File tree Expand file tree Collapse file tree 4 files changed +315
-483
lines changed
prov/src/main/java/org/bouncycastle Expand file tree Collapse file tree 4 files changed +315
-483
lines changed Original file line number Diff line number Diff line change @@ -185,45 +185,44 @@ public boolean match(CRL obj)
185185 }
186186
187187 X509CRL crl = (X509CRL )obj ;
188- ASN1Integer dci = null ;
189- try
188+
189+ // TODO[pkix] Do we always need to parse the Delta CRL Indicator extension?
190190 {
191- byte [] bytes = crl
192- .getExtensionValue (Extension .deltaCRLIndicator .getId ());
193- if (bytes != null )
191+ ASN1Integer baseCRLNumber = null ;
192+ try
194193 {
195- dci = ASN1Integer .getInstance (ASN1OctetString .getInstance (bytes ).getOctets ());
194+ byte [] dci = crl .getExtensionValue (Extension .deltaCRLIndicator .getId ());
195+ if (dci != null )
196+ {
197+ baseCRLNumber = ASN1Integer .getInstance (ASN1OctetString .getInstance (dci ).getOctets ());
198+ }
196199 }
197- }
198- catch (Exception e )
199- {
200- return false ;
201- }
202- if (isDeltaCRLIndicatorEnabled ())
203- {
204- if (dci == null )
200+ catch (Exception e )
205201 {
206202 return false ;
207203 }
208- }
209- if (isCompleteCRLEnabled ())
210- {
211- if (dci != null )
204+
205+ if (baseCRLNumber == null )
212206 {
213- return false ;
207+ if (isDeltaCRLIndicatorEnabled ())
208+ {
209+ return false ;
210+ }
214211 }
215- }
216- if (dci != null )
217- {
218-
219- if (maxBaseCRLNumber != null )
212+ else
220213 {
221- if (dci .getPositiveValue ().compareTo (maxBaseCRLNumber ) == 1 )
214+ if (isCompleteCRLEnabled ())
215+ {
216+ return false ;
217+ }
218+
219+ if (maxBaseCRLNumber != null && baseCRLNumber .getPositiveValue ().compareTo (maxBaseCRLNumber ) == 1 )
222220 {
223221 return false ;
224222 }
225223 }
226224 }
225+
227226 if (issuingDistributionPointEnabled )
228227 {
229228 byte [] idp = crl
You can’t perform that action at this time.
0 commit comments