Package eu.emi.security.authn.x509.helpers.crl

Class PlainCRLStoreSpi

  • Direct Known Subclasses:
    OpensslCRLStoreSpi
    public class PlainCRLStoreSpi
extends AbstractCRLStoreSPI
    Handles an in-memory CRL store.

    CRLs may be provided as URLs or local files. If the CRL is provided as a local file (i.e. is not an absolute URL) then it can contain wildcard characters ('*', '?'). In case of wildcard locations, the actual file list is regenerated on each update.

    All CRLs are loaded and parsed to establish CA->CRL mapping. This mapping is updated after the updateInterval time is passed.

    Faulty CRL locations together with the respective errors can be obtained by using a listener.

    It is possible to pass more then one location of CRLs of the same CA.

    The class is implemented in an asynchronous mode: CRLs are resolved on regular intervals (or only once on startup). The CRL searching is independent of the updates. It can block to download, read and subsequently parse a CRL if it is not present in the in-memory cache.

    CRLs downloaded from a remote URL (http or ftp) can be cached on a local disk. If the update task can not download the CRL which was previously cached on disk, then the version from disk is returned.

    This class is thread safe.

    Author:
    K. Benedyczak

    • Constructor Detail

      • PlainCRLStoreSpi

        public PlainCRLStoreSpi​(CRLParameters params,
                        java.util.Timer t,
                        ObserversHandler observers)
                 throws java.security.InvalidAlgorithmParameterException
        Creates a new CRL store. The store will be empty until the start() method is called.
        Parameters:
        params - CRL parameters
        t - timer
        observers - observers handler
        Throws:
        java.security.InvalidAlgorithmParameterException - invalid algorithm parameter exception

    • Method Detail

      • start

        public void start()
        Initiates the store operation (the initial update and subsequent refreshes)

      • loadCRL

        protected java.security.cert.X509CRL loadCRL​(java.net.URL url)
                                      throws java.io.IOException,
                                             java.security.cert.CRLException,
                                             java.net.URISyntaxException
        Throws:
        java.io.IOException
        java.security.cert.CRLException
        java.net.URISyntaxException

      • getLocations

        public java.util.List<java.lang.String> getLocations()

      • getUpdateInterval

        public long getUpdateInterval()

      • reloadCRL

        protected java.security.cert.X509CRL reloadCRL​(java.net.URL location)

      • addCRL

        protected void addCRL​(java.security.cert.X509CRL crl,
                      java.net.URL location)

      • getCRLForIssuer

        protected java.util.Collection<java.security.cert.X509CRL> getCRLForIssuer​(javax.security.auth.x500.X500Principal issuer)
        Specified by:
        getCRLForIssuer in class AbstractCRLStoreSPI

      • getCRLWithMatcher

        protected java.util.Collection<java.security.cert.X509CRL> getCRLWithMatcher​(java.security.cert.CRLSelector selectorRaw)
        Specified by:
        getCRLWithMatcher in class AbstractCRLStoreSPI

      • dispose

        public void dispose()
        After calling this method no notification will be produced and subsequent updates won't be scheduled. However one next update may be run.
        Specified by:
        dispose in class AbstractCRLStoreSPI