class CRLchecker {
  private X509CRL crl;
  private JSPhandler handler;
  public CRLchecker(JSPhandler handler)
    throws NamingException, CertificateException,
    CRLException, IOException {
    this.handler = handler;
    refresh();
  }
  private void refresh() throws NamingException,
    CertificateException, CRLException,
    IOException {
    Hashtable env = new Hashtable();
    env.put(Context.INITIAL_CONTEXT_FACTORY,
      "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, handler.CRLURL);
	  env.put(Context.REFERRAL, "follow");
    env.put(Context.SECURITY_AUTHENTICATION,
      "simple");
    if (handler.LDAPuser != null)
      env.put(Context.SECURITY_PRINCIPAL,
      handler.LDAPuser);
    if (handler.LDAPpasswd != null)
      env.put(Context.SECURITY_CREDENTIALS,
      handler.LDAPpasswd);
    DirContext ctx = new InitialDirContext(env);
    Attributes avals = ctx.getAttributes("");
    Attribute aval = avals.get(
      "certificateRevocationList");
    byte[] val = (byte[])aval.get();
    InputStream inStream = new
      ByteArrayInputStream(val);
    CertificateFactory cf =
      CertificateFactory.getInstance("X.509");
    crl = (X509CRL)cf.generateCRL(inStream);
    inStream.close();
  }
  public long getNextUpdate() throws
    NamingException, CertificateException,
    CRLException, IOException {
    refresh();
    if (crl == null)
      throw new NamingException(
      "CRLchecker.getNextUpdate ERROR null CRL");
    Date nextUpdate = crl.getNextUpdate();
    if (nextUpdate != null)
      return nextUpdate.getTime();
    else
      return 7 * 24 * 3600 * 1000;
  }
  public void check(X509Certificate cert)
    throws javax.servlet.ServletException {
    if (crl == null)
      throw new javax.servlet.ServletException(
        "CRLchecker.check ERROR null CRL");
    X509CRLEntry xce = crl.getRevokedCertificate(
      cert.getSerialNumber());
    if (xce != null)
      throw new javax.servlet.ServletException(
        "CRLchecker.check revoked certificate");
  }
}