Class CachingCertificateValidator

java.lang.Object
org.italiangrid.voms.util.CachingCertificateValidator
All Implemented Interfaces:
eu.emi.security.authn.x509.X509CertChainValidator, eu.emi.security.authn.x509.X509CertChainValidatorExt

public class CachingCertificateValidator extends Object implements eu.emi.security.authn.x509.X509CertChainValidatorExt
A Certificate validator that caches validation results for a configurable period of time. The cache is keyed by the fingerprint of the certificate at the top of the chain (likely the EEC).
Author:
andreaceccanti
  • Field Details

    • validationResultsCache

      protected final ConcurrentMap<String,org.italiangrid.voms.util.CachedValidationResult> validationResultsCache
      Simple concurrent cache for validation results
    • validator

      protected final eu.emi.security.authn.x509.X509CertChainValidatorExt validator
      The wrapped CANL certificate validator
    • cacheEntryLifetimeMsec

      protected final long cacheEntryLifetimeMsec
      The cache entry lifetime for this validator
  • Constructor Details

    • CachingCertificateValidator

      public CachingCertificateValidator(eu.emi.security.authn.x509.X509CertChainValidatorExt val, long maxCacheEntryLifetime)
      Builds a caching validator wrapping the validator passed as argument.
      Parameters:
      val - The CANL validator to be wrapped.
      maxCacheEntryLifetime - the maximum cache entry lifetime (in msecs)
  • Method Details

    • cachedValidationResultHasExpired

      public boolean cachedValidationResultHasExpired(org.italiangrid.voms.util.CachedValidationResult cvr, long referenceTime)
      Checks whether the CachedValidationResult passed as argument has expired with respect to the cacheEntryLifetimeMsec defined for this validator and the reference time passed as argument.
      Parameters:
      cvr - a CachedValidationResult object
      referenceTime - the reference time (msecs since the epoch)
      Returns:
      true when expired, false otherwise
    • getCachedResult

      protected eu.emi.security.authn.x509.ValidationResult getCachedResult(String certFingerprint)
      Gets a validation result from the memory cache
      Parameters:
      certFingerprint - the certificate fingerprint for the certificate at the top of the chain
      Returns:
      the validation result, if found. null otherwise.
    • validate

      public eu.emi.security.authn.x509.ValidationResult validate(X509Certificate[] certChain)
      Validates a certificate chain using the wrapped validator, caching the result for future validation calls.
      Specified by:
      validate in interface eu.emi.security.authn.x509.X509CertChainValidator
      Parameters:
      certChain - the certificate chain that will be validated
      Returns:
      a possibly cached ValidationResult
      See Also:
      • X509CertChainValidator.validate(java.security.cert.X509Certificate[])
    • dispose

      public void dispose()
      Specified by:
      dispose in interface eu.emi.security.authn.x509.X509CertChainValidatorExt
      See Also:
      • X509CertChainValidatorExt.dispose()
    • getProxySupport

      public eu.emi.security.authn.x509.ProxySupport getProxySupport()
      Specified by:
      getProxySupport in interface eu.emi.security.authn.x509.X509CertChainValidatorExt
      Returns:
      the proxy support information
      See Also:
      • X509CertChainValidatorExt.getProxySupport()
    • validate

      public eu.emi.security.authn.x509.ValidationResult validate(CertPath certPath)
      Specified by:
      validate in interface eu.emi.security.authn.x509.X509CertChainValidator
      Parameters:
      certPath - the certificate path that will be validated
      Returns:
      the ValidationResult
      See Also:
      • X509CertChainValidator.validate(java.security.cert.CertPath)
    • getRevocationCheckingMode

      public eu.emi.security.authn.x509.RevocationParameters getRevocationCheckingMode()
      Specified by:
      getRevocationCheckingMode in interface eu.emi.security.authn.x509.X509CertChainValidatorExt
      Returns:
      revocation parameters for the wrapped validator
      See Also:
      • X509CertChainValidatorExt.getRevocationCheckingMode()
    • getTrustedIssuers

      public X509Certificate[] getTrustedIssuers()
      Specified by:
      getTrustedIssuers in interface eu.emi.security.authn.x509.X509CertChainValidator
      Returns:
      trusted issuers from the wrapped validator
      See Also:
      • X509CertChainValidator.getTrustedIssuers()
    • addValidationListener

      public void addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)
      Specified by:
      addValidationListener in interface eu.emi.security.authn.x509.X509CertChainValidator
      Parameters:
      listener - the ValidationErrorListener to be added to this validator
      See Also:
      • X509CertChainValidator.addValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
    • removeValidationListener

      public void removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener listener)
      Specified by:
      removeValidationListener in interface eu.emi.security.authn.x509.X509CertChainValidator
      Parameters:
      listener - the ValidationErrorListener that must be removed from this validator
      See Also:
      • X509CertChainValidator.removeValidationListener(eu.emi.security.authn.x509.ValidationErrorListener)
    • addUpdateListener

      public void addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)
      Specified by:
      addUpdateListener in interface eu.emi.security.authn.x509.X509CertChainValidator
      Parameters:
      listener - the StoreUpdateListener that must be added to this validator
      See Also:
      • X509CertChainValidator.addUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)
    • removeUpdateListener

      public void removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener listener)
      Specified by:
      removeUpdateListener in interface eu.emi.security.authn.x509.X509CertChainValidator
      Parameters:
      listener - the StoreUpdateListener that must be removed from this validator
      See Also:
      • X509CertChainValidator.removeUpdateListener(eu.emi.security.authn.x509.StoreUpdateListener)