Package eu.europa.esig.dss.crl

Class CRLValidity

java.lang.Object

eu.europa.esig.dss.crl.CRLValidity

All Implemented Interfaces:

Serializable

Direct Known Subclasses:

X509CRLValidity

public class CRLValidity
extends Object
implements Serializable

This class encapsulates all information related to the validity of a CRL. It exposes the method isValid to check the validity.

See Also:

• Serialized Form

Constructor Summary

Constructors

Constructor	Description
CRLValidity(CRLBinary crlBinary)	Default constructor

Method Summary

Modifier and Type	Method	Description
boolean	areCriticalExtensionsOidNotEmpty()	Checks if the collection of critical extension OIDs is not empty
boolean	equals(Object o)
CRLBinary	getCrlBinary()	Returns binary of the CRL
byte[]	getDerEncoded()	Returns DER encoded binaries of the CRL
Date	getExpiredCertsOnCRL()	Gets the 'expiredCertsOnCRL' field Date
CertificateToken	getIssuerToken()	Gets the issuer certificateToken
Date	getNextUpdate()	Gets the 'nextUpdate' field Date
SignatureAlgorithm	getSignatureAlgorithm()	Gets used SignatureAlgorithm
String	getSignatureInvalidityReason()	Gets signature invalidity reason if signature is invalid
Date	getThisUpdate()	Gets the 'thisUpdate' field Date
String	getUrl()	Gets distributionPoint url ...
int	hashCode()
boolean	isCrlSignKeyUsage()	Gets if the issuer certificate has 'cRLSign' key usage
boolean	isIssuerX509PrincipalMatches()	Returns if the issuer X509 Principal matches between one defined in CRL and its issuer certificate corresponding value
boolean	isSignatureIntact()	Gets if the signature value is valid
boolean	isUnknownCriticalExtension()	Checks if the critical extensions are unknown
boolean	isValid()	This method indicates if the CRL is valid.
void	setCriticalExtensionsOid(Collection<String> criticalExtensionsOid)	Sets a collection of critical extension OIDs
void	setCrlSignKeyUsage(boolean crlSignKeyUsage)	Sets if the issuer certificate has 'cRLSign' key usage
void	setExpiredCertsOnCRL(Date expiredCertsOnCRL)	Sets the 'expiredCertsOnCRL' field Date
void	setIndirectCrl(boolean indirectCrl)	Sets 'indirectCRL' value ...
void	setIssuerToken(CertificateToken issuerToken)	Sets the issuer certificateToken
void	setIssuerX509PrincipalMatches(boolean issuerX509PrincipalMatches)	Sets if the issuer X509 Principal matches between one defined in CRL and its issuer certificate corresponding value
void	setNextUpdate(Date nextUpdate)	Sets the 'nextUpdate' field Date
void	setOnlyAttributeCerts(boolean onlyAttributeCerts)	Sets 'onlyContainsAttributeCerts' value ...
void	setOnlyCaCerts(boolean onlyCaCerts)	Sets 'onlyContainsCACerts' value ...
void	setOnlyUserCerts(boolean onlyUserCerts)	Sets 'onlyContainsUserCerts' value ...
void	setReasonFlags(org.bouncycastle.asn1.x509.ReasonFlags reasonFlags)	Sets 'onlySomeReasons' value ...
void	setSignatureAlgorithm(SignatureAlgorithm signatureAlgorithm)	Sets used SignatureAlgorithm
void	setSignatureIntact(boolean signatureIntact)	Sets if the signature value is valid
void	setSignatureInvalidityReason(String signatureInvalidityReason)	Sets signature invalidity reason
void	setThisUpdate(Date thisUpdate)	Sets the 'thisUpdate' field Date
void	setUrl(String url)	Sets distributionPoint url ...
InputStream	toCRLInputStream()	Opens the InputStream with the CRL's binaries
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

CRLValidity

public CRLValidity(CRLBinary crlBinary)

Default constructor

Parameters:

crlBinary - CRLBinary

Method Details

getCrlBinary

public CRLBinary getCrlBinary()

Returns binary of the CRL

Returns:

CRLBinary

getDerEncoded

public byte[] getDerEncoded()

Returns DER encoded binaries of the CRL

Returns:

DER encoded binaries

toCRLInputStream

public InputStream toCRLInputStream()

Opens the InputStream with the CRL's binaries

Returns:

InputStream

getSignatureAlgorithm

public SignatureAlgorithm getSignatureAlgorithm()

Gets used SignatureAlgorithm

Returns:

SignatureAlgorithm

setSignatureAlgorithm

public void setSignatureAlgorithm(SignatureAlgorithm signatureAlgorithm)

Sets used SignatureAlgorithm

Parameters:

signatureAlgorithm - SignatureAlgorithm

getNextUpdate

public Date getNextUpdate()

Gets the 'nextUpdate' field Date

Returns:

Date

setNextUpdate

public void setNextUpdate(Date nextUpdate)

Sets the 'nextUpdate' field Date

Parameters:

nextUpdate - Date

getThisUpdate

public Date getThisUpdate()

Gets the 'thisUpdate' field Date

Returns:

Date

setThisUpdate

public void setThisUpdate(Date thisUpdate)

Sets the 'thisUpdate' field Date

Parameters:

thisUpdate - Date

getExpiredCertsOnCRL

public Date getExpiredCertsOnCRL()

Gets the 'expiredCertsOnCRL' field Date

Returns:

Date

setExpiredCertsOnCRL

public void setExpiredCertsOnCRL(Date expiredCertsOnCRL)

Sets the 'expiredCertsOnCRL' field Date

Parameters:

expiredCertsOnCRL - Date

isIssuerX509PrincipalMatches

public boolean isIssuerX509PrincipalMatches()

Returns if the issuer X509 Principal matches between one defined in CRL and its issuer certificate corresponding value

Returns:

TRUE if the issuer X509 Principal matches, FALSE otherwise

setIssuerX509PrincipalMatches

public void setIssuerX509PrincipalMatches(boolean issuerX509PrincipalMatches)

Sets if the issuer X509 Principal matches between one defined in CRL and its issuer certificate corresponding value

Parameters:

issuerX509PrincipalMatches - if the issuer X509 Principal matches

isSignatureIntact

public boolean isSignatureIntact()

Gets if the signature value is valid

Returns:

TRUE if the signature is valid, FALSE otherwise

setSignatureIntact

public void setSignatureIntact(boolean signatureIntact)

Sets if the signature value is valid

Parameters:

signatureIntact - if the signature value is valid

isCrlSignKeyUsage

public boolean isCrlSignKeyUsage()

Gets if the issuer certificate has 'cRLSign' key usage

Returns:

TRUE if the issuer certificate has 'cRLSign' key usage, FALSE otherwise

setCrlSignKeyUsage

public void setCrlSignKeyUsage(boolean crlSignKeyUsage)

Sets if the issuer certificate has 'cRLSign' key usage

Parameters:

crlSignKeyUsage - if the issuer certificate has 'cRLSign' key usage

getIssuerToken

public CertificateToken getIssuerToken()

Gets the issuer certificateToken

Returns:

CertificateToken

setIssuerToken

public void setIssuerToken(CertificateToken issuerToken)

Sets the issuer certificateToken

Parameters:

issuerToken - CertificateToken

getSignatureInvalidityReason

public String getSignatureInvalidityReason()

Gets signature invalidity reason if signature is invalid

Returns:

signature invalidity reason String, null for a valid signatureValue

setSignatureInvalidityReason

public void setSignatureInvalidityReason(String signatureInvalidityReason)

Sets signature invalidity reason

Parameters:

signatureInvalidityReason - String

getUrl

public String getUrl()

Gets distributionPoint url ... distributionPoint [0] DistributionPointName OPTIONAL ...

Returns:

String distributionPoint url

setUrl

public void setUrl(String url)

Sets distributionPoint url ... distributionPoint [0] DistributionPointName OPTIONAL ...

Parameters:

url - String distributionPoint url

setOnlyUserCerts

public void setOnlyUserCerts(boolean onlyUserCerts)

Sets 'onlyContainsUserCerts' value ... onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE ...

Parameters:

onlyUserCerts - 'onlyContainsUserCerts' value

setOnlyCaCerts

public void setOnlyCaCerts(boolean onlyCaCerts)

Sets 'onlyContainsCACerts' value ... onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE ...

Parameters:

onlyCaCerts - 'onlyContainsCACerts' value

setReasonFlags

public void setReasonFlags(org.bouncycastle.asn1.x509.ReasonFlags reasonFlags)

Sets 'onlySomeReasons' value ... onlySomeReasons [3] ReasonFlags OPTIONAL ...

Parameters:

reasonFlags - 'onlySomeReasons' value

setIndirectCrl

public void setIndirectCrl(boolean indirectCrl)

Sets 'indirectCRL' value ... indirectCRL [4] BOOLEAN DEFAULT FALSE ...

Parameters:

indirectCrl - 'indirectCRL' value

setOnlyAttributeCerts

public void setOnlyAttributeCerts(boolean onlyAttributeCerts)

Sets 'onlyContainsAttributeCerts' value ... onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE ...

Parameters:

onlyAttributeCerts - 'onlyContainsAttributeCerts' value

areCriticalExtensionsOidNotEmpty

public boolean areCriticalExtensionsOidNotEmpty()

Checks if the collection of critical extension OIDs is not empty

Returns:

TRUE if the collection of critical extension OIDs is not empty, FALSE if empty

setCriticalExtensionsOid

public void setCriticalExtensionsOid(Collection<String> criticalExtensionsOid)

Sets a collection of critical extension OIDs

Parameters:

criticalExtensionsOid - a collection of String critical extension OIDs

isValid

public boolean isValid()

This method indicates if the CRL is valid. To be valid the CRL must fulfill the following requirements: - its signature must be valid, - the issuer of the certificate for which the CRL is used must match the CRL signing certificate and - the mandatory key usage must be present.

Returns:

true if the CRL is valid false otherwise.

isUnknownCriticalExtension

public boolean isUnknownCriticalExtension()

Checks if the critical extensions are unknown

Returns:

TRUE if the critical extensions are unknown, FALSE otherwise

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object