|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--com.dstc.security.ssl.CertChecker | +--com.dstc.security.ssl.OptimisticCRLChecker
A CertChecker
that does simple processing of X.509 Certificate
Revocation Lists (CRLs).
This class will reject a certificate if it has a CRL entry that lists the certificate as revoked at the specified time; otherwise it will accept the certificate.
Note that, as a consequence, if this class does not know anything about a particular certificate (for example, if it does not have any CRLs from the certificate's issuer, or does not have a sufficiently recent CRL), then it will accept the certificate. In some applications this policy may be too liberal.
Constructor Summary | |
OptimisticCRLChecker(Collection crls)
Create an OptimisticCRLChecker from a collection of CRLs. |
|
OptimisticCRLChecker(X509CRL[] crls)
Create an OptimisticCRLChecker from an array of CRLs. |
Method Summary | |
void |
checkCert(X509Certificate cert,
Date checkDate)
Check the validity of one certificate at a given point in time. |
protected boolean |
equalDN(Principal dn1,
Principal dn2)
Compare two X.500 Distinguished Names for equality. |
static Collection |
getCRLs(InputStream in)
Convenience method to get all X.509 CRLs from an InputStream. |
Methods inherited from class java.lang.Object |
clone,
equals,
finalize,
getClass,
hashCode,
notify,
notifyAll,
toString,
wait,
wait,
wait |
Constructor Detail |
public OptimisticCRLChecker(Collection crls)
crls
- the Collection of X509CRL valuespublic OptimisticCRLChecker(X509CRL[] crls)
crls
- the array of X509CRL valuesMethod Detail |
public static Collection getCRLs(InputStream in) throws CertificateException, CRLException, IOException
CertificateFactory.generateCRL(InputStream)
.
This method reads the input stream up to end-of-file.
in
- the InputStream from which the CRL or CRLs will be readCertificateFactory.generateCRL(InputStream)
public void checkCert(X509Certificate cert, Date checkDate) throws CertificateException
This method may be invoked concurrently from multiple threads, so its implementation should be multithread-safe; this is straightforward if it maintains no state, i.e. has no mutable instance variables (or mutable objects reached from those instance variables).
cert
- the X509Certificate to checkdate
- the Date at which the certificate's validity should be checkedprotected boolean equalDN(Principal dn1, Principal dn2)
dn1
- a Principal
representing an X.500 Distinguished Namedn2
- a Principal
representing an X.500 Distinguished Name
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |