eu.emi.security.authn.x509.impl

Class OpensslCertChainValidator

java.lang.Object

eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator

eu.emi.security.authn.x509.impl.OpensslCertChainValidator

All Implemented Interfaces:

X509CertChainValidator, X509CertChainValidatorExt

public class OpensslCertChainValidator
extends AbstractValidator

The certificate validator which uses OpenSSL directory as a truststore.

Author:

K. Benedyczak

Field Summary

Fields

Modifier and Type	Field and Description
protected static Timer	timer

Fields inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator

disposed, listeners, observers, validator

Constructor Summary

Constructors

Constructor and Description
OpensslCertChainValidator(String directory) Constructs a new validator instance using the default settings: CRLs are used if present, proxy certificates are supported and directory is rescanned every 10mins.
OpensslCertChainValidator(String directory, NamespaceCheckingMode namespaceMode, long updateInterval) Constructs a new validator instance with default additional settings (see ValidatorParams.ValidatorParams()).
OpensslCertChainValidator(String directory, NamespaceCheckingMode namespaceMode, long updateInterval, ValidatorParams params) Constructs a new validator instance.

Method Summary

Methods

Modifier and Type	Method and Description
void	dispose() Disposes resources used by this Validator, like threads.
NamespaceCheckingMode	getNamespaceCheckingMode() Returns the namespace checking mode.
String	getTruststorePath() Returns the trusted certificates directory path
long	getUpdateInterval() Returns the interval between subsequent checks of the trusted certificates directory.
void	setUpdateInterval(long updateInterval) Sets a new interval between subsequent checks of the trusted certificates directory.
ValidationResult	validate(X509Certificate[] certChain) Performs validation of a provided certificate chain.

Methods inherited from class eu.emi.security.authn.x509.helpers.pkipath.AbstractValidator

addUpdateListener, addValidationListener, getProxySupport, getRevocationCheckingMode, getTrustedIssuers, init, notifyListeners, processErrorList, removeUpdateListener, removeValidationListener, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

timer

protected static final Timer timer

Constructor Detail

OpensslCertChainValidator

public OpensslCertChainValidator(String directory,
                         NamespaceCheckingMode namespaceMode,
                         long updateInterval,
                         ValidatorParams params)

Constructs a new validator instance.

Parameters:

directory - path where trusted certificates are stored.

namespaceMode - specifies how certificate namespaces should be handled

updateInterval - specifies in miliseconds how often the directory should be checked for updates. The files are reloaded only if their modification timestamp was changed since last load. Use a <= 0 value to disable automatic updates.

params - common validator settings (revocation, initial listeners, proxy support, ...)

OpensslCertChainValidator

public OpensslCertChainValidator(String directory,
                         NamespaceCheckingMode namespaceMode,
                         long updateInterval)

Constructs a new validator instance with default additional settings (see ValidatorParams.ValidatorParams()).

Parameters:

directory - path where trusted certificates are stored.

namespaceMode - specifies how certificate namespaces should be handled

updateInterval - specifies in miliseconds how often the directory should be checked for updates. The files are reloaded only if their modification timestamp was changed since last load.

OpensslCertChainValidator

public OpensslCertChainValidator(String directory)

Constructs a new validator instance using the default settings: CRLs are used if present, proxy certificates are supported and directory is rescanned every 10mins. EuGridPMA namespaces are checked in the first place, if not found then Globus EACLs are tried. Lack of namespaces is ignored.

Parameters:

directory - path where trusted certificates are stored.

Method Detail

getTruststorePath

public String getTruststorePath()

Returns the trusted certificates directory path

Returns:

the path

getNamespaceCheckingMode

public NamespaceCheckingMode getNamespaceCheckingMode()

Returns the namespace checking mode.

Returns:

the namespace mode

getUpdateInterval

public long getUpdateInterval()

Returns the interval between subsequent checks of the trusted certificates directory. Note that files are actually reread only if their modification time has changed.

Returns:

the current refresh interval in milliseconds

setUpdateInterval

public void setUpdateInterval(long updateInterval)

Sets a new interval between subsequent checks of the trusted certificates directory. Note that files are actually reread only if their modification time has changed.

Parameters:

updateInterval - the new interval to be set in milliseconds

dispose

public void dispose()

Description copied from class: AbstractValidator

Disposes resources used by this Validator, like threads. After calling this method the validator can not be used anymore.

Specified by:

dispose in interface X509CertChainValidatorExt

Overrides:

dispose in class AbstractValidator

validate

public ValidationResult validate(X509Certificate[] certChain)

Performs validation of a provided certificate chain.

Specified by:

validate in interface X509CertChainValidator

Overrides:

validate in class AbstractValidator

Parameters:

certChain - to be validated

Returns:

result of validation