package org.bouncycastle.pkix.jcajce;

import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

import org.bouncycastle.jcajce.PKIXCRLStoreSelector;
import org.bouncycastle.util.Store;
import org.bouncycastle.util.StoreException;

class PKIXCRLUtil
{
    public Set findCRLs(PKIXCRLStoreSelector crlselect, Date validityDate, List certStores, List pkixCrlStores)
        throws AnnotatedException
    {
        Set initialSet = new HashSet();

        // get complete CRL(s)
        try
        {
            initialSet.addAll(findCRLs(crlselect, pkixCrlStores));
            initialSet.addAll(findCRLs(crlselect, certStores));
        }
        catch (AnnotatedException e)
        {
            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
        }

        Set finalSet = new HashSet();

        // based on RFC 5280 6.3.3
        for (Iterator it = initialSet.iterator(); it.hasNext();)
        {
            X509CRL crl = (X509CRL)it.next();

            if (crl.getNextUpdate().after(validityDate))
            {
                X509Certificate cert = crlselect.getCertificateChecking();

                if (cert != null)
                {
                    if (crl.getThisUpdate().before(cert.getNotAfter()))
                    {
                        finalSet.add(crl);
                    }
                }
                else
                {
                    finalSet.add(crl);
                }
            }
        }

        return finalSet;
    }

    
Return a Collection of all CRLs found in the X509Store's that are matching the crlSelect criteriums.
Params:
  • crlSelect – a PKIXCRLStoreSelector object that will be used to select the CRLs
  • crlStores – a List containing only Store objects. These are used to search for CRLs
Returns:a Collection of all found X509CRL objects. May be empty but never null.
/** * Return a Collection of all CRLs found in the X509Store's that are * matching the crlSelect criteriums. * * @param crlSelect a {@link PKIXCRLStoreSelector} object that will be used * to select the CRLs * @param crlStores a List containing only * {@link Store} objects. * These are used to search for CRLs * * @return a Collection of all found {@link X509CRL X509CRL} objects. May be * empty but never <code>null</code>. */
private final Collection findCRLs(PKIXCRLStoreSelector crlSelect, List crlStores) throws AnnotatedException { Set crls = new HashSet(); Iterator iter = crlStores.iterator(); AnnotatedException lastException = null; boolean foundValidStore = false; while (iter.hasNext()) { Object obj = iter.next(); if (obj instanceof Store) { Store store = (Store)obj; try { crls.addAll(store.getMatches(crlSelect)); foundValidStore = true; } catch (StoreException e) { lastException = new AnnotatedException( "Exception searching in X.509 CRL store.", e); } } else { CertStore store = (CertStore)obj; try { crls.addAll(PKIXCRLStoreSelector.getCRLs(crlSelect, store)); foundValidStore = true; } catch (CertStoreException e) { lastException = new AnnotatedException( "Exception searching in X.509 CRL store.", e); } } } if (!foundValidStore && lastException != null) { throw lastException; } return crls; } }