org.glite.voms
Class PKIStore

java.lang.Object
  extended by org.glite.voms.PKIStore
All Implemented Interfaces:
VOMSTrustStore

public class PKIStore
extends java.lang.Object
implements VOMSTrustStore

PKIStore is the class serving to store all the components of a common PKI installation, i.e.: CA certificates, CRLs, Signing policy files... It is also capable of storing files specific to the handling of VOMS proxies, i.e. the content of the vomsdir diectory.

Author:
Vincenzo Ciaschini

Field Summary
static java.lang.String DEFAULT_CADIR
           
static int DEFAULT_TRUST_STORE_REFRESH_PERIOD
          The default period, in minutes, used to refresh this trust store.
static java.lang.String DEFAULT_VOMSDIR
           
static java.lang.String TRUST_STORE_REFRESH_PERIOD_PROPERTY
          The property used to set the period, in minutes, that is used to refresh this trust store.
static int TYPE_CADIR
          This PKIStore object will contain data from a CA directory.
static int TYPE_VOMSDIR
          This PKIStore object will contain data from a vomsdir directory.
 
Constructor Summary
PKIStore()
           
PKIStore(int type)
           
PKIStore(java.lang.String dir, int type)
          This is equivalent to PKIStore(dir, type, true)
PKIStore(java.lang.String dir, int type, boolean aggressive)
           
 
Method Summary
protected  void addInstance()
           
 java.security.cert.X509Certificate[] getAACandidate(javax.security.auth.x500.X500Principal issuer, java.lang.String voName)
          Gets an array of candidate issuer certificates for an AC with the given issuer and belonging to the given VO.
 java.util.Hashtable getCAs()
           
 java.util.Hashtable getCRLs()
           
 LSCFile getLSC(java.lang.String voName, java.lang.String hostName)
          Gets the LSC file corresponding to the given VO, for the given server.
 java.util.Hashtable getNamespaces()
           
 java.util.Hashtable getSignings()
           
 void load()
          Loads the files from the directory specified in the constructors
 void refresh()
          Refreshes the content of the PKIStore object.
 void rescheduleRefresh(int millisec)
          Changes the interval between refreshes of the store.
 void setAggressive(boolean b)
          Changes the aggressive mode of the store.
 void stopRefresh()
          Stop all refreshes.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

TRUST_STORE_REFRESH_PERIOD_PROPERTY

public static final java.lang.String TRUST_STORE_REFRESH_PERIOD_PROPERTY
The property used to set the period, in minutes, that is used to refresh this trust store.

See Also:
Constant Field Values

DEFAULT_TRUST_STORE_REFRESH_PERIOD

public static final int DEFAULT_TRUST_STORE_REFRESH_PERIOD
The default period, in minutes, used to refresh this trust store.

See Also:
Constant Field Values

TYPE_VOMSDIR

public static final int TYPE_VOMSDIR
This PKIStore object will contain data from a vomsdir directory.

See Also:
Constant Field Values

TYPE_CADIR

public static final int TYPE_CADIR
This PKIStore object will contain data from a CA directory.

See Also:
Constant Field Values

DEFAULT_VOMSDIR

public static final java.lang.String DEFAULT_VOMSDIR

DEFAULT_CADIR

public static final java.lang.String DEFAULT_CADIR
Constructor Detail

PKIStore

public PKIStore(java.lang.String dir,
                int type,
                boolean aggressive)
         throws java.io.IOException,
                java.security.cert.CertificateException,
                java.security.cert.CRLException
Parameters:
dir - -- The directory from which to read the files. If null or the empty string, this will default to "/etc/grid-security/certificates" if type is TYPE_CADIR, or "etc/grid-security/vomsdir" if type is TYPE_VOMSDIR.
type - -- either TYPE_CADIR for CA certificates, or TYPE_VOMSDIR for VOMS certificate.
aggressive - -- if true, loading of data will continue even if a particular file could not be loaded, while if false loading will stop as soon as an error occur.
Throws:
java.io.IOException - if type is neither TYPE_CADIR nor TYPE_VOMSDIR.
java.security.cert.CertificateException - if there are parsing errors while loading a certificate.
java.security.cert.CRLException - if there are parsing errors while loading a CRL.

PKIStore

public PKIStore(java.lang.String dir,
                int type)
         throws java.io.IOException,
                java.security.cert.CertificateException,
                java.security.cert.CRLException
This is equivalent to PKIStore(dir, type, true)

Throws:
java.io.IOException
java.security.cert.CertificateException
java.security.cert.CRLException
See Also:
PKIStore(String dir, int type, boolean aggressive)

PKIStore

public PKIStore(int type)
         throws java.io.IOException,
                java.security.cert.CertificateException,
                java.security.cert.CRLException
Throws:
java.io.IOException
java.security.cert.CertificateException
java.security.cert.CRLException

PKIStore

public PKIStore()
Method Detail

getCAs

public java.util.Hashtable getCAs()
Returns:
hashtable containing CA certificates. The key is the PKIUtils.getHash() of the subject of the CA. The value is a Vector containing all the CA certificates with the given hash.
See Also:
PKIUtils.getHash(X509Certificate cert), PKIUtils.getHash(X500Principal principal), PKIUtils.getHash(X509Principal principal), Vector

getCRLs

public java.util.Hashtable getCRLs()
Returns:
hashtable containing CRL. The key is the PKIUtils.getHash() of the issuer of the CRL. The value is a Vector containing all the CRL with the given hash.
See Also:
PKIUtils.getHash(X509Certificate cert), PKIUtils.getHash(X500Principal principal), PKIUtils.getHash(X509Principal principal), Vector

getSignings

public java.util.Hashtable getSignings()
Returns:
hashtable containing SigningPolicy objects. The key is the PKIUtils.getHash() of the issuer of the SigningPolicy. The value is a Vector containing all the CRL with the given hash.
See Also:
SigningPolicy, PKIUtils.getHash(X509Certificate cert), PKIUtils.getHash(X500Principal principal), PKIUtils.getHash(X509Principal principal), Vector

getNamespaces

public java.util.Hashtable getNamespaces()

refresh

public void refresh()
Refreshes the content of the PKIStore object.


rescheduleRefresh

public void rescheduleRefresh(int millisec)
Changes the interval between refreshes of the store.

Parameters:
millisec - New interval (in milliseconds)

stopRefresh

public void stopRefresh()
Stop all refreshes. NOTE: This method must ALWAYS be called prior to disposing of a PKIStore object. The penalty for not doing it is a memor leak.

Specified by:
stopRefresh in interface VOMSTrustStore

addInstance

protected void addInstance()

setAggressive

public void setAggressive(boolean b)
Changes the aggressive mode of the store.

Parameters:
b - -- if true (default) load as much as possible, otherwise stop loading at the first error.

getLSC

public LSCFile getLSC(java.lang.String voName,
                      java.lang.String hostName)
Gets the LSC file corresponding to the given VO, for the given server.

Specified by:
getLSC in interface VOMSTrustStore
Parameters:
voName - -- The name of the VO.
hostName - -- The hostName of the issuing server.
Returns:
The corresponding LSCFile object, or null if none is present.

getAACandidate

public java.security.cert.X509Certificate[] getAACandidate(javax.security.auth.x500.X500Principal issuer,
                                                           java.lang.String voName)
Gets an array of candidate issuer certificates for an AC with the given issuer and belonging to the given VO.

Specified by:
getAACandidate in interface VOMSTrustStore
Parameters:
issuer - The issuer of the AC.
voName - The name of the VO.
Returns:
the array of candidates, or null if none is found.

load

public void load()
          throws java.io.IOException,
                 java.security.cert.CertificateException,
                 java.security.cert.CRLException
Loads the files from the directory specified in the constructors

Throws:
java.io.IOException - if type is neither TYPE_CADIR nor TYPE_VOMSDIR.
java.security.cert.CertificateException - if there are parsing errors while loading a certificate.
java.security.cert.CRLException - if there are parsing errors while loading a CRL.


Copyright © 2012. All Rights Reserved.