/**
* Can alse handle <code>ExtendedPKIXBuilderParameters</code> and <code>PKIXBuilderParameters
* </code>.
*
* @param params Parameters to set.
* @see org.spongycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters)
*/
protected void setParams(PKIXParameters params) {
super.setParams(params);
if (params instanceof ExtendedPKIXBuilderParameters) {
ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params;
maxPathLength = _params.maxPathLength;
excludedCerts = new HashSet(_params.excludedCerts);
}
if (params instanceof PKIXBuilderParameters) {
PKIXBuilderParameters _params = (PKIXBuilderParameters) params;
maxPathLength = _params.getMaxPathLength();
}
}
public Set findCRLs(
X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate)
throws AnnotatedException {
Set initialSet = new HashSet();
// get complete CRL(s)
try {
initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores()));
initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores()));
initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores()));
} catch (AnnotatedException e) {
throw new AnnotatedException("Exception obtaining complete CRLs.", e);
}
Set finalSet = new HashSet();
Date validityDate = currentDate;
if (paramsPKIX.getDate() != null) {
validityDate = paramsPKIX.getDate();
}
// based on RFC 5280 6.3.3
for (Iterator it = initialSet.iterator(); it.hasNext(); ) {
X509CRL crl = (X509CRL) it.next();
if (crl.getNextUpdate().after(validityDate)) {
X509Certificate cert = crlselect.getCertificateChecking();
if (cert != null) {
if (crl.getThisUpdate().before(cert.getNotAfter())) {
finalSet.add(crl);
}
} else {
finalSet.add(crl);
}
}
}
return finalSet;
}
