Class CachingCertificateValidator

  • All Implemented Interfaces:
    eu.emi.security.authn.x509.X509CertChainValidator, eu.emi.security.authn.x509.X509CertChainValidatorExt

    public class CachingCertificateValidator
    extends java.lang.Object
    implements eu.emi.security.authn.x509.X509CertChainValidatorExt
    A Certificate validator that caches validation results for a configurable period of time. The cache is keyed by the fingerprint of the certificate at the top of the chain (likely the EEC).
    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected long cacheEntryLifetimeMsec
      The cache entry lifetime for this validator
      protected java.util.concurrent.ConcurrentMap<java.lang.String,​CachedValidationResult> validationResultsCache
      Simple concurrent cache for validation results
      protected eu.emi.security.authn.x509.X509CertChainValidatorExt validator
      The wrapped CANL certificate validator
    • Constructor Summary

      Constructors 
      Constructor Description
      CachingCertificateValidator​(eu.emi.security.authn.x509.X509CertChainValidatorExt val, long maxCacheEntryLifetime)
      Builds a caching validator wrapping the validator passed as argument.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addUpdateListener​(eu.emi.security.authn.x509.StoreUpdateListener listener)  
      void addValidationListener​(eu.emi.security.authn.x509.ValidationErrorListener listener)  
      boolean cachedValidationResultHasExpired​(CachedValidationResult cvr, long referenceTime)
      Checks whether the CachedValidationResult passed as argument has expired with respect to the cacheEntryLifetimeMsec defined for this validator and the reference time passed as argument.
      private void certChainSanityChecks​(java.security.cert.X509Certificate[] certChain)
      Obvious sanity checks on input certificate chain
      void dispose()  
      protected eu.emi.security.authn.x509.ValidationResult getCachedResult​(java.lang.String certFingerprint)
      Gets a validation result from the memory cache
      eu.emi.security.authn.x509.ProxySupport getProxySupport()  
      eu.emi.security.authn.x509.RevocationParameters getRevocationCheckingMode()  
      java.security.cert.X509Certificate[] getTrustedIssuers()  
      void removeUpdateListener​(eu.emi.security.authn.x509.StoreUpdateListener listener)  
      void removeValidationListener​(eu.emi.security.authn.x509.ValidationErrorListener listener)  
      eu.emi.security.authn.x509.ValidationResult validate​(java.security.cert.CertPath certPath)  
      eu.emi.security.authn.x509.ValidationResult validate​(java.security.cert.X509Certificate[] certChain)
      Validates a certificate chain using the wrapped validator, caching the result for future validation calls.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • validationResultsCache

        protected final java.util.concurrent.ConcurrentMap<java.lang.String,​CachedValidationResult> validationResultsCache
        Simple concurrent cache for validation results
      • validator

        protected final eu.emi.security.authn.x509.X509CertChainValidatorExt validator
        The wrapped CANL certificate validator
      • cacheEntryLifetimeMsec

        protected final long cacheEntryLifetimeMsec
        The cache entry lifetime for this validator
    • Constructor Detail

      • CachingCertificateValidator

        public CachingCertificateValidator​(eu.emi.security.authn.x509.X509CertChainValidatorExt val,
                                           long maxCacheEntryLifetime)
        Builds a caching validator wrapping the validator passed as argument.
        Parameters:
        val - The CANL validator to be wrapped.
        maxCacheEntryLifetime - the maximum cache entry lifetime (in msecs)
    • Method Detail

      • cachedValidationResultHasExpired

        public boolean cachedValidationResultHasExpired​(CachedValidationResult cvr,
                                                        long referenceTime)
        Checks whether the CachedValidationResult passed as argument has expired with respect to the cacheEntryLifetimeMsec defined for this validator and the reference time passed as argument.
        Parameters:
        cvr - a CachedValidationResult object
        referenceTime - the reference time (msecs since the epoch)
        Returns:
        true when expired, false otherwise
      • getCachedResult

        protected eu.emi.security.authn.x509.ValidationResult getCachedResult​(java.lang.String certFingerprint)
        Gets a validation result from the memory cache
        Parameters:
        certFingerprint - the certificate fingerprint for the certificate at the top of the chain
        Returns:
        the validation result, if found. null otherwise.
      • certChainSanityChecks

        private void certChainSanityChecks​(java.security.cert.X509Certificate[] certChain)
        Obvious sanity checks on input certificate chain
        Parameters:
        certChain - the chain to be checked
      • validate

        public eu.emi.security.authn.x509.ValidationResult validate​(java.security.cert.X509Certificate[] certChain)
        Validates a certificate chain using the wrapped validator, caching the result for future validation calls.
        Specified by:
        validate in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        certChain - the certificate chain that will be validated
        Returns:
        a possibly cached ValidationResult
        See Also:
        X509CertChainValidator.validate(java.security.cert.X509Certificate[])
      • dispose

        public void dispose()
        Specified by:
        dispose in interface eu.emi.security.authn.x509.X509CertChainValidatorExt
        See Also:
        X509CertChainValidatorExt.dispose()
      • getProxySupport

        public eu.emi.security.authn.x509.ProxySupport getProxySupport()
        Specified by:
        getProxySupport in interface eu.emi.security.authn.x509.X509CertChainValidatorExt
        Returns:
        the proxy support information
        See Also:
        X509CertChainValidatorExt.getProxySupport()
      • validate

        public eu.emi.security.authn.x509.ValidationResult validate​(java.security.cert.CertPath certPath)
        Specified by:
        validate in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        certPath - the certificate path that will be validated
        Returns:
        the ValidationResult
        See Also:
        X509CertChainValidator.validate(java.security.cert.CertPath)
      • getRevocationCheckingMode

        public eu.emi.security.authn.x509.RevocationParameters getRevocationCheckingMode()
        Specified by:
        getRevocationCheckingMode in interface eu.emi.security.authn.x509.X509CertChainValidatorExt
        Returns:
        revocation parameters for the wrapped validator
        See Also:
        X509CertChainValidatorExt.getRevocationCheckingMode()
      • getTrustedIssuers

        public java.security.cert.X509Certificate[] getTrustedIssuers()
        Specified by:
        getTrustedIssuers in interface eu.emi.security.authn.x509.X509CertChainValidator
        Returns:
        trusted issuers from the wrapped validator
        See Also:
        X509CertChainValidator.getTrustedIssuers()
      • addValidationListener

        public void addValidationListener​(eu.emi.security.authn.x509.ValidationErrorListener listener)
        Specified by:
        addValidationListener in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        listener - the ValidationErrorListener to be added to this validator
        See Also:
        X509CertChainValidator.addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
      • removeValidationListener

        public void removeValidationListener​(eu.emi.security.authn.x509.ValidationErrorListener listener)
        Specified by:
        removeValidationListener in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        listener - the ValidationErrorListener that must be removed from this validator
        See Also:
        X509CertChainValidator.removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
      • addUpdateListener

        public void addUpdateListener​(eu.emi.security.authn.x509.StoreUpdateListener listener)
        Specified by:
        addUpdateListener in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        listener - the StoreUpdateListener that must be added to this validator
        See Also:
        X509CertChainValidator.addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)
      • removeUpdateListener

        public void removeUpdateListener​(eu.emi.security.authn.x509.StoreUpdateListener listener)
        Specified by:
        removeUpdateListener in interface eu.emi.security.authn.x509.X509CertChainValidator
        Parameters:
        listener - the StoreUpdateListener that must be removed from this validator
        See Also:
        X509CertChainValidator.removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)