Class PlainCRLStoreSpi
- Direct Known Subclasses:
OpensslCRLStoreSpi
CRLs may be provided as URLs or local files. If the CRL is provided as a local file (i.e. is not an absolute URL) then it can contain wildcard characters ('*', '?'). In case of wildcard locations, the actual file list is regenerated on each update.
All CRLs are loaded and parsed to establish CA->CRL mapping. This mapping is updated after the updateInterval time is passed.
Faulty CRL locations together with the respective errors can be obtained by using a listener.
It is possible to pass more then one location of CRLs of the same CA.
The class is implemented in an asynchronous mode: CRLs are resolved on regular intervals (or only once on startup). The CRL searching is independent of the updates. It can block to download, read and subsequently parse a CRL if it is not present in the in-memory cache.
CRLs downloaded from a remote URL (http or ftp) can be cached on a local disk. If the update task can not download the CRL which was previously cached on disk, then the version from disk is returned.
This class is thread safe.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static class
This class follows a quite advanced but important pattern: - it is static so there is no hidden reference from it to the wrapping class - instead it has a weak reference to the wrapping object - when the weak reference is nullified, it means that the wrapping object was discarded by the GC and is no more usable: in this case the update task is automatically stopped. -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate Map
<X500Principal, Set<URL>> private Object
private Map
<URL, SoftReference<X509CRL>> private Timer
private final PlainStoreUtils
Fields inherited from class eu.emi.security.authn.x509.helpers.crl.AbstractCRLStoreSPI
factory, observers, params, updateInterval
-
Constructor Summary
ConstructorsConstructorDescriptionPlainCRLStoreSpi
(CRLParameters params, Timer t, ObserversHandler observers) Creates a new CRL store. -
Method Summary
Modifier and TypeMethodDescriptionprotected void
void
dispose()
After calling this method no notification will be produced and subsequent updates won't be scheduled.protected Collection
<X509CRL> getCRLForIssuer
(X500Principal issuer) protected Collection
<X509CRL> getCRLWithMatcher
(CRLSelector selectorRaw) private X509CRL
getOrLoadCRL
(URL location) long
protected X509CRL
private X509CRL
Wrapper as BC provider in some cases returns null instead of exception when there are problems.protected X509CRL
private void
reloadCRLs
(Collection<URL> locations) For all URLs tries to load a CRLprivate void
Removes those mappings which are for the not known locations.private void
void
setUpdateInterval
(long newInterval) void
start()
Initiates the store operation (the initial update and subsequent refreshes)private void
update()
1.Methods inherited from class eu.emi.security.authn.x509.helpers.crl.AbstractCRLStoreSPI
engineGetCertificates, engineGetCRLs, notifyObservers
-
Field Details
-
utils
-
timer
-
intervalLock
-
ca2location
-
loadedCRLs
-
-
Constructor Details
-
PlainCRLStoreSpi
public PlainCRLStoreSpi(CRLParameters params, Timer t, ObserversHandler observers) throws InvalidAlgorithmParameterException Creates a new CRL store. The store will be empty until thestart()
method is called.- Parameters:
params
- CRL parameterst
- timerobservers
- observers handler- Throws:
InvalidAlgorithmParameterException
- invalid algorithm parameter exception
-
-
Method Details
-
start
public void start()Initiates the store operation (the initial update and subsequent refreshes) -
loadCRL
-
loadCrlWrapper
Wrapper as BC provider in some cases returns null instead of exception when there are problems.- Parameters:
is
- input stream- Returns:
- generated CRL
- Throws:
IOException
- IO exceptionCRLException
- CRL exception
-
getLocations
-
setUpdateInterval
public void setUpdateInterval(long newInterval) - Specified by:
setUpdateInterval
in classAbstractCRLStoreSPI
-
getUpdateInterval
public long getUpdateInterval() -
removeStaleIssuerMapping
private void removeStaleIssuerMapping()Removes those mappings which are for the not known locations. Happens when a file was removed from a wildcard listing. -
reloadCRLs
For all URLs tries to load a CRL -
reloadCRL
-
addCRL
-
update
private void update()1. work only if updateNeeded() 2. for all wildcards refresh file lists 3. remove the locations not valid anymore 4. for all location URLs try to get the CRL 5. update timestamp 6. schedule the next update if enabled -
scheduleUpdate
private void scheduleUpdate() -
getOrLoadCRL
-
getCRLForIssuer
- Specified by:
getCRLForIssuer
in classAbstractCRLStoreSPI
-
getCRLWithMatcher
- Specified by:
getCRLWithMatcher
in classAbstractCRLStoreSPI
-
dispose
public void dispose()After calling this method no notification will be produced and subsequent updates won't be scheduled. However one next update may be run.- Specified by:
dispose
in classAbstractCRLStoreSPI
-