Class CachingCertificateValidator

  • All Implemented Interfaces:
    eu.emi.security.authn.x509.X509CertChainValidator, eu.emi.security.authn.x509.X509CertChainValidatorExt

    public class CachingCertificateValidator
    extends Object
    implements eu.emi.security.authn.x509.X509CertChainValidatorExt
    A Certificate validator that caches validation results for a configurable period of time. The cache is keyed by the fingerprint of the certificate at the top of the chain (likely the EEC).
    Author:
    andreaceccanti
    • Field Detail

      • validationResultsCache

        protected final ConcurrentMap<String,​org.italiangrid.voms.util.CachedValidationResult> validationResultsCache
        Simple concurrent cache for validation results
      • validator

        protected final eu.emi.security.authn.x509.X509CertChainValidatorExt validator
        The wrapped CANL certificate validator
      • cacheEntryLifetimeMsec

        protected final long cacheEntryLifetimeMsec
        The cache entry lifetime for this validator
    • Constructor Detail

      • CachingCertificateValidator

        public CachingCertificateValidator​(eu.emi.security.authn.x509.X509CertChainValidatorExt val,
                                           long maxCacheEntryLifetime)
        Builds a caching validator wrapping the validator passed as argument.
        Parameters:
        val - The CANL validator to be wrapped.
        maxCacheEntryLifetime - the maximum cache entry lifetime (in msecs)
    • Method Detail

      • cachedValidationResultHasExpired

        public boolean cachedValidationResultHasExpired​(org.italiangrid.voms.util.CachedValidationResult cvr,
                                                        long referenceTime)
        Checks whether the CachedValidationResult passed as argument has expired with respect to the cacheEntryLifetimeMsec defined for this validator and the reference time passed as argument.
        Parameters:
        cvr - a CachedValidationResult object
        referenceTime - the reference time (msecs since the epoch)
        Returns:
        true when expired, false otherwise
      • getCachedResult

        protected eu.emi.security.authn.x509.ValidationResult getCachedResult​(String certFingerprint)
        Gets a validation result from the memory cache
        Parameters:
        certFingerprint - the certificate fingerprint for the certificate at the top of the chain
        Returns:
        the validation result, if found. null otherwise.
      • validate

        public eu.emi.security.authn.x509.ValidationResult validate​(X509Certificate[] certChain)
        Validates a certificate chain using the wrapped validator, caching the result for future validation calls.
        Specified by:
        validate in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        certChain - the certificate chain that will be validated
        Returns:
        a possibly cached ValidationResult
        See Also:
        X509CertChainValidator.validate(java.security.cert.X509Certificate[])
      • dispose

        public void dispose()
        Specified by:
        dispose in interface eu.emi.security.authn.x509.X509CertChainValidatorExt
        See Also:
        X509CertChainValidatorExt.dispose()
      • getProxySupport

        public eu.emi.security.authn.x509.ProxySupport getProxySupport()
        Specified by:
        getProxySupport in interface eu.emi.security.authn.x509.X509CertChainValidatorExt
        Returns:
        the proxy support information
        See Also:
        X509CertChainValidatorExt.getProxySupport()
      • validate

        public eu.emi.security.authn.x509.ValidationResult validate​(CertPath certPath)
        Specified by:
        validate in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        certPath - the certificate path that will be validated
        Returns:
        the ValidationResult
        See Also:
        X509CertChainValidator.validate(java.security.cert.CertPath)
      • getRevocationCheckingMode

        public eu.emi.security.authn.x509.RevocationParameters getRevocationCheckingMode()
        Specified by:
        getRevocationCheckingMode in interface eu.emi.security.authn.x509.X509CertChainValidatorExt
        Returns:
        revocation parameters for the wrapped validator
        See Also:
        X509CertChainValidatorExt.getRevocationCheckingMode()
      • getTrustedIssuers

        public X509Certificate[] getTrustedIssuers()
        Specified by:
        getTrustedIssuers in interface eu.emi.security.authn.x509.X509CertChainValidator
        Returns:
        trusted issuers from the wrapped validator
        See Also:
        X509CertChainValidator.getTrustedIssuers()
      • addValidationListener

        public void addValidationListener​(eu.emi.security.authn.x509.ValidationErrorListener listener)
        Specified by:
        addValidationListener in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        listener - the ValidationErrorListener to be added to this validator
        See Also:
        X509CertChainValidator.addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
      • removeValidationListener

        public void removeValidationListener​(eu.emi.security.authn.x509.ValidationErrorListener listener)
        Specified by:
        removeValidationListener in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        listener - the ValidationErrorListener that must be removed from this validator
        See Also:
        X509CertChainValidator.removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
      • addUpdateListener

        public void addUpdateListener​(eu.emi.security.authn.x509.StoreUpdateListener listener)
        Specified by:
        addUpdateListener in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        listener - the StoreUpdateListener that must be added to this validator
        See Also:
        X509CertChainValidator.addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)
      • removeUpdateListener

        public void removeUpdateListener​(eu.emi.security.authn.x509.StoreUpdateListener listener)
        Specified by:
        removeUpdateListener in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        listener - the StoreUpdateListener that must be removed from this validator
        See Also:
        X509CertChainValidator.removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)