eu.emi.security.authn.x509.helpers.crl
Class PlainCRLStoreSpi

java.lang.Object
  extended by java.security.cert.CertStoreSpi
      extended by eu.emi.security.authn.x509.helpers.crl.AbstractCRLCertStoreSpi
          extended by eu.emi.security.authn.x509.helpers.crl.PlainCRLStoreSpi
Direct Known Subclasses:
OpensslCRLStoreSpi

public class PlainCRLStoreSpi
extends AbstractCRLCertStoreSpi

Handles an in-memory CRL store.

CRLs may be provided as URLs or local files. If the CRL is provided as a local file (i.e. is not an absolute URL) then it can contain wildcard characters ('*', '?'). In case of wildcard locations, the actual file list is regenerated on each update.

All CRLs are loaded and parsed to establish CA->CRL mapping. This mapping is updated after the updateInterval time is passed.

Faulty CRL locations together with the respective errors can be obtained by using a listener.

It is possible to pass more then one location of CRLs of the same CA.

The class is implemented in an asynchronous mode: CRLs are updated on regular intervals (or only once on startup). The CRL searching is independent of the updates and never blocks to download, read or parse a CRL.

CRLs downloaded from a remote URL (http or ftp) can be cached on a local disk. If the update task can not download the CRL which was previously cached on disk, then the version from disk is returned.

This class is thread safe.

Author:
K. Benedyczak

Constructor Summary
PlainCRLStoreSpi(CRLParameters params, Timer t, Collection<? extends StoreUpdateListener> listeners)
           
 
Method Summary
protected  void addCRL(X509CRL crl, URL location)
           
 void dispose()
          After calling this method no notification will be produced and subsequent updates won't be scheduled.
 Collection<? extends Certificate> engineGetCertificates(CertSelector selector)
           
 Collection<? extends CRL> engineGetCRLs(CRLSelector selectorRaw)
           
protected  Collection<X509CRL> getCRLForIssuer(X500Principal issuer)
           
 List<String> getLocations()
           
 long getUpdateInterval()
           
protected  X509CRL loadCRL(URL url)
           
protected  void reloadCRLs(Collection<URL> locations)
          For all URLs tries to load a CRL
 void setUpdateInterval(long newInterval)
           
 
Methods inherited from class eu.emi.security.authn.x509.helpers.crl.AbstractCRLCertStoreSpi
addUpdateListener, notifyObservers, removeAllObservers, removeUpdateListener
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PlainCRLStoreSpi

public PlainCRLStoreSpi(CRLParameters params,
                        Timer t,
                        Collection<? extends StoreUpdateListener> listeners)
                 throws InvalidAlgorithmParameterException
Throws:
InvalidAlgorithmParameterException
Method Detail

loadCRL

protected X509CRL loadCRL(URL url)
                   throws IOException,
                          CRLException,
                          URISyntaxException
Throws:
IOException
CRLException
URISyntaxException

getLocations

public List<String> getLocations()

setUpdateInterval

public void setUpdateInterval(long newInterval)

getUpdateInterval

public long getUpdateInterval()

reloadCRLs

protected void reloadCRLs(Collection<URL> locations)
For all URLs tries to load a CRL


addCRL

protected void addCRL(X509CRL crl,
                      URL location)

getCRLForIssuer

protected Collection<X509CRL> getCRLForIssuer(X500Principal issuer)

engineGetCertificates

public Collection<? extends Certificate> engineGetCertificates(CertSelector selector)
                                                        throws CertStoreException
Specified by:
engineGetCertificates in class CertStoreSpi
Throws:
CertStoreException

engineGetCRLs

public Collection<? extends CRL> engineGetCRLs(CRLSelector selectorRaw)
                                        throws CertStoreException
Specified by:
engineGetCRLs in class CertStoreSpi
Throws:
CertStoreException

dispose

public void dispose()
After calling this method no notification will be produced and subsequent updates won't be scheduled. However one next update may be run.

Specified by:
dispose in class AbstractCRLCertStoreSpi


Copyright © 2012 European Middleware Initiative. All Rights Reserved.