Package org.italiangrid.voms.util
Class CachingCertificateValidator
- java.lang.Object
-
- org.italiangrid.voms.util.CachingCertificateValidator
-
- All Implemented Interfaces:
eu.emi.security.authn.x509.X509CertChainValidator
,eu.emi.security.authn.x509.X509CertChainValidatorExt
public class CachingCertificateValidator extends Object implements eu.emi.security.authn.x509.X509CertChainValidatorExt
A Certificate validator that caches validation results for a configurable period of time. The cache is keyed by the fingerprint of the certificate at the top of the chain (likely the EEC).- Author:
- andreaceccanti
-
-
Field Summary
Fields Modifier and Type Field Description protected long
cacheEntryLifetimeMsec
The cache entry lifetime for this validatorprotected ConcurrentMap<String,org.italiangrid.voms.util.CachedValidationResult>
validationResultsCache
Simple concurrent cache for validation resultsprotected eu.emi.security.authn.x509.X509CertChainValidatorExt
validator
The wrapped CANL certificate validator
-
Constructor Summary
Constructors Constructor Description CachingCertificateValidator(eu.emi.security.authn.x509.X509CertChainValidatorExt val, long maxCacheEntryLifetime)
Builds a caching validator wrapping the validator passed as argument.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)
void
addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)
boolean
cachedValidationResultHasExpired(org.italiangrid.voms.util.CachedValidationResult cvr, long referenceTime)
Checks whether theCachedValidationResult
passed as argument has expired with respect to thecacheEntryLifetimeMsec
defined for this validator and the reference time passed as argument.void
dispose()
protected eu.emi.security.authn.x509.ValidationResult
getCachedResult(String certFingerprint)
Gets a validation result from the memory cacheeu.emi.security.authn.x509.ProxySupport
getProxySupport()
eu.emi.security.authn.x509.RevocationParameters
getRevocationCheckingMode()
X509Certificate[]
getTrustedIssuers()
void
removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)
void
removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)
eu.emi.security.authn.x509.ValidationResult
validate(CertPath certPath)
eu.emi.security.authn.x509.ValidationResult
validate(X509Certificate[] certChain)
Validates a certificate chain using the wrapped validator, caching the result for future validation calls.
-
-
-
Field Detail
-
validationResultsCache
protected final ConcurrentMap<String,org.italiangrid.voms.util.CachedValidationResult> validationResultsCache
Simple concurrent cache for validation results
-
validator
protected final eu.emi.security.authn.x509.X509CertChainValidatorExt validator
The wrapped CANL certificate validator
-
cacheEntryLifetimeMsec
protected final long cacheEntryLifetimeMsec
The cache entry lifetime for this validator
-
-
Constructor Detail
-
CachingCertificateValidator
public CachingCertificateValidator(eu.emi.security.authn.x509.X509CertChainValidatorExt val, long maxCacheEntryLifetime)
Builds a caching validator wrapping the validator passed as argument.- Parameters:
val
- The CANL validator to be wrapped.maxCacheEntryLifetime
- the maximum cache entry lifetime (in msecs)
-
-
Method Detail
-
cachedValidationResultHasExpired
public boolean cachedValidationResultHasExpired(org.italiangrid.voms.util.CachedValidationResult cvr, long referenceTime)
Checks whether theCachedValidationResult
passed as argument has expired with respect to thecacheEntryLifetimeMsec
defined for this validator and the reference time passed as argument.- Parameters:
cvr
- aCachedValidationResult
objectreferenceTime
- the reference time (msecs since the epoch)- Returns:
true
when expired,false
otherwise
-
getCachedResult
protected eu.emi.security.authn.x509.ValidationResult getCachedResult(String certFingerprint)
Gets a validation result from the memory cache- Parameters:
certFingerprint
- the certificate fingerprint for the certificate at the top of the chain- Returns:
- the validation result, if found.
null
otherwise.
-
validate
public eu.emi.security.authn.x509.ValidationResult validate(X509Certificate[] certChain)
Validates a certificate chain using the wrapped validator, caching the result for future validation calls.- Specified by:
validate
in interfaceeu.emi.security.authn.x509.X509CertChainValidator
- Parameters:
certChain
- the certificate chain that will be validated- Returns:
- a possibly cached
ValidationResult
- See Also:
X509CertChainValidator.validate(java.security.cert.X509Certificate[])
-
dispose
public void dispose()
- Specified by:
dispose
in interfaceeu.emi.security.authn.x509.X509CertChainValidatorExt
- See Also:
X509CertChainValidatorExt.dispose()
-
getProxySupport
public eu.emi.security.authn.x509.ProxySupport getProxySupport()
- Specified by:
getProxySupport
in interfaceeu.emi.security.authn.x509.X509CertChainValidatorExt
- Returns:
- the proxy support information
- See Also:
X509CertChainValidatorExt.getProxySupport()
-
validate
public eu.emi.security.authn.x509.ValidationResult validate(CertPath certPath)
- Specified by:
validate
in interfaceeu.emi.security.authn.x509.X509CertChainValidator
- Parameters:
certPath
- the certificate path that will be validated- Returns:
- the
ValidationResult
- See Also:
X509CertChainValidator.validate(java.security.cert.CertPath)
-
getRevocationCheckingMode
public eu.emi.security.authn.x509.RevocationParameters getRevocationCheckingMode()
- Specified by:
getRevocationCheckingMode
in interfaceeu.emi.security.authn.x509.X509CertChainValidatorExt
- Returns:
- revocation parameters for the wrapped validator
- See Also:
X509CertChainValidatorExt.getRevocationCheckingMode()
-
getTrustedIssuers
public X509Certificate[] getTrustedIssuers()
- Specified by:
getTrustedIssuers
in interfaceeu.emi.security.authn.x509.X509CertChainValidator
- Returns:
- trusted issuers from the wrapped validator
- See Also:
X509CertChainValidator.getTrustedIssuers()
-
addValidationListener
public void addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)
- Specified by:
addValidationListener
in interfaceeu.emi.security.authn.x509.X509CertChainValidator
- Parameters:
listener
- theValidationErrorListener
to be added to this validator- See Also:
X509CertChainValidator.addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
-
removeValidationListener
public void removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)
- Specified by:
removeValidationListener
in interfaceeu.emi.security.authn.x509.X509CertChainValidator
- Parameters:
listener
- theValidationErrorListener
that must be removed from this validator- See Also:
X509CertChainValidator.removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
-
addUpdateListener
public void addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)
- Specified by:
addUpdateListener
in interfaceeu.emi.security.authn.x509.X509CertChainValidator
- Parameters:
listener
- theStoreUpdateListener
that must be added to this validator- See Also:
X509CertChainValidator.addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)
-
removeUpdateListener
public void removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)
- Specified by:
removeUpdateListener
in interfaceeu.emi.security.authn.x509.X509CertChainValidator
- Parameters:
listener
- theStoreUpdateListener
that must be removed from this validator- See Also:
X509CertChainValidator.removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)
-
-