public final class HttpCRLRS extends RevocationStore
By default, a user's revocation checking mechanism
(CollectionRS) does not have an HTTP revocation store attached.
An HTTP revocation store can be manually attached to a user's revocation
checking mechanism as follows:
CollectionRS collectionRS = user.getRevocationStore(); collectionRS.attach(new HttpCRLRS(user.getCertVerifier()));
Once an HTTP revocation store has been attached to the user's revocation checking mechanism, when searching for CRLs, this revocation store is only searched if appropriate CRLs were not found in the any of the previously attached revocation stores (a memory CRL cache and an LDAP directory revocation store are automatically attached by default; user may have already manually attached other revocation stores).
This type of revocation store is only capable of extracting CRLs from CRL distribution points that contain an HTTP URL. In order for a CRL to be extracted from the HTTP URL, it must refer to a file contains a DER encoded ASN.1 formatted X.509 CRL.
This type of revocation store is only able to retrieve CRLs when the user it is associated with is online (when the user is offline, online methods of CRL retreval are not used).
CollectionRS| Modifier and Type | Field and Description |
|---|---|
static int |
DEFAULT_RECEIVE_TIMEOUT
By default, the maximum amount of time in milliseconds to spend attempting
to receive a CRL from the HTTP URL.
|
m_enableOfflineLookup, m_validationInfo| Constructor and Description |
|---|
HttpCRLRS(ValidationInfo validationInfo)
The constructor; creates a new
HttpCRLRS object. |
| Modifier and Type | Method and Description |
|---|---|
protected GeneralName |
getCrlsByType(java.util.Collection crls,
CRLType crlType,
GeneralNames dpDistributionPoint)
Retrieves all CRLs of the indicated type that exist at the indicated
distribution point.
|
protected java.lang.String |
getName()
Returns the name of this X.509 CRL revocation store.
|
int |
getReceiveTimeout()
Returns the receive timeout.
|
void |
setReceiveTimeout(int receiveTimeout)
Sets the receive timeout.
|
enableOfflineLookuppublic static final int DEFAULT_RECEIVE_TIMEOUT
public HttpCRLRS(ValidationInfo validationInfo)
HttpCRLRS object.
The Receive timeout will be set from the UserConfigSettings object associated with this revocation store's User. If it cannot be set from this object, the default value of 10 seconds specified by this class will be used.
validationInfo - the user's certificate validation information (provides access to the
user's directory)public int getReceiveTimeout()
The receive timeout is the maximum amount of time in milliseconds that will be spent attempting to retrieve a CRL from an HTTP URL. This ensures that attempts to retrieve CRLs from this revocation store will never hang indefinitely, even if there is a problem communicating with the HTTP Server.
public void setReceiveTimeout(int receiveTimeout)
The receive timeout is the maximum amount of time in milliseconds that will be spent attempting to retrieve a CRL from an HTTP URL. This ensures that attempts to retrieve CRLs from this revocation store will never hang indefinitely, even if there is a problem communicating with the HTTP Server.
The receive timeout cannot be set to a value less than 0; any attempt to do so will result in the receive timeout being set to 0 which means the timeout will be indefinite.
receiveTimeout - the receive timeout (milliseconds)protected GeneralName getCrlsByType(java.util.Collection crls, CRLType crlType, GeneralNames dpDistributionPoint)
getCrlsByType in class RevocationStorecrls - a collection of X.509 CRLs in InternalX509CRL format; all
retrieved CRLs will be added to this collectioncrlType - the type of CRLs to be retrieveddpDistributionPoint - the distribution point in GeneralNames format from which
the CRLs will be loadedGeneralName representation of the distribution point
name the CRLs were loaded from if any were in fact loaded;
null otherwiseprotected java.lang.String getName()
getName in class RevocationStore