com.entrust.toolkit.x509.revocation

Class ArchiveBinaryCRLCache

java.lang.Object

com.entrust.toolkit.x509.revocation.RevocationStore

com.entrust.toolkit.x509.revocation.ArchiveCRLCache

com.entrust.toolkit.x509.revocation.ArchiveBinaryCRLCache

public final class ArchiveBinaryCRLCache
extends ArchiveCRLCache

An implementation of an X.509 revocation store that represents an archive CRL cache.

An archive CRL cache provided the ability to read and write from Entrust's .CRL and .ARL file formats. These files both represent archives are CRLs and ARLs respectively.

This class can be used in two main ways. It can be used as a RevocationStore object, providing access to revocation lists that could not be retrieved otherwise — after a user has logged in with no Directory connection, for example. In this case, the archive CRL cache must first be initialized and then added to the user's collection of revocation stores. This can be done as follows:

     ValidationInfo validationInfo = user.getCertVerifier();
     ArchiveBinaryCRLCache archiveCrlCache = new ArchiveBinaryCRLCache(inputStream, validationInfo);
     user.getRevocationStore().attach(archiveCrlCache);
 

It can also be used to provide persistent storage of all CRLs in a user's memory CRL cache. To do this, before the application terminates, call addMemoryCache to store all CRLs currently held in the user's memory CRL cache in the archive CRL cache, and then call write to store archive CRL cache to a persistent location (disk). Then, when the application is run again, after the user has logged in, all the CRLs in the archive CRL cache can be loaded back into the user's memory CRL cache by calling ArchiveCRLCache.initMemoryCache(com.entrust.toolkit.x509.revocation.CachedCRLRS). In this case, the archive does not need to be attached to the user's collection of revocation stores..

Field Summary

Fields inherited from class com.entrust.toolkit.x509.revocation.ArchiveCRLCache

ARL_ONLY, CRL_AND_ARL, CRL_ONLY

Fields inherited from class com.entrust.toolkit.x509.revocation.RevocationStore

m_enableOfflineLookup, m_validationInfo

Constructor Summary

Constructors

Constructor and Description
ArchiveBinaryCRLCache(java.io.InputStream is, ValidationInfo validationInfo) The constructor; creates a new ArchiveCRLCache object initializing it with data read from the provided input stream.
ArchiveBinaryCRLCache(ValidationInfo validationInfo) The constructor; creates a new empty ArchiveCRLCache object.

Method Summary

Methods

Modifier and Type	Method and Description
protected java.lang.String	getName() Returns the name of this X.509 CRL revocation store.
void	parse(java.io.InputStream inputStream) Parses an input stream containing an archive CRL cache in Entrust revocation list cache format.
void	write(java.io.OutputStream outputStream, int writeMode) Writes the archive CRL cache to a stream in an ASN1 format for efficiency.

Methods inherited from class com.entrust.toolkit.x509.revocation.ArchiveCRLCache

addCRL, addCRLs, addMemoryCache, cleanup, getCrlsByType, initMemoryCache, removeCRL

Methods inherited from class com.entrust.toolkit.x509.revocation.RevocationStore

enableOfflineLookup

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ArchiveBinaryCRLCache

public ArchiveBinaryCRLCache(ValidationInfo validationInfo)

The constructor; creates a new empty ArchiveCRLCache object.

Following creation, the archive CRL cache is empty, it does not contain any CRLs. CRLs can be manually added using the add APIs, or CRLs can be loaded from an archive cache file using the parse API.

Parameters:

validationInfo - the validation information that will be used during the validation of the CRLs this CRL revocation store contains.

ArchiveBinaryCRLCache

public ArchiveBinaryCRLCache(java.io.InputStream is,
                     ValidationInfo validationInfo)
                      throws UserFatalException

The constructor; creates a new ArchiveCRLCache object initializing it with data read from the provided input stream.

Following creation, CRLs are automatically loaded into the CRL archive cache by parsing them from the input stream. The input stream must represent a valid CRL archive cache format; this is Entrust's .CRL or .ARL file format.

Parameters:

validationInfo - the validation information that will be used during the validation of the CRLs this CRL revocation store contains.

Throws:

UserFatalException - if there is an error parsing the data in input stream

Method Detail

parse

public void parse(java.io.InputStream inputStream)
           throws UserFatalException

Parses an input stream containing an archive CRL cache in Entrust revocation list cache format.

All CRLs found in input stream are added to this archive CRL cache. Typically, an archive CRL cache in Entrust revocation list cache format is contained in files with a .CRL or .ARL extension.

Overrides:

parse in class ArchiveCRLCache

Parameters:

inputStream - an input stream containing an archive CRL cache in Entrust revocation list format

Throws:

UserFatalException - if an error occurs while parsing the data contained in the input stream; indicates an improperly formatted Entrust revocation list cache

write

public void write(java.io.OutputStream outputStream,
         int writeMode)
           throws java.lang.IllegalArgumentException,
                  java.security.cert.CRLException

Writes the archive CRL cache to a stream in an ASN1 format for efficiency. It uses the following ASN format:

 
 CRLCacheData ::== SEQUENCE SIZE (1..MAX) OF CRLCacheEntry
 
 CRLCacheEntry ::= SEQUENCE {
      dpName              DistributionPointName,
      crlList                   CRLList
 }
 
 CRLList ::==  SEQUENCE SIZE (1..MAX) OF X509CRL
 
 

The output stream is not closed by this API, it is up to the caller to do so when appropriate. The write mode gives the caller control over which types of RLs are written. The following modes are permitted:

• CRL_ONLY — only write CRLs (RLs that only contain revocation information about user certificates)
• ARL_ONLY — only write ARLs (RLs that only contain revocation information about CA certificates)
• CRL_AND_ARL — write both CRLs and ARLs.

Overrides:

write in class ArchiveCRLCache

Parameters:

outputStream - the output stream the archive CRL cache will be written to

writeMode - allows the caller to control which types of CRLs are written

Throws:

java.lang.IllegalArgumentException - if the write mode is not permitted

java.security.cert.CRLException - thrown in the error occurred while DER encoding one of the CRL contained in the archive CRL cache

getName

protected java.lang.String getName()

Returns the name of this X.509 CRL revocation store.

Overrides:

getName in class ArchiveCRLCache

Returns:

the name of the this X.509 CRL revocation store