com.entrust.toolkit.x509.revocation

Class RevocationTrustCache

java.lang.Object

com.entrust.toolkit.x509.revocation.RevocationTrustCache

All Implemented Interfaces:

RevocationChecker

public class RevocationTrustCache
extends java.lang.Object
implements RevocationChecker

A RevocationTrustCache is a RevocationChecker which is used to cache certificates for a specified period of time. The period of time the certificates remain trusted is called the trust interval which is supplied by the constructor or the setTrustInterval(int) method.

the certificate is trusted if it meets the following criteria:

(CurrentTime - EntryTime) > trust interval

CurrentTime is the current time, Entry time is the point in time which the certificate was added into the cache.

The object should be used in conjunction with the RevocationManager

Since:

7.2

See Also:

RevocationManager, RevocationChecker

Field Summary

Fields

Modifier and Type	Field and Description
static int	TWENTYFOURHOURS The value of 24 hours in seconds

Fields inherited from interface com.entrust.toolkit.x509.revocation.RevocationChecker

LOG

Constructor Summary

Constructors

Constructor and Description
RevocationTrustCache(int seconds) Creates a new RevocationTrustCache which will be used to trust the revocation status of a certificate for the number of seconds supplied

Method Summary

Methods

Modifier and Type	Method and Description
void	addCertificate(X509Certificate cert) Add a certificate into the RevocationTrustCache
void	check(X509Certificate cert) Convienance method for checking revocation of a signle certificate
void	check(X509Certificate[] chain) Checks whether all certificates contained in the chain are in the RevocationTrustCache.
void	check(X509Certificate cert, X509Certificate[] chain) Checks whether the given certificate is in the RevocationTrustCache.
void	check(X509Certificate cert, X509Certificate[] chain, int position) This method does not need to use the position of certificate in the chain.
void	clearCache() Clears the RevocationTrustCache
int	getTrustInterval()
void	setTrustInterval(int seconds) Sets the Trust interval to the given number of seconds.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TWENTYFOURHOURS

public static final int TWENTYFOURHOURS

The value of 24 hours in seconds

See Also:

Constant Field Values

Constructor Detail

RevocationTrustCache

public RevocationTrustCache(int seconds)

Creates a new RevocationTrustCache which will be used to trust the revocation status of a certificate for the number of seconds supplied

Parameters:

seconds - The number of seconds that a certificate is trusted

Method Detail

check

public void check(X509Certificate[] chain)
           throws CertificationException

Checks whether all certificates contained in the chain are in the RevocationTrustCache. If they are, then return without throwing an exception. If they are not all in the given chain, then throw a CertificationException. If the given chain is null, then the method just returns.

Specified by:

check in interface RevocationChecker

Parameters:

chain - the certificate chain from the certificate to the root

Throws:

CertificationException - if the Certificate is not contained in the RevocationTrustCache, or the lifetime of the Certificate has expired.

check

public void check(X509Certificate cert,
         X509Certificate[] chain)
           throws CertificationException

Checks whether the given certificate is in the RevocationTrustCache. The certificate chain is not used here, since the certificate validity is computed using the following formula:

(CurrentTime - EntryTime) > seconds

CurrentTime is the current time

EntryTime is the time which the certificate was added into the Cache

Seconds in the number of seconds the Certificate is trusted

Specified by:

check in interface RevocationChecker

Parameters:

cert - the certificate whose revocation status is being checked

chain - the certificate chain from the certificate to the root. Not used by this method, so passing in null will have no ill effects.

Throws:

CertificationException - if the Certificate is not contained in the RevocationTrustCache, or the trust interval of the Certificate has expired.

addCertificate

public void addCertificate(X509Certificate cert)

Add a certificate into the RevocationTrustCache

Parameters:

cert - the certificate to be added into the cache

setTrustInterval

public void setTrustInterval(int seconds)

Sets the Trust interval to the given number of seconds. If the given number of seconds is 0 or less, the Interval will be set to 0. The maximum value is 86400 seconds which is equivalent to 24 hours.

Parameters:

seconds - The number of seconds the Revocation status of the certificate is valid

getTrustInterval

public int getTrustInterval()

Returns:

the length of the Trust interval in seconds.

check

public void check(X509Certificate cert,
         X509Certificate[] chain,
         int position)
           throws CertificationException

This method does not need to use the position of certificate in the chain. Just call the check (cert, chain) method. It also does not need the chain to be set since it only does a cache lookup.

Specified by:

check in interface RevocationChecker

Parameters:

cert - the certificate which revocation will be checked

chain - the certificate chain

Throws:

CertificationException - if revocation status could not be determined

check

public void check(X509Certificate cert)
           throws CertificationException

Convienance method for checking revocation of a signle certificate

Specified by:

check in interface RevocationChecker

Parameters:

cert - the certificate which revocation will be checked

Throws:

CertificationException - if revocation status could not be determined

clearCache

public void clearCache()

Clears the RevocationTrustCache