x509crlselector.java

JAVA基本类源代码,大家可以学习学习!

	    }
	}
        return x500Principals;
    }

    /**
     * Sets the minCRLNumber criterion. The <code>X509CRL</code> must have a
     * CRL number extension whose value is greater than or equal to the
     * specified value. If <code>null</code>, no minCRLNumber check will be 
     * done.
     *
     * @param minCRL the minimum CRL number accepted (or <code>null</code>)
     */
    public void setMinCRLNumber(BigInteger minCRL) {
        this.minCRL = minCRL;
    }

    /**
     * Sets the maxCRLNumber criterion. The <code>X509CRL</code> must have a
     * CRL number extension whose value is less than or equal to the
     * specified value. If <code>null</code>, no maxCRLNumber check will be 
     * done.
     *
     * @param maxCRL the maximum CRL number accepted (or <code>null</code>)
     */
    public void setMaxCRLNumber(BigInteger maxCRL) {
        this.maxCRL = maxCRL;
    }

    /**
     * Sets the dateAndTime criterion. The specified date must be
     * equal to or later than the value of the thisUpdate component
     * of the <code>X509CRL</code> and earlier than the value of the
     * nextUpdate component. There is no match if the <code>X509CRL</code>
     * does not contain a nextUpdate component.
     * If <code>null</code>, no dateAndTime check will be done.
     * <p>
     * Note that the <code>Date</code> supplied here is cloned to protect 
     * against subsequent modifications.
     *
     * @param dateAndTime the <code>Date</code> to match against
     *                    (or <code>null</code>)
     * @see #getDateAndTime
     */
    public void setDateAndTime(Date dateAndTime) {
        if (dateAndTime == null)
            this.dateAndTime = null;
        else
            this.dateAndTime = (Date) dateAndTime.clone();
    }

    /**
     * Sets the certificate being checked. This is not a criterion. Rather,
     * it is optional information that may help a <code>CertStore</code>
     * find CRLs that would be relevant when checking revocation for the
     * specified certificate. If <code>null</code> is specified, then no
     * such optional information is provided.
     *
     * @param cert the <code>X509Certificate</code> being checked
     *             (or <code>null</code>)
     * @see #getCertificateChecking
     */
    public void setCertificateChecking(X509Certificate cert) {
        certChecking = cert;
    }

    /**
     * Returns a copy of the issuerNames criterion. The issuer distinguished
     * name in the <code>X509CRL</code> must match at least one of the specified
     * distinguished names. If the value returned is <code>null</code>, any
     * issuer distinguished name will do.
     * <p>
     * If the value returned is not <code>null</code>, it is a
     * <code>Collection</code> of names. Each name is a <code>String</code>
     * or a byte array representing a distinguished name (in RFC 2253 or
     * ASN.1 DER encoded form, respectively).  Note that the 
     * <code>Collection</code> returned may contain duplicate names.
     * <p>
     * If a name is specified as a byte array, it should contain a single DER
     * encoded distinguished name, as defined in X.501. The ASN.1 notation for
     * this structure is given in the documentation for
     * {@link #setIssuerNames setIssuerNames(Collection names)}.
     * <p>
     * Note that a deep copy is performed on the <code>Collection</code> to
     * protect against subsequent modifications.
     *
     * @return a <code>Collection</code> of names (or <code>null</code>)
     * @see #setIssuerNames
     */
    public Collection getIssuerNames() {
        if (issuerNames == null)
            return null;
        return(cloneIssuerNames(issuerNames));
    }

    /**
     * Returns the minCRLNumber criterion. The <code>X509CRL</code> must have a
     * CRL number extension whose value is greater than or equal to the
     * specified value. If <code>null</code>, no minCRLNumber check will be done.
     *
     * @return the minimum CRL number accepted (or <code>null</code>)
     */
    public BigInteger getMinCRL() {
        return minCRL;
    }

    /**
     * Returns the maxCRLNumber criterion. The <code>X509CRL</code> must have a
     * CRL number extension whose value is less than or equal to the
     * specified value. If <code>null</code>, no maxCRLNumber check will be 
     * done.
     *
     * @return the maximum CRL number accepted (or <code>null</code>)
     */
    public BigInteger getMaxCRL() {
        return maxCRL;
    }

    /**
     * Returns the dateAndTime criterion. The specified date must be
     * equal to or later than the value of the thisUpdate component
     * of the <code>X509CRL</code> and earlier than the value of the
     * nextUpdate component. There is no match if the
     * <code>X509CRL</code> does not contain a nextUpdate component.
     * If <code>null</code>, no dateAndTime check will be done.
     * <p>
     * Note that the <code>Date</code> returned is cloned to protect against
     * subsequent modifications.
     *
     * @return the <code>Date</code> to match against (or <code>null</code>)
     * @see #setDateAndTime
     */
    public Date getDateAndTime() {
        if (dateAndTime == null)
            return null;
        return (Date) dateAndTime.clone();
    }

    /**
     * Returns the certificate being checked. This is not a criterion. Rather,
     * it is optional information that may help a <code>CertStore</code>
     * find CRLs that would be relevant when checking revocation for the
     * specified certificate. If the value returned is <code>null</code>, then 
     * no such optional information is provided.
     *
     * @return the certificate being checked (or <code>null</code>)
     * @see #setCertificateChecking
     */
    public X509Certificate getCertificateChecking() {
        return certChecking;
    }

    /**
     * Returns a printable representation of the <code>X509CRLSelector</code>.
     *
     * @return a <code>String</code> describing the contents of the
     *         <code>X509CRLSelector</code>.
     */
    public String toString() {
        StringBuffer sb = new StringBuffer();
        sb.append("X509CRLSelector: [\n");
        if (issuerNames != null) {
            sb.append("  IssuerNames:\n");
            Iterator i = issuerNames.iterator();
            while (i.hasNext())
	        sb.append("    " + i.next() + "\n");
        }
        if (minCRL != null)
            sb.append("  minCRLNumber: " + minCRL + "\n");
        if (maxCRL != null)
            sb.append("  maxCRLNumber: " + maxCRL + "\n");
        if (dateAndTime != null)
            sb.append("  dateAndTime: " + dateAndTime + "\n");
        if (certChecking != null)
            sb.append("  Certificate being checked: " + certChecking + "\n");
        sb.append("]");
        return sb.toString();
    }

    /**
     * Decides whether a <code>CRL</code> should be selected.
     *
     * @param crl the <code>CRL</code> to be checked
     * @return <code>true</code> if the <code>CRL</code> should be selected,
     *         <code>false</code> otherwise
     */
    public boolean match(CRL crl) {
        if (!(crl instanceof X509CRL)) {
            return false;
	}
        X509CRL xcrl = (X509CRL)crl;

        /* match on issuer name */
        if (issuerNames != null) {
            X500Principal issuer = xcrl.getIssuerX500Principal();
            Iterator i = issuerX500Principals.iterator();
            boolean found = false;
            while (!found && i.hasNext()) {
	        if (i.next().equals(issuer)) {
	            found = true;
		}
	    }
            if (!found) {
	        if (debug != null) {
	    	    debug.println("X509CRLSelector.match: issuer DNs "
			+ "don't match");
		}
	        return false;
            }
        }
	
	if ((minCRL != null) || (maxCRL != null)) {
	    /* Get CRL number extension from CRL */
	    byte[] crlNumExtVal = xcrl.getExtensionValue("2.5.29.20");
	    if (crlNumExtVal == null) {
		if (debug != null) {
		    debug.println("X509CRLSelector.match: no CRLNumber");
		}
	    }
	    BigInteger crlNum;
	    try {
		DerInputStream in = new DerInputStream(crlNumExtVal);
		byte[] encoded = in.getOctetString();
		CRLNumberExtension crlNumExt = 
		    new CRLNumberExtension(Boolean.FALSE, encoded);
		crlNum = (BigInteger)crlNumExt.get(CRLNumberExtension.NUMBER);
	    } catch (IOException ex) {
		if (debug != null) {
		    debug.println("X509CRLSelector.match: exception in "
			+ "decoding CRL number");
		}
		return false;
	    }
    
	    /* match on minCRLNumber */
	    if (minCRL != null) {
		if (crlNum.compareTo(minCRL) < 0) {
		    if (debug != null) {
			debug.println("X509CRLSelector.match: CRLNumber too small");
		    }
		    return false;
		}
	    }

	    /* match on maxCRLNumber */
	    if (maxCRL != null) {
		if (crlNum.compareTo(maxCRL) > 0) {
		    if (debug != null) {
			debug.println("X509CRLSelector.match: CRLNumber too large");
		    }
		    return false;
		}
	    }
	}


        /* match on dateAndTime */
        if (dateAndTime != null) {
	    Date crlThisUpdate = xcrl.getThisUpdate();
            Date nextUpdate = xcrl.getNextUpdate();
            if (nextUpdate == null) {
	        if (debug != null) {
		    debug.println("X509CRLSelector.match: nextUpdate null");
		}
	        return false;
            }
            if (crlThisUpdate.after(dateAndTime) 
	          || nextUpdate.before(dateAndTime)) {
	        if (debug != null) {
		    debug.println("X509CRLSelector.match: update out of range");
		}
	        return false;
            }
        }

        return true;
    }

    /**
     * Returns a copy of this object.
     *
     * @return the copy
     */
    public Object clone() {
        try {
            Object copy = super.clone();
            if (issuerNames != null) {
                issuerNames = new HashSet(issuerNames);
                issuerX500Principals = new HashSet(issuerX500Principals);
            }
            return copy;
        } catch (CloneNotSupportedException e) {
            /* Cannot happen */
            throw new InternalError(e.toString());
        }
    }
}