Package eu.europa.esig.dss.spi.x509.revocation

Class RevocationToken<R extends Revocation>

java.lang.Object

eu.europa.esig.dss.model.x509.Token

eu.europa.esig.dss.spi.x509.revocation.RevocationToken<R>

Type Parameters:

R - Revocation

All Implemented Interfaces:

IdentifierBasedObject, Serializable

Direct Known Subclasses:

CRLToken, OCSPToken

public abstract class RevocationToken<R extends Revocation>
extends Token

Represents a revocation data token

See Also:

• Serialized Form

Field Summary

Fields

Modifier and Type	Field	Description
protected Date	archiveCutOff	archive-cut-off time extension
protected boolean	certHashMatch	Represents if the certHash extension from an OCSP Response is match with the related certificate's hash (optional)
protected boolean	certHashPresent	Represents if the certHash extension from an OCSP Response is present (optional)
protected Date	expiredCertsOnCRL	expired-certs-on-crl time extension
protected RevocationOrigin	externalOrigin	The external origin (ONLINE or CACHED)
protected Date	nextUpdate	Represents the next update date of the CRL or null for OCSP response.
protected Date	productionDate	Represents the production date of the OCSP response or the thisUpdate in case of CRL.
protected RevocationReason	reason	The reason of the revocation.
protected CertificateToken	relatedCertificate	Related CertificateToken to this revocation object
protected Date	revocationDate	Represents the revocation date from an X509CRLEntry or from an BasicOCSPResp (if the related certificate is revoked)
protected String	sourceURL	The URL which was used to obtain the revocation data (online).
protected CertificateStatus	status	Contains the revocation status of the token.
protected Date	thisUpdate	Represents the this update date of the CRL.

Fields inherited from class eu.europa.esig.dss.model.x509.Token

publicKeyOfTheSigner, signatureAlgorithm, signatureInvalidityReason, signatureValidity

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	RevocationToken()	Default constructor instantiating object with null values

Method Summary

Modifier and Type	Method	Description
protected TokenIdentifier	buildTokenIdentifier()	Builds a token unique identifier
boolean	equals(Object obj)
Date	getArchiveCutOff()	Returns the archiveCutOff date (from an OCSP Response)
abstract RevocationCertificateSource	getCertificateSource()	Returns a source of embedded into a revocation token certificates
Date	getCreationDate()	Returns the creation date of this token.
Date	getExpiredCertsOnCRL()	Returns the expiredCertsOnCRL date (from CRL)
RevocationOrigin	getExternalOrigin()	Gets the external origin
abstract CertificateToken	getIssuerCertificateToken()	Returns issuer CertificateToken
Date	getNextUpdate()	Returns the date of the next update
Date	getProductionDate()	Returns the generation time of the current revocation data (when it was signed)
RevocationReason	getReason()	Returns the revocation reason (if the token has been revoked)
CertificateToken	getRelatedCertificate()	Returns a certificate token the current revocation data has been issued for
String	getRelatedCertificateId()	Gets DSS String Id of the related certificate
Date	getRevocationDate()	Returns the revocation date (if the token has been revoked)
abstract RevocationType	getRevocationType()	Returns the Revocation Token type (CRL or OCSP)
String	getSourceURL()	Returns the URL of the source (if available)
CertificateStatus	getStatus()	Returns the certificate status
Date	getThisUpdate()	Returns the date of the this update
int	hashCode()
boolean	isCertHashMatch()	Returns TRUE if the certHash extension (from an OCSP Response) is match to the hash of related certificate token
boolean	isCertHashPresent()	Returns TRUE if the certHash extension (from an OCSP Response) is present
boolean	isInternal()	This method returns true if the token was not collected from an external resource (online or jdbc)
void	setExternalOrigin(RevocationOrigin origin)	Sets the external origin
void	setSourceURL(String sourceURL)	This sets the revocation data source URL.

Methods inherited from class eu.europa.esig.dss.model.x509.Token

checkIsSignedBy, getAbbreviation, getDigest, getDSSId, getDSSIdAsString, getEncoded, getInvalidityReason, getIssuerX500Principal, getPublicKeyOfTheSigner, getSignatureAlgorithm, getSignatureValidity, isSelfSigned, isSignatureIntact, isSignedBy, isSignedBy, isValid, toString, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Details

relatedCertificate

protected CertificateToken relatedCertificate

Related CertificateToken to this revocation object

sourceURL

protected String sourceURL

The URL which was used to obtain the revocation data (online).

externalOrigin

protected RevocationOrigin externalOrigin

The external origin (ONLINE or CACHED)

status

protected CertificateStatus status

Contains the revocation status of the token.

productionDate

protected Date productionDate

Represents the production date of the OCSP response or the thisUpdate in case of CRL.

thisUpdate

protected Date thisUpdate

Represents the this update date of the CRL.

nextUpdate

protected Date nextUpdate

Represents the next update date of the CRL or null for OCSP response.

revocationDate

protected Date revocationDate

Represents the revocation date from an X509CRLEntry or from an BasicOCSPResp (if the related certificate is revoked)

expiredCertsOnCRL

protected Date expiredCertsOnCRL

expired-certs-on-crl time extension

archiveCutOff

protected Date archiveCutOff

archive-cut-off time extension

certHashPresent

protected boolean certHashPresent

Represents if the certHash extension from an OCSP Response is present (optional)

certHashMatch

protected boolean certHashMatch

Represents if the certHash extension from an OCSP Response is match with the related certificate's hash (optional)

reason

protected RevocationReason reason

The reason of the revocation.

Constructor Details

RevocationToken

protected RevocationToken()

Default constructor instantiating object with null values

Method Details

getRevocationType

public abstract RevocationType getRevocationType()

Returns the Revocation Token type (CRL or OCSP)

Returns:

RevocationType of the token

getRelatedCertificate

public CertificateToken getRelatedCertificate()

Returns a certificate token the current revocation data has been issued for

Returns:

CertificateToken

getRelatedCertificateId

public String getRelatedCertificateId()

Gets DSS String Id of the related certificate

Returns:

String

getIssuerCertificateToken

public abstract CertificateToken getIssuerCertificateToken()

Returns issuer CertificateToken

Returns:

issuer CertificateToken

getSourceURL

public String getSourceURL()

Returns the URL of the source (if available)

Returns:

URL of the CRL/OCSP Server (if available)

setSourceURL

public void setSourceURL(String sourceURL)

This sets the revocation data source URL. It is only used in case of OnlineSource.

Parameters:

sourceURL - the URL which was used to retrieve this CRL

getStatus

public CertificateStatus getStatus()

Returns the certificate status

Returns:

the certificate status

getProductionDate

public Date getProductionDate()

Returns the generation time of the current revocation data (when it was signed)

Returns:

the production time of the current revocation data

getCreationDate

public Date getCreationDate()

Description copied from class: Token

Returns the creation date of this token. This date is mainly used to retrieve the correct issuer within a collection of renewed certificates (new certificate with the same key pair).

Specified by:

getCreationDate in class Token

Returns:

the creation date of the token (notBefore for a certificate, productionDate for revocation data,...)

getThisUpdate

public Date getThisUpdate()

Returns the date of the this update

Returns:

the this update date

getNextUpdate

public Date getNextUpdate()

Returns the date of the next update

Returns:

the next update date

getRevocationDate

public Date getRevocationDate()

Returns the revocation date (if the token has been revoked)

Returns:

the revocation date or null

getExpiredCertsOnCRL

public Date getExpiredCertsOnCRL()

Returns the expiredCertsOnCRL date (from CRL)

Returns:

the expiredCertsOnCRL date value from a CRL or null

getArchiveCutOff

public Date getArchiveCutOff()

Returns the archiveCutOff date (from an OCSP Response)

Returns:

the archiveCutOff date or null

isCertHashPresent

public boolean isCertHashPresent()

Returns TRUE if the certHash extension (from an OCSP Response) is present

Returns:

the TRUE if certHash is present, FALSE otherwise

isCertHashMatch

public boolean isCertHashMatch()

Returns TRUE if the certHash extension (from an OCSP Response) is match to the hash of related certificate token

Returns:

the TRUE if certHash is match, FALSE otherwise

getReason

public RevocationReason getReason()

Returns the revocation reason (if the token has been revoked)

Returns:

the revocation reason or null

getCertificateSource

public abstract RevocationCertificateSource getCertificateSource()

Returns a source of embedded into a revocation token certificates

Returns:

RevocationCertificateSource

setExternalOrigin

public void setExternalOrigin(RevocationOrigin origin)

Sets the external origin

Parameters:

origin - RevocationOrigin

getExternalOrigin

public RevocationOrigin getExternalOrigin()

Gets the external origin

Returns:

RevocationOrigin

isInternal

public boolean isInternal()

This method returns true if the token was not collected from an external resource (online or jdbc)

Returns:

true if the token comes from a signature/timestamp

buildTokenIdentifier

protected TokenIdentifier buildTokenIdentifier()

Description copied from class: Token

Builds a token unique identifier

Specified by:

buildTokenIdentifier in class Token

Returns:

TokenIdentifier

hashCode

public int hashCode()

Overrides:

hashCode in class Token

equals

public boolean equals(Object obj)

Overrides:

equals in class Token