org.italiangrid.voms.util

Class CachingCertificateValidator

java.lang.Object

org.italiangrid.voms.util.CachingCertificateValidator

All Implemented Interfaces:

eu.emi.security.authn.x509.X509CertChainValidator, eu.emi.security.authn.x509.X509CertChainValidatorExt

public class CachingCertificateValidator
extends Object
implements eu.emi.security.authn.x509.X509CertChainValidatorExt

A Certificate validator that caches validation results for a configurable period of time. The cache is keyed by the fingerprint of the certificate at the top of the chain (likely the EEC).

Author:

andreaceccanti

Field Summary

Fields

Modifier and Type	Field and Description
protected long	cacheEntryLifetimeMsec The cache entry lifetime for this validator
protected ConcurrentHashMap<String,org.italiangrid.voms.util.CachedValidationResult>	validationResultsCache Simple concurrent cache for validation results
protected eu.emi.security.authn.x509.X509CertChainValidatorExt	validator The wrapped CANL certificate validator

Constructor Summary

Constructors

Constructor and Description
CachingCertificateValidator(eu.emi.security.authn.x509.X509CertChainValidatorExt val, long maxCacheEntryLifetime) Builds a caching validator wrapping the validator passed as argument.

Method Summary

Methods

Modifier and Type	Method and Description
void	addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)
void	addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)
boolean	cachedValidationResultHasExpired(org.italiangrid.voms.util.CachedValidationResult cvr, long referenceTime) Checks whether the CachedValidationResult passed as argument has expired with respect to the cacheEntryLifetimeMsec defined for this validator and the reference time passed as argument.
void	dispose()
protected eu.emi.security.authn.x509.ValidationResult	getCachedResult(String certFingerprint) Gets a validation result from the memory cache
eu.emi.security.authn.x509.ProxySupport	getProxySupport()
eu.emi.security.authn.x509.RevocationParameters	getRevocationCheckingMode()
X509Certificate[]	getTrustedIssuers()
void	removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)
void	removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)
eu.emi.security.authn.x509.ValidationResult	validate(CertPath certPath)
eu.emi.security.authn.x509.ValidationResult	validate(X509Certificate[] certChain) Validates a certificate chain using the wrapped validator, caching the result for future validation calls.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

validationResultsCache

protected final ConcurrentHashMap<String,org.italiangrid.voms.util.CachedValidationResult> validationResultsCache

Simple concurrent cache for validation results

validator

protected final eu.emi.security.authn.x509.X509CertChainValidatorExt validator

The wrapped CANL certificate validator

cacheEntryLifetimeMsec

protected final long cacheEntryLifetimeMsec

The cache entry lifetime for this validator

Constructor Detail

CachingCertificateValidator

public CachingCertificateValidator(eu.emi.security.authn.x509.X509CertChainValidatorExt val,
                           long maxCacheEntryLifetime)

Builds a caching validator wrapping the validator passed as argument.

Parameters:

val - The CANL validator to be wrapped.

maxCacheEntryLifetime - the maximum cache entry lifetime (in msecs)

Method Detail

cachedValidationResultHasExpired

public boolean cachedValidationResultHasExpired(org.italiangrid.voms.util.CachedValidationResult cvr,
                                       long referenceTime)

Checks whether the CachedValidationResult passed as argument has expired with respect to the cacheEntryLifetimeMsec defined for this validator and the reference time passed as argument.

Parameters:

cvr - a CachedValidationResult object

referenceTime - the reference time (msecs since the epoch)

Returns:

true when expired, false otherwise

getCachedResult

protected eu.emi.security.authn.x509.ValidationResult getCachedResult(String certFingerprint)

Gets a validation result from the memory cache

Parameters:

certFingerprint - the certificate fingerprint for the certificate at the top of the chain

Returns:

the validation result, if found. null otherwise.

validate

public eu.emi.security.authn.x509.ValidationResult validate(X509Certificate[] certChain)

Validates a certificate chain using the wrapped validator, caching the result for future validation calls.

Specified by:

validate in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

certChain -

Returns:

a possibly cached ValidationResult

See Also:

X509CertChainValidator.validate(java.security.cert.X509Certificate[])

dispose

public void dispose()

Specified by:

dispose in interface eu.emi.security.authn.x509.X509CertChainValidatorExt

See Also:

X509CertChainValidatorExt.dispose()

getProxySupport

public eu.emi.security.authn.x509.ProxySupport getProxySupport()

Specified by:

getProxySupport in interface eu.emi.security.authn.x509.X509CertChainValidatorExt

Returns:

the proxy support information

See Also:

X509CertChainValidatorExt.getProxySupport()

validate

public eu.emi.security.authn.x509.ValidationResult validate(CertPath certPath)

Specified by:

validate in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

certPath -

Returns:

the ValidationResult

See Also:

X509CertChainValidator.validate(java.security.cert.CertPath)

getRevocationCheckingMode

public eu.emi.security.authn.x509.RevocationParameters getRevocationCheckingMode()

Specified by:

getRevocationCheckingMode in interface eu.emi.security.authn.x509.X509CertChainValidatorExt

Returns:

revocation parameters for the wrapped validator

See Also:

X509CertChainValidatorExt.getRevocationCheckingMode()

getTrustedIssuers

public X509Certificate[] getTrustedIssuers()

Specified by:

getTrustedIssuers in interface eu.emi.security.authn.x509.X509CertChainValidator

Returns:

trusted issuers from the wrapped validator

See Also:

X509CertChainValidator.getTrustedIssuers()

addValidationListener

public void addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)

Specified by:

addValidationListener in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

listener -

See Also:

X509CertChainValidator.addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)

removeValidationListener

public void removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)

Specified by:

removeValidationListener in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

listener -

See Also:

X509CertChainValidator.removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)

addUpdateListener

public void addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)

Specified by:

addUpdateListener in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

listener -

See Also:

X509CertChainValidator.addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)

removeUpdateListener

public void removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)

Specified by:

removeUpdateListener in interface eu.emi.security.authn.x509.X509CertChainValidator

Parameters:

listener -

See Also:

X509CertChainValidator.removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)