declare namespace java { namespace security { namespace cert { /** * A {@code CRLSelector} that selects {@code X509CRLs} that * match all specified criteria. This class is particularly useful when * selecting CRLs from a {@code CertStore} to check revocation status * of a particular certificate. *
* When first constructed, an {@code X509CRLSelector} has no criteria * enabled and each of the {@code get} methods return a default * value ({@code null}). Therefore, the {@link #match match} method * would return {@code true} for any {@code X509CRL}. Typically, * several criteria are enabled (by calling {@link #setIssuers setIssuers} * or {@link #setDateAndTime setDateAndTime}, for instance) and then the * {@code X509CRLSelector} is passed to * {@link CertStore#getCRLs CertStore.getCRLs} or some similar * method. *
* Please refer to RFC 3280: * Internet X.509 Public Key Infrastructure Certificate and CRL Profile * for definitions of the X.509 CRL fields and extensions mentioned below. *
* Concurrent Access *
* Unless otherwise specified, the methods defined in this class are not * thread-safe. Multiple threads that need to access a single * object concurrently should synchronize amongst themselves and * provide the necessary locking. Multiple threads each manipulating * separate objects need not synchronize. * @see CRLSelector * @see X509CRL * @since 1.4 * @author Steve Hanna */ // @ts-ignore class X509CRLSelector extends java.lang.Object implements java.security.cert.CRLSelector { /** * Creates an {@code X509CRLSelector}. Initially, no criteria are set * so any {@code X509CRL} will match. */ // @ts-ignore constructor() /** * Sets the issuerNames criterion. The issuer distinguished name in the * {@code X509CRL} must match at least one of the specified * distinguished names. If {@code null}, any issuer distinguished name * will do. *
* This method allows the caller to specify, with a single method call, * the complete set of issuer names which {@code X509CRLs} may contain. * The specified value replaces the previous value for the issuerNames * criterion. *
* The {@code names} parameter (if not {@code null}) is a * {@code Collection} of {@code X500Principal}s. *
* Note that the {@code names} parameter can contain duplicate * distinguished names, but they may be removed from the * {@code Collection} of names returned by the * {@link #getIssuers getIssuers} method. *
* Note that a copy is performed on the {@code Collection} to
* protect against subsequent modifications.
* @param issuers a {#code Collection} of X500Principals
* (or {@code null})
* @see #getIssuers
* @since 1.5
*/
// @ts-ignore
public setIssuers(issuers: java.util.Collection
* Sets the issuerNames criterion. The issuer distinguished name in the
* {@code X509CRL} must match at least one of the specified
* distinguished names. If {@code null}, any issuer distinguished name
* will do.
*
* This method allows the caller to specify, with a single method call,
* the complete set of issuer names which {@code X509CRLs} may contain.
* The specified value replaces the previous value for the issuerNames
* criterion.
*
* The {@code names} parameter (if not {@code null}) is a
* {@code Collection} of names. Each name is a {@code String}
* or a byte array representing a distinguished name (in
* RFC 2253 or
* ASN.1 DER encoded form, respectively). If {@code null} is supplied
* as the value for this argument, no issuerNames check will be performed.
*
* Note that the {@code names} parameter can contain duplicate
* distinguished names, but they may be removed from the
* {@code Collection} of names returned by the
* {@link #getIssuerNames getIssuerNames} method.
*
* If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is as follows.
*
* Note that a deep copy is performed on the {@code Collection} to
* protect against subsequent modifications.
* @param names a {#code Collection} of names (or {@code null})
* @throws IOException if a parsing error occurs
* @see #getIssuerNames
*/
// @ts-ignore
public setIssuerNames(names: java.util.Collection
* This method allows the caller to add a name to the set of issuer names
* which {@code X509CRLs} may contain. The specified name is added to
* any previous value for the issuerNames criterion.
* If the specified name is a duplicate, it may be ignored.
* @param issuer the issuer as X500Principal
* @since 1.5
*/
// @ts-ignore
public addIssuer(issuer: javax.security.auth.x500.X500Principal): void
/**
* Denigrated, use
* {@linkplain #addIssuer(X500Principal)} or
* {@linkplain #addIssuerName(byte[])} instead. This method should not be
* relied on as it can fail to match some CRLs because of a loss of
* encoding information in the RFC 2253 String form of some distinguished
* names.
*
* Adds a name to the issuerNames criterion. The issuer distinguished
* name in the {@code X509CRL} must match at least one of the specified
* distinguished names.
*
* This method allows the caller to add a name to the set of issuer names
* which {@code X509CRLs} may contain. The specified name is added to
* any previous value for the issuerNames criterion.
* If the specified name is a duplicate, it may be ignored.
* @param name the name in RFC 2253 form
* @throws IOException if a parsing error occurs
*/
// @ts-ignore
public addIssuerName(name: java.lang.String | string): void
/**
* Adds a name to the issuerNames criterion. The issuer distinguished
* name in the {@code X509CRL} must match at least one of the specified
* distinguished names.
*
* This method allows the caller to add a name to the set of issuer names
* which {@code X509CRLs} may contain. The specified name is added to
* any previous value for the issuerNames criterion. If the specified name
* is a duplicate, it may be ignored.
* If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is as follows.
*
* The name is provided as a byte array. This byte array should contain
* a single DER encoded distinguished name, as defined in X.501. The ASN.1
* notation for this structure appears in the documentation for
* {@link #setIssuerNames setIssuerNames(Collection names)}.
*
* Note that the byte array supplied here is cloned to protect against
* subsequent modifications.
* @param name a byte array containing the name in ASN.1 DER encoded form
* @throws IOException if a parsing error occurs
*/
// @ts-ignore
public addIssuerName(name: number /*byte*/[]): void
/**
* Sets the minCRLNumber criterion. The {@code X509CRL} must have a
* CRL number extension whose value is greater than or equal to the
* specified value. If {@code null}, no minCRLNumber check will be
* done.
* @param minCRL the minimum CRL number accepted (or {#code null})
*/
// @ts-ignore
public setMinCRLNumber(minCRL: java.math.BigInteger): void
/**
* Sets the maxCRLNumber criterion. The {@code X509CRL} must have a
* CRL number extension whose value is less than or equal to the
* specified value. If {@code null}, no maxCRLNumber check will be
* done.
* @param maxCRL the maximum CRL number accepted (or {#code null})
*/
// @ts-ignore
public setMaxCRLNumber(maxCRL: java.math.BigInteger): void
/**
* Sets the dateAndTime criterion. The specified date must be
* equal to or later than the value of the thisUpdate component
* of the {@code X509CRL} and earlier than the value of the
* nextUpdate component. There is no match if the {@code X509CRL}
* does not contain a nextUpdate component.
* If {@code null}, no dateAndTime check will be done.
*
* Note that the {@code Date} supplied here is cloned to protect
* against subsequent modifications.
* @param dateAndTime the {#code Date} to match against
* (or {@code null})
* @see #getDateAndTime
*/
// @ts-ignore
public setDateAndTime(dateAndTime: java.util.Date): void
/**
* Sets the certificate being checked. This is not a criterion. Rather,
* it is optional information that may help a {@code CertStore}
* find CRLs that would be relevant when checking revocation for the
* specified certificate. If {@code null} is specified, then no
* such optional information is provided.
* @param cert the {#code X509Certificate} being checked
* (or {@code null})
* @see #getCertificateChecking
*/
// @ts-ignore
public setCertificateChecking(cert: java.security.cert.X509Certificate): void
/**
* Returns the issuerNames criterion. The issuer distinguished
* name in the {@code X509CRL} must match at least one of the specified
* distinguished names. If the value returned is {@code null}, any
* issuer distinguished name will do.
*
* If the value returned is not {@code null}, it is a
* unmodifiable {@code Collection} of {@code X500Principal}s.
* @return an unmodifiable {#code Collection} of names
* (or {@code null})
* @see #setIssuers
* @since 1.5
*/
// @ts-ignore
public getIssuers(): Array
* If the value returned is not {@code null}, it is a
* {@code Collection} of names. Each name is a {@code String}
* or a byte array representing a distinguished name (in RFC 2253 or
* ASN.1 DER encoded form, respectively). Note that the
* {@code Collection} returned may contain duplicate names.
*
* If a name is specified as a byte array, it should contain a single DER
* encoded distinguished name, as defined in X.501. The ASN.1 notation for
* this structure is given in the documentation for
* {@link #setIssuerNames setIssuerNames(Collection names)}.
*
* Note that a deep copy is performed on the {@code Collection} to
* protect against subsequent modifications.
* @return a {#code Collection} of names (or {@code null})
* @see #setIssuerNames
*/
// @ts-ignore
public getIssuerNames(): Array
* Note that the {@code Date} returned is cloned to protect against
* subsequent modifications.
* @return the {#code Date} to match against (or {@code null})
* @see #setDateAndTime
*/
// @ts-ignore
public getDateAndTime(): java.util.Date
/**
* Returns the certificate being checked. This is not a criterion. Rather,
* it is optional information that may help a {@code CertStore}
* find CRLs that would be relevant when checking revocation for the
* specified certificate. If the value returned is {@code null}, then
* no such optional information is provided.
* @return the certificate being checked (or {#code null})
* @see #setCertificateChecking
*/
// @ts-ignore
public getCertificateChecking(): java.security.cert.X509Certificate
/**
* Returns a printable representation of the {@code X509CRLSelector}.
* @return a {#code String} describing the contents of the
* {@code X509CRLSelector}.
*/
// @ts-ignore
public toString(): string
/**
* Decides whether a {@code CRL} should be selected.
* @param crl the {#code CRL} to be checked
* @return {#code true} if the {@code CRL} should be selected,
* {@code false} otherwise
*/
// @ts-ignore
public match(crl: java.security.cert.CRL): boolean
/**
* Returns a copy of this object.
* @return the copy
*/
// @ts-ignore
public clone(): any
}
}
}
}
{@code
* Name ::= CHOICE {
* RDNSequence }
* RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
* RelativeDistinguishedName ::=
* SET SIZE (1 .. MAX) OF AttributeTypeAndValue
* AttributeTypeAndValue ::= SEQUENCE {
* type AttributeType,
* value AttributeValue }
* AttributeType ::= OBJECT IDENTIFIER
* AttributeValue ::= ANY DEFINED BY AttributeType
* ....
* DirectoryString ::= CHOICE {
* teletexString TeletexString (SIZE (1..MAX)),
* printableString PrintableString (SIZE (1..MAX)),
* universalString UniversalString (SIZE (1..MAX)),
* utf8String UTF8String (SIZE (1.. MAX)),
* bmpString BMPString (SIZE (1..MAX)) }
* }
*