eu.emi.security.authn.x509.impl
Class OpensslCertChainValidator

java.lang.Object
  extended by eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
      extended by eu.emi.security.authn.x509.impl.OpensslCertChainValidator
All Implemented Interfaces:
X509CertChainValidator, X509CertChainValidatorExt

public class OpensslCertChainValidator
extends AbstractValidator

The certificate validator which uses OpenSSL directory as a truststore.

Author:
K. Benedyczak

Field Summary
protected static Timer timer
           
 
Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
disposed, listeners, observers, validator
 
Constructor Summary
OpensslCertChainValidator(String directory)
          Constructs a new validator instance using the default settings: CRLs are used if present, proxy certificates are supported and directory is rescanned every 10mins.
OpensslCertChainValidator(String directory, NamespaceCheckingMode namespaceMode, long updateInterval)
          Constructs a new validator instance with default additional settings (see ValidatorParams.ValidatorParams()).
OpensslCertChainValidator(String directory, NamespaceCheckingMode namespaceMode, long updateInterval, ValidatorParams params)
          Constructs a new validator instance.
 
Method Summary
 void dispose()
          Disposes resources used by this Validator, like threads.
 NamespaceCheckingMode getNamespaceCheckingMode()
          Returns the namespace checking mode.
 String getTruststorePath()
          Returns the trusted certificates directory path
 long getUpdateInterval()
          Returns the interval between subsequent checks of the trusted certificates directory.
 void setUpdateInterval(long updateInterval)
          Sets a new interval between subsequent checks of the trusted certificates directory.
 ValidationResult validate(X509Certificate[] certChain)
          Performs validation of a provided certificate chain.
 
Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator
addUpdateListener, addValidationListener, getProxySupport, getRevocationCheckingMode, getTrustedIssuers, init, notifyListeners, processErrorList, removeUpdateListener, removeValidationListener, validate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

timer

protected static final Timer timer
Constructor Detail

OpensslCertChainValidator

public OpensslCertChainValidator(String directory,
                                 NamespaceCheckingMode namespaceMode,
                                 long updateInterval,
                                 ValidatorParams params)
Constructs a new validator instance.

Parameters:
directory - path where trusted certificates are stored.
namespaceMode - specifies how certificate namespaces should be handled
updateInterval - specifies in miliseconds how often the directory should be checked for updates. The files are reloaded only if their modification timestamp was changed since last load. Use a <= 0 value to disable automatic updates.
params - common validator settings (revocation, initial listeners, proxy support, ...)

OpensslCertChainValidator

public OpensslCertChainValidator(String directory,
                                 NamespaceCheckingMode namespaceMode,
                                 long updateInterval)
Constructs a new validator instance with default additional settings (see ValidatorParams.ValidatorParams()).

Parameters:
directory - path where trusted certificates are stored.
namespaceMode - specifies how certificate namespaces should be handled
updateInterval - specifies in miliseconds how often the directory should be checked for updates. The files are reloaded only if their modification timestamp was changed since last load.

OpensslCertChainValidator

public OpensslCertChainValidator(String directory)
Constructs a new validator instance using the default settings: CRLs are used if present, proxy certificates are supported and directory is rescanned every 10mins. EuGridPMA namespaces are checked in the first place, if not found then Globus EACLs are tried. Lack of namespaces is ignored.

Parameters:
directory - path where trusted certificates are stored.
Method Detail

getTruststorePath

public String getTruststorePath()
Returns the trusted certificates directory path

Returns:
the path

getNamespaceCheckingMode

public NamespaceCheckingMode getNamespaceCheckingMode()
Returns the namespace checking mode.

Returns:
the namespace mode

getUpdateInterval

public long getUpdateInterval()
Returns the interval between subsequent checks of the trusted certificates directory. Note that files are actually reread only if their modification time has changed.

Returns:
the current refresh interval in milliseconds

setUpdateInterval

public void setUpdateInterval(long updateInterval)
Sets a new interval between subsequent checks of the trusted certificates directory. Note that files are actually reread only if their modification time has changed.

Parameters:
updateInterval - the new interval to be set in milliseconds

dispose

public void dispose()
Description copied from class: AbstractValidator
Disposes resources used by this Validator, like threads. After calling this method the validator can not be used anymore.

Specified by:
dispose in interface X509CertChainValidatorExt
Overrides:
dispose in class AbstractValidator

validate

public ValidationResult validate(X509Certificate[] certChain)
Performs validation of a provided certificate chain.

Specified by:
validate in interface X509CertChainValidator
Overrides:
validate in class AbstractValidator
Parameters:
certChain - to be validated
Returns:
result of validation


Copyright © 2012-2013 European Middleware Initiative. All Rights Reserved.