@Override public String toString() { X509CRL crl = this.crl; if (crl != null) { return this.getClass().getName() + ", wrapped CRL: " + crl.toString(); } else { return this.getClass().getName() + ", no wrapped CRL!"; } } }
/** * {@inheritDoc} * The CRL next update time is compared against the current time with the threshold * applied and rejected if and only if the next update time is in the past. * * @param crl CRL instance to evaluate. * * @throws GeneralSecurityException On expired CRL data. Check the exception type for exact details * * @see org.jasig.cas.adaptors.x509.authentication.handler.support.RevocationPolicy#apply(java.lang.Object) */ @Override public void apply(final X509CRL crl) throws GeneralSecurityException { final Calendar cutoff = Calendar.getInstance(); if (CertUtils.isExpired(crl, cutoff.getTime())) { cutoff.add(Calendar.SECOND, -this.threshold); if (CertUtils.isExpired(crl, cutoff.getTime())) { throw new ExpiredCRLException(crl.toString(), cutoff.getTime(), this.threshold); } logger.info(String.format("CRL expired on %s but is within threshold period, %s seconds.", crl.getNextUpdate(), this.threshold)); } }
/** * {@inheritDoc} * The CRL next update time is compared against the current time with the threshold * applied and rejected if and only if the next update time is in the past. * * @param crl CRL instance to evaluate. * @throws ExpiredCRLException On expired CRL data. Check the exception type for exact details */ @Override public void apply(final X509CRL crl) throws ExpiredCRLException { val cutoff = ZonedDateTime.now(ZoneOffset.UTC); if (CertUtils.isExpired(crl, cutoff)) { if (CertUtils.isExpired(crl, cutoff.minusSeconds(this.threshold))) { throw new ExpiredCRLException(crl.toString(), cutoff, this.threshold); } LOGGER.info(String.format("CRL expired on %s but is within threshold period, %s seconds.", crl.getNextUpdate(), this.threshold)); } } }