Class PlainCRLValidator
java.lang.Object
eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator
- All Implemented Interfaces:
X509CertChainValidator,X509CertChainValidatorExt
- Direct Known Subclasses:
DirectoryCertChainValidator,InMemoryKeystoreCertChainValidator,KeystoreCertChainValidator
An abstract validator which provides a CRL support common for validators
using PlainCRLStoreSpi. Additionally it also defines a timer useful for
CA or CRL updates.
The CRLs (Certificate Revocation Lists, if their handling is turned on) can be obtained from two sources: CA certificate extension defining CRL URL and additional list of URLs manually set by the class user. As an additional feature one may provide a simple paths to a local files, using wildcards. All files matching a wildcard are used.
Important note: this class extends AbstractValidator. Those classes are in fact
unrelated, but as Java deosn't support multi inheritance we still extend it.
Extensions of this class must initialize AbstractValidator with its
AbstractValidator.init(eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore, eu.emi.security.authn.x509.helpers.crl.AbstractCRLStoreSPI, eu.emi.security.authn.x509.ProxySupport, eu.emi.security.authn.x509.RevocationParameters)
method.
This class is thread-safe.
- Author:
- K. Benedyczak
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected PlainCRLStoreSpiprotected RevocationParametersExtprotected static final TimerFields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
disposed, listeners, observers, validator -
Constructor Summary
ConstructorsConstructorDescriptionPlainCRLValidator(RevocationParametersExt revocationParams, Collection<? extends StoreUpdateListener> listeners) Constructs a new validator instance. -
Method Summary
Modifier and TypeMethodDescriptionprotected PlainCRLStoreSpicreateCRLStore(CRLParameters crlParams, Timer t) This method can be overridden if a different implementation of thePlainCRLStoreSpi(its subclass) should be used.voiddispose()Disposes resources used by this Validator, like threads.getCrls()Returns the current list of additional CRL locations.longReturns the interval between subsequent reloads of CRLs.Returns a copy (so modifications won't change this validator internal state) of revocation parameters.voidSets a new list of additional CRL locations.voidsetCRLUpdateInterval(long updateInterval) Sets a new interval between subsequent of CRLs.Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
addUpdateListener, addValidationListener, getProxySupport, getRevocationCheckingMode, getTrustedIssuers, init, isDisposed, notifyListeners, processErrorList, removeUpdateListener, removeValidationListener, validate, validate, validate
-
Field Details
-
crlStoreImpl
-
revocationParameters
-
timer
-
-
Constructor Details
-
PlainCRLValidator
public PlainCRLValidator(RevocationParametersExt revocationParams, Collection<? extends StoreUpdateListener> listeners) Constructs a new validator instance. CRLs (Certificate Revocation Lists) are taken from the trusted CAs certificate extension and downloaded, unless CRL checking is disabled. Additional CRLs may be provided explicitly using the constructor argument. Such additional CRLs are preferred to the ones defined by the CA extensions.- Parameters:
revocationParams- configuration of CRL sourceslisteners- initial listeners to be notified about CRL background updates
-
-
Method Details
-
createCRLStore
This method can be overridden if a different implementation of thePlainCRLStoreSpi(its subclass) should be used.- Parameters:
crlParams- source definitiont- timer to be used for scheduling updates- Returns:
- initialized CRL store SPI
-
getRevocationParameters
Returns a copy (so modifications won't change this validator internal state) of revocation parameters.- Returns:
- revocation parameters
-
getCRLUpdateInterval
public long getCRLUpdateInterval()Returns the interval between subsequent reloads of CRLs. This setting is used for all CRLs (those defined in CA certificates and manually configured). Implementation does not guarantees that the CRL is updated exactly after this interval.- Returns:
- the current refresh interval in milliseconds
-
setCRLUpdateInterval
public void setCRLUpdateInterval(long updateInterval) Sets a new interval between subsequent of CRLs. This setting is used for all CRLs (those defined in CA certificates and manually configured). Implementation does not guarantees that the CRL is updated exactly after this interval.- Parameters:
updateInterval- the new interval to be set in milliseconds
-
getCrls
Returns the current list of additional CRL locations. See class description for details.- Returns:
- The current list of additional CRLs. The returned list is a copy of the list actually used so its modifications does not influence the validator.
-
setCrls
Sets a new list of additional CRL locations. See class description for details.- Parameters:
crls- the new list.
-
dispose
public void dispose()Description copied from class:AbstractValidatorDisposes resources used by this Validator, like threads. After calling this method the validator can not be used anymore.- Specified by:
disposein interfaceX509CertChainValidatorExt- Overrides:
disposein classAbstractValidator
-