org.glite.voms
Class PKIStore
- VOMSTrustStore
public class PKIStore
extends java.lang.Object
implements VOMSTrustStore
PKIStore is the class serving to store all the components of a common PKI
installation, i.e.: CA certificates, CRLs, Signing policy files...
It is also capable of storing files specific to the handling of VOMS
proxies, i.e. the content of the vomsdir diectory.
protected void | addInstance()
|
X509Certificate[] | getAACandidate(X500Principal issuer, String voName) - Gets an array of candidate issuer certificates for an AC with the
given issuer and belonging to the given VO.
|
Hashtable | getCAs()
|
Hashtable | getCRLs()
|
LSCFile | getLSC(String voName, String hostName) - Gets the LSC file corresponding to the given VO, for the given
server.
|
Hashtable | getSignings()
|
void | load() - Loads the files from the directory specified in the constructors
|
void | refresh() - Refreshes the content of the PKIStore object.
|
void | rescheduleRefresh(int millisec) - Changes the interval between refreshes of the store.
|
void | setAggressive(boolean b) - Changes the aggressive mode of the store.
|
void | stopRefresh() - Stop all refreshes.
|
DEFAULT_CADIR
public static final String DEFAULT_CADIR
DEFAULT_VOMSDIR
public static final String DEFAULT_VOMSDIR
TYPE_CADIR
public static final int TYPE_CADIR
This PKIStore object will contain data from a CA directory.
TYPE_VOMSDIR
public static final int TYPE_VOMSDIR
This PKIStore object will contain data from a vomsdir directory.
PKIStore
public PKIStore()
PKIStore
public PKIStore(String dir,
int type)
throws IOException,
CertificateException,
CRLException
This is equivalent to PKIStore(dir, type, true)
PKIStore(String dir, int type, boolean aggressive)
PKIStore
public PKIStore(String dir,
int type,
boolean aggressive)
throws IOException,
CertificateException,
CRLException
dir
- -- The directory from which to read the files.
If null or the empty string, this will default
to "/etc/grid-security/certificates" if type is
TYPE_CADIR, or "etc/grid-security/vomsdir" if
type is TYPE_VOMSDIR.type
- -- either TYPE_CADIR for CA certificates,
or TYPE_VOMSDIR for VOMS certificate.aggressive
- -- if true, loading of data will continue even if
a particular file could not be loaded, while if
false loading will stop as soon as an error occur.
PKIStore
public PKIStore(int type)
throws IOException,
CertificateException,
CRLException
addInstance
protected void addInstance()
getAACandidate
public X509Certificate[] getAACandidate(X500Principal issuer,
String voName)
Gets an array of candidate issuer certificates for an AC with the
given issuer and belonging to the given VO.
issuer
- The issuer of the AC.voName
- The name of the VO.
- the array of candidates, or null if none is found.
getCAs
public Hashtable getCAs()
- hashtable containing CA certificates. The key is
the PKIUtils.getHash() of the subject of the CA. The value is
a Vector containing all the CA certificates with the given hash.
PKIUtils.getHash(X509Certificate cert)
, PKIUtils.getHash(X500Principal principal)
, PKIUtils.getHash(X509Principal principal)
, java.util.Vector
getCRLs
public Hashtable getCRLs()
- hashtable containing CRL. The key is
the PKIUtils.getHash() of the issuer of the CRL. The value is
a Vector containing all the CRL with the given hash.
PKIUtils.getHash(X509Certificate cert)
, PKIUtils.getHash(X500Principal principal)
, PKIUtils.getHash(X509Principal principal)
, java.util.Vector
getLSC
public LSCFile getLSC(String voName,
String hostName)
Gets the LSC file corresponding to the given VO, for the given
server.
voName
- -- The name of the VO.hostName
- -- The hostName of the issuing server.
- The corresponding LSCFile object, or null if none is present.
getSignings
public Hashtable getSignings()
- hashtable containing SigningPolicy objects. The key is
the PKIUtils.getHash() of the issuer of the SigningPolicy. The value is
a Vector containing all the CRL with the given hash.
SigningPolicy
, PKIUtils.getHash(X509Certificate cert)
, PKIUtils.getHash(X500Principal principal)
, PKIUtils.getHash(X509Principal principal)
, java.util.Vector
load
public void load()
throws IOException,
CertificateException,
CRLException
Loads the files from the directory specified in the constructors
refresh
public void refresh()
Refreshes the content of the PKIStore object.
rescheduleRefresh
public void rescheduleRefresh(int millisec)
Changes the interval between refreshes of the store.
millisec
- New interval (in milliseconds)
setAggressive
public void setAggressive(boolean b)
Changes the aggressive mode of the store.
b
- -- if true (default) load as much as possible,
otherwise stop loading at the first error.
stopRefresh
public void stopRefresh()
Stop all refreshes.
NOTE: This method must ALWAYS be called prior to disposing of a PKIStore
object. The penalty for not doing it is a memor leak.