org.globus.gsi.stores.ResourceCertStore Maven / Gradle / Ivy
/*
* Copyright 1999-2010 University of Chicago
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is
* distributed on an "AS IS" BASIS,WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied.
*
* See the License for the specific language governing permissions and limitations under the License.
*/
package org.globus.gsi.stores;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.Log;
import java.security.InvalidAlgorithmParameterException;
import java.security.cert.CRL;
import java.security.cert.CRLSelector;
import java.security.cert.CertSelector;
import java.security.cert.CertStoreException;
import java.security.cert.CertStoreParameters;
import java.security.cert.CertStoreSpi;
import java.security.cert.Certificate;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Vector;
/**
* Created by IntelliJ IDEA. User: turtlebender Date: Dec 29, 2009 Time:
* 12:57:23 PM To change this template use File | Settings | File Templates.
*/
public class ResourceCertStore extends CertStoreSpi {
private static Log logger = LogFactory.getLog(ResourceCertStore.class.getCanonicalName());
private ResourceCACertStore caDelegate = new ResourceCACertStore();
private ResourceCRLStore crlDelegate = new ResourceCRLStore();
/**
* The sole constructor.
*
* @param params
* the initialization parameters (may be null)
* @throws java.security.InvalidAlgorithmParameterException
* if the initialization parameters are inappropriate for this
* CertStoreSpi
* @throws ResourceStoreException
* If error loading certs and crls.
*/
public ResourceCertStore(CertStoreParameters params)
throws InvalidAlgorithmParameterException, ResourceStoreException {
super(params);
if (params == null) {
throw new InvalidAlgorithmParameterException();
}
if (params instanceof ResourceCertStoreParameters) {
ResourceCertStoreParameters storeParams = (ResourceCertStoreParameters) params;
crlDelegate.loadWrappers(storeParams.getCrlLocationPattern());
caDelegate.loadWrappers(storeParams.getCertLocationPattern());
} else {
throw new InvalidAlgorithmParameterException();
}
}
/**
* Returns a Collection of Certificates that match
* the specified selector. If no Certificates match the
* selector, an empty Collection will be returned.
*
* For some CertStore types, the resulting
* Collection may not contain all of the
* Certificates that match the selector. For instance, an LDAP
* CertStore may not search all entries in the directory.
* Instead, it may just search entries that are likely to contain the
* Certificates it is looking for.
*
* Some CertStore implementations (especially LDAP
* CertStores) may throw a CertStoreException
* unless a non-null CertSelector is provided that includes
* specific criteria that can be used to find the certificates. Issuer
* and/or subject names are especially useful criteria.
*
* @param selector
* A CertSelector used to select which
* Certificates should be returned. Specify
* null to return all Certificates (if
* supported).
* @return A Collection of Certificates that match
* the specified selector (never null)
* @throws java.security.cert.CertStoreException
* if an exception occurs
*/
public Collection engineGetCertificates(
CertSelector selector) throws CertStoreException {
logger.debug("selecting Certificates");
if (selector != null && !(selector instanceof X509CertSelector)) {
throw new IllegalArgumentException();
}
if (caDelegate.getCollection() == null) {
return null;
}
// Given that we always only use subject, how can we improve performance
// here. Custom
Vector certSet = new Vector();
if (selector == null) {
for (TrustAnchor trustAnchor : caDelegate.getCollection()) {
certSet.add(trustAnchor.getTrustedCert());
}
} else {
for (TrustAnchor trustAnchor : caDelegate.getCollection()) {
X509Certificate cert = trustAnchor.getTrustedCert();
if (selector.match(cert)) {
certSet.add(cert);
}
}
}
return certSet;
}
/**
* Returns a Collection of CRLs that match the
* specified selector. If no CRLs match the selector, an empty
* Collection will be returned.
*
* For some CertStore types, the resulting
* Collection may not contain all of the
* CRLs that match the selector. For instance, an LDAP
* CertStore may not search all entries in the directory.
* Instead, it may just search entries that are likely to contain the
* CRLs it is looking for.
*
* Some CertStore implementations (especially LDAP
* CertStores) may throw a CertStoreException
* unless a non-null CRLSelector is provided that includes
* specific criteria that can be used to find the CRLs. Issuer names and/or
* the certificate to be checked are especially useful.
*
* @param selector
* A CRLSelector used to select which
* CRLs should be returned. Specify
* null to return all CRLs (if
* supported).
* @return A Collection of CRLs that match the
* specified selector (never null)
* @throws java.security.cert.CertStoreException
* if an exception occurs
*/
public Collection engineGetCRLs(CRLSelector selector)
throws CertStoreException {
if (selector != null && !(selector instanceof X509CRLSelector)) {
throw new IllegalArgumentException();
}
if (crlDelegate.getCollection() == null) {
return new Vector();
}
// Given that we always only use subject, how can we improve performance
// here. Custom
if (selector == null) {
return crlDelegate.getCollection();
} else {
Vector certSet = new Vector();
for (X509CRL crl : crlDelegate.getCollection()) {
if (selector.match(crl)) {
certSet.add(crl);
}
}
return certSet;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy