Package org.globus.gsi.trustmanager

Class CRLChecker

  • All Implemented Interfaces:
    CertificateChecker
    public class CRLChecker
extends java.lang.Object
implements CertificateChecker
    This checks to see if the certificate is in a CRL.
    Since:
    1.0
    Version:
    ${version}

    • Constructor Summary

      Constructors 
      Constructor Description
      CRLChecker​(java.security.cert.CertStore certStore, java.security.KeyStore keyStore, boolean checkDateValidity)
      Creates a CRLChecker where the CRL's are in the supplied stores.
      CRLChecker​(CertificateRevocationLists crlsList, java.security.KeyStore keyStore, boolean checkDateValidity)
      Creates a CRLChecker where the CRL's are in the supplied stores.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected void checkCRLDateValidity​(java.security.cert.X509CRL crl)  
      void invoke​(java.security.cert.X509Certificate cert, GSIConstants.CertificateType certType)
      Method that checks the if the certificate is in a CRL, if CRL is available If no CRL is found, then no error is thrown If an expired CRL is found, an error is thrown

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • CRLChecker

        public CRLChecker​(CertificateRevocationLists crlsList,
                  java.security.KeyStore keyStore,
                  boolean checkDateValidity)
        Creates a CRLChecker where the CRL's are in the supplied stores.
        Parameters:
        crlsList - The object containing the CRL's
        keyStore - The store used to get trusted certs.
        checkDateValidity - Should we check if the CRL date is valid.

      • CRLChecker

        public CRLChecker​(java.security.cert.CertStore certStore,
                  java.security.KeyStore keyStore,
                  boolean checkDateValidity)
        Creates a CRLChecker where the CRL's are in the supplied stores.
        Parameters:
        certStore - The store containing the CRL's
        keyStore - The store used to get trusted certs.
        checkDateValidity - Should we check if the CRL date is valid.

    • Method Detail

      • invoke

        public void invoke​(java.security.cert.X509Certificate cert,
                   GSIConstants.CertificateType certType)
            throws java.security.cert.CertPathValidatorException
        Method that checks the if the certificate is in a CRL, if CRL is available If no CRL is found, then no error is thrown If an expired CRL is found, an error is thrown
        Specified by:
        invoke in interface CertificateChecker
        Parameters:
        cert - The certificate to validate.
        certType - The type of certificate to validate.
        Throws:
        java.security.cert.CertPathValidatorException - If CRL or CA certificate could not be loaded from store, CRL is not valid or expired, certificate is revoked.

      • checkCRLDateValidity

        protected void checkCRLDateValidity​(java.security.cert.X509CRL crl)
                             throws java.security.cert.CertPathValidatorException
        Throws:
        java.security.cert.CertPathValidatorException