Class CRLChecker

java.lang.Object

org.globus.gsi.trustmanager.CRLChecker

All Implemented Interfaces:

CertificateChecker

public class CRLChecker
extends Object
implements CertificateChecker

This checks to see if the certificate is in a CRL.

Since:

1.0

Version:

${version}

Field Summary

Fields

Modifier and Type	Field	Description
private CertStore	certStore
private boolean	checkDateValidity
private CertificateRevocationLists	crlsList
private KeyStore	keyStore

Constructor Summary

Constructors

Constructor	Description
CRLChecker(CertStore certStore, KeyStore keyStore, boolean checkDateValidity)	Creates a CRLChecker where the CRL's are in the supplied stores.
CRLChecker(CertificateRevocationLists crlsList, KeyStore keyStore, boolean checkDateValidity)	Creates a CRLChecker where the CRL's are in the supplied stores.

Method Summary

Modifier and Type	Method	Description
protected void	checkCRLDateValidity(X509CRL crl)
void	invoke(X509Certificate cert, GSIConstants.CertificateType certType)	Method that checks the if the certificate is in a CRL, if CRL is available If no CRL is found, then no error is thrown If an expired CRL is found, an error is thrown
private void	verifyCRL(Certificate caCert, X509CRL crl)

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

crlsList

private CertificateRevocationLists crlsList

certStore

private CertStore certStore

keyStore

private KeyStore keyStore

checkDateValidity

private boolean checkDateValidity

Constructor Details

CRLChecker

public CRLChecker(CertificateRevocationLists crlsList,
 KeyStore keyStore,
 boolean checkDateValidity)

Creates a CRLChecker where the CRL's are in the supplied stores.

Parameters:

crlsList - The object containing the CRL's

keyStore - The store used to get trusted certs.

checkDateValidity - Should we check if the CRL date is valid.

CRLChecker

public CRLChecker(CertStore certStore,
 KeyStore keyStore,
 boolean checkDateValidity)

Creates a CRLChecker where the CRL's are in the supplied stores.

Parameters:

certStore - The store containing the CRL's

keyStore - The store used to get trusted certs.

checkDateValidity - Should we check if the CRL date is valid.

Method Details

invoke

public void invoke(X509Certificate cert,
 GSIConstants.CertificateType certType)
            throws CertPathValidatorException

Method that checks the if the certificate is in a CRL, if CRL is available If no CRL is found, then no error is thrown If an expired CRL is found, an error is thrown

Specified by:

invoke in interface CertificateChecker

Parameters:

cert - The certificate to validate.

certType - The type of certificate to validate.

Throws:

CertPathValidatorException - If CRL or CA certificate could not be loaded from store, CRL is not valid or expired, certificate is revoked.

verifyCRL

private void verifyCRL(Certificate caCert,
 X509CRL crl)
                throws CertPathValidatorException

Throws:

CertPathValidatorException

checkCRLDateValidity

protected void checkCRLDateValidity(X509CRL crl)
                             throws CertPathValidatorException

Throws:

CertPathValidatorException