eu.emi.security.authn.x509.helpers.trust
Class OpensslTrustAnchorStore

java.lang.Object
  extended by eu.emi.security.authn.x509.helpers.trust.TrustAnchorStoreBase
      extended by eu.emi.security.authn.x509.helpers.trust.DirectoryTrustAnchorStore
          extended by eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore
All Implemented Interfaces:
TrustAnchorStore

public class OpensslTrustAnchorStore
extends DirectoryTrustAnchorStore

Implementation of the truststore which uses CA certificates from a single directory in OpenSSL format. Each certificate should be stored in a file named HASH.NUM, where HASH is an 8 digit hex number, with 8 least significant digits of the MD5 hash of the certificate subject in DER format. The NUM must be a number, starting from 0.

This class is extending the DirectoryTrustAnchorStore and restricts the certificates which are loaded.

Author:
K. Benedyczak

Field Summary
static String CERT_REGEXP
           
static String CERT_WILDCARD
           
 
Fields inherited from class eu.emi.security.authn.x509.helpers.trust.DirectoryTrustAnchorStore
anchors, encoding, locations2anchors
 
Fields inherited from class eu.emi.security.authn.x509.helpers.trust.TrustAnchorStoreBase
observers
 
Constructor Summary
OpensslTrustAnchorStore(String basePath, Timer t, long updateInterval, boolean loadGlobusNs, boolean loadEuGridPmaNs, ObserversHandler observers)
           
 
Method Summary
static String getFileHash(String path, String regexp)
           
static String getFileHash(URL location, String regexp)
           
 GlobusNamespacesStore getGlobusNsStore()
           
static String getOpenSSLCAHash(X500Principal name)
          Generates the hex hash of the DN used by openssl to name the CA certificate files.
 EuGridPmaNamespacesStore getPmaNsStore()
           
protected  void reloadCerts(Collection<URL> locations)
          For all URLs tries to load a CA cert and namespaces
protected  boolean tryLoadCert(URL location, Set<TrustAnchorExt> tmpAnchors, Map<URL,TrustAnchorExt> tmpLoc2anch)
           
protected  void tryLoadEuGridPmaNs(URL location, List<NamespacePolicy> list)
           
protected  void tryLoadGlobusNs(URL location, List<NamespacePolicy> globus)
           
 
Methods inherited from class eu.emi.security.authn.x509.helpers.trust.DirectoryTrustAnchorStore
getCacheDir, getConnTimeout, getEncoding, getLocations, getTrustAnchors, getTrustedCertificates, loadCert, update
 
Methods inherited from class eu.emi.security.authn.x509.helpers.trust.TrustAnchorStoreBase
checkValidity, dispose, getUpdateInterval, scheduleUpdate, setUpdateInterval
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CERT_WILDCARD

public static final String CERT_WILDCARD
See Also:
Constant Field Values

CERT_REGEXP

public static final String CERT_REGEXP
See Also:
Constant Field Values
Constructor Detail

OpensslTrustAnchorStore

public OpensslTrustAnchorStore(String basePath,
                               Timer t,
                               long updateInterval,
                               boolean loadGlobusNs,
                               boolean loadEuGridPmaNs,
                               ObserversHandler observers)
Method Detail

reloadCerts

protected void reloadCerts(Collection<URL> locations)
For all URLs tries to load a CA cert and namespaces

Overrides:
reloadCerts in class DirectoryTrustAnchorStore

tryLoadCert

protected boolean tryLoadCert(URL location,
                              Set<TrustAnchorExt> tmpAnchors,
                              Map<URL,TrustAnchorExt> tmpLoc2anch)

getPmaNsStore

public EuGridPmaNamespacesStore getPmaNsStore()

getGlobusNsStore

public GlobusNamespacesStore getGlobusNsStore()

tryLoadGlobusNs

protected void tryLoadGlobusNs(URL location,
                               List<NamespacePolicy> globus)

tryLoadEuGridPmaNs

protected void tryLoadEuGridPmaNs(URL location,
                                  List<NamespacePolicy> list)

getFileHash

public static String getFileHash(URL location,
                                 String regexp)

getFileHash

public static String getFileHash(String path,
                                 String regexp)

getOpenSSLCAHash

public static String getOpenSSLCAHash(X500Principal name)
Generates the hex hash of the DN used by openssl to name the CA certificate files. The hash is actually the hex of 8 least significant bytes of a MD5 digest of the the ASN.1 encoded DN.

Parameters:
name - the DN to hash.
Returns:
the 8 character string of the hexadecimal MD5 hash.


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.