eu.emi.security.authn.x509.helpers.crl
Class PlainCRLStoreSpi

java.lang.Object
  extended by java.security.cert.CertStoreSpi
      extended by eu.emi.security.authn.x509.helpers.crl.PlainCRLStoreSpi
Direct Known Subclasses:
OpensslCRLStoreSpi

public class PlainCRLStoreSpi
extends CertStoreSpi

Handles an in-memory CRL store.

CRLs may be provided as URLs or local files. If the CRL is provided as a local file (i.e. is not an absolute URL) then it can contain wildcard characters ('*', '?'). In case of wildcard locations, the actual file list is regenerated on each update.

All CRLs are loaded and parsed to establish CA->CRL mapping. This mapping is updated after the updateInterval time is passed.

Faulty CRL locations together with the respective errors can be obtained by using a listener.

It is possible to pass more then one location of CRLs of the same CA.

The class is implemented in an asynchronous mode: CRLs are updated on regular intervals (or only once on startup). The CRL searching is independent of the updates and never blocks to download, read or parse a CRL.

CRLs downloaded from a remote URL (http or ftp) can be cached on a local disk. If the update task can not download the CRL which was previously cached on disk, then the version from disk is returned.

This class is thread safe.

Author:
K. Benedyczak

Constructor Summary
PlainCRLStoreSpi(CRLParameters params, Timer t, ObserversHandler observers)
           
 
Method Summary
protected  void addCRL(X509CRL crl, URL location)
           
 void dispose()
          After calling this method no notification will be produced and subsequent updates won't be scheduled.
 Collection<? extends Certificate> engineGetCertificates(CertSelector selector)
           
 Collection<? extends CRL> engineGetCRLs(CRLSelector selectorRaw)
           
protected  Collection<X509CRL> getCRLForIssuer(X500Principal issuer)
           
 List<String> getLocations()
           
 long getUpdateInterval()
           
protected  X509CRL loadCRL(URL url)
           
protected  void notifyObservers(String url, StoreUpdateListener.Severity level, Exception e)
           
protected  void reloadCRLs(Collection<URL> locations)
          For all URLs tries to load a CRL
 void setUpdateInterval(long newInterval)
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

PlainCRLStoreSpi

public PlainCRLStoreSpi(CRLParameters params,
                        Timer t,
                        ObserversHandler observers)
                 throws InvalidAlgorithmParameterException
Throws:
InvalidAlgorithmParameterException
Method Detail

notifyObservers

protected void notifyObservers(String url,
                               StoreUpdateListener.Severity level,
                               Exception e)

loadCRL

protected X509CRL loadCRL(URL url)
                   throws IOException,
                          CRLException,
                          URISyntaxException
Throws:
IOException
CRLException
URISyntaxException

getLocations

public List<String> getLocations()

setUpdateInterval

public void setUpdateInterval(long newInterval)

getUpdateInterval

public long getUpdateInterval()

reloadCRLs

protected void reloadCRLs(Collection<URL> locations)
For all URLs tries to load a CRL


addCRL

protected void addCRL(X509CRL crl,
                      URL location)

getCRLForIssuer

protected Collection<X509CRL> getCRLForIssuer(X500Principal issuer)

engineGetCertificates

public Collection<? extends Certificate> engineGetCertificates(CertSelector selector)
                                                        throws CertStoreException
Specified by:
engineGetCertificates in class CertStoreSpi
Throws:
CertStoreException

engineGetCRLs

public Collection<? extends CRL> engineGetCRLs(CRLSelector selectorRaw)
                                        throws CertStoreException
Specified by:
engineGetCRLs in class CertStoreSpi
Throws:
CertStoreException

dispose

public void dispose()
After calling this method no notification will be produced and subsequent updates won't be scheduled. However one next update may be run.



Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.