Package eu.europa.esig.dss.service.crl

Class OnlineCRLSource

java.lang.Object
eu.europa.esig.dss.service.crl.OnlineCRLSource
All Implemented Interfaces:
CRLSource, RevocationSource<CRL>, RevocationSourceAlternateUrlsSupport<CRL>, Serializable
public class OnlineCRLSource extends Object implements CRLSource, RevocationSourceAlternateUrlsSupport<CRL>
Online CRL repository. This CRL repository implementation will download the CRLs from the given CRL URIs. Note that for the HTTP kind of URLs you can provide dedicated data loader. If the data loader is not provided the standard load from URI is provided. For FTP the standard load from URI is provided. For LDAP kind of URLs an internal implementation using apache-ldap-api is provided.
See Also:

  • Constructor Details

    • OnlineCRLSource

      public OnlineCRLSource()
      The default constructor. A CommonsDataLoader is created.

    • OnlineCRLSource

      public OnlineCRLSource(DataLoader dataLoader)
      This constructor allows to set a specific DataLoader.
      Parameters:
      dataLoader - the component that allows to retrieve the data using any protocol: HTTP, HTTPS, FTP, LDAP.

  • Method Details

    • setPreferredProtocol

      public void setPreferredProtocol(Protocol preferredProtocol)
      This method allows to set the preferred protocol. This parameter is used when retrieving the CRL to choose the canal.
      Possible values are: http, ldap, ftp
      Parameters:
      preferredProtocol - Protocol that is used first to retrieve the revocation data

    • setDataLoader

      public void setDataLoader(DataLoader dataLoader)
      Set the DataLoader to use for querying a revocation server.
      Parameters:
      dataLoader - the component that allows to retrieve a CRL response using HTTP.

    • getRevocationToken

      public CRLToken getRevocationToken(CertificateToken certificateToken, CertificateToken issuerCertificateToken)
      Description copied from interface: RevocationSource
      This method retrieves a RevocationToken for the certificateToken
      Specified by:
      getRevocationToken in interface CRLSource
      Specified by:
      getRevocationToken in interface RevocationSource<CRL>
      Parameters:
      certificateToken - The CertificateToken for which the request is made
      issuerCertificateToken - The CertificateToken which is the issuer of the certificateToken
      Returns:
      an instance of RevocationToken

    • getRevocationToken

      public CRLToken getRevocationToken(CertificateToken certificateToken, CertificateToken issuerToken, List<String> alternativeUrls)
      Description copied from interface: RevocationSourceAlternateUrlsSupport
      Gets an RevocationToken for the given certificate / issuer's certificate couple. The coherence between the response and the request is checked.
      Specified by:
      getRevocationToken in interface RevocationSourceAlternateUrlsSupport<CRL>
      Parameters:
      certificateToken - The CertificateToken for which the request is made
      issuerToken - The CertificateToken which is the issuer of the certificateToken
      alternativeUrls - The list of alternative urls to call
      Returns:
      RevocationToken containing information about the validity of the cert

    • getCRLAccessURLs

      protected List<String> getCRLAccessURLs(CertificateToken certificateToken, List<String> alternativeUrls)
      Extracts a list of CRL distribution point URLs to be used in the provided order to retrieve a CRL
      Parameters:
      certificateToken - CertificateToken to retrieve CRL for
      alternativeUrls - a list of String representing alternative URL sources
      Returns:
      a list of String urls

    • executeCRLRequest

      protected CRLBinary executeCRLRequest(String crlUrl)
      Download a CRL from given location
      Parameters:
      crlUrl - String url to download CRL from
      Returns:
      CRLBinary