Package se.swedenconnect.sigval.cert.validity.crl.impl

Class CRLCacheImpl

java.lang.Object
se.swedenconnect.sigval.cert.validity.crl.impl.CRLCacheImpl
All Implemented Interfaces:
CRLCache
public class CRLCacheImpl extends Object implements CRLCache
CRL cache implementation. Two main functions allows retrieval of a CRL from this cache which adds the CRL to the cache if not present, and a function for re-caching all CRLs on the cache. The latter function is meant to be called periodically by a daemon process in the background
Author:
Martin Lindström (martin@idsec.se), Stefan Santesson (stefan@idsec.se)

  • Constructor Details

    • CRLCacheImpl

      public CRLCacheImpl(File cacheDataFolder, long recacheGracePeriod)
      Constructor for the CRL cache.
      Parameters:
      cacheDataFolder - the data folder used to store cache data
      recacheGracePeriod - time in milliseconds for the time after last cache instance when first re-cache will be attempted

    • CRLCacheImpl

      public CRLCacheImpl(File cacheDataFolder, long recacheGracePeriod, CRLDataLoader crlDataLoader)
      Constructor for the CRL cache.
      Parameters:
      cacheDataFolder - the data folder used to store cache data
      recacheGracePeriod - time in milliseconds for the time after last cache instance when first re-cache will be attempted
      crlDataLoader - data loader for downloading CRL data or null to use default CRL data loader

  • Method Details

    • getCrlCacheRecords

      public List<CRLCacheRecord> getCrlCacheRecords()
      Returns the current list of cached CRL records
      Specified by:
      getCrlCacheRecords in interface CRLCache
      Returns:
      list of cached CRLs

    • getCRL

      public CRLInfo getCRL(org.bouncycastle.asn1.x509.CRLDistPoint crlDistributionPointExt) throws IOException
      This function is a more practical use of the cache rather than asking for a particular cached URL. This function is however limited to the following specific usage policy:
      • Only distribution points with absent reason settings are accepted (Not limited to a subset of reasons)
      • Only distribution points with absent crlIssuer are accepted (CRL must be issued by cert issuer)
      • Both LDAP(S) and HTTP(S) sources are accepted
      • If both LDAP and HTTP sources are present, HTTP is attempted first. LDAP will only be attempted if HTTP fails
      • If several sources are present, only the first successful source will be cached
      Specified by:
      getCRL in interface CRLCache
      Parameters:
      crlDistributionPointExt - CRL distribution point extension
      Returns:
      CRL
      Throws:
      IOException - on error to obtain the CRL from this extension

    • getCRL

      public CRLInfo getCRL(String url) throws IOException
      Retrieves a CRL from the CRL cache. If the CRL is not in the cache or if the cached CRL is expired, then an attempt to download and cache the CRL is made.
      Specified by:
      getCRL in interface CRLCache
      Parameters:
      url - the location of the CRL
      Returns:
      cached or downloaded CRL
      Throws:
      IOException - if it is not possible to obtain a CRL from this location

    • recache

      public void recache()
      Performs a re-cache of all cached CRL records. This method should be called by a daemon process periodically
      Specified by:
      recache in interface CRLCache