Package org.globus.gsi.trustmanager
Class CRLChecker
- java.lang.Object
-
- org.globus.gsi.trustmanager.CRLChecker
-
- All Implemented Interfaces:
CertificateChecker
public class CRLChecker extends java.lang.Object implements CertificateChecker
This checks to see if the certificate is in a CRL.- Since:
- 1.0
- Version:
- ${version}
-
-
Field Summary
Fields Modifier and Type Field Description private java.security.cert.CertStore
certStore
private boolean
checkDateValidity
private CertificateRevocationLists
crlsList
private java.security.KeyStore
keyStore
-
Constructor Summary
Constructors Constructor Description CRLChecker(java.security.cert.CertStore certStore, java.security.KeyStore keyStore, boolean checkDateValidity)
Creates a CRLChecker where the CRL's are in the supplied stores.CRLChecker(CertificateRevocationLists crlsList, java.security.KeyStore keyStore, boolean checkDateValidity)
Creates a CRLChecker where the CRL's are in the supplied stores.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
checkCRLDateValidity(java.security.cert.X509CRL crl)
void
invoke(java.security.cert.X509Certificate cert, GSIConstants.CertificateType certType)
Method that checks the if the certificate is in a CRL, if CRL is available If no CRL is found, then no error is thrown If an expired CRL is found, an error is thrownprivate void
verifyCRL(java.security.cert.Certificate caCert, java.security.cert.X509CRL crl)
-
-
-
Field Detail
-
crlsList
private CertificateRevocationLists crlsList
-
certStore
private java.security.cert.CertStore certStore
-
keyStore
private java.security.KeyStore keyStore
-
checkDateValidity
private boolean checkDateValidity
-
-
Constructor Detail
-
CRLChecker
public CRLChecker(CertificateRevocationLists crlsList, java.security.KeyStore keyStore, boolean checkDateValidity)
Creates a CRLChecker where the CRL's are in the supplied stores.- Parameters:
crlsList
- The object containing the CRL'skeyStore
- The store used to get trusted certs.checkDateValidity
- Should we check if the CRL date is valid.
-
CRLChecker
public CRLChecker(java.security.cert.CertStore certStore, java.security.KeyStore keyStore, boolean checkDateValidity)
Creates a CRLChecker where the CRL's are in the supplied stores.- Parameters:
certStore
- The store containing the CRL'skeyStore
- The store used to get trusted certs.checkDateValidity
- Should we check if the CRL date is valid.
-
-
Method Detail
-
invoke
public void invoke(java.security.cert.X509Certificate cert, GSIConstants.CertificateType certType) throws java.security.cert.CertPathValidatorException
Method that checks the if the certificate is in a CRL, if CRL is available If no CRL is found, then no error is thrown If an expired CRL is found, an error is thrown- Specified by:
invoke
in interfaceCertificateChecker
- Parameters:
cert
- The certificate to validate.certType
- The type of certificate to validate.- Throws:
java.security.cert.CertPathValidatorException
- If CRL or CA certificate could not be loaded from store, CRL is not valid or expired, certificate is revoked.
-
verifyCRL
private void verifyCRL(java.security.cert.Certificate caCert, java.security.cert.X509CRL crl) throws java.security.cert.CertPathValidatorException
- Throws:
java.security.cert.CertPathValidatorException
-
checkCRLDateValidity
protected void checkCRLDateValidity(java.security.cert.X509CRL crl) throws java.security.cert.CertPathValidatorException
- Throws:
java.security.cert.CertPathValidatorException
-
-