Package eu.emi.security.authn.x509

Class RevocationParameters

java.lang.Object
eu.emi.security.authn.x509.RevocationParameters
All Implemented Interfaces:
Cloneable
Direct Known Subclasses:
RevocationParametersExt
public class RevocationParameters extends Object implements Cloneable
Wraps the information required to control how certificates revocation is checked. Currently two mechanisms can be configured (also together): CRL and OCSP. Each of the mechanisms can have its own options. In case of CRLs this configuration can be even different depending on validator being used.

This class controls also the overall revocation checking process, if more then one revocation source is enabled. It is possible to choose which is tried first and whether all enabled sources must be used always (useAllEnabled). For instance, let's assume the default revocation checking order (OCSP, CRL) and that both sources are enabled. Then if OCSP returns that certificate is valid and useAllEnabled is true, also the CRL will be checked. If useAllEnabled is false, then OCSP answer will be sufficient.

Note that regardless of the useAllEnabled setting, if the first source returns that the certificate is revoked, the next one will not be used.

Finally note that the individual revocation sources settings are the most important anyway. For instance if both sources are enabled, but in non-requisite modes, then the whole revocation checking can finish in undetermined state which will be perfectly fine.

Author:
K. Benedyczak
See Also:

  • Field Details

  • Constructor Details

    • RevocationParameters

      public RevocationParameters()
      Default constructor, using the default CrlCheckingMode.IF_VALID and default OCSPParametes. One positive revocation source is enough to finish validation, order is set to OCSP first, then CRL.

    • RevocationParameters

      public RevocationParameters(CrlCheckingMode crlCheckingMode)
      Deprecated.
      Constructor using default OCSPParametes One positive revocation source is enough to finish validation, order is set to OCSP first, then CRL.
      Parameters:
      crlCheckingMode - what CRL settings shall be used

    • RevocationParameters

      public RevocationParameters(CrlCheckingMode crlCheckingMode, OCSPParametes ocspParameters)
      One positive revocation source is enough to finish validation, order is set to OCSP first, then CRL.
      Parameters:
      crlCheckingMode - what CRL settings shall be used
      ocspParameters - what OCSP settings shall be used

    • RevocationParameters

      public RevocationParameters(CrlCheckingMode crlCheckingMode, OCSPParametes ocspParametes, boolean useAllEnabled, RevocationParameters.RevocationCheckingOrder order)
      Constructor allowing to control all settings.
      Parameters:
      crlCheckingMode - what CRL settings shall be used
      ocspParametes - what OCSP settings shall be used
      useAllEnabled - useful only if more then one revocation method is enabled. If this parameter is true then all enabled revocation sources are tried, even if the first one returns that certificate is valid.
      order - in what order the configured revocations methods should be tried. Significant only if more then one source is enabled.

  • Method Details

    • getCrlCheckingMode

      public CrlCheckingMode getCrlCheckingMode()
      Returns the current CRL settings.
      Returns:
      the current CRL settings

    • setCrlCheckingMode

      public void setCrlCheckingMode(CrlCheckingMode crlCheckingMode)
      Changes CRL settings that shall be used.
      Parameters:
      crlCheckingMode - what CRL settings shall be used

    • getOcspParameters

      public OCSPParametes getOcspParameters()
      Returns the current OCSP settings.
      Returns:
      the current OCSP settings

    • setOcspParameters

      public void setOcspParameters(OCSPParametes ocspParametes)
      Changes OCSP settings that shall be used.
      Parameters:
      ocspParametes - what OCSP settings shall be used

    • isUseAllEnabled

      public boolean isUseAllEnabled()
      Returns:
      the useAllEnabled

    • setUseAllEnabled

      public void setUseAllEnabled(boolean useAllEnabled)
      Parameters:
      useAllEnabled - the useAllEnabled to set

    • getOrder

      public RevocationParameters.RevocationCheckingOrder getOrder()
      Returns:
      the order

    • setOrder

      public void setOrder(RevocationParameters.RevocationCheckingOrder order)
      Parameters:
      order - the order to set

    • clone

      public RevocationParameters clone()
      Clone the instance
      Overrides:
      clone in class Object