2 * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 * @author Tomasz Swierczek (t.swierczek@samsung.com)
21 * @brief Header file for smart cached CRL class
24 #ifndef _SRC_VALIDATION_CORE_CACHED_CRL_
25 #define _SRC_VALIDATION_CORE_CACHED_CRL_
28 #include "IAbstractResponseCache.h"
30 namespace ValidationCore {
32 class CachedCRL : public IAbstractResponseCache {
34 // cache can't be refreshed more frequently than CRL_minTimeValid
35 static const time_t CRL_minTimeValid;
37 // to be even more secure, cache will be refreshed for certificate at least
38 // after CRL_maxTimeValid from last response
39 static const time_t CRL_maxTimeValid;
41 // upon cache refresh, responses that will be invalid in CRL_refreshBefore
42 // seconds will be refreshed
43 static const time_t CRL_refreshBefore;
45 VerificationStatus check(const CertificateCollection &certs);
46 VerificationStatus checkEndEntity(CertificateCollection &certs);
58 // updates CRL cache for distributor URI
59 // useExpiredShift ==true should be used in cron/global cache update
60 // since it updates all CRLs that will be out of date in next
61 // CRL_refreshBefore seconds
62 bool updateCRLForUri(const std::string & uri,
63 bool useExpiredShift);
64 time_t getNextUpdateTime(time_t now, time_t response_validity);
67 } // namespace ValidationCore
69 #endif /* _SRC_VALIDATION_CORE_CACHED_CRL_ */