LazyOpensslTrustAnchorStoreImpl (canl 2.5.0 API)

java.lang.Object
- eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore
- - eu.emi.security.authn.x509.helpers.trust.LazyOpensslTrustAnchorStoreImpl

All Implemented Interfaces:

OpensslTrustAnchorStore, TrustAnchorStore
```
public class LazyOpensslTrustAnchorStoreImpl
extends AbstractTrustAnchorStore
implements OpensslTrustAnchorStore
```
Implementation of the truststore which uses CA certificates from a single directory in OpenSSL format. Each certificate should be stored in a file named HASH.NUM, where HASH is an 8 digit hex number. The NUM must be a number, starting from 0. The hash can be either of openssl pre 1.0.0 version (with 8 least significant digits of the MD5 hash of the certificate subject in DER format) or in openssl 1.0.0 and above format (SHA1 hash of specially normalized DN). The class is configured to use one or another, never both.
This class (contrary to the OpensslTrustAnchorStoreImpl) doesn't extend DirectoryTrustAnchorStore and therefore certificates (and all corresponding files) are not loaded at startup and kept in memory. The files are loaded on-demand and are only cached in memory for no longer then the updateInterval is.

Author:

K. Benedyczak

Field Summary

Fields
Modifier and Type	Field and Description
`protected CachedElement<Set<TrustAnchorExt>>`	`cachedAnchors`
`protected Map<X500Principal,CachedElement<Set<TrustAnchorExt>>>`	`cachedAnchorsPerIssuer`
`static String`	`CERTS_REGEXP`

Fields inherited from class eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore
observers

Fields inherited from interface eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore
CERT_WILDCARD

Constructor Summary

Constructors
Constructor and Description
`LazyOpensslTrustAnchorStoreImpl(String basePath, long updateInterval, ObserversHandler observers, boolean openssl1Mode)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`dispose()`
`NamespacesStore`	`getGlobusNsStore()`
`NamespacesStore`	`getPmaNsStore()`
`Set<TrustAnchor>`	`getTrustAnchors()`
`Set<TrustAnchor>`	`getTrustAnchorsFor(X509Certificate[] certChain)` Algorithm is as follows: for each certificate subject in chain, and for the issuer of the last certificate in chain, it is tried to load a trust anchor defined for such subject.
`X509Certificate[]`	`getTrustedCertificates()`
`protected void`	`tryLoadCert(File file, Set<TrustAnchorExt> set)`
`protected X509Certificate`	`tryLoadCertInternal(File file)`

Methods inherited from class eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore
checkValidity, getUpdateInterval, setUpdateInterval

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore
getUpdateInterval, setUpdateInterval

Field Detail

CERTS_REGEXP

public static final String CERTS_REGEXP

See Also:: Constant Field Values

cachedAnchors

protected CachedElement<Set<TrustAnchorExt>> cachedAnchors

cachedAnchorsPerIssuer

protected Map<X500Principal,CachedElement<Set<TrustAnchorExt>>> cachedAnchorsPerIssuer

Constructor Detail

LazyOpensslTrustAnchorStoreImpl

public LazyOpensslTrustAnchorStoreImpl(String basePath,
                                       long updateInterval,
                                       ObserversHandler observers,
                                       boolean openssl1Mode)

Method Detail
- tryLoadCertInternal
```
protected X509Certificate tryLoadCertInternal(File file)
```
- tryLoadCert
```
protected void tryLoadCert(File file,
                           Set<TrustAnchorExt> set)
```
- getPmaNsStore
```
public NamespacesStore getPmaNsStore()
```
  Specified by:
  
  getPmaNsStore in interface OpensslTrustAnchorStore
- getGlobusNsStore
```
public NamespacesStore getGlobusNsStore()
```
  Specified by:
  
  getGlobusNsStore in interface OpensslTrustAnchorStore
- getTrustAnchors
```
public Set<TrustAnchor> getTrustAnchors()
```
  Specified by:
  
  getTrustAnchors in interface TrustAnchorStore
- getTrustedCertificates
```
public X509Certificate[] getTrustedCertificates()
```
  Specified by:
  
  getTrustedCertificates in interface TrustAnchorStore
- dispose
```
public void dispose()
```
  Specified by:
  
  dispose in interface TrustAnchorStore
- getTrustAnchorsFor
```
public Set<TrustAnchor> getTrustAnchorsFor(X509Certificate[] certChain)
```
  Algorithm is as follows: for each certificate subject in chain, and for the issuer of the last certificate in chain, it is tried to load a trust anchor defined for such subject. If successful then also it is tried recursively to load all parent trust anchors for the loaded one.
  
  Parameters:
  
  certChain - certificate chain
  
  Returns:
  
  set of trust anchors for a given certificate chain

Class LazyOpensslTrustAnchorStoreImpl

Field Summary

Fields inherited from class eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore

Fields inherited from interface eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore

Constructor Summary

Method Summary

Methods inherited from class eu.emi.security.authn.x509.helpers.trust.AbstractTrustAnchorStore

Methods inherited from class java.lang.Object

Methods inherited from interface eu.emi.security.authn.x509.helpers.trust.TrustAnchorStore

Field Detail

CERTS_REGEXP

cachedAnchors

cachedAnchorsPerIssuer

Constructor Detail

LazyOpensslTrustAnchorStoreImpl

Method Detail

tryLoadCertInternal

tryLoadCert

getPmaNsStore

getGlobusNsStore

getTrustAnchors

getTrustedCertificates

dispose

getTrustAnchorsFor