Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/quite/humla-spongycastle.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/prov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java
diff options
context:
space:
mode:
Diffstat (limited to 'prov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java')
-rw-r--r--prov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java330
1 files changed, 0 insertions, 330 deletions
diff --git a/prov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java b/prov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java
deleted file mode 100644
index 2486d208..00000000
--- a/prov/src/main/java/org/bouncycastle/x509/X509CRLStoreSelector.java
+++ /dev/null
@@ -1,330 +0,0 @@
-package org.bouncycastle.x509;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.cert.CRL;
-import java.security.cert.X509CRL;
-import java.security.cert.X509CRLSelector;
-
-import org.bouncycastle.asn1.ASN1Integer;
-import org.bouncycastle.asn1.x509.X509Extensions;
-import org.bouncycastle.util.Arrays;
-import org.bouncycastle.util.Selector;
-import org.bouncycastle.x509.extension.X509ExtensionUtil;
-
-/**
- * This class is a Selector implementation for X.509 certificate revocation
- * lists.
- *
- * @see org.bouncycastle.util.Selector
- * @see org.bouncycastle.x509.X509Store
- * @see org.bouncycastle.jce.provider.X509StoreCRLCollection
- */
-public class X509CRLStoreSelector
- extends X509CRLSelector
- implements Selector
-{
- private boolean deltaCRLIndicator = false;
-
- private boolean completeCRLEnabled = false;
-
- private BigInteger maxBaseCRLNumber = null;
-
- private byte[] issuingDistributionPoint = null;
-
- private boolean issuingDistributionPointEnabled = false;
-
- private X509AttributeCertificate attrCertChecking;
-
- /**
- * Returns if the issuing distribution point criteria should be applied.
- * Defaults to <code>false</code>.
- * <p>
- * You may also set the issuing distribution point criteria if not a missing
- * issuing distribution point should be assumed.
- *
- * @return Returns if the issuing distribution point check is enabled.
- */
- public boolean isIssuingDistributionPointEnabled()
- {
- return issuingDistributionPointEnabled;
- }
-
- /**
- * Enables or disables the issuing distribution point check.
- *
- * @param issuingDistributionPointEnabled <code>true</code> to enable the
- * issuing distribution point check.
- */
- public void setIssuingDistributionPointEnabled(
- boolean issuingDistributionPointEnabled)
- {
- this.issuingDistributionPointEnabled = issuingDistributionPointEnabled;
- }
-
- /**
- * Sets the attribute certificate being checked. This is not a criterion.
- * Rather, it is optional information that may help a {@link X509Store} find
- * CRLs that would be relevant when checking revocation for the specified
- * attribute certificate. If <code>null</code> is specified, then no such
- * optional information is provided.
- *
- * @param attrCert the <code>X509AttributeCertificate</code> being checked (or
- * <code>null</code>)
- * @see #getAttrCertificateChecking()
- */
- public void setAttrCertificateChecking(X509AttributeCertificate attrCert)
- {
- attrCertChecking = attrCert;
- }
-
- /**
- * Returns the attribute certificate being checked.
- *
- * @return Returns the attribute certificate being checked.
- * @see #setAttrCertificateChecking(X509AttributeCertificate)
- */
- public X509AttributeCertificate getAttrCertificateChecking()
- {
- return attrCertChecking;
- }
-
- public boolean match(Object obj)
- {
- if (!(obj instanceof X509CRL))
- {
- return false;
- }
- X509CRL crl = (X509CRL)obj;
- ASN1Integer dci = null;
- try
- {
- byte[] bytes = crl
- .getExtensionValue(X509Extensions.DeltaCRLIndicator.getId());
- if (bytes != null)
- {
- dci = ASN1Integer.getInstance(X509ExtensionUtil
- .fromExtensionValue(bytes));
- }
- }
- catch (Exception e)
- {
- return false;
- }
- if (isDeltaCRLIndicatorEnabled())
- {
- if (dci == null)
- {
- return false;
- }
- }
- if (isCompleteCRLEnabled())
- {
- if (dci != null)
- {
- return false;
- }
- }
- if (dci != null)
- {
-
- if (maxBaseCRLNumber != null)
- {
- if (dci.getPositiveValue().compareTo(maxBaseCRLNumber) == 1)
- {
- return false;
- }
- }
- }
- if (issuingDistributionPointEnabled)
- {
- byte[] idp = crl
- .getExtensionValue(X509Extensions.IssuingDistributionPoint
- .getId());
- if (issuingDistributionPoint == null)
- {
- if (idp != null)
- {
- return false;
- }
- }
- else
- {
- if (!Arrays.areEqual(idp, issuingDistributionPoint))
- {
- return false;
- }
- }
-
- }
- return super.match((X509CRL)obj);
- }
-
- public boolean match(CRL crl)
- {
- return match((Object)crl);
- }
-
- /**
- * Returns if this selector must match CRLs with the delta CRL indicator
- * extension set. Defaults to <code>false</code>.
- *
- * @return Returns <code>true</code> if only CRLs with the delta CRL
- * indicator extension are selected.
- */
- public boolean isDeltaCRLIndicatorEnabled()
- {
- return deltaCRLIndicator;
- }
-
- /**
- * If this is set to <code>true</code> the CRL reported contains the delta
- * CRL indicator CRL extension.
- * <p>
- * {@link #setCompleteCRLEnabled(boolean)} and
- * {@link #setDeltaCRLIndicatorEnabled(boolean)} excluded each other.
- *
- * @param deltaCRLIndicator <code>true</code> if the delta CRL indicator
- * extension must be in the CRL.
- */
- public void setDeltaCRLIndicatorEnabled(boolean deltaCRLIndicator)
- {
- this.deltaCRLIndicator = deltaCRLIndicator;
- }
-
- /**
- * Returns an instance of this from a <code>X509CRLSelector</code>.
- *
- * @param selector A <code>X509CRLSelector</code> instance.
- * @return An instance of an <code>X509CRLStoreSelector</code>.
- * @exception IllegalArgumentException if selector is null or creation
- * fails.
- */
- public static X509CRLStoreSelector getInstance(X509CRLSelector selector)
- {
- if (selector == null)
- {
- throw new IllegalArgumentException(
- "cannot create from null selector");
- }
- X509CRLStoreSelector cs = new X509CRLStoreSelector();
- cs.setCertificateChecking(selector.getCertificateChecking());
- cs.setDateAndTime(selector.getDateAndTime());
- try
- {
- cs.setIssuerNames(selector.getIssuerNames());
- }
- catch (IOException e)
- {
- // cannot happen
- throw new IllegalArgumentException(e.getMessage());
- }
- cs.setIssuers(selector.getIssuers());
- cs.setMaxCRLNumber(selector.getMaxCRL());
- cs.setMinCRLNumber(selector.getMinCRL());
- return cs;
- }
-
- public Object clone()
- {
- X509CRLStoreSelector sel = X509CRLStoreSelector.getInstance(this);
- sel.deltaCRLIndicator = deltaCRLIndicator;
- sel.completeCRLEnabled = completeCRLEnabled;
- sel.maxBaseCRLNumber = maxBaseCRLNumber;
- sel.attrCertChecking = attrCertChecking;
- sel.issuingDistributionPointEnabled = issuingDistributionPointEnabled;
- sel.issuingDistributionPoint = Arrays.clone(issuingDistributionPoint);
- return sel;
- }
-
- /**
- * If <code>true</code> only complete CRLs are returned. Defaults to
- * <code>false</code>.
- *
- * @return <code>true</code> if only complete CRLs are returned.
- */
- public boolean isCompleteCRLEnabled()
- {
- return completeCRLEnabled;
- }
-
- /**
- * If set to <code>true</code> only complete CRLs are returned.
- * <p>
- * {@link #setCompleteCRLEnabled(boolean)} and
- * {@link #setDeltaCRLIndicatorEnabled(boolean)} excluded each other.
- *
- * @param completeCRLEnabled <code>true</code> if only complete CRLs
- * should be returned.
- */
- public void setCompleteCRLEnabled(boolean completeCRLEnabled)
- {
- this.completeCRLEnabled = completeCRLEnabled;
- }
-
- /**
- * Get the maximum base CRL number. Defaults to <code>null</code>.
- *
- * @return Returns the maximum base CRL number.
- * @see #setMaxBaseCRLNumber(BigInteger)
- */
- public BigInteger getMaxBaseCRLNumber()
- {
- return maxBaseCRLNumber;
- }
-
- /**
- * Sets the maximum base CRL number. Setting to <code>null</code> disables
- * this cheack.
- * <p>
- * This is only meaningful for delta CRLs. Complete CRLs must have a CRL
- * number which is greater or equal than the base number of the
- * corresponding CRL.
- *
- * @param maxBaseCRLNumber The maximum base CRL number to set.
- */
- public void setMaxBaseCRLNumber(BigInteger maxBaseCRLNumber)
- {
- this.maxBaseCRLNumber = maxBaseCRLNumber;
- }
-
- /**
- * Returns the issuing distribution point. Defaults to <code>null</code>,
- * which is a missing issuing distribution point extension.
- * <p>
- * The internal byte array is cloned before it is returned.
- * <p>
- * The criteria must be enable with
- * {@link #setIssuingDistributionPointEnabled(boolean)}.
- *
- * @return Returns the issuing distribution point.
- * @see #setIssuingDistributionPoint(byte[])
- */
- public byte[] getIssuingDistributionPoint()
- {
- return Arrays.clone(issuingDistributionPoint);
- }
-
- /**
- * Sets the issuing distribution point.
- * <p>
- * The issuing distribution point extension is a CRL extension which
- * identifies the scope and the distribution point of a CRL. The scope
- * contains among others information about revocation reasons contained in
- * the CRL. Delta CRLs and complete CRLs must have matching issuing
- * distribution points.
- * <p>
- * The byte array is cloned to protect against subsequent modifications.
- * <p>
- * You must also enable or disable this criteria with
- * {@link #setIssuingDistributionPointEnabled(boolean)}.
- *
- * @param issuingDistributionPoint The issuing distribution point to set.
- * This is the DER encoded OCTET STRING extension value.
- * @see #getIssuingDistributionPoint()
- */
- public void setIssuingDistributionPoint(byte[] issuingDistributionPoint)
- {
- this.issuingDistributionPoint = Arrays.clone(issuingDistributionPoint);
- }
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-23 08:01:27 +0300