/** * Can alse handle <code>ExtendedPKIXBuilderParameters</code> and <code>PKIXBuilderParameters * </code>. * * @param params Parameters to set. * @see org.spongycastle.x509.ExtendedPKIXParameters#setParams(java.security.cert.PKIXParameters) */ protected void setParams(PKIXParameters params) { super.setParams(params); if (params instanceof ExtendedPKIXBuilderParameters) { ExtendedPKIXBuilderParameters _params = (ExtendedPKIXBuilderParameters) params; maxPathLength = _params.maxPathLength; excludedCerts = new HashSet(_params.excludedCerts); } if (params instanceof PKIXBuilderParameters) { PKIXBuilderParameters _params = (PKIXBuilderParameters) params; maxPathLength = _params.getMaxPathLength(); } }
public Set findCRLs( X509CRLStoreSelector crlselect, ExtendedPKIXParameters paramsPKIX, Date currentDate) throws AnnotatedException { Set initialSet = new HashSet(); // get complete CRL(s) try { initialSet.addAll(findCRLs(crlselect, paramsPKIX.getAdditionalStores())); initialSet.addAll(findCRLs(crlselect, paramsPKIX.getStores())); initialSet.addAll(findCRLs(crlselect, paramsPKIX.getCertStores())); } catch (AnnotatedException e) { throw new AnnotatedException("Exception obtaining complete CRLs.", e); } Set finalSet = new HashSet(); Date validityDate = currentDate; if (paramsPKIX.getDate() != null) { validityDate = paramsPKIX.getDate(); } // based on RFC 5280 6.3.3 for (Iterator it = initialSet.iterator(); it.hasNext(); ) { X509CRL crl = (X509CRL) it.next(); if (crl.getNextUpdate().after(validityDate)) { X509Certificate cert = crlselect.getCertificateChecking(); if (cert != null) { if (crl.getThisUpdate().before(cert.getNotAfter())) { finalSet.add(crl); } } else { finalSet.add(crl); } } } return finalSet; }