Package org.italiangrid.voms.util

Class CachingCertificateValidator

java.lang.Object

org.italiangrid.voms.util.CachingCertificateValidator

All Implemented Interfaces:

eu.emi.security.authn.x509.X509CertChainValidator, eu.emi.security.authn.x509.X509CertChainValidatorExt

public class CachingCertificateValidator
extends java.lang.Object
implements eu.emi.security.authn.x509.X509CertChainValidatorExt

A Certificate validator that caches validation results for a configurable period of time. The cache is keyed by the fingerprint of the certificate at the top of the chain (likely the EEC).

Author:

andreaceccanti

Field Summary

Fields

Modifier and Type	Field	Description
protected long	cacheEntryLifetimeMsec	The cache entry lifetime for this validator
protected java.util.concurrent.ConcurrentMap<java.lang.String,org.italiangrid.voms.util.CachedValidationResult>	validationResultsCache	Simple concurrent cache for validation results
protected eu.emi.security.authn.x509.X509CertChainValidatorExt	validator	The wrapped CANL certificate validator

Constructor Summary

Constructors

Constructor	Description
CachingCertificateValidator(eu.emi.security.authn.x509.X509CertChainValidatorExt val, long maxCacheEntryLifetime)	Builds a caching validator wrapping the validator passed as argument.

Method Summary

Modifier and Type	Method	Description
void	addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)
void	addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)
boolean	cachedValidationResultHasExpired(org.italiangrid.voms.util.CachedValidationResult cvr, long referenceTime)	Checks whether the CachedValidationResult passed as argument has expired with respect to the cacheEntryLifetimeMsec defined for this validator and the reference time passed as argument.
void	dispose()
protected eu.emi.security.authn.x509.ValidationResult	getCachedResult(java.lang.String certFingerprint)	Gets a validation result from the memory cache
eu.emi.security.authn.x509.ProxySupport	getProxySupport()
eu.emi.security.authn.x509.RevocationParameters	getRevocationCheckingMode()
java.security.cert.X509Certificate[]	getTrustedIssuers()
void	removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)
void	removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)
eu.emi.security.authn.x509.ValidationResult	validate(java.security.cert.CertPath certPath)
eu.emi.security.authn.x509.ValidationResult	validate(java.security.cert.X509Certificate[] certChain)	Validates a certificate chain using the wrapped validator, caching the result for future validation calls.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

validationResultsCache

protected final java.util.concurrent.ConcurrentMap<java.lang.String,org.italiangrid.voms.util.CachedValidationResult> validationResultsCache

Simple concurrent cache for validation results

validator

protected final eu.emi.security.authn.x509.X509CertChainValidatorExt validator

The wrapped CANL certificate validator

cacheEntryLifetimeMsec

protected final long cacheEntryLifetimeMsec

The cache entry lifetime for this validator

Constructor Detail

CachingCertificateValidator

public CachingCertificateValidator(eu.emi.security.authn.x509.X509CertChainValidatorExt val,
                                   long maxCacheEntryLifetime)

Builds a caching validator wrapping the validator passed as argument.

Parameters:

val - The CANL validator to be wrapped.

maxCacheEntryLifetime - the maximum cache entry lifetime (in msecs)

Method Detail

cachedValidationResultHasExpired

public boolean cachedValidationResultHasExpired(org.italiangrid.voms.util.CachedValidationResult cvr,
                                                long referenceTime)

Checks whether the CachedValidationResult passed as argument has expired with respect to the cacheEntryLifetimeMsec defined for this validator and the reference time passed as argument.

Parameters:

cvr - a CachedValidationResult object

referenceTime - the reference time (msecs since the epoch)

Returns:

true when expired, false otherwise

getCachedResult

protected eu.emi.security.authn.x509.ValidationResult getCachedResult(java.lang.String certFingerprint)

Gets a validation result from the memory cache

Parameters:

certFingerprint - the certificate fingerprint for the certificate at the top of the chain

Returns:

the validation result, if found. null otherwise.

validate

public eu.emi.security.authn.x509.ValidationResult validate(java.security.cert.X509Certificate[] certChain)

Validates a certificate chain using the wrapped validator, caching the result for future validation calls.

Specified by:

validate in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

certChain - the certificate chain that will be validated

Returns:

a possibly cached ValidationResult

See Also:

X509CertChainValidator.validate(java.security.cert.X509Certificate[])

dispose

public void dispose()

Specified by:

dispose in interface eu.emi.security.authn.x509.X509CertChainValidatorExt

See Also:

X509CertChainValidatorExt.dispose()

getProxySupport

public eu.emi.security.authn.x509.ProxySupport getProxySupport()

Specified by:

getProxySupport in interface eu.emi.security.authn.x509.X509CertChainValidatorExt

Returns:

the proxy support information

See Also:

X509CertChainValidatorExt.getProxySupport()

validate

public eu.emi.security.authn.x509.ValidationResult validate(java.security.cert.CertPath certPath)

Specified by:

validate in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

certPath - the certificate path that will be validated

Returns:

the ValidationResult

See Also:

X509CertChainValidator.validate(java.security.cert.CertPath)

getRevocationCheckingMode

public eu.emi.security.authn.x509.RevocationParameters getRevocationCheckingMode()

Specified by:

getRevocationCheckingMode in interface eu.emi.security.authn.x509.X509CertChainValidatorExt

Returns:

revocation parameters for the wrapped validator

See Also:

X509CertChainValidatorExt.getRevocationCheckingMode()

getTrustedIssuers

public java.security.cert.X509Certificate[] getTrustedIssuers()

Specified by:

getTrustedIssuers in interface eu.emi.security.authn.x509.X509CertChainValidator

Returns:

trusted issuers from the wrapped validator

See Also:

X509CertChainValidator.getTrustedIssuers()

addValidationListener

public void addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)

Specified by:

addValidationListener in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

listener - the ValidationErrorListener to be added to this validator

See Also:

X509CertChainValidator.addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)

removeValidationListener

public void removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)

Specified by:

removeValidationListener in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

listener - the ValidationErrorListener that must be removed from this validator

See Also:

X509CertChainValidator.removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)

addUpdateListener

public void addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)

Specified by:

addUpdateListener in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

listener - the StoreUpdateListener that must be added to this validator

See Also:

X509CertChainValidator.addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)

removeUpdateListener

public void removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)

Specified by:

removeUpdateListener in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

listener - the StoreUpdateListener that must be removed from this validator

See Also:

X509CertChainValidator.removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)