Package eu.europa.esig.dss.crl
Class CRLValidity
java.lang.Object
eu.europa.esig.dss.crl.CRLValidity
- All Implemented Interfaces:
Serializable
- Direct Known Subclasses:
X509CRLValidity
This class encapsulates all information related to the validity of a CRL. It
exposes the method
isValid to check the validity.- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanChecks if the collection of critical extension OIDs is not emptybooleanReturns binary of the CRLbyte[]Returns DER encoded binaries of the CRLGets the 'expiredCertsOnCRL' field DateGets the issuer certificateTokenGets the 'nextUpdate' field DateGets used SignatureAlgorithmGets signature invalidity reason if signature is invalidGets the 'thisUpdate' field DategetUrl()Gets distributionPoint url ...inthashCode()booleanGets if the issuer certificate has 'cRLSign' key usagebooleanReturns if the issuer X509 Principal matches between one defined in CRL and its issuer certificate corresponding valuebooleanGets if the signature value is validbooleanChecks if the critical extensions are unknownbooleanisValid()This method indicates if the CRL is valid.voidsetCriticalExtensionsOid(Collection<String> criticalExtensionsOid) Sets a collection of critical extension OIDsvoidsetCrlSignKeyUsage(boolean crlSignKeyUsage) Sets if the issuer certificate has 'cRLSign' key usagevoidsetExpiredCertsOnCRL(Date expiredCertsOnCRL) Sets the 'expiredCertsOnCRL' field DatevoidsetIndirectCrl(boolean indirectCrl) Sets 'indirectCRL' value ...voidsetIssuerToken(CertificateToken issuerToken) Sets the issuer certificateTokenvoidsetIssuerX509PrincipalMatches(boolean issuerX509PrincipalMatches) Sets if the issuer X509 Principal matches between one defined in CRL and its issuer certificate corresponding valuevoidsetNextUpdate(Date nextUpdate) Sets the 'nextUpdate' field DatevoidsetOnlyAttributeCerts(boolean onlyAttributeCerts) Sets 'onlyContainsAttributeCerts' value ...voidsetOnlyCaCerts(boolean onlyCaCerts) Sets 'onlyContainsCACerts' value ...voidsetOnlyUserCerts(boolean onlyUserCerts) Sets 'onlyContainsUserCerts' value ...voidsetReasonFlags(org.bouncycastle.asn1.x509.ReasonFlags reasonFlags) Sets 'onlySomeReasons' value ...voidsetSignatureAlgorithm(SignatureAlgorithm signatureAlgorithm) Sets used SignatureAlgorithmvoidsetSignatureIntact(boolean signatureIntact) Sets if the signature value is validvoidsetSignatureInvalidityReason(String signatureInvalidityReason) Sets signature invalidity reasonvoidsetThisUpdate(Date thisUpdate) Sets the 'thisUpdate' field DatevoidSets distributionPoint url ...Opens the InputStream with the CRL's binariestoString()
-
Constructor Details
-
CRLValidity
Default constructor- Parameters:
crlBinary-CRLBinary
-
-
Method Details
-
getCrlBinary
Returns binary of the CRL- Returns:
CRLBinary
-
getDerEncoded
public byte[] getDerEncoded()Returns DER encoded binaries of the CRL- Returns:
- DER encoded binaries
-
toCRLInputStream
Opens the InputStream with the CRL's binaries- Returns:
InputStream
-
getSignatureAlgorithm
Gets used SignatureAlgorithm- Returns:
SignatureAlgorithm
-
setSignatureAlgorithm
Sets used SignatureAlgorithm- Parameters:
signatureAlgorithm-SignatureAlgorithm
-
getNextUpdate
Gets the 'nextUpdate' field Date- Returns:
Date
-
setNextUpdate
Sets the 'nextUpdate' field Date- Parameters:
nextUpdate-Date
-
getThisUpdate
Gets the 'thisUpdate' field Date- Returns:
Date
-
setThisUpdate
Sets the 'thisUpdate' field Date- Parameters:
thisUpdate-Date
-
getExpiredCertsOnCRL
Gets the 'expiredCertsOnCRL' field Date- Returns:
Date
-
setExpiredCertsOnCRL
Sets the 'expiredCertsOnCRL' field Date- Parameters:
expiredCertsOnCRL-Date
-
isIssuerX509PrincipalMatches
public boolean isIssuerX509PrincipalMatches()Returns if the issuer X509 Principal matches between one defined in CRL and its issuer certificate corresponding value- Returns:
- TRUE if the issuer X509 Principal matches, FALSE otherwise
-
setIssuerX509PrincipalMatches
public void setIssuerX509PrincipalMatches(boolean issuerX509PrincipalMatches) Sets if the issuer X509 Principal matches between one defined in CRL and its issuer certificate corresponding value- Parameters:
issuerX509PrincipalMatches- if the issuer X509 Principal matches
-
isSignatureIntact
public boolean isSignatureIntact()Gets if the signature value is valid- Returns:
- TRUE if the signature is valid, FALSE otherwise
-
setSignatureIntact
public void setSignatureIntact(boolean signatureIntact) Sets if the signature value is valid- Parameters:
signatureIntact- if the signature value is valid
-
isCrlSignKeyUsage
public boolean isCrlSignKeyUsage()Gets if the issuer certificate has 'cRLSign' key usage- Returns:
- TRUE if the issuer certificate has 'cRLSign' key usage, FALSE otherwise
-
setCrlSignKeyUsage
public void setCrlSignKeyUsage(boolean crlSignKeyUsage) Sets if the issuer certificate has 'cRLSign' key usage- Parameters:
crlSignKeyUsage- if the issuer certificate has 'cRLSign' key usage
-
getIssuerToken
Gets the issuer certificateToken- Returns:
CertificateToken
-
setIssuerToken
Sets the issuer certificateToken- Parameters:
issuerToken-CertificateToken
-
getSignatureInvalidityReason
Gets signature invalidity reason if signature is invalid- Returns:
- signature invalidity reason
String, null for a valid signatureValue
-
setSignatureInvalidityReason
Sets signature invalidity reason- Parameters:
signatureInvalidityReason-String
-
getUrl
Gets distributionPoint url ... distributionPoint [0] DistributionPointName OPTIONAL ...- Returns:
StringdistributionPoint url
-
setUrl
Sets distributionPoint url ... distributionPoint [0] DistributionPointName OPTIONAL ...- Parameters:
url-StringdistributionPoint url
-
setOnlyUserCerts
public void setOnlyUserCerts(boolean onlyUserCerts) Sets 'onlyContainsUserCerts' value ... onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE ...- Parameters:
onlyUserCerts- 'onlyContainsUserCerts' value
-
setOnlyCaCerts
public void setOnlyCaCerts(boolean onlyCaCerts) Sets 'onlyContainsCACerts' value ... onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE ...- Parameters:
onlyCaCerts- 'onlyContainsCACerts' value
-
setReasonFlags
public void setReasonFlags(org.bouncycastle.asn1.x509.ReasonFlags reasonFlags) Sets 'onlySomeReasons' value ... onlySomeReasons [3] ReasonFlags OPTIONAL ...- Parameters:
reasonFlags- 'onlySomeReasons' value
-
setIndirectCrl
public void setIndirectCrl(boolean indirectCrl) Sets 'indirectCRL' value ... indirectCRL [4] BOOLEAN DEFAULT FALSE ...- Parameters:
indirectCrl- 'indirectCRL' value
-
setOnlyAttributeCerts
public void setOnlyAttributeCerts(boolean onlyAttributeCerts) Sets 'onlyContainsAttributeCerts' value ... onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE ...- Parameters:
onlyAttributeCerts- 'onlyContainsAttributeCerts' value
-
areCriticalExtensionsOidNotEmpty
public boolean areCriticalExtensionsOidNotEmpty()Checks if the collection of critical extension OIDs is not empty- Returns:
- TRUE if the collection of critical extension OIDs is not empty, FALSE if empty
-
setCriticalExtensionsOid
Sets a collection of critical extension OIDs- Parameters:
criticalExtensionsOid- a collection ofStringcritical extension OIDs
-
isValid
public boolean isValid()This method indicates if the CRL is valid. To be valid the CRL must fulfill the following requirements: - its signature must be valid, - the issuer of the certificate for which the CRL is used must match the CRL signing certificate and - the mandatory key usage must be present.- Returns:
trueif the CRL is validfalseotherwise.
-
isUnknownCriticalExtension
public boolean isUnknownCriticalExtension()Checks if the critical extensions are unknown- Returns:
- TRUE if the critical extensions are unknown, FALSE otherwise
-
equals
-
hashCode
public int hashCode() -
toString
-