eu.emi.security.authn.x509.helpers.pkipath
Class PlainCRLValidator

java.lang.Object
  extended by eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
      extended by eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
All Implemented Interfaces:
X509CertChainValidator, X509CertChainValidatorExt
Direct Known Subclasses:
DirectoryCertChainValidator, InMemoryKeystoreCertChainValidator, KeystoreCertChainValidator

public abstract class PlainCRLValidator
extends AbstractValidator

An abstract validator which provides a CRL support common for validators using PlainCRLStoreSpi. Additionally it also defines a timer useful for CA or CRL updates.

The CRLs (Certificate Revocation Lists, if their handling is turned on) can be obtained from two sources: CA certificate extension defining CRL URL and additional list of URLs manually set by the class user. As an additional feature one may provide a simple paths to a local files, using wildcards. All files matching a wildcard are used.

Important note: this class extends AbstractValidator. Those classes are in fact unrelated, but as Java deosn't support multi inheritance we still extend it. Extensions of this class must initialize AbstractValidator with its AbstractValidator.init(eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore, PlainCRLStoreSpi, eu.emi.security.authn.x509.ProxySupport, eu.emi.security.authn.x509.RevocationParameters) method.

This class is thread-safe.

Author:
K. Benedyczak
See Also:
X509CertChainValidator, KeystoreCertChainValidator

Field Summary
protected  PlainCRLStoreSpi crlStoreImpl
           
protected  RevocationParametersExt revocationParameters
           
protected static Timer timer
           
 
Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
disposed, listeners, observers, validator
 
Constructor Summary
PlainCRLValidator(RevocationParametersExt revocationParams, Collection<? extends StoreUpdateListener> listeners)
          Constructs a new validator instance.
 
Method Summary
protected  PlainCRLStoreSpi createCRLStore(CRLParameters crlParams, Timer t)
          This method can be overridden if a different implementation of the PlainCRLStoreSpi (its subclass) should be used.
 void dispose()
          Disposes resources used by this Validator, like threads.
 List<String> getCrls()
          Returns the current list of additional CRL locations.
 long getCRLUpdateInterval()
          Returns the interval between subsequent reloads of CRLs.
 RevocationParametersExt getRevocationParameters()
          Returns a copy (so modifications won't change this validator internal state) of revocation parameters.
 void setCrls(List<String> crls)
          Sets a new list of additional CRL locations.
 void setCRLUpdateInterval(long updateInterval)
          Sets a new interval between subsequent of CRLs.
 
Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
addUpdateListener, addValidationListener, getProxySupport, getRevocationCheckingMode, getTrustedIssuers, init, notifyListeners, processErrorList, removeUpdateListener, removeValidationListener, validate, validate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

crlStoreImpl

protected PlainCRLStoreSpi crlStoreImpl

revocationParameters

protected RevocationParametersExt revocationParameters

timer

protected static final Timer timer
Constructor Detail

PlainCRLValidator

public PlainCRLValidator(RevocationParametersExt revocationParams,
                         Collection<? extends StoreUpdateListener> listeners)
Constructs a new validator instance. CRLs (Certificate Revocation Lists) are taken from the trusted CAs certificate extension and downloaded, unless CRL checking is disabled. Additional CRLs may be provided explicitly using the constructor argument. Such additional CRLs are preferred to the ones defined by the CA extensions.

Parameters:
revocationParams - configuration of CRL sources
listeners - initial listeners to be notified about CRL background updates
Method Detail

createCRLStore

protected PlainCRLStoreSpi createCRLStore(CRLParameters crlParams,
                                          Timer t)
This method can be overridden if a different implementation of the PlainCRLStoreSpi (its subclass) should be used.

Parameters:
crlParams - source definition
t - timer to be used for scheduling updates
Returns:
initialized CRL store SPI

getRevocationParameters

public RevocationParametersExt getRevocationParameters()
Returns a copy (so modifications won't change this validator internal state) of revocation parameters.

Returns:
revocation parameters

getCRLUpdateInterval

public long getCRLUpdateInterval()
Returns the interval between subsequent reloads of CRLs. This setting is used for all CRLs (those defined in CA certificates and manually configured). Implementation does not guarantees that the CRL is updated exactly after this interval.

Returns:
the current refresh interval in milliseconds

setCRLUpdateInterval

public void setCRLUpdateInterval(long updateInterval)
Sets a new interval between subsequent of CRLs. This setting is used for all CRLs (those defined in CA certificates and manually configured). Implementation does not guarantees that the CRL is updated exactly after this interval.

Parameters:
updateInterval - the new interval to be set in milliseconds

getCrls

public List<String> getCrls()
Returns the current list of additional CRL locations. See class description for details.

Returns:
The current list of additional CRLs. The returned list is a copy of the list actually used so its modifications does not influence the validator.

setCrls

public void setCrls(List<String> crls)
Sets a new list of additional CRL locations. See class description for details.

Parameters:
crls - the new list.

dispose

public void dispose()
Description copied from class: AbstractValidator
Disposes resources used by this Validator, like threads. After calling this method the validator can not be used anymore.

Specified by:
dispose in interface X509CertChainValidatorExt
Overrides:
dispose in class AbstractValidator


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.