eu.emi.security.authn.x509.helpers.trust
Class OpensslTrustAnchorStore
java.lang.Object
eu.emi.security.authn.x509.helpers.trust.TrustAnchorStoreBase
eu.emi.security.authn.x509.helpers.trust.DirectoryTrustAnchorStore
eu.emi.security.authn.x509.helpers.trust.OpensslTrustAnchorStore
- All Implemented Interfaces:
- TrustAnchorStore
public class OpensslTrustAnchorStore
- extends DirectoryTrustAnchorStore
Implementation of the truststore which uses CA certificates from a single directory
in OpenSSL format. Each certificate should be stored in a file named HASH.NUM,
where HASH is an 8 digit hex number, with 8 least significant digits of the MD5
hash of the certificate subject in DER format. The NUM must be a number, starting from 0.
This class is extending the DirectoryTrustAnchorStore
and restricts
the certificates which are loaded.
- Author:
- K. Benedyczak
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
CERT_WILDCARD
public static final String CERT_WILDCARD
- See Also:
- Constant Field Values
CERT_REGEXP
public static final String CERT_REGEXP
- See Also:
- Constant Field Values
OpensslTrustAnchorStore
public OpensslTrustAnchorStore(String basePath,
Timer t,
long updateInterval,
boolean loadGlobusNs,
boolean loadEuGridPmaNs,
ObserversHandler observers)
reloadCerts
protected void reloadCerts(Collection<URL> locations)
- For all URLs tries to load a CA cert and namespaces
- Overrides:
reloadCerts
in class DirectoryTrustAnchorStore
tryLoadCert
protected boolean tryLoadCert(URL location,
Set<TrustAnchorExt> tmpAnchors,
Map<URL,TrustAnchorExt> tmpLoc2anch)
getPmaNsStore
public EuGridPmaNamespacesStore getPmaNsStore()
getGlobusNsStore
public GlobusNamespacesStore getGlobusNsStore()
tryLoadGlobusNs
protected void tryLoadGlobusNs(URL location,
List<NamespacePolicy> globus)
tryLoadEuGridPmaNs
protected void tryLoadEuGridPmaNs(URL location,
List<NamespacePolicy> list)
getFileHash
public static String getFileHash(URL location,
String regexp)
getFileHash
public static String getFileHash(String path,
String regexp)
getOpenSSLCAHash
public static String getOpenSSLCAHash(X500Principal name)
- Generates the hex hash of the DN used by openssl to name the CA
certificate files. The hash is actually the hex of 8 least
significant bytes of a MD5 digest of the the ASN.1 encoded DN.
- Parameters:
name
- the DN to hash.
- Returns:
- the 8 character string of the hexadecimal MD5 hash.
Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.