com.entrust.toolkit.x509.revocation

Class RevocationStore

java.lang.Object

com.entrust.toolkit.x509.revocation.RevocationStore

Direct Known Subclasses:

ArchiveCRLCache, CachedCRLRS, DirectoryCRLRS, HttpCRLRS

public abstract class RevocationStore
extends java.lang.Object

Defines the Toolkit's revocation store architecture; it defines the functionality that must be provided by all revocation store implementations that fall under this architecture.

The purpose of a revocation store is to allow X.509 CRLs to be retrieved. Currently, Entrust provides the following revocation store implementations:

• ArchiveCRLCache
• CachedCRLRS
• DirectoryCRLRS
• HttpCRLRS

If additional revocation store implementations are required, a developer may create/design their own custom revocation store implementation by sub-classing this class. This custom implementation can then be used for revocation checking by a User object by attaching an instance of the revocation store to the collection of revocation stores contained in a user's certificate validation mechanism once the user has logged in:

 CollectionRS revocationStoreCollection = user.getCertVerifier().getRevocationStore();
 revocationStoreCollection.attach(customRS);
 

See Also:

User, ValidationInfo, CollectionRS

Field Summary

Fields

Modifier and Type	Field and Description
protected boolean	m_enableOfflineLookup This is a configuration setting used to determine if the RevocationStore should be used to lookup CRL's even when the toolkit is in offline mode.
protected ValidationInfo	m_validationInfo The validation information that will be used during the validation of the CRLs the X.509 revocation store contains.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	RevocationStore(ValidationInfo validationInfo) The constructor; creates and initializes a new RevocationStore object.

Method Summary

Methods

Modifier and Type	Method and Description
void	enableOfflineLookup(boolean enableOfflineLookup) This API is used to determine whether the RevocationStore can be used even if the toolkit user is 'offline'.
protected abstract GeneralName	getCrlsByType(java.util.Collection crls, CRLType crlType, GeneralNames dpDistributionPoint) Retrieves all CRLs of the indicated type that exist at the indicated distrubution point.
protected abstract java.lang.String	getName() Returns the name of this X.509 CRL revocation store.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

m_validationInfo

protected ValidationInfo m_validationInfo

The validation information that will be used during the validation of the CRLs the X.509 revocation store contains.

m_enableOfflineLookup

protected boolean m_enableOfflineLookup

This is a configuration setting used to determine if the RevocationStore should be used to lookup CRL's even when the toolkit is in offline mode.

Constructor Detail

RevocationStore

protected RevocationStore(ValidationInfo validationInfo)

The constructor; creates and initializes a new RevocationStore object.

Parameters:

validationInfo - the user's certificate validation information

Method Detail

getCrlsByType

protected abstract GeneralName getCrlsByType(java.util.Collection crls,
                        CRLType crlType,
                        GeneralNames dpDistributionPoint)
                                      throws CertificationException

Retrieves all CRLs of the indicated type that exist at the indicated distrubution point.

Any CRLs that are retrieved must be added to the collection of X.509 CRLs in iaik.x509.X509CRL format.

Parameters:

crls - a collection of X.509 CRLs in X509CRL format; all retrieved CRLs will be added to this collection

crlType - the type of CRLs to be retrieved

dpDistributionPoint - the distribution point in GeneralNames format from which the CRLs will be retrieved

Returns:

a GeneralName representation of the distribution point name the CRLs were retrieved from if any were in fact retrieved; null otherwise

Throws:

CertificationException - if a fatal error occurs while attempting to retrieve CRLs (revocation store access failure)

getName

protected abstract java.lang.String getName()

Returns the name of this X.509 CRL revocation store.

Returns:

the name of the this X.509 CRL revocation store

enableOfflineLookup

public void enableOfflineLookup(boolean enableOfflineLookup)

This API is used to determine whether the RevocationStore can be used even if the toolkit user is 'offline'. A toolkit user is considered to be offline when no LdapDirectory has been configured in the User via the User.setConnections(String) method. The default setting is false.

Since:

8.0