public class LazyOpensslTrustAnchorStoreImpl extends AbstractTrustAnchorStore implements OpensslTrustAnchorStore
This class (contrary to the OpensslTrustAnchorStoreImpl
) doesn't extend DirectoryTrustAnchorStore
and therefore certificates (and all corresponding files) are not loaded at startup and kept in memory.
The files are loaded on-demand and are only cached in memory for no longer then the updateInterval is.
Modifier and Type | Field and Description |
---|---|
private java.io.File |
baseDirectory |
protected CachedElement<java.util.Set<TrustAnchorExt>> |
cachedAnchors |
protected java.util.Map<javax.security.auth.x500.X500Principal,CachedElement<java.util.Set<TrustAnchorExt>>> |
cachedAnchorsPerIssuer |
static java.lang.String |
CERTS_REGEXP |
private NamespacesStore |
globusNsStore |
private boolean |
openssl1Mode |
private NamespacesStore |
pmaNsStore |
observers
CERT_WILDCARD
Constructor and Description |
---|
LazyOpensslTrustAnchorStoreImpl(java.lang.String basePath,
long updateInterval,
ObserversHandler observers,
boolean openssl1Mode) |
Modifier and Type | Method and Description |
---|---|
void |
dispose() |
NamespacesStore |
getGlobusNsStore() |
NamespacesStore |
getPmaNsStore() |
java.util.Set<java.security.cert.TrustAnchor> |
getTrustAnchors() |
java.util.Set<java.security.cert.TrustAnchor> |
getTrustAnchorsFor(java.security.cert.X509Certificate[] certChain)
Algorithm is as follows: for each certificate subject in chain, and for the issuer of the last
certificate in chain, it is tried to load a trust anchor defined for such subject.
|
java.security.cert.X509Certificate[] |
getTrustedCertificates() |
private java.util.Set<TrustAnchorExt> |
loadTrustAnchors() |
protected void |
tryLoadCert(java.io.File file,
java.util.Set<TrustAnchorExt> set) |
protected java.security.cert.X509Certificate |
tryLoadCertInternal(java.io.File file) |
private void |
tryLoadTAFor(javax.security.auth.x500.X500Principal issuer,
java.util.Set<TrustAnchorExt> ret) |
checkValidity, getUpdateInterval, setUpdateInterval
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getUpdateInterval, setUpdateInterval
public static final java.lang.String CERTS_REGEXP
protected CachedElement<java.util.Set<TrustAnchorExt>> cachedAnchors
protected java.util.Map<javax.security.auth.x500.X500Principal,CachedElement<java.util.Set<TrustAnchorExt>>> cachedAnchorsPerIssuer
private boolean openssl1Mode
private NamespacesStore pmaNsStore
private NamespacesStore globusNsStore
private java.io.File baseDirectory
public LazyOpensslTrustAnchorStoreImpl(java.lang.String basePath, long updateInterval, ObserversHandler observers, boolean openssl1Mode)
protected java.security.cert.X509Certificate tryLoadCertInternal(java.io.File file)
protected void tryLoadCert(java.io.File file, java.util.Set<TrustAnchorExt> set)
public NamespacesStore getPmaNsStore()
getPmaNsStore
in interface OpensslTrustAnchorStore
public NamespacesStore getGlobusNsStore()
getGlobusNsStore
in interface OpensslTrustAnchorStore
private java.util.Set<TrustAnchorExt> loadTrustAnchors()
public java.util.Set<java.security.cert.TrustAnchor> getTrustAnchors()
getTrustAnchors
in interface TrustAnchorStore
public java.security.cert.X509Certificate[] getTrustedCertificates()
getTrustedCertificates
in interface TrustAnchorStore
public void dispose()
dispose
in interface TrustAnchorStore
public java.util.Set<java.security.cert.TrustAnchor> getTrustAnchorsFor(java.security.cert.X509Certificate[] certChain)
certChain
- certificate chainprivate void tryLoadTAFor(javax.security.auth.x500.X500Principal issuer, java.util.Set<TrustAnchorExt> ret)