CRLVerifier (Apache Synapse - Non-blocking HTTP/s Transport 4.1.0-wso2v21 API)

java.lang.Object

org.apache.synapse.transport.certificatevalidation.crl.CRLVerifier

All Implemented Interfaces:: RevocationVerifier

public class CRLVerifier extends Object implements RevocationVerifier

This is used to verify a certificate is revoked or not by using the Certificate Revocation List published by the CA.

Constructor Summary

Constructors

Constructor

Description

CRLVerifier(CRLCache cache)
Method Summary

Modifier and Type

Method

Description

RevocationStatus

checkRevocationStatus(X509Certificate peerCert, X509Certificate issuerCert)

Checks revocation status (Good, Revoked) of the peer certificate.

protected X509CRL

downloadCRLFromWeb(String crlURL)

Downloads CRL from the crlUrl.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- CRLVerifier
  
  public CRLVerifier(CRLCache cache)
Method Details
- checkRevocationStatus
  
  public RevocationStatus checkRevocationStatus(X509Certificate peerCert, X509Certificate issuerCert) throws CertificateVerificationException
  
  Checks revocation status (Good, Revoked) of the peer certificate. IssuerCertificate can be used to check if the CRL URL has the Issuers Domain name. But this is not implemented at the moment.
  
  Specified by:
  
  checkRevocationStatus in interface RevocationVerifier
  
  Parameters:
  
  peerCert - peer certificate
  
  issuerCert - issuer certificate of the peer. not used currently.
  
  Returns:
  
  revocation status of the peer certificate.
  
  Throws:
  
  CertificateVerificationException
- downloadCRLFromWeb
  
  protected X509CRL downloadCRLFromWeb(String crlURL) throws IOException, CertificateVerificationException
  
  Downloads CRL from the crlUrl. Does not support HTTPS
  
  Throws:
  
  IOException
  
  CertificateVerificationException