Module jpms_dss_spi
Package eu.europa.esig.dss.spi.x509.revocation

Class RepositoryRevocationSource<R extends eu.europa.esig.dss.model.x509.revocation.Revocation>

java.lang.Object
eu.europa.esig.dss.spi.x509.revocation.RepositoryRevocationSource<R>
Type Parameters:
R - CRL or OCSP
All Implemented Interfaces:
MultipleRevocationSource<R>, RevocationSource<R>, Serializable
Direct Known Subclasses:
JdbcRevocationSource
public abstract class RepositoryRevocationSource<R extends eu.europa.esig.dss.model.x509.revocation.Revocation> extends Object implements RevocationSource<R>, MultipleRevocationSource<R>
Allows storing and retrieving of revocation data to/from a repository (e.g. database)
See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected RevocationSource<R>
    proxiedSource
    Data source used to access a revocation token that is not present in the repository

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    protected
    RepositoryRevocationSource()
    Default constructor instantiating object with null values

  • Method Summary

    Modifier and Type
    Method
    Description
    protected abstract List<RevocationToken<R>>
    findRevocations(String key, eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertToken)
    Finds a list of RevocationTokens in the cache for the given certificateToken with the corresponding key
    protected abstract List<String>
    getRevocationAccessUrls(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Returns a revocation access URLs of the given revocation type for the provided CertificateToken
    protected String
    getRevocationSourceUrl(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, RevocationToken<R> revocationToken)
    Returns a revocation URL for the given revocationToken
    RevocationToken<R>
    getRevocationToken(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken)
    This method retrieves a RevocationToken for the certificateToken
    RevocationToken<R>
    getRevocationToken(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken, boolean forceRefresh)
    Retrieves a revocation token for the given CertificateToken
    protected abstract String
    getRevocationTokenKey(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, String urlString)
    Gets a unique revocation token identifier used to store the revocation token for this certificateToken within a repository
    List<RevocationToken<R>>
    getRevocationTokens(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken)
    This method retrieves a list of RevocationToken for the certificateToken
    List<RevocationToken<R>>
    getRevocationTokens(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken, boolean forceRefresh)
    Retrieves a list of revocation token for the given CertificateToken
    protected abstract List<String>
    initRevocationTokenKeys(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
    Initialize a list of revocation token keys String from the given CertificateToken
    protected abstract void
    insertRevocation(String revocationKey, RevocationToken<R> token)
    Inserts a new RevocationToken into the cache
    protected abstract void
    removeRevocation(String revocationKey)
    Removes the RevocationToken from cache with the given key
    void
    setDefaultNextUpdateDelay(Long defaultNextUpdateDelay)
    Sets the default next update delay for the cached files in seconds.
    void
    setMaxNextUpdateDelay(Long maxNextUpdateDelay)
    Sets the maximum allowed nextUpdate delay for cached files in seconds.
    void
    setProxySource(RevocationSource<R> proxiedSource)
    The proxied revocation source to be called if the data is not available in the cache
    void
    setRemoveExpired(boolean removeExpired)
    Sets whether the expired revocation data shall be removed from the cache
    protected abstract void
    updateRevocation(String revocationKey, RevocationToken<R> token)
    Updates the RevocationToken into cache

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • proxiedSource

      protected RevocationSource<R extends eu.europa.esig.dss.model.x509.revocation.Revocation> proxiedSource
      Data source used to access a revocation token that is not present in the repository

  • Constructor Details

    • RepositoryRevocationSource

      protected RepositoryRevocationSource()
      Default constructor instantiating object with null values

  • Method Details

    • initRevocationTokenKeys

      protected abstract List<String> initRevocationTokenKeys(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Initialize a list of revocation token keys String from the given CertificateToken
      Parameters:
      certificateToken - CertificateToken
      Returns:
      list of String revocation keys

    • findRevocations

      protected abstract List<RevocationToken<R>> findRevocations(String key, eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertToken)
      Finds a list of RevocationTokens in the cache for the given certificateToken with the corresponding key
      Parameters:
      key - the key String
      certificateToken - CertificateToken
      issuerCertToken - CertificateToken
      Returns:
      a list of RevocationToken objects

    • insertRevocation

      protected abstract void insertRevocation(String revocationKey, RevocationToken<R> token)
      Inserts a new RevocationToken into the cache
      Parameters:
      revocationKey - String
      token - RevocationToken

    • updateRevocation

      protected abstract void updateRevocation(String revocationKey, RevocationToken<R> token)
      Updates the RevocationToken into cache
      Parameters:
      revocationKey - String
      token - RevocationToken

    • removeRevocation

      protected abstract void removeRevocation(String revocationKey)
      Removes the RevocationToken from cache with the given key
      Parameters:
      revocationKey - String

    • setDefaultNextUpdateDelay

      public void setDefaultNextUpdateDelay(Long defaultNextUpdateDelay)
      Sets the default next update delay for the cached files in seconds. If more time has passed from the revocation token's thisUpdate and next update time is not specified, then a fresh copy is downloaded and cached, otherwise a cached copy is used.

      If revocation.nextUpdate = null, then nextUpdate = revocation.thisUpdate + defaultNextUpdateDelay

      Parameters:
      defaultNextUpdateDelay - long value (seconds)

    • setMaxNextUpdateDelay

      public void setMaxNextUpdateDelay(Long maxNextUpdateDelay)
      Sets the maximum allowed nextUpdate delay for cached files in seconds. Allows to force refresh in case of long periods between revocation publication (eg : 6 months for ARL).

      If revocation.nextUpdate > revocation.thisUpdate + maxNextUpdateDelay, then nextUpdate = revocation.thisUpdate + maxNextUpdateDelay

      Parameters:
      maxNextUpdateDelay - long value (seconds)

    • setProxySource

      public void setProxySource(RevocationSource<R> proxiedSource)
      The proxied revocation source to be called if the data is not available in the cache
      Parameters:
      proxiedSource - the proxiedSource to set

    • setRemoveExpired

      public void setRemoveExpired(boolean removeExpired)
      Sets whether the expired revocation data shall be removed from the cache

      Default : TRUE (expired revocation data is being removed from the cache)

      Parameters:
      removeExpired - the removeExpired to set

    • getRevocationToken

      public RevocationToken<R> getRevocationToken(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken)
      Description copied from interface: RevocationSource
      This method retrieves a RevocationToken for the certificateToken
      Specified by:
      getRevocationToken in interface RevocationSource<R extends eu.europa.esig.dss.model.x509.revocation.Revocation>
      Parameters:
      certificateToken - The CertificateToken for which the request is made
      issuerCertificateToken - The CertificateToken which is the issuer of the certificateToken
      Returns:
      an instance of RevocationToken

    • getRevocationToken

      public RevocationToken<R> getRevocationToken(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken, boolean forceRefresh)
      Retrieves a revocation token for the given CertificateToken
      Parameters:
      certificateToken - CertificateToken
      issuerCertificateToken - CertificateToken of the issuer of certificateToken
      forceRefresh - if true, explicitly skips the cache
      Returns:
      RevocationToken

    • getRevocationTokens

      public List<RevocationToken<R>> getRevocationTokens(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken)
      Description copied from interface: MultipleRevocationSource
      This method retrieves a list of RevocationToken for the certificateToken
      Specified by:
      getRevocationTokens in interface MultipleRevocationSource<R extends eu.europa.esig.dss.model.x509.revocation.Revocation>
      Parameters:
      certificateToken - The CertificateToken for which the request is made
      issuerCertificateToken - The CertificateToken which is the issuer of the certificateToken
      Returns:
      a list of RevocationToken

    • getRevocationTokens

      public List<RevocationToken<R>> getRevocationTokens(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, eu.europa.esig.dss.model.x509.CertificateToken issuerCertificateToken, boolean forceRefresh)
      Retrieves a list of revocation token for the given CertificateToken
      Parameters:
      certificateToken - CertificateToken
      issuerCertificateToken - CertificateToken of the issuer of certificateToken
      forceRefresh - if true, explicitly skips the cache
      Returns:
      a list of RevocationTokens

    • getRevocationSourceUrl

      protected String getRevocationSourceUrl(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, RevocationToken<R> revocationToken)
      Returns a revocation URL for the given revocationToken
      Parameters:
      certificateToken - CertificateToken
      revocationToken - RevocationToken
      Returns:
      String

    • getRevocationAccessUrls

      protected abstract List<String> getRevocationAccessUrls(eu.europa.esig.dss.model.x509.CertificateToken certificateToken)
      Returns a revocation access URLs of the given revocation type for the provided CertificateToken
      Parameters:
      certificateToken - CertificateToken to get revocation URLs for
      Returns:
      a list of String URLs

    • getRevocationTokenKey

      protected abstract String getRevocationTokenKey(eu.europa.esig.dss.model.x509.CertificateToken certificateToken, String urlString)
      Gets a unique revocation token identifier used to store the revocation token for this certificateToken within a repository
      Parameters:
      certificateToken - CertificateToken
      urlString - String representing a URL used to download the revocation token from
      Returns:
      String revocation token key