Package se.swedenconnect.sigval.cert.validity

Class CertificateValidityChecker

java.lang.Object

se.swedenconnect.sigval.cert.validity.CertificateValidityChecker

All Implemented Interfaces:

PropertyChangeListener, Runnable, EventListener

Direct Known Subclasses:

BasicCertificateValidityChecker

public abstract class CertificateValidityChecker
extends Object
implements Runnable, PropertyChangeListener

This is the complete certificate validity checker that attempts both CRL and OCSP and returns the result of the first conclusive method.

The process of each validation method is carried out as follows

• Start 2 threads, each attempting to do CRL and OCSP validation
• For each process that concludes. Check that certificate chaining from validation data is trusted
• If certificate chaining is trusted, check if result is conclusive
• Return on first conclusive result or when max time has been reached

Note that CRL caching will complete in the background even if OCSP was the first method to complete. It is common that OCSP is quicker on the first pass, but CRL based on cached data on every following attempts.

Author:

Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

Field Summary

Fields

Modifier and Type	Field	Description
protected final X509Certificate	certificate
static final String	EVENT_ID
protected final X509Certificate	issuer
protected List<ValidityChecker>	validityCheckers
protected ValidityPathChecker	validityPathChecker

Constructor Summary

Constructors

Constructor	Description
CertificateValidityChecker(X509Certificate certificate, X509Certificate issuer, String id, ValidityPathChecker validityPathChecker, PropertyChangeListener... propertyChangeListeners)

Method Summary

Modifier and Type	Method	Description
abstract ValidationStatus	checkValidity()
List<ValidityChecker>	getValidityCheckers()	Getter for validity checkers used to check validity status
void	run()
void	setValidityCheckers(List<ValidityChecker> validityCheckers)	Setter for validity checkers used to check validity status
void	setValidityPathChecker(ValidityPathChecker validityPathChecker)	Setter for certificate path checker used to validate the certificate validity token

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface java.beans.PropertyChangeListener

propertyChange

Field Details

EVENT_ID

public static final String EVENT_ID

See Also:

• Constant Field Values

validityCheckers

protected List<ValidityChecker> validityCheckers

validityPathChecker

protected ValidityPathChecker validityPathChecker

certificate

protected final X509Certificate certificate

issuer

protected final X509Certificate issuer

Constructor Details

CertificateValidityChecker

public CertificateValidityChecker(X509Certificate certificate,
 X509Certificate issuer,
 String id,
 ValidityPathChecker validityPathChecker,
 PropertyChangeListener... propertyChangeListeners)

Method Details

setValidityCheckers

public void setValidityCheckers(List<ValidityChecker> validityCheckers)

Setter for validity checkers used to check validity status

Parameters:

validityCheckers - validity checkers

getValidityCheckers

public List<ValidityChecker> getValidityCheckers()

Getter for validity checkers used to check validity status

Returns:

validity checkers

setValidityPathChecker

public void setValidityPathChecker(ValidityPathChecker validityPathChecker)

Setter for certificate path checker used to validate the certificate validity token

Parameters:

validityPathChecker - certificate path checker

run

public void run()

Specified by:

run in interface Runnable

checkValidity

public abstract ValidationStatus checkValidity()