com.entrust.toolkit.x509.revocation

Interface RevocationChecker

All Known Implementing Classes:

CollectionRS, MultiOCSPLocalRevocationChecker, OCSPRevocationChecker, RevocationManager, RevocationTrustCache

public interface RevocationChecker

Field Summary

Fields

Modifier and Type	Field and Description
static TraceLog	LOG

Method Summary

Methods

Modifier and Type	Method and Description
void	check(X509Certificate cert) A method used to check revocation of a specific certificate.
void	check(X509Certificate[] chain) Determines whether any of the certifcates in the chain have been revoked.
void	check(X509Certificate cert, X509Certificate[] chain) Determines whether the given certificate has been revoked.
void	check(X509Certificate cert, X509Certificate[] chain, int position) A convience method that carries the position of the certificate in the chain, May be useful for speeding up Issuer certificate searches depending which revocation checker is in use.

Field Detail

LOG

static final TraceLog LOG

Method Detail

check

void check(X509Certificate[] chain)
           throws CertificationException

Determines whether any of the certifcates in the chain have been revoked.

When checking revocation of a certificate, objects which implement this interface should be checked in an order which is required for the application. For example, if OCSP and CRL revocation is required by the application, An OCSPRevocationChecker and a CollectionRS RevocationChecker could be managed by a RevocationConfiguration which is searched until the revocationchecker that contains revocation information about the certificate is found. The revocation status of the certificate is then extracted from that RevocationChecker.

Parameters:

chain - the certificate chain. If the given chain is null, then the method just returns.

Throws:

RevocationException - if any of the certificates in chain are revoked

CertificationException - if revocation status could not be determined

check

void check(X509Certificate cert,
         X509Certificate[] chain,
         int position)
           throws CertificationException

A convience method that carries the position of the certificate in the chain, May be useful for speeding up Issuer certificate searches depending which revocation checker is in use. If extra information is not useful, call to check (Cert, chain) is made without any performance penalty.

Parameters:

cert - the certificate which revocation will be checked

chain - the certificate chain

position -

Throws:

RevocationException - if any of the certificates in chain are revoked

CertificationException - if revocation status could not be determined

check

void check(X509Certificate cert,
         X509Certificate[] chain)
           throws CertificationException

Determines whether the given certificate has been revoked.

The supplied chain of certificates should include the certificate being checked and may be useful when trying to get access to the issuer of the certificate in question.

Parameters:

cert - the certificate which revocation will be checked

chain - the certificate chain

Throws:

RevocationException - if any of the certificates in chain are revoked

CertificationException - if revocation status could not be determined

check

void check(X509Certificate cert)
           throws CertificationException

A method used to check revocation of a specific certificate. Since this method does not contain additional information such as the chain or position of the certificate in the chain, it is the most inefficient way of checking revocation of a certificate. The reason is because during a revocation checking, the issuer of the certificate being checked in usually required. Since this method does not contain the chain which contains the issuer, (unless it is self-signed), it will have to be looked up by the toolkit.

Parameters:

cert - the certificate which revocation will be checked

Throws:

RevocationException - if any of the certificates in chain are revoked

CertificationException - if revocation status could not be determined