JSPservletPkg
Class CRLchecker

java.lang.Object
  |
  +--JSPservletPkg.CRLchecker

class CRLchecker
extends java.lang.Object

CRL LDAP checker invoked by JSPloader for a given X509 certificate.

Copyright (c) 2000-2001

 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License
 as published by the Free Software Foundation; version 2
 of the License.
 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 

Version:
1, 0
Author:
Alexis Grandemange
See Also:
JSPloader

Field Summary
private  java.security.cert.X509Certificate[] caCerts
          X509 CA Certificates
private  java.security.cert.X509CRL crl
          X509 Certificate Revocation List
private  JSPhandler handler
          JSPhandler this CRLchecker has been created on behalf of
private  long nextCheck
          Time of next check when CRL is null or CAURL is set but caCerts is null.
private static long scantime
          Defines how often the LDAP server is queried in case of failure.
 
Constructor Summary
CRLchecker(JSPhandler handler)
          Constructor.
 
Method Summary
 long check(java.security.cert.Certificate[] certs)
          Checks a certificate is not on CRL and get next CRL update time.
private  JSPloaderException refresh()
          Read the CRL from the LDAP directory.
 
Methods inherited from class java.lang.Object
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, registerNatives, toString, wait, wait, wait
 

Field Detail

crl

private java.security.cert.X509CRL crl
X509 Certificate Revocation List

caCerts

private java.security.cert.X509Certificate[] caCerts
X509 CA Certificates

handler

private JSPhandler handler
JSPhandler this CRLchecker has been created on behalf of

nextCheck

private long nextCheck
Time of next check when CRL is null or CAURL is set but caCerts is null. Its initial value (-2) is set to handle the construction case where crl == caCerts == null.

scantime

private static final long scantime
Defines how often the LDAP server is queried in case of failure. Used only when different signatures in the same archive.
Constructor Detail

CRLchecker

public CRLchecker(JSPhandler handler)
Constructor. Creates crl.
Parameters:
handler - JSPhandler
Method Detail

refresh

private JSPloaderException refresh()
Read the CRL from the LDAP directory.
Returns:
JSPloaderException raised when fails to get a CRL or if it is not yet time to try again.

check

public long check(java.security.cert.Certificate[] certs)
           throws JSPloaderException
Checks a certificate is not on CRL and get next CRL update time.
Parameters:
certs - Certificate array to check.
Returns:
long time since the epoch where next CRL update is scheduled.
Throws:
JSPloaderException - raised when refresh failed to get a CRL/caCert or when the certificate is revoked or the certificate chain doesn't contain the caCert.