eu.emi.security.authn.x509
Class RevocationParameters

java.lang.Object
  extended by eu.emi.security.authn.x509.RevocationParameters
All Implemented Interfaces:
Cloneable
Direct Known Subclasses:
RevocationParametersExt

public class RevocationParameters
extends Object
implements Cloneable

Wraps the information required to control how certificates revocation is checked. Currently two mechanisms can be configured (also together): CRL and OCSP. Each of the mechanisms can have its own options. In case of CRLs this configuration can be even different depending on validator being used.

This class controls also the overall revocation checking process, if more then one revocation source is enabled. It is possible to choose which is tried first and whether all enabled sources must be used always (useAllEnabled). For instance, let's assume the default revocation checking order (OCSP, CRL) and that both sources are enabled. Then if OCSP returns that certificate is valid and useAllEnabled is true, also the CRL will be checked. If useAllEnabled is false, then OCSP answer will be sufficient.

Note that regardless of the useAllEnabled setting, if the first source returns that the certificate is revoked, the next one will not be used.

Finally note that the individual revocation sources settings are the most important anyway. For instance if both sources are enabled, but in non-requisite modes, then the whole revocation checking can finish in undetermined state which will be perfectly fine.

Author:
K. Benedyczak
See Also:
RevocationParametersExt

Nested Class Summary
static class RevocationParameters.RevocationCheckingOrder
           
 
Field Summary
protected  CrlCheckingMode crlCheckingMode
           
static RevocationParameters IGNORE
          Constant which can be used to simply turn off any revocation checking.
protected  OCSPParametes ocspParameters
           
protected  RevocationParameters.RevocationCheckingOrder order
           
protected  boolean useAllEnabled
           
 
Constructor Summary
RevocationParameters()
          Default constructor, using the default CrlCheckingMode.IF_VALID and default OCSPParametes.
RevocationParameters(CrlCheckingMode crlCheckingMode)
          Deprecated.  
RevocationParameters(CrlCheckingMode crlCheckingMode, OCSPParametes ocspParameters)
          One positive revocation source is enough to finish validation, order is set to OCSP first, then CRL.
RevocationParameters(CrlCheckingMode crlCheckingMode, OCSPParametes ocspParametes, boolean useAllEnabled, RevocationParameters.RevocationCheckingOrder order)
          Constructor allowing to control all settings.
 
Method Summary
 RevocationParameters clone()
          Clone the instance
 CrlCheckingMode getCrlCheckingMode()
          Returns the current CRL settings.
 OCSPParametes getOcspParameters()
          Returns the current OCSP settings.
 RevocationParameters.RevocationCheckingOrder getOrder()
           
 boolean isUseAllEnabled()
           
 void setCrlCheckingMode(CrlCheckingMode crlCheckingMode)
          Changes CRL settings that shall be used.
 void setOcspParameters(OCSPParametes ocspParametes)
          Changes OCSP settings that shall be used.
 void setOrder(RevocationParameters.RevocationCheckingOrder order)
           
 void setUseAllEnabled(boolean useAllEnabled)
           
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

IGNORE

public static final RevocationParameters IGNORE
Constant which can be used to simply turn off any revocation checking.


crlCheckingMode

protected CrlCheckingMode crlCheckingMode

ocspParameters

protected OCSPParametes ocspParameters

useAllEnabled

protected boolean useAllEnabled

order

protected RevocationParameters.RevocationCheckingOrder order
Constructor Detail

RevocationParameters

public RevocationParameters()
Default constructor, using the default CrlCheckingMode.IF_VALID and default OCSPParametes. One positive revocation source is enough to finish validation, order is set to OCSP first, then CRL.


RevocationParameters

public RevocationParameters(CrlCheckingMode crlCheckingMode)
Deprecated. 

Constructor using default OCSPParametes One positive revocation source is enough to finish validation, order is set to OCSP first, then CRL.

Parameters:
crlCheckingMode - what CRL settings shall be used

RevocationParameters

public RevocationParameters(CrlCheckingMode crlCheckingMode,
                            OCSPParametes ocspParameters)
One positive revocation source is enough to finish validation, order is set to OCSP first, then CRL.

Parameters:
crlCheckingMode - what CRL settings shall be used
ocspParameters - what OCSP settings shall be used

RevocationParameters

public RevocationParameters(CrlCheckingMode crlCheckingMode,
                            OCSPParametes ocspParametes,
                            boolean useAllEnabled,
                            RevocationParameters.RevocationCheckingOrder order)
Constructor allowing to control all settings.

Parameters:
crlCheckingMode - what CRL settings shall be used
ocspParametes - what OCSP settings shall be used
useAllEnabled - useful only if more then one revocation method is enabled. If this parameter is true then all enabled revocation sources are tried, even if the first one returns that certificate is valid.
order - in what order the configured revocations methods should be tried. Significant only if more then one source is enabled.
Method Detail

getCrlCheckingMode

public CrlCheckingMode getCrlCheckingMode()
Returns the current CRL settings.

Returns:
the current CRL settings

setCrlCheckingMode

public void setCrlCheckingMode(CrlCheckingMode crlCheckingMode)
Changes CRL settings that shall be used.

Parameters:
crlCheckingMode - what CRL settings shall be used

getOcspParameters

public OCSPParametes getOcspParameters()
Returns the current OCSP settings.

Returns:
the current OCSP settings

setOcspParameters

public void setOcspParameters(OCSPParametes ocspParametes)
Changes OCSP settings that shall be used.

Parameters:
ocspParametes - what OCSP settings shall be used

isUseAllEnabled

public boolean isUseAllEnabled()
Returns:
the useAllEnabled

setUseAllEnabled

public void setUseAllEnabled(boolean useAllEnabled)
Parameters:
useAllEnabled - the useAllEnabled to set

getOrder

public RevocationParameters.RevocationCheckingOrder getOrder()
Returns:
the order

setOrder

public void setOrder(RevocationParameters.RevocationCheckingOrder order)
Parameters:
order - the order to set

clone

public RevocationParameters clone()
Clone the instance

Overrides:
clone in class Object


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.