PlainCRLValidator (canl 2.5.0 API)

java.lang.Object
- eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
- - eu.emi.security.authn.x509.helpers.pkipath.PlainCRLValidator

All Implemented Interfaces:

X509CertChainValidator, X509CertChainValidatorExt

Direct Known Subclasses:

DirectoryCertChainValidator, InMemoryKeystoreCertChainValidator, KeystoreCertChainValidator
```
public abstract class PlainCRLValidator
extends AbstractValidator
```
An abstract validator which provides a CRL support common for validators using PlainCRLStoreSpi. Additionally it also defines a timer useful for CA or CRL updates.
The CRLs (Certificate Revocation Lists, if their handling is turned on) can be obtained from two sources: CA certificate extension defining CRL URL and additional list of URLs manually set by the class user. As an additional feature one may provide a simple paths to a local files, using wildcards. All files matching a wildcard are used.
Important note: this class extends AbstractValidator. Those classes are in fact unrelated, but as Java deosn't support multi inheritance we still extend it. Extensions of this class must initialize AbstractValidator with its AbstractValidator.init(eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore, eu.emi.security.authn.x509.helpers.crl.AbstractCRLStoreSPI, eu.emi.security.authn.x509.ProxySupport, eu.emi.security.authn.x509.RevocationParameters) method.
This class is thread-safe.

Author:

K. Benedyczak

See Also:

X509CertChainValidator, KeystoreCertChainValidator

Field Summary

Fields
Modifier and Type Field and Description

protected PlainCRLStoreSpi crlStoreImpl

protected RevocationParametersExt revocationParameters

protected static Timer timer
- Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
  disposed, listeners, observers, validator

Fields
Modifier and Type	Field and Description
`protected PlainCRLStoreSpi`	`crlStoreImpl`
`protected RevocationParametersExt`	`revocationParameters`
`protected static Timer`	`timer`

Constructor Summary

Constructors
Constructor and Description
`PlainCRLValidator(RevocationParametersExt revocationParams, Collection<? extends StoreUpdateListener> listeners)` Constructs a new validator instance.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected PlainCRLStoreSpi`	`createCRLStore(CRLParameters crlParams, Timer t)` This method can be overridden if a different implementation of the `PlainCRLStoreSpi` (its subclass) should be used.
`void`	`dispose()` Disposes resources used by this Validator, like threads.
`List<String>`	`getCrls()` Returns the current list of additional CRL locations.
`long`	`getCRLUpdateInterval()` Returns the interval between subsequent reloads of CRLs.
`RevocationParametersExt`	`getRevocationParameters()` Returns a copy (so modifications won't change this validator internal state) of revocation parameters.
`void`	`setCrls(List<String> crls)` Sets a new list of additional CRL locations.
`void`	`setCRLUpdateInterval(long updateInterval)` Sets a new interval between subsequent of CRLs.

Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
addUpdateListener, addValidationListener, getProxySupport, getRevocationCheckingMode, getTrustedIssuers, init, isDisposed, notifyListeners, processErrorList, removeUpdateListener, removeValidationListener, validate, validate, validate

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - crlStoreImpl
```
protected PlainCRLStoreSpi crlStoreImpl
```
  - revocationParameters
```
protected RevocationParametersExt revocationParameters
```
  - timer
```
protected static final Timer timer
```
- Constructor Detail
  - PlainCRLValidator
```
public PlainCRLValidator(RevocationParametersExt revocationParams,
                         Collection<? extends StoreUpdateListener> listeners)
```
    Constructs a new validator instance. CRLs (Certificate Revocation Lists) are taken from the trusted CAs certificate extension and downloaded, unless CRL checking is disabled. Additional CRLs may be provided explicitly using the constructor argument. Such additional CRLs are preferred to the ones defined by the CA extensions.
    
    Parameters:
    
    revocationParams - configuration of CRL sources
    
    listeners - initial listeners to be notified about CRL background updates
- Method Detail
  - createCRLStore
```
protected PlainCRLStoreSpi createCRLStore(CRLParameters crlParams,
                                          Timer t)
```
    This method can be overridden if a different implementation of the PlainCRLStoreSpi (its subclass) should be used.
    
    Parameters:
    
    crlParams - source definition
    
    t - timer to be used for scheduling updates
    
    Returns:
    
    initialized CRL store SPI
  - getRevocationParameters
```
public RevocationParametersExt getRevocationParameters()
```
    Returns a copy (so modifications won't change this validator internal state) of revocation parameters.
    
    Returns:
    
    revocation parameters
  - getCRLUpdateInterval
```
public long getCRLUpdateInterval()
```
    Returns the interval between subsequent reloads of CRLs. This setting is used for all CRLs (those defined in CA certificates and manually configured). Implementation does not guarantees that the CRL is updated exactly after this interval.
    
    Returns:
    
    the current refresh interval in milliseconds
  - setCRLUpdateInterval
```
public void setCRLUpdateInterval(long updateInterval)
```
    Sets a new interval between subsequent of CRLs. This setting is used for all CRLs (those defined in CA certificates and manually configured). Implementation does not guarantees that the CRL is updated exactly after this interval.
    
    Parameters:
    
    updateInterval - the new interval to be set in milliseconds
  - getCrls
```
public List<String> getCrls()
```
    Returns the current list of additional CRL locations. See class description for details.
    
    Returns:
    
    The current list of additional CRLs. The returned list is a copy of the list actually used so its modifications does not influence the validator.
  - setCrls
```
public void setCrls(List<String> crls)
```
    Sets a new list of additional CRL locations. See class description for details.
    
    Parameters:
    
    crls - the new list.
  - dispose
```
public void dispose()
```
    Description copied from class: AbstractValidator
    
    Disposes resources used by this Validator, like threads. After calling this method the validator can not be used anymore.
    
    Specified by:
    
    dispose in interface X509CertChainValidatorExt
    
    Overrides:
    
    dispose in class AbstractValidator

Class PlainCRLValidator

Field Summary

Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator

Constructor Summary

Method Summary

Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator

Methods inherited from class java.lang.Object

Field Detail

crlStoreImpl

revocationParameters

timer

Constructor Detail

PlainCRLValidator

Method Detail

createCRLStore

getRevocationParameters

getCRLUpdateInterval

setCRLUpdateInterval

getCrls

setCrls

dispose