public class LazyOpensslTrustAnchorStoreImpl extends AbstractTrustAnchorStore implements OpensslTrustAnchorStore
This class (contrary to the OpensslTrustAnchorStoreImpl
) doesn't extend DirectoryTrustAnchorStore
and therefore certificates (and all corresponding files) are not loaded at startup and kept in memory.
The files are loaded on-demand and are only cached in memory for no longer then the updateInterval is.
Modifier and Type | Field and Description |
---|---|
protected CachedElement<java.util.Set<TrustAnchorExt>> |
cachedAnchors |
protected java.util.Map<javax.security.auth.x500.X500Principal,CachedElement<java.util.Set<TrustAnchorExt>>> |
cachedAnchorsPerIssuer |
static java.lang.String |
CERTS_REGEXP |
observers
CERT_WILDCARD
Constructor and Description |
---|
LazyOpensslTrustAnchorStoreImpl(java.lang.String basePath,
long updateInterval,
ObserversHandler observers,
boolean openssl1Mode) |
Modifier and Type | Method and Description |
---|---|
void |
dispose() |
NamespacesStore |
getGlobusNsStore() |
NamespacesStore |
getPmaNsStore() |
java.util.Set<java.security.cert.TrustAnchor> |
getTrustAnchors() |
java.util.Set<java.security.cert.TrustAnchor> |
getTrustAnchorsFor(java.security.cert.X509Certificate[] certChain)
Algorithm is as follows: for each certificate subject in chain, and for the issuer of the last
certificate in chain, it is tried to load a trust anchor defined for such subject.
|
java.security.cert.X509Certificate[] |
getTrustedCertificates() |
protected void |
tryLoadCert(java.io.File file,
java.util.Set<TrustAnchorExt> set) |
protected java.security.cert.X509Certificate |
tryLoadCertInternal(java.io.File file) |
checkValidity, getUpdateInterval, setUpdateInterval
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getUpdateInterval, setUpdateInterval
public static final java.lang.String CERTS_REGEXP
protected CachedElement<java.util.Set<TrustAnchorExt>> cachedAnchors
protected java.util.Map<javax.security.auth.x500.X500Principal,CachedElement<java.util.Set<TrustAnchorExt>>> cachedAnchorsPerIssuer
public LazyOpensslTrustAnchorStoreImpl(java.lang.String basePath, long updateInterval, ObserversHandler observers, boolean openssl1Mode)
protected java.security.cert.X509Certificate tryLoadCertInternal(java.io.File file)
protected void tryLoadCert(java.io.File file, java.util.Set<TrustAnchorExt> set)
public NamespacesStore getPmaNsStore()
getPmaNsStore
in interface OpensslTrustAnchorStore
public NamespacesStore getGlobusNsStore()
getGlobusNsStore
in interface OpensslTrustAnchorStore
public java.util.Set<java.security.cert.TrustAnchor> getTrustAnchors()
getTrustAnchors
in interface TrustAnchorStore
public java.security.cert.X509Certificate[] getTrustedCertificates()
getTrustedCertificates
in interface TrustAnchorStore
public void dispose()
dispose
in interface TrustAnchorStore
public java.util.Set<java.security.cert.TrustAnchor> getTrustAnchorsFor(java.security.cert.X509Certificate[] certChain)
certChain
- certificate chain