Package eu.emi.security.authn.x509

Class RevocationParameters

  • All Implemented Interfaces:
    java.lang.Cloneable
    Direct Known Subclasses:
    RevocationParametersExt
    public class RevocationParameters
extends java.lang.Object
implements java.lang.Cloneable
    Wraps the information required to control how certificates revocation is checked. Currently two mechanisms can be configured (also together): CRL and OCSP. Each of the mechanisms can have its own options. In case of CRLs this configuration can be even different depending on validator being used.

    This class controls also the overall revocation checking process, if more then one revocation source is enabled. It is possible to choose which is tried first and whether all enabled sources must be used always (useAllEnabled). For instance, let's assume the default revocation checking order (OCSP, CRL) and that both sources are enabled. Then if OCSP returns that certificate is valid and useAllEnabled is true, also the CRL will be checked. If useAllEnabled is false, then OCSP answer will be sufficient.

    Note that regardless of the useAllEnabled setting, if the first source returns that the certificate is revoked, the next one will not be used.

    Finally note that the individual revocation sources settings are the most important anyway. For instance if both sources are enabled, but in non-requisite modes, then the whole revocation checking can finish in undetermined state which will be perfectly fine.

    Author:
    K. Benedyczak
    See Also:
    RevocationParametersExt

    • Constructor Detail

      • RevocationParameters

        public RevocationParameters()
        Default constructor, using the default CrlCheckingMode.IF_VALID and default OCSPParametes. One positive revocation source is enough to finish validation, order is set to OCSP first, then CRL.

      • RevocationParameters

        public RevocationParameters​(CrlCheckingMode crlCheckingMode)
        Deprecated.
        Constructor using default OCSPParametes One positive revocation source is enough to finish validation, order is set to OCSP first, then CRL.
        Parameters:
        crlCheckingMode - what CRL settings shall be used

      • RevocationParameters

        public RevocationParameters​(CrlCheckingMode crlCheckingMode,
                            OCSPParametes ocspParameters)
        One positive revocation source is enough to finish validation, order is set to OCSP first, then CRL.
        Parameters:
        crlCheckingMode - what CRL settings shall be used
        ocspParameters - what OCSP settings shall be used

      • RevocationParameters

        public RevocationParameters​(CrlCheckingMode crlCheckingMode,
                            OCSPParametes ocspParametes,
                            boolean useAllEnabled,
                            RevocationParameters.RevocationCheckingOrder order)
        Constructor allowing to control all settings.
        Parameters:
        crlCheckingMode - what CRL settings shall be used
        ocspParametes - what OCSP settings shall be used
        useAllEnabled - useful only if more then one revocation method is enabled. If this parameter is true then all enabled revocation sources are tried, even if the first one returns that certificate is valid.
        order - in what order the configured revocations methods should be tried. Significant only if more then one source is enabled.

    • Method Detail

      • getCrlCheckingMode

        public CrlCheckingMode getCrlCheckingMode()
        Returns the current CRL settings.
        Returns:
        the current CRL settings

      • setCrlCheckingMode

        public void setCrlCheckingMode​(CrlCheckingMode crlCheckingMode)
        Changes CRL settings that shall be used.
        Parameters:
        crlCheckingMode - what CRL settings shall be used

      • getOcspParameters

        public OCSPParametes getOcspParameters()
        Returns the current OCSP settings.
        Returns:
        the current OCSP settings

      • setOcspParameters

        public void setOcspParameters​(OCSPParametes ocspParametes)
        Changes OCSP settings that shall be used.
        Parameters:
        ocspParametes - what OCSP settings shall be used

      • isUseAllEnabled

        public boolean isUseAllEnabled()
        Returns:
        the useAllEnabled

      • setUseAllEnabled

        public void setUseAllEnabled​(boolean useAllEnabled)
        Parameters:
        useAllEnabled - the useAllEnabled to set

      • clone

        public RevocationParameters clone()
        Clone the instance
        Overrides:
        clone in class java.lang.Object