Package se.swedenconnect.sigval.cert.validity.crl.impl

Class InMemoryCRLCache

java.lang.Object
se.swedenconnect.sigval.cert.validity.crl.impl.InMemoryCRLCache
All Implemented Interfaces:
CRLCache
public class InMemoryCRLCache extends Object implements CRLCache
CRL cache implementation. Two main functions allows retrieval of a CRL from this cache which adds the CRL to the cache if not present. This implementation of CRL cache store all cached data in memory and stores nothing on disk. The cache is destroyed on application restart. IMPORTANT NOTE: Do not use this implementation unless this application has the resources to store all CRL data in memory for all cached CRL:s. If this is not the case, the file backed CRLCacheImpl implementation should be used instead.

  • Constructor Details

    • InMemoryCRLCache

      public InMemoryCRLCache()
      Constructor for the in memory CRL cache.

    • InMemoryCRLCache

      public InMemoryCRLCache(long recacheGracePeriod, CRLDataLoader crlDataLoader)
      Constructor for the CRL cache.
      Parameters:
      recacheGracePeriod - time in milliseconds for the time after last cache instance when first re-cache will be attempted
      crlDataLoader - data loader for downloading CRL data or null to use default CRL data loader

  • Method Details

    • getCrlCacheMap

      public Map<String,CRLCacheRecord> getCrlCacheMap()
      Returns the current list of cached CRL records
      Returns:
      list of cached CRLs

    • getCRL

      public CRLInfo getCRL(org.bouncycastle.asn1.x509.CRLDistPoint crlDistributionPointExt) throws IOException
      This function is a more practical use of the cache rather than asking for a particular cached URL. This function is however limited to the following specific usage policy:
      • Only distribution points with absent reason settings are accepted (Not limited to a subset of reasons)
      • Only distribution points with absent crlIssuer are accepted (CRL must be issued by cert issuer)
      • Both LDAP(S) and HTTP(S) sources are accepted
      • If both LDAP and HTTP sources are present, HTTP is attempted first. LDAP will only be attempted if HTTP fails
      • If several sources are present, only the first successful source will be cached
      Specified by:
      getCRL in interface CRLCache
      Parameters:
      crlDistributionPointExt - CRL distribution point extension
      Returns:
      CRL
      Throws:
      IOException - on error to obtain the CRL from this extension

    • getCRL

      public CRLInfo getCRL(String url) throws IOException
      Retrieves a CRL from the CRL cache. If the CRL is not in the cache or if the cached CRL is expired, then an attempt to download and cache the CRL is made.
      Specified by:
      getCRL in interface CRLCache
      Parameters:
      url - the location of the CRL
      Returns:
      cached or downloaded CRL
      Throws:
      IOException - if it is not possible to obtain a CRL from this location

    • recache

      public void recache()
      Performs a re-cache of all cached CRL records. This method should be called by a daemon process periodically
      Specified by:
      recache in interface CRLCache

    • getCrlCacheRecords

      public List<CRLCacheRecord> getCrlCacheRecords()
      Specified by:
      getCrlCacheRecords in interface CRLCache