public class PlainCRLStoreSpi extends AbstractCRLStoreSPI
CRLs may be provided as URLs or local files. If the CRL is provided as a local file (i.e. is not an absolute URL) then it can contain wildcard characters ('*', '?'). In case of wildcard locations, the actual file list is regenerated on each update.
All CRLs are loaded and parsed to establish CA->CRL mapping. This mapping is updated after the updateInterval time is passed.
Faulty CRL locations together with the respective errors can be obtained by using a listener.
It is possible to pass more then one location of CRLs of the same CA.
The class is implemented in an asynchronous mode: CRLs are resolved on regular intervals (or only once on startup). The CRL searching is independent of the updates. It can block to download, read and subsequently parse a CRL if it is not present in the in-memory cache.
CRLs downloaded from a remote URL (http or ftp) can be cached on a local disk. If the update task can not download the CRL which was previously cached on disk, then the version from disk is returned.
This class is thread safe.
Modifier and Type | Class and Description |
---|---|
private static class |
PlainCRLStoreSpi.CRLAsyncUpdateTask
This class follows a quite advanced but important pattern:
- it is static so there is no hidden reference from it to the wrapping class
- instead it has a weak reference to the wrapping object
- when the weak reference is nullified, it means that the wrapping object was discarded
by the GC and is no more usable: in this case the update task is automatically stopped.
|
Modifier and Type | Field and Description |
---|---|
private java.util.Map<javax.security.auth.x500.X500Principal,java.util.Set<java.net.URL>> |
ca2location |
private java.lang.Object |
intervalLock |
private java.util.Map<java.net.URL,java.lang.ref.SoftReference<java.security.cert.X509CRL>> |
loadedCRLs |
private java.util.Timer |
timer |
private PlainStoreUtils |
utils |
factory, observers, params, updateInterval
Constructor and Description |
---|
PlainCRLStoreSpi(CRLParameters params,
java.util.Timer t,
ObserversHandler observers)
Creates a new CRL store.
|
Modifier and Type | Method and Description |
---|---|
protected void |
addCRL(java.security.cert.X509CRL crl,
java.net.URL location) |
void |
dispose()
After calling this method no notification will be produced and subsequent
updates won't be scheduled.
|
protected java.util.Collection<java.security.cert.X509CRL> |
getCRLForIssuer(javax.security.auth.x500.X500Principal issuer) |
protected java.util.Collection<java.security.cert.X509CRL> |
getCRLWithMatcher(java.security.cert.CRLSelector selectorRaw) |
java.util.List<java.lang.String> |
getLocations() |
private java.security.cert.X509CRL |
getOrLoadCRL(java.net.URL location) |
long |
getUpdateInterval() |
protected java.security.cert.X509CRL |
loadCRL(java.net.URL url) |
private java.security.cert.X509CRL |
loadCrlWrapper(java.io.InputStream is)
Wrapper as BC provider in some cases returns null instead of exception when there are problems.
|
protected java.security.cert.X509CRL |
reloadCRL(java.net.URL location) |
private void |
reloadCRLs(java.util.Collection<java.net.URL> locations)
For all URLs tries to load a CRL
|
private void |
removeStaleIssuerMapping()
Removes those mappings which are for the not known locations.
|
private void |
scheduleUpdate() |
void |
setUpdateInterval(long newInterval) |
void |
start()
Initiates the store operation (the initial update and subsequent refreshes)
|
private void |
update()
1.
|
engineGetCertificates, engineGetCRLs, notifyObservers
private final PlainStoreUtils utils
private java.util.Timer timer
private java.lang.Object intervalLock
private java.util.Map<javax.security.auth.x500.X500Principal,java.util.Set<java.net.URL>> ca2location
private java.util.Map<java.net.URL,java.lang.ref.SoftReference<java.security.cert.X509CRL>> loadedCRLs
public PlainCRLStoreSpi(CRLParameters params, java.util.Timer t, ObserversHandler observers) throws java.security.InvalidAlgorithmParameterException
start()
method is called.params
- CRL parameterst
- timerobservers
- observers handlerjava.security.InvalidAlgorithmParameterException
- invalid algorithm parameter exceptionpublic void start()
protected java.security.cert.X509CRL loadCRL(java.net.URL url) throws java.io.IOException, java.security.cert.CRLException, java.net.URISyntaxException
java.io.IOException
java.security.cert.CRLException
java.net.URISyntaxException
private java.security.cert.X509CRL loadCrlWrapper(java.io.InputStream is) throws java.io.IOException, java.security.cert.CRLException
is
- input streamjava.io.IOException
- IO exceptionjava.security.cert.CRLException
- CRL exceptionpublic java.util.List<java.lang.String> getLocations()
public void setUpdateInterval(long newInterval)
setUpdateInterval
in class AbstractCRLStoreSPI
public long getUpdateInterval()
private void removeStaleIssuerMapping()
private void reloadCRLs(java.util.Collection<java.net.URL> locations)
protected java.security.cert.X509CRL reloadCRL(java.net.URL location)
protected void addCRL(java.security.cert.X509CRL crl, java.net.URL location)
private void update()
private void scheduleUpdate()
private java.security.cert.X509CRL getOrLoadCRL(java.net.URL location)
protected java.util.Collection<java.security.cert.X509CRL> getCRLForIssuer(javax.security.auth.x500.X500Principal issuer)
getCRLForIssuer
in class AbstractCRLStoreSPI
protected java.util.Collection<java.security.cert.X509CRL> getCRLWithMatcher(java.security.cert.CRLSelector selectorRaw)
getCRLWithMatcher
in class AbstractCRLStoreSPI
public void dispose()
dispose
in class AbstractCRLStoreSPI