org.glite.voms

Class PKIStore

Implemented Interfaces:
VOMSTrustStore

public class PKIStore
extends java.lang.Object
implements VOMSTrustStore

PKIStore is the class serving to store all the components of a common PKI installation, i.e.: CA certificates, CRLs, Signing policy files... It is also capable of storing files specific to the handling of VOMS proxies, i.e. the content of the vomsdir diectory.

Field Summary

static String
DEFAULT_CADIR
static String
DEFAULT_VOMSDIR
static int
TYPE_CADIR
This PKIStore object will contain data from a CA directory.
static int
TYPE_VOMSDIR
This PKIStore object will contain data from a vomsdir directory.

Constructor Summary

PKIStore()
PKIStore(String dir, int type)
This is equivalent to PKIStore(dir, type, true)
PKIStore(String dir, int type, boolean aggressive)
PKIStore(int type)

Method Summary

protected void
addInstance()
X509Certificate[]
getAACandidate(X500Principal issuer, String voName)
Gets an array of candidate issuer certificates for an AC with the given issuer and belonging to the given VO.
Hashtable
getCAs()
Hashtable
getCRLs()
LSCFile
getLSC(String voName, String hostName)
Gets the LSC file corresponding to the given VO, for the given server.
Hashtable
getSignings()
void
load()
Loads the files from the directory specified in the constructors
void
refresh()
Refreshes the content of the PKIStore object.
void
rescheduleRefresh(int millisec)
Changes the interval between refreshes of the store.
void
setAggressive(boolean b)
Changes the aggressive mode of the store.
void
stopRefresh()
Stop all refreshes.

Field Details

DEFAULT_CADIR

public static final String DEFAULT_CADIR

DEFAULT_VOMSDIR

public static final String DEFAULT_VOMSDIR

TYPE_CADIR

public static final int TYPE_CADIR
This PKIStore object will contain data from a CA directory.
Field Value:
2

TYPE_VOMSDIR

public static final int TYPE_VOMSDIR
This PKIStore object will contain data from a vomsdir directory.
Field Value:
1

Constructor Details

PKIStore

public PKIStore()

PKIStore

public PKIStore(String dir,
                int type)
            throws IOException,
                   CertificateException,
                   CRLException
This is equivalent to PKIStore(dir, type, true)
See Also:
PKIStore(String dir, int type, boolean aggressive)

PKIStore

public PKIStore(String dir,
                int type,
                boolean aggressive)
            throws IOException,
                   CertificateException,
                   CRLException
Parameters:
dir - -- The directory from which to read the files. If null or the empty string, this will default to "/etc/grid-security/certificates" if type is TYPE_CADIR, or "etc/grid-security/vomsdir" if type is TYPE_VOMSDIR.
type - -- either TYPE_CADIR for CA certificates, or TYPE_VOMSDIR for VOMS certificate.
aggressive - -- if true, loading of data will continue even if a particular file could not be loaded, while if false loading will stop as soon as an error occur.

PKIStore

public PKIStore(int type)
            throws IOException,
                   CertificateException,
                   CRLException

Method Details

addInstance

protected void addInstance()

getAACandidate

public X509Certificate[] getAACandidate(X500Principal issuer,
                                        String voName)
Gets an array of candidate issuer certificates for an AC with the given issuer and belonging to the given VO.
Parameters:
issuer - The issuer of the AC.
voName - The name of the VO.
Returns:
the array of candidates, or null if none is found.

getCAs

public Hashtable getCAs()
Returns:
hashtable containing CA certificates. The key is the PKIUtils.getHash() of the subject of the CA. The value is a Vector containing all the CA certificates with the given hash.
See Also:
PKIUtils.getHash(X509Certificate cert), PKIUtils.getHash(X500Principal principal), PKIUtils.getHash(X509Principal principal), java.util.Vector

getCRLs

public Hashtable getCRLs()
Returns:
hashtable containing CRL. The key is the PKIUtils.getHash() of the issuer of the CRL. The value is a Vector containing all the CRL with the given hash.
See Also:
PKIUtils.getHash(X509Certificate cert), PKIUtils.getHash(X500Principal principal), PKIUtils.getHash(X509Principal principal), java.util.Vector

getLSC

public LSCFile getLSC(String voName,
                      String hostName)
Gets the LSC file corresponding to the given VO, for the given server.
Parameters:
voName - -- The name of the VO.
hostName - -- The hostName of the issuing server.
Returns:
The corresponding LSCFile object, or null if none is present.

getSignings

public Hashtable getSignings()
Returns:
hashtable containing SigningPolicy objects. The key is the PKIUtils.getHash() of the issuer of the SigningPolicy. The value is a Vector containing all the CRL with the given hash.
See Also:
SigningPolicy, PKIUtils.getHash(X509Certificate cert), PKIUtils.getHash(X500Principal principal), PKIUtils.getHash(X509Principal principal), java.util.Vector

load

public void load()
            throws IOException,
                   CertificateException,
                   CRLException
Loads the files from the directory specified in the constructors

refresh

public void refresh()
Refreshes the content of the PKIStore object.

rescheduleRefresh

public void rescheduleRefresh(int millisec)
Changes the interval between refreshes of the store.
Parameters:
millisec - New interval (in milliseconds)

setAggressive

public void setAggressive(boolean b)
Changes the aggressive mode of the store.
Parameters:
b - -- if true (default) load as much as possible, otherwise stop loading at the first error.

stopRefresh

public void stopRefresh()
Stop all refreshes. NOTE: This method must ALWAYS be called prior to disposing of a PKIStore object. The penalty for not doing it is a memor leak.