Class LazyOpensslTrustAnchorStoreImpl
- java.lang.Object
-
- eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore
-
- eu.emi.security.authn.x509.helpers.trust.LazyOpensslTrustAnchorStoreImpl
-
- All Implemented Interfaces:
OpensslTrustAnchorStore,TrustAnchorStore
public class LazyOpensslTrustAnchorStoreImpl extends AbstractTrustAnchorStore implements OpensslTrustAnchorStore
Implementation of the truststore which uses CA certificates from a single directory in OpenSSL format. Each certificate should be stored in a file named HASH.NUM, where HASH is an 8 digit hex number. The NUM must be a number, starting from 0. The hash can be either of openssl pre 1.0.0 version (with 8 least significant digits of the MD5 hash of the certificate subject in DER format) or in openssl 1.0.0 and above format (SHA1 hash of specially normalized DN). The class is configured to use one or another, never both.This class (contrary to the
OpensslTrustAnchorStoreImpl) doesn't extendDirectoryTrustAnchorStoreand therefore certificates (and all corresponding files) are not loaded at startup and kept in memory. The files are loaded on-demand and are only cached in memory for no longer then the updateInterval is.- Author:
- K. Benedyczak
-
-
Field Summary
Fields Modifier and Type Field Description protected CachedElement<java.util.Set<TrustAnchorExt>>cachedAnchorsprotected java.util.Map<javax.security.auth.x500.X500Principal,CachedElement<java.util.Set<TrustAnchorExt>>>cachedAnchorsPerIssuerstatic java.lang.StringCERTS_REGEXP-
Fields inherited from class eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore
observers
-
Fields inherited from interface eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore
CERT_WILDCARD
-
-
Constructor Summary
Constructors Constructor Description LazyOpensslTrustAnchorStoreImpl(java.lang.String basePath, long updateInterval, ObserversHandler observers, boolean openssl1Mode)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voiddispose()NamespacesStoregetGlobusNsStore()NamespacesStoregetPmaNsStore()java.util.Set<java.security.cert.TrustAnchor>getTrustAnchors()java.util.Set<java.security.cert.TrustAnchor>getTrustAnchorsFor(java.security.cert.X509Certificate[] certChain)Algorithm is as follows: for each certificate subject in chain, and for the issuer of the last certificate in chain, it is tried to load a trust anchor defined for such subject.java.security.cert.X509Certificate[]getTrustedCertificates()protected voidtryLoadCert(java.io.File file, java.util.Set<TrustAnchorExt> set)protected java.security.cert.X509CertificatetryLoadCertInternal(java.io.File file)-
Methods inherited from class eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore
checkValidity, getUpdateInterval, setUpdateInterval
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore
getUpdateInterval, setUpdateInterval
-
-
-
-
Field Detail
-
CERTS_REGEXP
public static final java.lang.String CERTS_REGEXP
- See Also:
- Constant Field Values
-
cachedAnchors
protected CachedElement<java.util.Set<TrustAnchorExt>> cachedAnchors
-
cachedAnchorsPerIssuer
protected java.util.Map<javax.security.auth.x500.X500Principal,CachedElement<java.util.Set<TrustAnchorExt>>> cachedAnchorsPerIssuer
-
-
Constructor Detail
-
LazyOpensslTrustAnchorStoreImpl
public LazyOpensslTrustAnchorStoreImpl(java.lang.String basePath, long updateInterval, ObserversHandler observers, boolean openssl1Mode)
-
-
Method Detail
-
tryLoadCertInternal
protected java.security.cert.X509Certificate tryLoadCertInternal(java.io.File file)
-
tryLoadCert
protected void tryLoadCert(java.io.File file, java.util.Set<TrustAnchorExt> set)
-
getPmaNsStore
public NamespacesStore getPmaNsStore()
- Specified by:
getPmaNsStorein interfaceOpensslTrustAnchorStore
-
getGlobusNsStore
public NamespacesStore getGlobusNsStore()
- Specified by:
getGlobusNsStorein interfaceOpensslTrustAnchorStore
-
getTrustAnchors
public java.util.Set<java.security.cert.TrustAnchor> getTrustAnchors()
- Specified by:
getTrustAnchorsin interfaceTrustAnchorStore
-
getTrustedCertificates
public java.security.cert.X509Certificate[] getTrustedCertificates()
- Specified by:
getTrustedCertificatesin interfaceTrustAnchorStore
-
dispose
public void dispose()
- Specified by:
disposein interfaceTrustAnchorStore
-
getTrustAnchorsFor
public java.util.Set<java.security.cert.TrustAnchor> getTrustAnchorsFor(java.security.cert.X509Certificate[] certChain)
Algorithm is as follows: for each certificate subject in chain, and for the issuer of the last certificate in chain, it is tried to load a trust anchor defined for such subject. If successful then also it is tried recursively to load all parent trust anchors for the loaded one.- Parameters:
certChain- certificate chain- Returns:
- set of trust anchors for a given certificate chain
-
-