified value. If null
, no minCRLNumber check will be done.
Parameters | |
---|---|
minCRL |
BigInteger!: the minimum CRL number accepted (or null ) |
toString
open fun toString(): String
Returns a printable representation of the X509CRLSelector
.
Return | |
---|---|
String |
a String describing the contents of the X509CRLSelector . |