package org.bouncycastle.jce.provider;

import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.PKIXParameters;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

import org.bouncycastle.util.StoreException;
import org.bouncycastle.x509.ExtendedPKIXParameters;
import org.bouncycastle.x509.X509CRLStoreSelector;
import org.bouncycastle.x509.X509Store;

public class PKIXCRLUtil
{
    public Set findCRLs(X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate)
        throws AnnotatedException
    {
        Set initialSet = new HashSet();

        // get complete CRL(s)
        try
        {
            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores()));
            initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
        }
        catch (AnnotatedException e)
        {
            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
        }

        Set finalSet = new HashSet();
        Date validityDate = currentDate;

        if (paramsPKIX.getDate() != null)
        {
            validityDate = paramsPKIX.getDate();
        }

        // based on RFC 5280 6.3.3
        for (Iterator it = initialSet.iterator(); it.hasNext();)
        {
            X509CRL crl = (X509CRL)it.next();

            if (crl.getNextUpdate().after(validityDate))
            {
                X509Certificate cert = crlselect.getCertificateChecking();

                if (cert != null)
                {
                    if (crl.getThisUpdate().before(cert.getNotAfter()))
                    {
                        finalSet.add(crl);
                    }
                }
                else
                {
                    finalSet.add(crl);
                }
            }
        }

        return finalSet;
    }

    public Set findCRLs(X509CRLStoreSelector crlselect, PKIXParameters paramsPKIX)
        throws AnnotatedException
    {
        Set completeSet = new HashSet();

        // get complete CRL(s)
        try
        {
            completeSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
        }
        catch (AnnotatedException e)
        {
            throw new AnnotatedException("Exception obtaining complete CRLs.", e);
        }

        return completeSet;
    }

Return a Collection of all CRLs found in the X509Store's that are matching the crlSelect criteriums.
Params:
  • crlSelect – a X509CRLStoreSelector object that will be used to select the CRLs
  • crlStores – a List containing only X509Store objects. These are used to search for CRLs
Returns:a Collection of all found X509CRL objects. May be empty but never null.
/** * Return a Collection of all CRLs found in the X509Store's that are * matching the crlSelect criteriums. * * @param crlSelect a {@link X509CRLStoreSelector} object that will be used * to select the CRLs * @param crlStores a List containing only * {@link org.bouncycastle.x509.X509Store X509Store} objects. * These are used to search for CRLs * * @return a Collection of all found {@link java.security.cert.X509CRL X509CRL} objects. May be * empty but never <code>null</code>. */
private final Collection findCRLs(X509CRLStoreSelector crlSelect, List crlStores) throws AnnotatedException { Set crls = new HashSet(); Iterator iter = crlStores.iterator(); AnnotatedException lastException = null; boolean foundValidStore = false; while (iter.hasNext()) { Object obj = iter.next(); if (obj instanceof X509Store) { X509Store store = (X509Store)obj; try { crls.addAll(store.getMatches(crlSelect)); foundValidStore = true; } catch (StoreException e) { lastException = new AnnotatedException( "Exception searching in X.509 CRL store.", e); } } else { CertStore store = (CertStore)obj; try { crls.addAll(store.getCRLs(crlSelect)); foundValidStore = true; } catch (CertStoreException e) { lastException = new AnnotatedException( "Exception searching in X.509 CRL store.", e); } } } if (!foundValidStore && lastException != null) { throw lastException; } return crls; } }