RevocationManager ("Entrust Authority Security Toolkit for the Java Platform")

java.lang.Object
- com.entrust.toolkit.x509.revocation.RevocationManager

All Implemented Interfaces:

RevocationChecker
```
public class RevocationManager
extends java.lang.Object
implements RevocationChecker
```
The RevocationManager class is used to manage different types of RevocationChecker objects. Management is done by maintaining an ordered list of RevocationCheckers which are added to the list by method addRevocationChecker(RevocationChecker). Client applications should never need to call this class directly. Instead, revocation configuration information should be configured by clients in class UserRevocationInfo
The Revocation architecture of the Java toolkit uses this class to check the revocation status of a certificate. This is done in method check(X509Certificate[]). When this method is called, this class will try to find revocation information starting with the first RevocationChecker that has been added. If revocation checking cannot be determined by a revocation checker, the next revocation checker in the order will be used to try and find revocation information. This process will continue until one of the following conditions is met:
1. If the revocation status of a certificate is found to be good, method check() will return successfully.
2. If the revocations status of a certificate is revoked, method check() will throw a RevocationException
3. If the revocation status could not be determined, a CertificationException is thrown.
The Following RevocationCheckers can be managed by this class:
- RevocationTrustCache - A revocation trust cache which allows certificates to be considered revoked for a specific period of time (from 1 second to 24 hours). If this cache is enabled, it is always placed at the top of the revocation order. See setTrustCache(int).
- CollectionRS - Revocation checking using Certificate Revocation Lists (CRLs) is done. This class used to be the only type of revocation allowed by the toolkit. Its usage remains backward compatible with earlier toolkit versions.
- OCSPRevocationChecker - Revocation checking will be done using the Online Certificate Status Protocol (OCSP) which is defined by RFC 2560. Many OCSPRevocation checkers may be configured
- MultiOCSPLocalRevocationChecker - Revocation checking will be done using the Online Certificate Status Protocol (OCSP). This Revocation checker uses a group of OCSPConfiguration objects. Revocation checking for arrays of OCSPResponders may be more efficient when using this RevocationChecker if there are many OCSPConfigurations.
Since:

7.2

See Also:
RevocationTrustCache, CollectionRS, OCSPRevocationChecker, MultiOCSPLocalRevocationChecker

Field Summary
- Fields inherited from interface com.entrust.toolkit.x509.revocation.RevocationChecker
  LOG

Constructor Summary

Constructors
Constructor and Description

RevocationManager(ValidationInfo validationInfo)
Create a new RevocationManager

Constructors
Constructor and Description
`RevocationManager(ValidationInfo validationInfo)` Create a new RevocationManager

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`addRevocationChecker(RevocationChecker checker)` Add a RevocationChecker to the list of revocation checkers.
`void`	`check(X509Certificate cert)` Checks the revocation status of the given cert starting with the first revocation checker in the ordered list of revocation checkers.
`void`	`check(X509Certificate[] chain)` Determines whether any of the certifcates in the chain have been revoked.
`void`	`check(X509Certificate cert, X509Certificate[] chain)` Checks the revocation status of the given cert starting with the first revocation checker in the ordered list of revocation checkers.
`void`	`check(X509Certificate cert, X509Certificate[] chain, int position)` Checks the revocation status of the given cert starting with the first revocation checker in the ordered list of revocation checkers.
`RevocationChecker`	`getRevocationChecker(int index)` Return the RevocationChecker located at the given index value.
`void`	`removeRevocationChecker(RevocationChecker checker)` Remove the RevocationChecker from the list of revocation checkers if it exists.
`void`	`setTrustCache(int seconds)` Sets the number of seconds the certificate contained in the `RevocationTrustCache` is considered valid.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - RevocationManager
```
public RevocationManager(ValidationInfo validationInfo)
```
    Create a new RevocationManager
    
    Parameters:
    validationInfo - The ValidationInfo used to validate certificates.
- Method Detail
  - setTrustCache
```
public void setTrustCache(int seconds)
```
    Sets the number of seconds the certificate contained in the RevocationTrustCache is considered valid. If a setting greater than 0 is specified, revocation checking of that certificate will not be checked if the certificate has been in the cache less than seconds.
    If seconds is greater than 0, then the RevocationTrustCache will always be the first RevocationChecker in the list of revocation checkers. If seconds is less than or equal to 0, then the RevocationTrustCache will be removed from the list of revocation checkers.
    Any existing data in the cache will be cleared after calling this method
    
    Parameters:
    seconds - If the seconds is 0 or less, the trustcache will be disabled. The maximum value is specified in RevocationTrustCache.setTrustInterval(int).
  - addRevocationChecker
```
public void addRevocationChecker(RevocationChecker checker)
```
    Add a RevocationChecker to the list of revocation checkers. If the supplied RevocationChecker is null, it will not be added into the list of RevocationCheckers
    
    Parameters:
    checker - The revocaton checker to add
  - removeRevocationChecker
```
public void removeRevocationChecker(RevocationChecker checker)
```
    Remove the RevocationChecker from the list of revocation checkers if it exists. If it does not exist, nothing will be removed.
    
    Parameters:
    checker - The RevocationChecker to remove
  - getRevocationChecker
```
public RevocationChecker getRevocationChecker(int index)
```
    Return the RevocationChecker located at the given index value. If the index value is out of range, null will be returned.
    
    Parameters:
    index - an integer value specifying the RevocationChecker in the list of revocation checkers which should be returned.
    
    Returns:
    The RevocationChecker at the specified index
  - check
```
public void check(X509Certificate[] chain)
           throws CertificationException
```
    Determines whether any of the certifcates in the chain have been revoked.
    Iterate through each certificate in the chain. Check revocation per certificate starting with the first revocation checker in the ordered list of revocation checkers. If revocation checking cannot be determined by this revocation checker, the next revocation checker in the order will be used to try and find revocation information. This process will continue until one of the following conditions is met:
    1. If the revocation status of a certificate is found to be good, method check() will return successfully.
    2. If the revocations status of a certificate is revoked, method check() will throw a RevocationException
    3. If the revocation status could not be determined, a CertificationException is thrown.
    
    Specified by:
    
    check in interface RevocationChecker
    
    Parameters:
    chain - The chain of certificates to be checked for revocation. If the given chain is null, then the method just returns.
    
    Throws:
    
    RevocationException - if the certificate has been revoked
    
    CertificationException - if a fatal error occurs while attempting to retrieve revocation information
  - check
```
public void check(X509Certificate cert,
         X509Certificate[] chain,
         int position)
           throws CertificationException
```
    Checks the revocation status of the given cert starting with the first revocation checker in the ordered list of revocation checkers. If revocation checking cannot be determined by this revocation checker, the next revocation checker in the order will be used to try and find revocation information. This process will continue until one of the following conditions is met:
    1. If the revocation status of a certificate is found to be good, method check() will return successfully.
    2. If the revocations status of a certificate is revoked, method check() will throw a RevocationException
    3. If the revocation status could not be determined, a CertificationException is thrown.
    The method completes successfully if certificate is not revoked.
    
    Specified by:
    
    check in interface RevocationChecker
    
    Parameters:
    cert - The certificate to be checked for revocation
    chain - The full chain of certificates including cert to the root of trust
    position - The position in the chain where cert is located
    
    Throws:
    
    RevocationException - if the certificate is revoked
    
    CertificationException - if revocation status could not be determined.
  - check
```
public void check(X509Certificate cert,
         X509Certificate[] chain)
           throws CertificationException
```
    Checks the revocation status of the given cert starting with the first revocation checker in the ordered list of revocation checkers. If revocation checking cannot be determined by this revocation checker, the next revocation checker in the order will be used to try and find revocation information. This process will continue until one of the following conditions is met:
    1. If the revocation status of a certificate is found to be good, method check() will return successfully.
    2. If the revocations status of a certificate is revoked, method check() will throw a RevocationException
    3. If the revocation status could not be determined, a CertificationException is thrown.
    The method completes successfully if certificate is not revoked.
    
    Specified by:
    
    check in interface RevocationChecker
    
    Parameters:
    cert - The certificate to be checked for revocation
    chain - The full chain of certificates including cert to the root of trust
    
    Throws:
    
    RevocationException - if the certificate is revoked
    
    CertificationException - if revocation status could not be determined.
  - check
```
public void check(X509Certificate cert)
           throws CertificationException
```
    Checks the revocation status of the given cert starting with the first revocation checker in the ordered list of revocation checkers. If revocation checking cannot be determined by this revocation checker, the next revocation checker in the order will be used to try and find revocation information. This process will continue until one of the following conditions is met:
    1. If the revocation status of a certificate is found to be good, method check() will return successfully.
    2. If the revocations status of a certificate is revoked, method check() will throw a RevocationException
    3. If the revocation status could not be determined, a CertificationException is thrown.
    The method completes successfully if certificate is not revoked.
    
    Specified by:
    
    check in interface RevocationChecker
    
    Parameters:
    cert - The certificate to be checked for revocation
    
    Throws:
    
    RevocationException - if the certificate is revoked
    
    CertificationException - if revocation status could not be determined.

Class RevocationManager

Field Summary

Fields inherited from interface com.entrust.toolkit.x509.revocation.RevocationChecker

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

RevocationManager

Method Detail

setTrustCache

addRevocationChecker

removeRevocationChecker

getRevocationChecker

check

check

check

check