eu.emi.security.authn.x509.helpers.trust
Class LazyOpensslTrustAnchorStoreImpl
java.lang.Object
eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore
eu.emi.security.authn.x509.helpers.trust.LazyOpensslTrustAnchorStoreImpl
- All Implemented Interfaces:
- OpensslTrustAnchorStore, TrustAnchorStore
public class LazyOpensslTrustAnchorStoreImpl
- extends AbstractTrustAnchorStore
- implements OpensslTrustAnchorStore
Implementation of the truststore which uses CA certificates from a single directory
in OpenSSL format. Each certificate should be stored in a file named HASH.NUM,
where HASH is an 8 digit hex number. The NUM must be a number, starting from 0.
The hash can be either of openssl pre 1.0.0 version
(with 8 least significant digits of the MD5 hash of the certificate subject in DER format)
or in openssl 1.0.0 and above format (SHA1 hash of specially normalized DN). The class is configured
to use one or another, never both.
This class (contrary to the OpensslTrustAnchorStoreImpl
) doesn't extend DirectoryTrustAnchorStore
and therefore certificates (and all corresponding files) are not loaded at startup and kept in memory.
The files are loaded on-demand and are only cached in memory for no longer then the updateInterval is.
- Author:
- K. Benedyczak
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
CERTS_REGEXP
public static final String CERTS_REGEXP
- See Also:
- Constant Field Values
cachedAnchors
protected CachedElement<Set<TrustAnchorExt>> cachedAnchors
cachedAnchorsPerIssuer
protected Map<X500Principal,CachedElement<Set<TrustAnchorExt>>> cachedAnchorsPerIssuer
LazyOpensslTrustAnchorStoreImpl
public LazyOpensslTrustAnchorStoreImpl(String basePath,
long updateInterval,
ObserversHandler observers,
boolean openssl1Mode)
tryLoadCertInternal
protected X509Certificate tryLoadCertInternal(File file)
tryLoadCert
protected void tryLoadCert(File file,
Set<TrustAnchorExt> set)
getPmaNsStore
public NamespacesStore getPmaNsStore()
- Specified by:
getPmaNsStore
in interface OpensslTrustAnchorStore
getGlobusNsStore
public NamespacesStore getGlobusNsStore()
- Specified by:
getGlobusNsStore
in interface OpensslTrustAnchorStore
getTrustAnchors
public Set<TrustAnchor> getTrustAnchors()
- Specified by:
getTrustAnchors
in interface TrustAnchorStore
getTrustedCertificates
public X509Certificate[] getTrustedCertificates()
- Specified by:
getTrustedCertificates
in interface TrustAnchorStore
dispose
public void dispose()
- Specified by:
dispose
in interface TrustAnchorStore
getTrustAnchorsFor
public Set<TrustAnchor> getTrustAnchorsFor(X509Certificate[] certChain)
- Algorithm is as follows: for each certificate subject in chain, and for the issuer of the last
certificate in chain, it is tried to load a trust anchor defined for such subject. If successful
then also it is tried recursively to load all parent trust anchors for the loaded one.
- Parameters:
certChain
-
- Returns:
Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.