35 import sun.security.util.DerInputStream; |
35 import sun.security.util.DerInputStream; |
36 import sun.security.x509.CRLNumberExtension; |
36 import sun.security.x509.CRLNumberExtension; |
37 import sun.security.x509.X500Name; |
37 import sun.security.x509.X500Name; |
38 |
38 |
39 /** |
39 /** |
40 * A <code>CRLSelector</code> that selects <code>X509CRLs</code> that |
40 * A {@code CRLSelector} that selects {@code X509CRLs} that |
41 * match all specified criteria. This class is particularly useful when |
41 * match all specified criteria. This class is particularly useful when |
42 * selecting CRLs from a <code>CertStore</code> to check revocation status |
42 * selecting CRLs from a {@code CertStore} to check revocation status |
43 * of a particular certificate. |
43 * of a particular certificate. |
44 * <p> |
44 * <p> |
45 * When first constructed, an <code>X509CRLSelector</code> has no criteria |
45 * When first constructed, an {@code X509CRLSelector} has no criteria |
46 * enabled and each of the <code>get</code> methods return a default |
46 * enabled and each of the {@code get} methods return a default |
47 * value (<code>null</code>). Therefore, the {@link #match match} method |
47 * value ({@code null}). Therefore, the {@link #match match} method |
48 * would return <code>true</code> for any <code>X509CRL</code>. Typically, |
48 * would return {@code true} for any {@code X509CRL}. Typically, |
49 * several criteria are enabled (by calling {@link #setIssuers setIssuers} |
49 * several criteria are enabled (by calling {@link #setIssuers setIssuers} |
50 * or {@link #setDateAndTime setDateAndTime}, for instance) and then the |
50 * or {@link #setDateAndTime setDateAndTime}, for instance) and then the |
51 * <code>X509CRLSelector</code> is passed to |
51 * {@code X509CRLSelector} is passed to |
52 * {@link CertStore#getCRLs CertStore.getCRLs} or some similar |
52 * {@link CertStore#getCRLs CertStore.getCRLs} or some similar |
53 * method. |
53 * method. |
54 * <p> |
54 * <p> |
55 * Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: |
55 * Please refer to <a href="http://www.ietf.org/rfc/rfc3280.txt">RFC 3280: |
56 * Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a> |
56 * Internet X.509 Public Key Infrastructure Certificate and CRL Profile</a> |
84 private Date dateAndTime; |
84 private Date dateAndTime; |
85 private X509Certificate certChecking; |
85 private X509Certificate certChecking; |
86 private long skew = 0; |
86 private long skew = 0; |
87 |
87 |
88 /** |
88 /** |
89 * Creates an <code>X509CRLSelector</code>. Initially, no criteria are set |
89 * Creates an {@code X509CRLSelector}. Initially, no criteria are set |
90 * so any <code>X509CRL</code> will match. |
90 * so any {@code X509CRL} will match. |
91 */ |
91 */ |
92 public X509CRLSelector() {} |
92 public X509CRLSelector() {} |
93 |
93 |
94 /** |
94 /** |
95 * Sets the issuerNames criterion. The issuer distinguished name in the |
95 * Sets the issuerNames criterion. The issuer distinguished name in the |
96 * <code>X509CRL</code> must match at least one of the specified |
96 * {@code X509CRL} must match at least one of the specified |
97 * distinguished names. If <code>null</code>, any issuer distinguished name |
97 * distinguished names. If {@code null}, any issuer distinguished name |
98 * will do. |
98 * will do. |
99 * <p> |
99 * <p> |
100 * This method allows the caller to specify, with a single method call, |
100 * This method allows the caller to specify, with a single method call, |
101 * the complete set of issuer names which <code>X509CRLs</code> may contain. |
101 * the complete set of issuer names which {@code X509CRLs} may contain. |
102 * The specified value replaces the previous value for the issuerNames |
102 * The specified value replaces the previous value for the issuerNames |
103 * criterion. |
103 * criterion. |
104 * <p> |
104 * <p> |
105 * The <code>names</code> parameter (if not <code>null</code>) is a |
105 * The {@code names} parameter (if not {@code null}) is a |
106 * <code>Collection</code> of <code>X500Principal</code>s. |
106 * {@code Collection} of {@code X500Principal}s. |
107 * <p> |
107 * <p> |
108 * Note that the <code>names</code> parameter can contain duplicate |
108 * Note that the {@code names} parameter can contain duplicate |
109 * distinguished names, but they may be removed from the |
109 * distinguished names, but they may be removed from the |
110 * <code>Collection</code> of names returned by the |
110 * {@code Collection} of names returned by the |
111 * {@link #getIssuers getIssuers} method. |
111 * {@link #getIssuers getIssuers} method. |
112 * <p> |
112 * <p> |
113 * Note that a copy is performed on the <code>Collection</code> to |
113 * Note that a copy is performed on the {@code Collection} to |
114 * protect against subsequent modifications. |
114 * protect against subsequent modifications. |
115 * |
115 * |
116 * @param issuers a <code>Collection</code> of X500Principals |
116 * @param issuers a {@code Collection} of X500Principals |
117 * (or <code>null</code>) |
117 * (or {@code null}) |
118 * @see #getIssuers |
118 * @see #getIssuers |
119 * @since 1.5 |
119 * @since 1.5 |
120 */ |
120 */ |
121 public void setIssuers(Collection<X500Principal> issuers) { |
121 public void setIssuers(Collection<X500Principal> issuers) { |
122 if ((issuers == null) || issuers.isEmpty()) { |
122 if ((issuers == null) || issuers.isEmpty()) { |
136 * <strong>Note:</strong> use {@linkplain #setIssuers(Collection)} instead |
136 * <strong>Note:</strong> use {@linkplain #setIssuers(Collection)} instead |
137 * or only specify the byte array form of distinguished names when using |
137 * or only specify the byte array form of distinguished names when using |
138 * this method. See {@link #addIssuerName(String)} for more information. |
138 * this method. See {@link #addIssuerName(String)} for more information. |
139 * <p> |
139 * <p> |
140 * Sets the issuerNames criterion. The issuer distinguished name in the |
140 * Sets the issuerNames criterion. The issuer distinguished name in the |
141 * <code>X509CRL</code> must match at least one of the specified |
141 * {@code X509CRL} must match at least one of the specified |
142 * distinguished names. If <code>null</code>, any issuer distinguished name |
142 * distinguished names. If {@code null}, any issuer distinguished name |
143 * will do. |
143 * will do. |
144 * <p> |
144 * <p> |
145 * This method allows the caller to specify, with a single method call, |
145 * This method allows the caller to specify, with a single method call, |
146 * the complete set of issuer names which <code>X509CRLs</code> may contain. |
146 * the complete set of issuer names which {@code X509CRLs} may contain. |
147 * The specified value replaces the previous value for the issuerNames |
147 * The specified value replaces the previous value for the issuerNames |
148 * criterion. |
148 * criterion. |
149 * <p> |
149 * <p> |
150 * The <code>names</code> parameter (if not <code>null</code>) is a |
150 * The {@code names} parameter (if not {@code null}) is a |
151 * <code>Collection</code> of names. Each name is a <code>String</code> |
151 * {@code Collection} of names. Each name is a {@code String} |
152 * or a byte array representing a distinguished name (in |
152 * or a byte array representing a distinguished name (in |
153 * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> or |
153 * <a href="http://www.ietf.org/rfc/rfc2253.txt">RFC 2253</a> or |
154 * ASN.1 DER encoded form, respectively). If <code>null</code> is supplied |
154 * ASN.1 DER encoded form, respectively). If {@code null} is supplied |
155 * as the value for this argument, no issuerNames check will be performed. |
155 * as the value for this argument, no issuerNames check will be performed. |
156 * <p> |
156 * <p> |
157 * Note that the <code>names</code> parameter can contain duplicate |
157 * Note that the {@code names} parameter can contain duplicate |
158 * distinguished names, but they may be removed from the |
158 * distinguished names, but they may be removed from the |
159 * <code>Collection</code> of names returned by the |
159 * {@code Collection} of names returned by the |
160 * {@link #getIssuerNames getIssuerNames} method. |
160 * {@link #getIssuerNames getIssuerNames} method. |
161 * <p> |
161 * <p> |
162 * If a name is specified as a byte array, it should contain a single DER |
162 * If a name is specified as a byte array, it should contain a single DER |
163 * encoded distinguished name, as defined in X.501. The ASN.1 notation for |
163 * encoded distinguished name, as defined in X.501. The ASN.1 notation for |
164 * this structure is as follows. |
164 * this structure is as follows. |
165 * <pre><code> |
165 * <pre>{@code |
166 * Name ::= CHOICE { |
166 * Name ::= CHOICE { |
167 * RDNSequence } |
167 * RDNSequence } |
168 * |
168 * |
169 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName |
169 * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName |
170 * |
170 * |
183 * teletexString TeletexString (SIZE (1..MAX)), |
183 * teletexString TeletexString (SIZE (1..MAX)), |
184 * printableString PrintableString (SIZE (1..MAX)), |
184 * printableString PrintableString (SIZE (1..MAX)), |
185 * universalString UniversalString (SIZE (1..MAX)), |
185 * universalString UniversalString (SIZE (1..MAX)), |
186 * utf8String UTF8String (SIZE (1.. MAX)), |
186 * utf8String UTF8String (SIZE (1.. MAX)), |
187 * bmpString BMPString (SIZE (1..MAX)) } |
187 * bmpString BMPString (SIZE (1..MAX)) } |
188 * </code></pre> |
188 * }</pre> |
189 * <p> |
189 * <p> |
190 * Note that a deep copy is performed on the <code>Collection</code> to |
190 * Note that a deep copy is performed on the {@code Collection} to |
191 * protect against subsequent modifications. |
191 * protect against subsequent modifications. |
192 * |
192 * |
193 * @param names a <code>Collection</code> of names (or <code>null</code>) |
193 * @param names a {@code Collection} of names (or {@code null}) |
194 * @throws IOException if a parsing error occurs |
194 * @throws IOException if a parsing error occurs |
195 * @see #getIssuerNames |
195 * @see #getIssuerNames |
196 */ |
196 */ |
197 public void setIssuerNames(Collection<?> names) throws IOException { |
197 public void setIssuerNames(Collection<?> names) throws IOException { |
198 if (names == null || names.size() == 0) { |
198 if (names == null || names.size() == 0) { |
247 addIssuerNameInternal(name, new X500Name(name).asX500Principal()); |
247 addIssuerNameInternal(name, new X500Name(name).asX500Principal()); |
248 } |
248 } |
249 |
249 |
250 /** |
250 /** |
251 * Adds a name to the issuerNames criterion. The issuer distinguished |
251 * Adds a name to the issuerNames criterion. The issuer distinguished |
252 * name in the <code>X509CRL</code> must match at least one of the specified |
252 * name in the {@code X509CRL} must match at least one of the specified |
253 * distinguished names. |
253 * distinguished names. |
254 * <p> |
254 * <p> |
255 * This method allows the caller to add a name to the set of issuer names |
255 * This method allows the caller to add a name to the set of issuer names |
256 * which <code>X509CRLs</code> may contain. The specified name is added to |
256 * which {@code X509CRLs} may contain. The specified name is added to |
257 * any previous value for the issuerNames criterion. If the specified name |
257 * any previous value for the issuerNames criterion. If the specified name |
258 * is a duplicate, it may be ignored. |
258 * is a duplicate, it may be ignored. |
259 * If a name is specified as a byte array, it should contain a single DER |
259 * If a name is specified as a byte array, it should contain a single DER |
260 * encoded distinguished name, as defined in X.501. The ASN.1 notation for |
260 * encoded distinguished name, as defined in X.501. The ASN.1 notation for |
261 * this structure is as follows. |
261 * this structure is as follows. |
332 * <p> |
332 * <p> |
333 * This method wraps cloneAndCheckIssuerNames, changing any IOException |
333 * This method wraps cloneAndCheckIssuerNames, changing any IOException |
334 * into a RuntimeException. This method should be used when the object being |
334 * into a RuntimeException. This method should be used when the object being |
335 * cloned has already been checked, so there should never be any exceptions. |
335 * cloned has already been checked, so there should never be any exceptions. |
336 * |
336 * |
337 * @param names a <code>Collection</code> of names. Each entry is a |
337 * @param names a {@code Collection} of names. Each entry is a |
338 * String or a byte array (the name, in string or ASN.1 |
338 * String or a byte array (the name, in string or ASN.1 |
339 * DER encoded form, respectively). <code>null</code> is |
339 * DER encoded form, respectively). {@code null} is |
340 * not an acceptable value. |
340 * not an acceptable value. |
341 * @return a deep copy of the specified <code>Collection</code> |
341 * @return a deep copy of the specified {@code Collection} |
342 * @throws RuntimeException if a parsing error occurs |
342 * @throws RuntimeException if a parsing error occurs |
343 */ |
343 */ |
344 private static HashSet<Object> cloneIssuerNames(Collection<Object> names) { |
344 private static HashSet<Object> cloneIssuerNames(Collection<Object> names) { |
345 try { |
345 try { |
346 return cloneAndCheckIssuerNames(names); |
346 return cloneAndCheckIssuerNames(names); |
378 } |
378 } |
379 return x500Principals; |
379 return x500Principals; |
380 } |
380 } |
381 |
381 |
382 /** |
382 /** |
383 * Sets the minCRLNumber criterion. The <code>X509CRL</code> must have a |
383 * Sets the minCRLNumber criterion. The {@code X509CRL} must have a |
384 * CRL number extension whose value is greater than or equal to the |
384 * CRL number extension whose value is greater than or equal to the |
385 * specified value. If <code>null</code>, no minCRLNumber check will be |
385 * specified value. If {@code null}, no minCRLNumber check will be |
386 * done. |
386 * done. |
387 * |
387 * |
388 * @param minCRL the minimum CRL number accepted (or <code>null</code>) |
388 * @param minCRL the minimum CRL number accepted (or {@code null}) |
389 */ |
389 */ |
390 public void setMinCRLNumber(BigInteger minCRL) { |
390 public void setMinCRLNumber(BigInteger minCRL) { |
391 this.minCRL = minCRL; |
391 this.minCRL = minCRL; |
392 } |
392 } |
393 |
393 |
394 /** |
394 /** |
395 * Sets the maxCRLNumber criterion. The <code>X509CRL</code> must have a |
395 * Sets the maxCRLNumber criterion. The {@code X509CRL} must have a |
396 * CRL number extension whose value is less than or equal to the |
396 * CRL number extension whose value is less than or equal to the |
397 * specified value. If <code>null</code>, no maxCRLNumber check will be |
397 * specified value. If {@code null}, no maxCRLNumber check will be |
398 * done. |
398 * done. |
399 * |
399 * |
400 * @param maxCRL the maximum CRL number accepted (or <code>null</code>) |
400 * @param maxCRL the maximum CRL number accepted (or {@code null}) |
401 */ |
401 */ |
402 public void setMaxCRLNumber(BigInteger maxCRL) { |
402 public void setMaxCRLNumber(BigInteger maxCRL) { |
403 this.maxCRL = maxCRL; |
403 this.maxCRL = maxCRL; |
404 } |
404 } |
405 |
405 |
406 /** |
406 /** |
407 * Sets the dateAndTime criterion. The specified date must be |
407 * Sets the dateAndTime criterion. The specified date must be |
408 * equal to or later than the value of the thisUpdate component |
408 * equal to or later than the value of the thisUpdate component |
409 * of the <code>X509CRL</code> and earlier than the value of the |
409 * of the {@code X509CRL} and earlier than the value of the |
410 * nextUpdate component. There is no match if the <code>X509CRL</code> |
410 * nextUpdate component. There is no match if the {@code X509CRL} |
411 * does not contain a nextUpdate component. |
411 * does not contain a nextUpdate component. |
412 * If <code>null</code>, no dateAndTime check will be done. |
412 * If {@code null}, no dateAndTime check will be done. |
413 * <p> |
413 * <p> |
414 * Note that the <code>Date</code> supplied here is cloned to protect |
414 * Note that the {@code Date} supplied here is cloned to protect |
415 * against subsequent modifications. |
415 * against subsequent modifications. |
416 * |
416 * |
417 * @param dateAndTime the <code>Date</code> to match against |
417 * @param dateAndTime the {@code Date} to match against |
418 * (or <code>null</code>) |
418 * (or {@code null}) |
419 * @see #getDateAndTime |
419 * @see #getDateAndTime |
420 */ |
420 */ |
421 public void setDateAndTime(Date dateAndTime) { |
421 public void setDateAndTime(Date dateAndTime) { |
422 if (dateAndTime == null) |
422 if (dateAndTime == null) |
423 this.dateAndTime = null; |
423 this.dateAndTime = null; |
436 this.skew = skew; |
436 this.skew = skew; |
437 } |
437 } |
438 |
438 |
439 /** |
439 /** |
440 * Sets the certificate being checked. This is not a criterion. Rather, |
440 * Sets the certificate being checked. This is not a criterion. Rather, |
441 * it is optional information that may help a <code>CertStore</code> |
441 * it is optional information that may help a {@code CertStore} |
442 * find CRLs that would be relevant when checking revocation for the |
442 * find CRLs that would be relevant when checking revocation for the |
443 * specified certificate. If <code>null</code> is specified, then no |
443 * specified certificate. If {@code null} is specified, then no |
444 * such optional information is provided. |
444 * such optional information is provided. |
445 * |
445 * |
446 * @param cert the <code>X509Certificate</code> being checked |
446 * @param cert the {@code X509Certificate} being checked |
447 * (or <code>null</code>) |
447 * (or {@code null}) |
448 * @see #getCertificateChecking |
448 * @see #getCertificateChecking |
449 */ |
449 */ |
450 public void setCertificateChecking(X509Certificate cert) { |
450 public void setCertificateChecking(X509Certificate cert) { |
451 certChecking = cert; |
451 certChecking = cert; |
452 } |
452 } |
453 |
453 |
454 /** |
454 /** |
455 * Returns the issuerNames criterion. The issuer distinguished |
455 * Returns the issuerNames criterion. The issuer distinguished |
456 * name in the <code>X509CRL</code> must match at least one of the specified |
456 * name in the {@code X509CRL} must match at least one of the specified |
457 * distinguished names. If the value returned is <code>null</code>, any |
457 * distinguished names. If the value returned is {@code null}, any |
458 * issuer distinguished name will do. |
458 * issuer distinguished name will do. |
459 * <p> |
459 * <p> |
460 * If the value returned is not <code>null</code>, it is a |
460 * If the value returned is not {@code null}, it is a |
461 * unmodifiable <code>Collection</code> of <code>X500Principal</code>s. |
461 * unmodifiable {@code Collection} of {@code X500Principal}s. |
462 * |
462 * |
463 * @return an unmodifiable <code>Collection</code> of names |
463 * @return an unmodifiable {@code Collection} of names |
464 * (or <code>null</code>) |
464 * (or {@code null}) |
465 * @see #setIssuers |
465 * @see #setIssuers |
466 * @since 1.5 |
466 * @since 1.5 |
467 */ |
467 */ |
468 public Collection<X500Principal> getIssuers() { |
468 public Collection<X500Principal> getIssuers() { |
469 if (issuerX500Principals == null) { |
469 if (issuerX500Principals == null) { |
472 return Collections.unmodifiableCollection(issuerX500Principals); |
472 return Collections.unmodifiableCollection(issuerX500Principals); |
473 } |
473 } |
474 |
474 |
475 /** |
475 /** |
476 * Returns a copy of the issuerNames criterion. The issuer distinguished |
476 * Returns a copy of the issuerNames criterion. The issuer distinguished |
477 * name in the <code>X509CRL</code> must match at least one of the specified |
477 * name in the {@code X509CRL} must match at least one of the specified |
478 * distinguished names. If the value returned is <code>null</code>, any |
478 * distinguished names. If the value returned is {@code null}, any |
479 * issuer distinguished name will do. |
479 * issuer distinguished name will do. |
480 * <p> |
480 * <p> |
481 * If the value returned is not <code>null</code>, it is a |
481 * If the value returned is not {@code null}, it is a |
482 * <code>Collection</code> of names. Each name is a <code>String</code> |
482 * {@code Collection} of names. Each name is a {@code String} |
483 * or a byte array representing a distinguished name (in RFC 2253 or |
483 * or a byte array representing a distinguished name (in RFC 2253 or |
484 * ASN.1 DER encoded form, respectively). Note that the |
484 * ASN.1 DER encoded form, respectively). Note that the |
485 * <code>Collection</code> returned may contain duplicate names. |
485 * {@code Collection} returned may contain duplicate names. |
486 * <p> |
486 * <p> |
487 * If a name is specified as a byte array, it should contain a single DER |
487 * If a name is specified as a byte array, it should contain a single DER |
488 * encoded distinguished name, as defined in X.501. The ASN.1 notation for |
488 * encoded distinguished name, as defined in X.501. The ASN.1 notation for |
489 * this structure is given in the documentation for |
489 * this structure is given in the documentation for |
490 * {@link #setIssuerNames setIssuerNames(Collection names)}. |
490 * {@link #setIssuerNames setIssuerNames(Collection names)}. |
491 * <p> |
491 * <p> |
492 * Note that a deep copy is performed on the <code>Collection</code> to |
492 * Note that a deep copy is performed on the {@code Collection} to |
493 * protect against subsequent modifications. |
493 * protect against subsequent modifications. |
494 * |
494 * |
495 * @return a <code>Collection</code> of names (or <code>null</code>) |
495 * @return a {@code Collection} of names (or {@code null}) |
496 * @see #setIssuerNames |
496 * @see #setIssuerNames |
497 */ |
497 */ |
498 public Collection<Object> getIssuerNames() { |
498 public Collection<Object> getIssuerNames() { |
499 if (issuerNames == null) { |
499 if (issuerNames == null) { |
500 return null; |
500 return null; |
501 } |
501 } |
502 return cloneIssuerNames(issuerNames); |
502 return cloneIssuerNames(issuerNames); |
503 } |
503 } |
504 |
504 |
505 /** |
505 /** |
506 * Returns the minCRLNumber criterion. The <code>X509CRL</code> must have a |
506 * Returns the minCRLNumber criterion. The {@code X509CRL} must have a |
507 * CRL number extension whose value is greater than or equal to the |
507 * CRL number extension whose value is greater than or equal to the |
508 * specified value. If <code>null</code>, no minCRLNumber check will be done. |
508 * specified value. If {@code null}, no minCRLNumber check will be done. |
509 * |
509 * |
510 * @return the minimum CRL number accepted (or <code>null</code>) |
510 * @return the minimum CRL number accepted (or {@code null}) |
511 */ |
511 */ |
512 public BigInteger getMinCRL() { |
512 public BigInteger getMinCRL() { |
513 return minCRL; |
513 return minCRL; |
514 } |
514 } |
515 |
515 |
516 /** |
516 /** |
517 * Returns the maxCRLNumber criterion. The <code>X509CRL</code> must have a |
517 * Returns the maxCRLNumber criterion. The {@code X509CRL} must have a |
518 * CRL number extension whose value is less than or equal to the |
518 * CRL number extension whose value is less than or equal to the |
519 * specified value. If <code>null</code>, no maxCRLNumber check will be |
519 * specified value. If {@code null}, no maxCRLNumber check will be |
520 * done. |
520 * done. |
521 * |
521 * |
522 * @return the maximum CRL number accepted (or <code>null</code>) |
522 * @return the maximum CRL number accepted (or {@code null}) |
523 */ |
523 */ |
524 public BigInteger getMaxCRL() { |
524 public BigInteger getMaxCRL() { |
525 return maxCRL; |
525 return maxCRL; |
526 } |
526 } |
527 |
527 |
528 /** |
528 /** |
529 * Returns the dateAndTime criterion. The specified date must be |
529 * Returns the dateAndTime criterion. The specified date must be |
530 * equal to or later than the value of the thisUpdate component |
530 * equal to or later than the value of the thisUpdate component |
531 * of the <code>X509CRL</code> and earlier than the value of the |
531 * of the {@code X509CRL} and earlier than the value of the |
532 * nextUpdate component. There is no match if the |
532 * nextUpdate component. There is no match if the |
533 * <code>X509CRL</code> does not contain a nextUpdate component. |
533 * {@code X509CRL} does not contain a nextUpdate component. |
534 * If <code>null</code>, no dateAndTime check will be done. |
534 * If {@code null}, no dateAndTime check will be done. |
535 * <p> |
535 * <p> |
536 * Note that the <code>Date</code> returned is cloned to protect against |
536 * Note that the {@code Date} returned is cloned to protect against |
537 * subsequent modifications. |
537 * subsequent modifications. |
538 * |
538 * |
539 * @return the <code>Date</code> to match against (or <code>null</code>) |
539 * @return the {@code Date} to match against (or {@code null}) |
540 * @see #setDateAndTime |
540 * @see #setDateAndTime |
541 */ |
541 */ |
542 public Date getDateAndTime() { |
542 public Date getDateAndTime() { |
543 if (dateAndTime == null) |
543 if (dateAndTime == null) |
544 return null; |
544 return null; |
545 return (Date) dateAndTime.clone(); |
545 return (Date) dateAndTime.clone(); |
546 } |
546 } |
547 |
547 |
548 /** |
548 /** |
549 * Returns the certificate being checked. This is not a criterion. Rather, |
549 * Returns the certificate being checked. This is not a criterion. Rather, |
550 * it is optional information that may help a <code>CertStore</code> |
550 * it is optional information that may help a {@code CertStore} |
551 * find CRLs that would be relevant when checking revocation for the |
551 * find CRLs that would be relevant when checking revocation for the |
552 * specified certificate. If the value returned is <code>null</code>, then |
552 * specified certificate. If the value returned is {@code null}, then |
553 * no such optional information is provided. |
553 * no such optional information is provided. |
554 * |
554 * |
555 * @return the certificate being checked (or <code>null</code>) |
555 * @return the certificate being checked (or {@code null}) |
556 * @see #setCertificateChecking |
556 * @see #setCertificateChecking |
557 */ |
557 */ |
558 public X509Certificate getCertificateChecking() { |
558 public X509Certificate getCertificateChecking() { |
559 return certChecking; |
559 return certChecking; |
560 } |
560 } |
561 |
561 |
562 /** |
562 /** |
563 * Returns a printable representation of the <code>X509CRLSelector</code>. |
563 * Returns a printable representation of the {@code X509CRLSelector}. |
564 * |
564 * |
565 * @return a <code>String</code> describing the contents of the |
565 * @return a {@code String} describing the contents of the |
566 * <code>X509CRLSelector</code>. |
566 * {@code X509CRLSelector}. |
567 */ |
567 */ |
568 public String toString() { |
568 public String toString() { |
569 StringBuffer sb = new StringBuffer(); |
569 StringBuffer sb = new StringBuffer(); |
570 sb.append("X509CRLSelector: [\n"); |
570 sb.append("X509CRLSelector: [\n"); |
571 if (issuerNames != null) { |
571 if (issuerNames != null) { |