eu.emi.security.authn.x509.helpers.trust
Class LazyOpensslTrustAnchorStoreImpl

java.lang.Object
  extended by eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore
      extended by eu.emi.security.authn.x509.helpers.trust.LazyOpensslTrustAnchorStoreImpl
All Implemented Interfaces:
OpensslTrustAnchorStore, TrustAnchorStore

public class LazyOpensslTrustAnchorStoreImpl
extends AbstractTrustAnchorStore
implements OpensslTrustAnchorStore

Implementation of the truststore which uses CA certificates from a single directory in OpenSSL format. Each certificate should be stored in a file named HASH.NUM, where HASH is an 8 digit hex number. The NUM must be a number, starting from 0. The hash can be either of openssl pre 1.0.0 version (with 8 least significant digits of the MD5 hash of the certificate subject in DER format) or in openssl 1.0.0 and above format (SHA1 hash of specially normalized DN). The class is configured to use one or another, never both.

This class (contrary to the OpensslTrustAnchorStoreImpl) doesn't extend DirectoryTrustAnchorStore and therefore certificates (and all corresponding files) are not loaded at startup and kept in memory. The files are loaded on-demand and are only cached in memory for no longer then the updateInterval is.

Author:
K. Benedyczak

Field Summary
protected  CachedElement<Set<TrustAnchorExt>> cachedAnchors
           
protected  Map<X500Principal,CachedElement<Set<TrustAnchorExt>>> cachedAnchorsPerIssuer
           
static String CERTS_REGEXP
           
 
Fields inherited from class eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore
observers, updateInterval
 
Fields inherited from interface eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore
CERT_WILDCARD
 
Constructor Summary
LazyOpensslTrustAnchorStoreImpl(String basePath, long updateInterval, ObserversHandler observers, boolean openssl1Mode)
           
 
Method Summary
 void dispose()
           
 NamespacesStore getGlobusNsStore()
           
 NamespacesStore getPmaNsStore()
           
 Set<TrustAnchor> getTrustAnchors()
           
 Set<TrustAnchor> getTrustAnchorsFor(X509Certificate[] certChain)
          Algorithm is as follows: for each certificate subject in chain, and for the issuer of the last certificate in chain, it is tried to load a trust anchor defined for such subject.
 X509Certificate[] getTrustedCertificates()
           
protected  void tryLoadCert(File file, Set<TrustAnchorExt> set)
           
protected  X509Certificate tryLoadCertInternal(File file)
           
 
Methods inherited from class eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore
checkValidity, getUpdateInterval, setUpdateInterval
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore
getUpdateInterval, setUpdateInterval
 

Field Detail

CERTS_REGEXP

public static final String CERTS_REGEXP
See Also:
Constant Field Values

cachedAnchors

protected CachedElement<Set<TrustAnchorExt>> cachedAnchors

cachedAnchorsPerIssuer

protected Map<X500Principal,CachedElement<Set<TrustAnchorExt>>> cachedAnchorsPerIssuer
Constructor Detail

LazyOpensslTrustAnchorStoreImpl

public LazyOpensslTrustAnchorStoreImpl(String basePath,
                                       long updateInterval,
                                       ObserversHandler observers,
                                       boolean openssl1Mode)
Method Detail

tryLoadCertInternal

protected X509Certificate tryLoadCertInternal(File file)

tryLoadCert

protected void tryLoadCert(File file,
                           Set<TrustAnchorExt> set)

getPmaNsStore

public NamespacesStore getPmaNsStore()
Specified by:
getPmaNsStore in interface OpensslTrustAnchorStore

getGlobusNsStore

public NamespacesStore getGlobusNsStore()
Specified by:
getGlobusNsStore in interface OpensslTrustAnchorStore

getTrustAnchors

public Set<TrustAnchor> getTrustAnchors()
Specified by:
getTrustAnchors in interface TrustAnchorStore

getTrustedCertificates

public X509Certificate[] getTrustedCertificates()
Specified by:
getTrustedCertificates in interface TrustAnchorStore

dispose

public void dispose()
Specified by:
dispose in interface TrustAnchorStore

getTrustAnchorsFor

public Set<TrustAnchor> getTrustAnchorsFor(X509Certificate[] certChain)
Algorithm is as follows: for each certificate subject in chain, and for the issuer of the last certificate in chain, it is tried to load a trust anchor defined for such subject. If successful then also it is tried recursively to load all parent trust anchors for the loaded one.

Parameters:
certChain -
Returns:


Copyright © 2012-2014 European Middleware Initiative. All Rights Reserved.