Package eu.europa.esig.dss.validation

Class RevocationDataLoadingStrategy

java.lang.Object
eu.europa.esig.dss.validation.RevocationDataLoadingStrategy
Direct Known Subclasses:
CRLFirstRevocationDataLoadingStrategy, OCSPFirstRevocationDataLoadingStrategy
public abstract class RevocationDataLoadingStrategy extends Object
This class allows retrieving of Revocation data from CRL or OCSP sources, based on the defined strategy NOTE: The implemented object does not require setting of OCSP/CRL/RevocationDataVerifier sources on instantiation from the user. All the values are automatically configured and set in eu.europa.esig.dss.validation.SignatureValidationContext based on the parameters defined in the provided eu.europa.esig.dss.validation.CertificateVerifier

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected RevocationSource<eu.europa.esig.dss.model.x509.revocation.crl.CRL>
    crlSource
    The CRL revocation source
    protected boolean
    fallbackEnabled
    When enabled, returns first obtained revocation token, if both OCSP and CRL requests failed
    protected RevocationSource<eu.europa.esig.dss.model.x509.revocation.ocsp.OCSP>
    ocspSource
    The OCSP revocation source
    protected RevocationDataVerifier
    revocationDataVerifier
    Used to verify the validity of obtained revocation data

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    protected
    RevocationDataLoadingStrategy()
    Default constructor instantiating object with null values

  • Method Summary

    Modifier and Type
    Method
    Description
    protected RevocationToken<eu.europa.esig.dss.model.x509.revocation.crl.CRL>
    checkCRL(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerToken)
    Retrieves and verifies the obtained CRL token NOTE: returns only if a valid entry has been obtained!
    protected RevocationToken<eu.europa.esig.dss.model.x509.revocation.ocsp.OCSP>
    checkOCSP(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerToken)
    Retrieves and verifies the obtained OCSP token NOTE: returns only if a valid entry has been obtained!
    abstract RevocationToken
    getRevocationToken(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken)
    This method retrieves a RevocationToken for the given certificateToken
    protected boolean
    isAcceptableToken(RevocationToken<?> revocationToken)
    This method verifies whether the obtained revocation token is acceptable

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • crlSource

      protected RevocationSource<eu.europa.esig.dss.model.x509.revocation.crl.CRL> crlSource
      The CRL revocation source

    • ocspSource

      protected RevocationSource<eu.europa.esig.dss.model.x509.revocation.ocsp.OCSP> ocspSource
      The OCSP revocation source

    • revocationDataVerifier

      protected RevocationDataVerifier revocationDataVerifier
      Used to verify the validity of obtained revocation data

    • fallbackEnabled

      protected boolean fallbackEnabled
      When enabled, returns first obtained revocation token, if both OCSP and CRL requests failed

  • Constructor Details

    • RevocationDataLoadingStrategy

      protected RevocationDataLoadingStrategy()
      Default constructor instantiating object with null values

  • Method Details

    • getRevocationToken

      public abstract RevocationToken getRevocationToken(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken)
      This method retrieves a RevocationToken for the given certificateToken
      Parameters:
      certificateToken - The CertificateToken for which the request is made
      issuerCertificateToken - The CertificateToken which is the issuer of the certificateToken
      Returns:
      an instance of RevocationToken

    • checkCRL

      protected RevocationToken<eu.europa.esig.dss.model.x509.revocation.crl.CRL> checkCRL(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerToken)
      Retrieves and verifies the obtained CRL token NOTE: returns only if a valid entry has been obtained!
      Parameters:
      certificateToken - CertificateToken to get CRL for
      issuerToken - CertificateToken issuer of certificateToken
      Returns:
      RevocationToken

    • checkOCSP

      protected RevocationToken<eu.europa.esig.dss.model.x509.revocation.ocsp.OCSP> checkOCSP(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerToken)
      Retrieves and verifies the obtained OCSP token NOTE: returns only if a valid entry has been obtained!
      Parameters:
      certificateToken - CertificateToken to get OCSP for
      issuerToken - CertificateToken issuer of certificateToken
      Returns:
      RevocationToken

    • isAcceptableToken

      protected boolean isAcceptableToken(RevocationToken<?> revocationToken)
      This method verifies whether the obtained revocation token is acceptable
      Parameters:
      revocationToken - RevocationToken to be checked
      Returns:
      TRUE if the token is acceptable and can be returned, FALSE otherwise